Applying Awareness and Ethics

A successful implementation of an information security program requires a well-planned security awareness and training program that addresses policies, standards, and procedures. (Peltier & Peltier, 2004) The awareness and training program should encourage employees to make the right decision among alternatives in a manner consistent with ethical principles. (Josephson Institute of Ethics, 2016) This paper… Continue reading Applying Awareness and Ethics

Network in Small Businesses

Small cloud businesses are startup companies that rely on Infrastructure-as-a-Service (IaaS) providers for hosting their cloud applications. They could be Software-as-a-Service (SaaS) or Platform-as-a-Service (PaaS) providers for their customers. While relying on the network controls of the IaaS for their applications, small cloud businesses must maintain their own network for business operations and software development.… Continue reading Network in Small Businesses

Best of Breed or Best Suite of Products

Should organizations implement layered defenses from different vendors? Should we rely upon a single vendor for an organization’s overall security? According to a Gartner research paper, “Two firewall platforms are not better than one. We believe there is a higher risk associated with configuring and managing firewalls from multiple vendors than from a single vendor.… Continue reading Best of Breed or Best Suite of Products

Hardware or Host Based Firewalls

Do organizations need hardware firewalls when the network already has host-based software firewalls? Wouldn’t it add cost and complexity to networks? Wouldnt system protected by host-based software firewalls just as secure as having a hardware firewall if they are implemented appropriately? “Firewalls actually come in two distinct flavors: software applications that run in the background… Continue reading Hardware or Host Based Firewalls

Acknowledging Non-Applicable Threats

Is it important to account for or acknowledge risks that may not apply to an organization or system? What if you identified a risk that you would typically consider for but would not use due because of the context. Say, for example, your organization is not in a floodplain however it is usual to consider… Continue reading Acknowledging Non-Applicable Threats