Information Assurance News and Commentary:

7/22/08 - Disk Encryption Hacked, Awareness most Critical Security Layer
An update from the Ministry of Defence reports that "One laptop is lost every two days by the Ministry of Defence (MoD) with 659 reported stolen and 89 lost by the department in the past four years." Full disk encryption has been considered a saving grace for the issue of lost laptops and other portable storage devices. Now consider the impact of the recent cold boot attack that enables a "means to circumvent disk encryption simply by powering off a target machine." Implementing technical layers of defense are an important component in any Information Security program but pail in comparison to effective Information Security awareness training and properly implemented information security policies and procedures. Read the complete commentary here in the News.

What's New:

8/07/08 - New document added:
Improving Information Security with Social Psychology: Many organizations have realized the value associated with the creation, implementation and ongoing maintenance of a well-defined information security policy and awareness program.  However, organizations sometimes fail to realize how influential human nature and social psychology can be to either the success or failure of these policies.  This paper briefly discusses why people make bad security trade-offs and poor risk calculations and summarizes ways that an organization can use social psychology to improve the effectiveness of their information security policies. 

7/31/08 - New document added:
Information Security Breach Notification Laws: As reported by the Privacy Rights Clearinghouse, since November 2005, more than 234 million personal records have been exposed. As a result of the increased exposures to private information, at least 44 states, the District of Columbia and Puerto Rico have enacted legislation requiring notification of security breaches involving personal information. This paper is designed to help organizations understand the core elements of information security breach notification laws. It will also provide recommendations as to how an organization should prepare for a potential security breach in accordance with applicable legislation.

7/2/08 - New document added:
Information Technology and Ethics - Considerations for the IT Professional: Organizations of all types must actively address ethical decision-making in their policies and procedures to reduce risk and educate their employees. As an IT manager, you must be able to understand this issue and proactively address it. This paper explains the difficulty and need for ethical decision making in the information age and how it affects IT Professionals. This paper provides guidelines to help IT Professionals make ethically sound decisions and provides access to additional resources.