Red Tape

Mon
03
Aug

Information Security in the Workplace - The Employee's Role

Contributed by Corey Pachniak

While at work we believe that our co-workers are all trust worthy. While much emphasis is placed on the virtual security of that information, firms often overlook the physical opportunities provided by daily common tasks. This paper will demonstrate that during work hours an individual has several opportunities to inadvertently reveal critical information about themselves or about their organization. Most major firms provide avenues to communicate critical information securely, but due to the activities that inherently distract all of us, those securities are over looked. The intentions of the author is to provide several examples of daily oversights. The potential risks of the release as a result of those oversights will be discussed. Finally, this paper will provide simple methods to control the release of information, and how to address situation in which to handle unexpected releases of information.

Tue
28
Jul

Avoiding Social Engineering Attacks through Security Education Training and Awareness

Contributed by Robert Martin

This paper focuses on avoiding Social Engineering attacks through Security Education Training and Awareness (SETA). Hackers continue to exploit the weakest asset in IT security, which is the human asset. This paper will outline four Social Engineering attacks that are designed to manipulate the emotions of the victim. These four attacks are: Spear phishing/whaling, Drive/CD baiting, In-person Pretexting, and Wi-Fi Evil Twin. The purpose of this paper is to show how SETA can help users and businesses avoid the costly impact of Social Engineering attacks.

This document is in PDF format. To view it click here.

Tue
28
Jul

ISMS Implementation Guide

Contributed by Vinod Kumar Puthuseeri and restored from the Infosecwriters archive.

This paper can serve as a guideline for the implementation of ISMS practices using BS7799 / ISO 27001 standards. To give an insight and help those who are implementing this for the first time and for those who will be coordinating with external consultants for ISMS implementations in their organizations.

This document is in PDF format. To view it click here.

Mon
27
Jul

Developing and Implementing Technology Security Policies in K-12 Education

Contributed by Larry Jackson Jr

Because technology is becoming more and more integral to the education community every day, technology managers need to ensure they have well defined policies in place to assist in maintaining the technology that their users depend on. In this paper I will examine the currently accepted principals for implementing Information Security policies in a K-12 educational environment. I will attempt to show an efficient and effective approach that details what steps and considerations should be taken when deciding policies and procedures. Finally I will attempt to convey the importance of a sound security policy and the possible impact of poorly designed and executed policies in an educational environment.

This document is in PDF format. To view it click here.

Fri
24
Jul

Information Security Management in a Regulation Driven World

Contributed by Christina Freeman

This paper will explore the positive aspects and the challenges to managing information security in a world that is full of regulatory requirements. While the United States has the most requirements, such as Sarbanes Oxley, Payment Card Industry Data Security Standard, Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act, etc., providing direction for the management of information security in the US, there are many other regulations that affect other countries as well, sometimes in contrast to US requirements. In many other countries there are, at the very least, some type of privacy or personal information protection regulation. In addition to examining these regulatory requirements, I will analyze how these regulatory requirements affect information security management as a whole and how global organizations handle the different regulations in which compliance is required.

Pages

Subscribe to RSS - Red Tape