Here you will find a repository of documents published by NetSecureIA

8/07/08 - New document added:
Improving Information Security with Social Psychology: Many organizations have realized the value associated with the creation, implementation and ongoing maintenance of a well-defined information security policy and awareness program.  However, organizations sometimes fail to realize how influential human nature and social psychology can be to either the success or failure of these policies.  This paper briefly discusses why people make bad security trade-offs and poor risk calculations and summarizes ways that an organization can use social psychology to improve the effectiveness of their information security policies. 

7/31/08 - New document added:
Information Security Breach Notification Laws: As reported by the Privacy Rights Clearinghouse, since November 2005, more than 234 million personal records have been exposed. As a result of the increased exposures to private information, at least 44 states, the District of Columbia and Puerto Rico have enacted legislation requiring notification of security breaches involving personal information. This paper is designed to help organizations understand the core elements of information security breach notification laws. It will also provide recommendations as to how an organization should prepare for a potential security breach in accordance with applicable legislation.

7/2/2008 - New document added:
Information Technology and Ethics - Considerations for the IT Professional: Organizations of all types must actively address ethical decision-making in their policies and procedures to reduce risk and educate their employees. As an IT manager, you must be able to understand this issue and proactively address it. This paper explains the difficulty and need for ethical decision making in the information age and how it affects IT Professionals. This paper provides guidelines to help IT Professionals make ethically sound decisions and provides access to additional resources.

6/25/2008 - New document added:
Creating Information Security Awareness: This paper provides a brief overview of the benefits of Information Security Awareness, key success factors, the concept of the human firewall, and provides links to additional awareness resources.

6/21/2008 - New document added:
Implementing an Information Security Policy - Guidelines for Success: An information security policy enables an organization to establish a set of rules and regulations as defined by its managment to enable compliance with applicable laws, industry regulations, and business drivers. This essay provides an overview of security policy drivers, developmental issues, risk interpretation, polciy enforcement, and serves as a launching point for various security policy resources.

6/6/2008 - New whitepaper added:
Malware - Attack and Prevention: An overview of organizational exposures, weaknesses in existing perimeter defenses, its effects, and mitigating recommendations that aren't always obvious but fairly easily implemented.