FRAAP is a structured approach to an accelerated assessment of each component of a system within a short timeframe. It is consistent with the National Institute of Standards and Technology October 2001 Special Publication “Risk Management Guide of Information Technology Systems” and the FFIEC December 2002 “Information Security Risk Assessment.” The approach allows us to… Continue reading Facilitated Risk Analysis and Assessment Process (FRAAP)
MX Records on Amazon Lightsail
Are you considering moving your Name Server to Amazon Lightsail? You may end up looking for what that “subdomain” means for the MX records. As someone who volunteers for non-profits, I have the opportunity to try out Gmail from G-Suite. As of today (August 25, 2018), Google is yet to provide documentation for Amazon Lightsail… Continue reading MX Records on Amazon Lightsail
Employment Policies and Information Security Program
The security of any solution is as good as the weakest link. Most of the time humans who interact with the solution is the weakest link. Regardless of the security controls applied in the solution, be it physical or logical, people always try to find a way to avoid, circumvent, subvert or disable them. Humans… Continue reading Employment Policies and Information Security Program
Applying Awareness and Ethics
A successful implementation of an information security program requires a well-planned security awareness and training program that addresses policies, standards, and procedures. (Peltier & Peltier, 2004) The awareness and training program should encourage employees to make the right decision among alternatives in a manner consistent with ethical principles. (Josephson Institute of Ethics, 2016) This paper… Continue reading Applying Awareness and Ethics
Network in Small Businesses
Small cloud businesses are startup companies that rely on Infrastructure-as-a-Service (IaaS) providers for hosting their cloud applications. They could be Software-as-a-Service (SaaS) or Platform-as-a-Service (PaaS) providers for their customers. While relying on the network controls of the IaaS for their applications, small cloud businesses must maintain their own network for business operations and software development.… Continue reading Network in Small Businesses