Red Tape

Wed
12
Aug

How to Implement an Information Security Program

Contributed by Charles Hornat

This write-up is about my approach to Information Security and based on my own experiences. There are a number of ways to implement a program, but I believe that one has to first identify what they are protecting, understand the risks and associated threats, and then formulate a plan of protection.

This document is in PDF format. To view it click here.

Tue
11
Aug

Security Program Elements of Adoption

Contributed by Robert Underwood

With the risk of losing information to an unwanted entity the process of securing information is at high level priority to businesses. Although there are many models and frameworks that can be applied if the culture does not accept or adopt the methodologies then the effort is in vain and the investment is lost. Understanding the culture within a business and applying the appropriate adoption methodology is the best chance for implementation success.

Understanding the culture and how to integrate new processes through training techniques geared to individual employees which provides a platform for successful adoption.

This document is in PDF format. To view it click here.

Wed
05
Aug

The Future of Net Neutrality and the Federal Communications Commission

Contributed by Michael Haythorn

Mon
03
Aug

Information Security in the Workplace - The Employee's Role

Contributed by Corey Pachniak

While at work we believe that our co-workers are all trust worthy. While much emphasis is placed on the virtual security of that information, firms often overlook the physical opportunities provided by daily common tasks. This paper will demonstrate that during work hours an individual has several opportunities to inadvertently reveal critical information about themselves or about their organization. Most major firms provide avenues to communicate critical information securely, but due to the activities that inherently distract all of us, those securities are over looked. The intentions of the author is to provide several examples of daily oversights. The potential risks of the release as a result of those oversights will be discussed. Finally, this paper will provide simple methods to control the release of information, and how to address situation in which to handle unexpected releases of information.

Tue
28
Jul

Avoiding Social Engineering Attacks through Security Education Training and Awareness

Contributed by Robert Martin

This paper focuses on avoiding Social Engineering attacks through Security Education Training and Awareness (SETA). Hackers continue to exploit the weakest asset in IT security, which is the human asset. This paper will outline four Social Engineering attacks that are designed to manipulate the emotions of the victim. These four attacks are: Spear phishing/whaling, Drive/CD baiting, In-person Pretexting, and Wi-Fi Evil Twin. The purpose of this paper is to show how SETA can help users and businesses avoid the costly impact of Social Engineering attacks.

This document is in PDF format. To view it click here.

Pages

Subscribe to RSS - Red Tape