Red Tape


Information Security Risk Assessment Methods, Frameworks and Guidelines

Contributed by Michael Haythorn

Assessing risk is a fundamental responsibility of information security professionals. The basic need to provide products or services creates a requirement to have assets. With assets comes the need protect them from the potential for loss. Conducting a risk assessment is an essential step for organizations in order to ensure than proper controls are in place to protect assets that are critical to business functions. Risk assessment can be a very complex task, one that requires multiple methodologies and resources to perform quantitative and qualitative analysis based on factual evidence as well as subjective opinion. Ultimately the organization bears the responsibility for accurate analysis and control measures.

This document is in PDF format. To view it click here.


Computer Forensics: Bringing the Evidence to Court

Contributed by Cornell Walker

Today the computer has impacted almost every facet of our lives and has become a major means of communication. One of the areas which has seen the most impact is how we maintain and store data. This data is stored in the form of logs, files, spreadsheets, or email to name a few. And along with the means to store this data, we have developed many techniques to retrieve this data.. Once retrieve, this data can be used to restore information, show a history, or used as evidence to arrive at a conclusion – even if the conclusion is within our courts. This paper takes a brief look at a new science that has developed as a result of the way we now store and maintain that data; “computer forensics,” and how this new science has impacted court decision and rulings regarding computer records. The areas of concern are: cleanliness of the evidence and how does the court define “computer records.”


10 Communications Tips For Security Managers

Contributed by Steve Purser

Of all the skills that the modern security manager must possess, good communications is arguably the most basic. Most of us have seen innovative ideas fail at some time or other because they weren’t communicated in the right way and many of us have watched our own projects flounder for similar reasons. Speaking as part of a generation that was taught to fight for what it believes in, it is easy to appreciate how enthusiasm and the will to succeed can quickly become a handicap if not managed correctly. As a practicing security manager I continually meet people who are good at arguing their case, but it is far more difficult to find people who have the patience to listen to other points of view and to adapt their game plan accordingly.

This document is in PDF format. To view it click here.


Managing Information Security in Modern Commercial Environments

Contributed by Steve Purser

The arrival of affordable and reliable network technology in the nineteen-nineties, followed by the move towards global connectivity and the success of the Internet as a medium for carrying out business, have drastically changed the way in which the modern enterprise operates. The positive aspects of this network revolution are difficult to overstate. Large international concerns have been able to make major efficiency gains, streamlining their operations and greatly reducing cost, whilst small and medium sized companies have benefited from the possibility of widening their markets to an international clientele. Last but not least, consumers have benefited from the ability to compare prices from disparate sources rapidly and to make purchases from their own home.

This document is in PDF format. To view it click here.


Business Contingency Planning and Post September 11th, 2001

Contributed by Brett Pladna

After September 11th, 2001 companies had to rethink their disaster planning. The companies that were in the World Trade Center found it difficult to bring in their disaster recovery teams because their IT functions were disabled. What needs to be fully understood is that no one in the United States had planned for a disaster of this magnitude. Most network providers were affected by the event and most claim that their readiness helped prevent a technical Catastrophe. However, since then there has been heightened readiness.

This document is in PDF format. To view it click here.


Subscribe to RSS - Red Tape