Cyber Security Expo
Organizational Security
Click here to return to the library index
Title Contributor Date Description Rating
Presenting Security to Management and the Business Charles Hornat 30/03/03 Presenting security to management is something all security managers must do. They must be prepared to overcome any and all obstacles and conceptions management may have. This paper covers several key notes that one must remember when presenting any security topic to management. 7
Reducing 'Human Factor' Mistakes Dancho Danchev 08/08/03 On the topic of the human element of network security, this paper will try to summarize various mistakes of the system administrator, company executive and of course the end user. It will also attempt to provide useful strategies to help reduce such human errors. 9
Cyber 101: Why is Cyber Security Important Now? Kenneth Newman 21/10/03 The wide spread use and dependency on the constantly changing technology also come with corporate complacency and increased sophisticated tools and attacks (which not necessarily require technical expertise). There are major risks companies face when their security have been breached, but there are preventive measures that can be implemented through risk management. Kenneth Newman presented these and more at the IMN’s 2003 Cyber Security Summit in NY. 10
Human Factors in Information Security Gary Hinson 19/11/03 Managing the human side of information security just as carefully as the technical side; says Gary Hinson, technological controls alone simply cannot deliver sufficient information security in practice. 5
Business Case for an Information Security Awareness Program Gary Hinson 09/12/03 Lays out the case for an innovative program designed to raise awareness of information security, create a strong security culture and cut net costs. 10
Information Security & Negligence - Targeting the C-Class Carter Schoenberg (ISS Atlanta) 18/03/04 Numerous recommendations since September 11, 2001 have been published on the evils of negligence relative to protecting one’s assets (cyber & physical) do you physically “prove” negligence versus the common business practice of risk management? 9
Risk Management on IS P L Pradhan 16/04/04 Outlines how risk assessment is performed through identifying assets, identifying threats and calculating risks. 7
Evaluation, Metrics and Measurement for Security Awareness Melissa Guenther 24/04/04 Gives insight into developing Security Awareness programs and on evaluating their effectiveness. 8
Proposing the role of Governance Director Gary Hinson 05/05/04 Says Gary Hinson: 'In the context of corporate governance, I propose the role of Governance Director at executive Board level to act as a senior focal point for issues relating to management control, risk management and ethics. Through this paper explaining the rationale for my position, I intend to stimulate further discussion and development of the concept.' 8
Risk Assessment On IT Infrastructure P L Pradhan 07/05/04 A follow up to “Risk Management on IS”, this takes a detailed look at developing and implementing a risk management & assessment method to safeguard and protect Information System assets of an organization. 7
IT Security Event Management Yahya Mehdizadeh 03/06/04 IT Security Event Manager (IT SEM) provides an enterprise-wide security monitoring and administration solution that collects and analyzes data on events and provides a suitable response to threats on enterprise assets. This paper looks at the SEM system architecture and features. 7
The need for Security Testing Charles W. Fullerton 09/06/04 Will help C-level executives understand what Security Testing is and how the Open Source Security Testing Methodology Manual (OSSTMM) can help raise the level of security within their organization. 7
Secure Development Framework Glyn Geoghegan 11/06/04 Secure development is the process of producing reliable, stable, bug and vulnerability free software. The author describes an efficient development framework, its benefits and implementation. 3
Information Systems Misuse - Threats & Countermeasures Vijay Gawde 08/07/04 Misuse of Information Systems by employees poses serious problems to organizations including loss of productivity, loss of revenue, legal liabilities etc. This paper discusses some of the issues related to Information System misuse, resulting threats and countermeasures. 10
Intelligent Security, IPDM, the Winning Formula Webb Wang 11/08/04 This submission is relative to Enterprise Network Security. It discusses the winning formula and the requirements of an appropriate security infrastructure to protect critical assets. 1
10 Communications Tips For Security Managers Steve Purser 07/12/05 Steve Purser writes this must-read paper for anyone managing Information Security. 8
PCI DSS made easy GFI Software Ltd 13/06/07 This white paper, contributed by GFI, examines the requirements to adhere to the Payment Card Industry Data Security Standard (PCI DSS), the implications of non-compliance and how effective event log management and network vulnerability management can help achieve compliance. 1
Organizational Security - Community Contributions
Title Contributor Date Description Rating
Security Incident Handling in an Academic Medical Center David McKelvey 19/07/05 A well defined process for handling Information Security Incidents within academic medical facilities submitted by David Mckelvey. 8
Top Ten Security Risks in BPOs Gaurav Shukla 18/10/05 Gaurav Shukla submits this paper on possible security risks which BPOs can come under. 7
The Importance of a Security, Education, Training and Awareness Program Stephanie Hight 05/01/06 Albert Einstein was quoted as saying “Problems cannot be solved with the same level of awareness that created them.” This contribution by Stephanie Hight discusses ways to raise awareness. 9
Internet and Network Service Provider Network Abuse Dave Schwartzburg 05/01/06 Establishing an acceptable use policy and allocating resources to process and respond to evidence of network abuse is essential for service providers as discussed in this paper by Dave Schwartzburg. No votes
A Practical Approach to Threat Modeling Tom Olzak 17/03/06 This paper, contributed by Tom Olzak, is a practical, high-level guide to conducting threat modeling activities within a business environment. 10
The Critical First Steps in a Successful Incident Response Program Stephanie Hight 26/04/06 This paper, contributed by Stephanie Hight, discusses the first steps in an Incident Response Program. Topics such as policy, teams, communication and others are covered. 4
Creating Business Through Virtual Trust Kenneth F. Belva 04/10/06 In this paper, Kenneth Belva and Sam DeKay examine how information security can be actively involved in the creation of business and that the skills required to create commercial activity must be added to the information security professional’s intellectual tool set. They also present evidence to demonstrate that the capability of security to create business, which they designate by the term “virtual trust”, may become a dominant paradigm for how to think about information security. 8
Social Engineering - An Attack Vector Most Intricate to Tackle! Ashish Thapar 12/06/07 This paper, written by Ashish Thapar, describes Social Engineering, common techniques used and its impact to the organization. It discusses various forms of Social Engineering, and how they exploit common human behavior. 10
Effective Controls for Attaining Continuous Application Security Throughout the Web Application Development Life Cycle Caleb Sima 03/09/07 This article, written by Caleb Sima and Vincent Liu, shows you how to put the organizational security controls in place to make the Application Development Life Cycle process as painless as possible and an integrated part of your Web application development efforts. No votes
The Human Layer of Information Security Defense Ugo Emekauwa 19/10/07 Ugo Emekauwa submits this paper on Social Engineering, examining the different avenues an attacker may use to get confidential information from you. 9
Getting maximum value from Penetration Testing 360is 10/05/12 This vendor provided paper is a little different from most papers on Penetration Testing, in that it takes a holistic approach to the subject matter, and discusses both the strengths and weaknesses of Penetration Testing, and attempts to inform the reader in such a way as to empower them to extract maximum value from the exercise (whether they are doing it themselves or paying some external firm to). 9

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , All rights reserved. Comments are property of the respective posters.