As the internet becomes more ubiquitous and the use of technology continues to rise, the government must start seriously evaluating ways in which it can provide oversight and create effective legislature, that still allows for privacy and freedom of speech. This paper discusses some of the most prominent issues related to that legislators have been looking at in recent history and will be considering even more seriously in the near future. First, privacy and privacy laws in general are briefly discussed. Next issues related to privacy and law enforcement are examined, followed by concerns of consumer data in relation to ad agencies, and finally a discussion about privacy issues related to minors. Privacy will only continue to grow as a concern, especially as issues related to existing privacy law, lack of legislation, and unexpected or unauthorized breaches in privacy by web companies become more prominent in the headlines.
This paper examines how to optimize security using the Intel white paper “Defenses in Depth Strategy Optimizes Security” as the model for analysis. This paper is written for an IT department both to help better understand the business perspective of time and costs associated with planning and preparation, but also to provide perspective on the risks associated with trying to do too much, instead of taking a streamlined approach to being effective and efficient in handling IT security issues. First the business challenges are discussed, before providing an overview of the methodologies of prediction, prevention, detection and response in order to have solutions for security issues that may arise.
This paper discusses risk management planning. First risk management is explained including a description for the primary components of risk identification, risk assessment and prioritization, and finally risk controls. Controls is broken down into its constituent categories of avoidance, transference, mitigation and acceptance. Next is an overview of risk management from the perspective of a large financial firm. Finally, two key risks, phishing attacks and regulatory requirements, are evaluated by each of the components of risk management and the categories of controls.
This paper addresses some common aspects of vulnerability management. First risk management is briefly described from a general perspective. Next frequently occurring vulnerabilities in the broad categories of software vulnerabilities, physical vulnerabilities and client vulnerabilities are discussed. Software vulnerabilities include those of software and web portals. Physical vulnerabilities contain the topics of security against intruders and naturally occurring disasters. Finally client vulnerabilities covers both internal and external clients in relation to bad passwords, potential for infection from a virus, and social engineering.
This paper evaluates four SANS.org example policy templates utilizing the S.M.A.R.T. criteria. The policy templates used include acceptable use, software installation, password policy and disaster recovery. Each template evaluation is broken down by the criteria specific, measurable, attainable, relevant and time-bound. The author describes what aspects satisfy the criteria as well as ways the policy could be improved to better do so.