Security - What is Enough?
This paper will look at the various layers of security businesses have on offer to them today, which will aid the security policy and look at why they should deploy them. Taking a step back, it is important to know what dangers and risks the business is facing, who is the enemy and determine what they want before setting up and running a security policy.
Read the Article
|
A Certification and Accreditation Plan for Information Systems Security Programs
In order to ensure the confidentiality, integrity and availability of corporate information systems, each organization must implement a comprehensive Information Systems Security Program (ISSP). Determining the effectiveness of the ISSP requires evaluating each module individually, as well as its relationship to other components. Unilateral analysis, while often necessary due to time and resource constraints, results in a fragmented snapshot of the defenses of the enterprise.
Read the Article
|
Protection of Information Assets
This paper is focusing on protection of information assets, or more specifically the security challenge we are facing in the process of protecting the businesses information assets. So were should we begin addressing this security challenge? This paper is focusing on physical security, but will also go thru the aspect of logical controls to put security in a broader perspective. Part 2 will give a short introduction to the topic, part 3 will focus on physical access exposures and controls, and part 4 will give an introduction to logical access exposures and controls.
Read the Article
|
Obtaining Better Results from Distributed Environment Security Programs
This paper will examine common barriers to achieving desired results from information security programs in mid-to-large-sized corporations. We will consider elements that are often underemphasized when planning security programs and we will expose some of the reasons why those issues tend to be overlooked. Finally, we'll describe the value of, and a methodology for, including those elements in your planning to create a more balanced information security program.
Read the Article
|
Making the HelpDesk a Security Asset
The help desk is often quoted as a vulnerable point for social engineering attacks. A social engineer is a con man. He or she is someone who wants to take advantage of a person's helpfulness and use it to advance his strategy. The goal of the strategy is to get enough information to compromise a company's network. So most of the time the final goal of the social engineer is to get a user name and password for general network authentication of a specific network service.
Read the Article
|
Keeping the Private Intranet Private
In today's interconnected world, a company's private network, the intranet, often is not so private as it once was. Inter-company relationships and employee connectivity needs often require other computers to be able to connect to the intranet through an uncontrolled network. How can an administrator of the intranet have a reasonable confidence that these communications lines are not being used for unauthorized access to company data?
Read the Article
|
Enhanced Security During Organizational Transitions
The purpose of this paper is to provoke discussion concerning the requirements for increased security during a period of transition within an organization. The discussion should revolve around the threats faced by an organization as it goes through a period of change, as well as the controls that exist to mitigate risks.
Read the Article
|
Kiosks: The Interactive Media Solution, or is it?
Globally, more and more businesses are considering kiosks as a means to increase sales. Some companies, such as Kmart have explored this territory as early as the 1990's. However, due to expensive network maintenance costs, and poor systems that would frequently crash, they decided to postpone this consideration until more recently. Now, with the option of Web-based kiosks, this has become a popular tool.
Read the Article
|
Information Security 101: Security for Newbies
Earlier this year, the director of Operations who now is my boss had come to me and offered me a position called "Information Security Administrator". This was like a dream come true for me since I had just watched a movie called "Hackers". Yes! The movie where Angelina Jolie still had some innocence left. I was going to be fighting hackers and live a life of suspense.
Read the Article
|
Toward Global Security
Once again, we are at the crossroads. Whether humanity will proceed to achieve ever greater global accomplishments with a logical balance of secure information and technology development and transfer, or instead perish, will depend on decisions, defenses, knowledge and practices established today and in the near and foreseeable future.
Read the Article
|
