| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Fortify Security through Quality Assurance Practices Successful companies have found a way to offer something that people want, at a price they are willing pay, in a way that will make money in the transaction. Highly successful companies offer quality products and services in this exchange, and keep the quality high, so that the customer will return the next time he/she wants to purchase. Quality has been defined as: “The totality of features and characteristics of a product or service that bear on its ability to satisfy stated or implied needs. Not to be mistaken for "degree of excellence" or "fitness for use" which meet only part of the definition.” By this definition, security is a component of quality.
By Elizabeth Stanton, 04/18/2004
|
|
Awareness, A Never Ending Struggle The setting is a large federal government owned facility operated by a major contractor with quite a number of sub contractor personnel also on site. All contractors and sub contractors are required to attend computer security awareness training by their federal customer. Training rosters are signed and entered into tracking to document that yes, all personnel have received the required training. This may satisfy any government and company requirements but the real test occurs every day. Will employees follow the guidance they have been given in awareness training? Below are some example scenarios that could take place.
By Douglas Alred, 04/18/2004
|
|
Attacks Against The Mechanical Pin Tumbler Lock This paper examines an overview of the common pin tumbler lock and the five methods to exploit them. Pin tumbler locks are found in a vast majority of residential, commercial, government and educational institutions. It is possible for an attacker without using any specialized tools or having an expert skill level to quickly open them. When evaluating the current or future key based pin tumbler lock the security practitioner should protect against the methods of picking, impact, impression, decode and bypass. The relevant information for this paper came from Internet websites, Internet message boards, literature, and video/audio files.
By Craig Kawaga, 04/18/2004
|
|
Vendors and External Outsource Providers How Safe is Your Companys Confidential Data Let us assume your business is fairly accomplished in the Risk Assessment evolutionary ladder. Perhaps your company already assesses its network configurations regularly, all the applications in use have been reviewed for stringent security guidelines, maybe the IT team has even classified all your corporate information assets, and the vulnerability assessments are complete. Does this mean the CIO can relax? Is the business safe? Is your network or information accessed by a third party vendor? Where is your information being managed, stored or processed? Is it always on your network? Is it always within the walls of your company? Do you outsource any business functions? Is any of your client’s personal information shared with a third party? Do you have any business-to-business connections?
By Stan Gucwa, 04/18/2004
|
|
The Many Facets of an Information Security Program This document is a review of the various programs and processes that should be in place within any organization for the protection of their information assets. The many areas of any organization’s security program play key roles in supporting the certification and accreditation (C&A) process of an organization’s information assets. The supporting areas along with the C&A and post C&A activities make up an organization’s information security program. Five primary sections herein outline an information security program baseline. The first section is a high-level overview of an information security program. The second section identifies the laws and regulations that require an information security program. The third section identifies supporting security standards and best practices. The fourth section gives an overview of the accreditation’s supporting programs. The last section address the C&A methodology, an outline of the methodologies output and the post accreditation activities.
By Robert L. Behm Jr., 04/18/2004
|
|
Security Education for Users: A Starting Place for Network Administrators The who, what, why, and how of security education for users.
04/14/2004
|
|
Protecting Your Workplace: 10 Anti-Virus Rules Despite all the advances in anti-virus technology, malicious code remains a constant threat. Why is this? Because regardless of how well-developed security technologies may become, they are only as effective as the people operating them allow them to be. In the chain of computer security, human error continues to be the weakest link. It can be argued that the most powerful instrument of information security is user behaviour. With that in mind, this article will endeavour to set out ten fundamental rules that will allow users to minimize the threat that viruses, worms and Trojan may pose. When it comes to viruses, there is no such thing as 100% certainty. However, if users learn these fundamental rules, and follow them diligently, they can rest assured that they will as well-protected as possible.
03/24/2004
|
|
University of Illinois Security Awareness Program This web site provides the *minimum* set of standard(I feel) that may be necessary for establishing one's program. Since you represent a banking institution, your firm may be subject to government regulations (not sure what/which regulations apply to Kuwaiti financial institutions) requiring minimum standards be met. Recently, within the United States, a privacy law was enabled specifically aimed towards the financial institutions, specifically pertaining to privacy and its compliance, which I believe is the Gramm-Leach-Bliley Act , aimed towards both banking and financial institutions alike.
03/08/2004
|
|
Business case for security awareness program Generic business case for an information security awareness program. Use this comprehensive paper to design and structure a cost-effective security awareness program and justify the associated budget request to your management.
03/05/2004
|
|
Methods and Techniques of Implementing a Security Awareness Program This paper will illustrate why security awareness is so important and what it is supposed to accomplish. Furthermore, it will also cover program contents, methods and techniques of teaching, and resou
02/18/2004
|
|
Page: 1 2 3 |
