Red Tape


ISMS Implementation Guide

Contributed by Vinod Kumar Puthuseeri and restored from the Infosecwriters archive.

This paper can serve as a guideline for the implementation of ISMS practices using BS7799 / ISO 27001 standards. To give an insight and help those who are implementing this for the first time and for those who will be coordinating with external consultants for ISMS implementations in their organizations.

This document is in PDF format. To view it click here.


Developing and Implementing Technology Security Policies in K-12 Education

Contributed by Larry Jackson Jr

Because technology is becoming more and more integral to the education community every day, technology managers need to ensure they have well defined policies in place to assist in maintaining the technology that their users depend on. In this paper I will examine the currently accepted principals for implementing Information Security policies in a K-12 educational environment. I will attempt to show an efficient and effective approach that details what steps and considerations should be taken when deciding policies and procedures. Finally I will attempt to convey the importance of a sound security policy and the possible impact of poorly designed and executed policies in an educational environment.

This document is in PDF format. To view it click here.


Information Security Management in a Regulation Driven World

Contributed by Christina Freeman

This paper will explore the positive aspects and the challenges to managing information security in a world that is full of regulatory requirements. While the United States has the most requirements, such as Sarbanes Oxley, Payment Card Industry Data Security Standard, Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act, etc., providing direction for the management of information security in the US, there are many other regulations that affect other countries as well, sometimes in contrast to US requirements. In many other countries there are, at the very least, some type of privacy or personal information protection regulation. In addition to examining these regulatory requirements, I will analyze how these regulatory requirements affect information security management as a whole and how global organizations handle the different regulations in which compliance is required.


Security Code Review- Identifying Web Vulnerabilities

Contributed by Kiran Maraju. Revived from the old site.

This paper gives an introduction of security code review inspections, and provides details about web application security vulnerabilities identification in the source code. This paper gives the details of the inspections to perform on the Java/J2EE source code. This paper explains the process of identifying vulnerable code and remediation details. This paper illustrates the specific locations of code flows to be checked to identify web application vulnerabilities.

This document is in PDF format. To view it click here.


How Acceptable Use Policies Coincide with HIPPA Requirements

Contributed by Jody Rouse and restored from the old Infosecwriters archives.

Use of the Internet and networked computers are resources available to many workers in today’s work environment. Many of these resources allow the user to transmit confidential data especially within the health care field. However, many of these resources are not required or related to the worker’s job. One solution to this problem is to develop an Acceptable Use Policy (AUP) that outlines the permissible parameters of employee computer use. To combat the transference of health care data through inappropriate means and the use of private health care data in a non-private way, a new act was passed. This act is called the Health Insurance Portability and Accountability Act (HIPAA). This paper will define AUP, HIPAA requirements and how AUPs coincide with HIPAA requirements.


Subscribe to RSS - Red Tape