Abstract
The goal of this paper is to analyze four security management mistakes commonly made by businesses and other organizations: failure to thoroughly investigate new employees, failure to enforce written policy, overemphasized reliance on technology, and ignorance of new vulnerabilities. In line with the comprehensive approach to security management analysis established by P.J. Ortmeier in his book "Security Management: An Introduction", the author of this paper also attempts to address multiple facets of the issue of security. Thus, the first section of the paper, which examines failure to adequately investigate new hires, provides an overview of the legal consequences of this problem, as well as indicates possible causes of this failure and suggests several remedies. The second section, which analyzes organizations' failure to enforce written security policy, also attempts to provide a thorough examination by supplying the rationale for the establishment and enforcement of such policy, as well as a concrete, practical examples. The third part of the paper analyzes organizations' improper reliance on technology by examining how it affects the three facets of security identified by Ortmeier - physical environment, personnel security, and information safety. Finally, the last part of the paper deals with the issue of failing to identify and properly address new vulnerabilities by similarly examining the consequences of this failure for physical, personnel, and information safety. The paper concludes with an assessment of the role of proper security management for the successful operation and growth of businesses and other organizations.

Outline:
Introduction
Security Pitfall #1: Failure to Thoroughly Investigate New Employees
Security Pitfall #2: Failure to Enforce Written Security Policy
Security Pitfall #3: Improper Reliance on Technology
Security Pitfall #4: Failure to Identify and Properly Address New Security Threats
Conclusion

From the Paper
"Proper assessment and investigation of potential employees is a major part of personnel security management (Ortmeier, Ch. 6; Perkins, 2006, p. 15). However, mismanaged personnel hiring can also negatively affect company's legal affairs, information security, and even physical safety. Thus, according to John Bentivoglio, "A well-considered background check policy that can identify potentially dangerous persons before they are hired can serve the dual goals of creating a safer workplace for employees and the public while also shielding (the organization) from liability for negligent hiring" (Bentivoglio, 1995, p.65). In other words, every company should thoroughly screen the backgrounds of all potential hires in order to avoid potential future lawsuits. Such suits can and do arise due to the fact that, in most states, employers can be held liable for negligently hiring workers who pose danger to coworkers or to the public. "

Tags:technology, personnel, written, policy

Abstract
The paper examines the capabilities of wireless personal area networks (WPANs), wireless local area networks (WLANs) and wireless wide area networks (WWANs). The paper describes the advantages and limitations of wireless networks in accommodating goals, objectives and requirements in government and/or academic environments. Finally the paper identifies a security protocol which relates to these wireless network technologies.

Outline:
Introduction
Purpose of the Study
Rationale
Methodology
WPAN Security
P2P Wireless Technology
Radio and 3G Cellular
Security Challenges, Risks and Approaches
Proactive Wireless Self-Protection System - Anomaly-Based Security
Identified Solution -Anomaly-Based Solutions

From the Paper
"Kennedy and Hunt relate that BlueSnarf is the process entailing unsolicited content being sent to Bluetooth enabled devices and just as in Bluejacking, BlueSnarf attempts to mimic authentication dialogues causing the user to being tricked into disclosing their access codes and allowing the attacker to read access to a vulnerable device thus enabling them to access the calendar and phone book without authentication. This attack is reported to have recently been upgraded to BlueSnarf++ making the use of the Object Exchange FTP service in connecting to devices which are vulnerable and allowing the attacker read write access for the device's file system in its entirety as well as that of any memory extensions including such as memory sticks. The third attack in this area is related by Kennedy and Hunt as being that of what is known as 'BlueBump' which exposes a weakness in the "handling of Bluetooth link keys, giving devices that are no longer authorized the ability to access services as if still paired. It can lead to data theft or the use of mobile Internet connectivity services, such as Wireless Application Protocol." (Kennedy and Hunt, 2008, p.1)
"Another attack referred to as Bluesmack is a Denial of Service (DOS) attack "that can be performed with standard tools such as Linux Bluez utils package." (Kennedy and Hunt, 2008, p.1) This attack is stated to be similar to that known as 'Ping of Death' because it targets the L2CAP layer, which can request another Bluetooth peer echo."

Tags:Bluetooth, encryption, authentication, algorithms, packet, data

Abstract
The paper focuses on five unmet needs of the healthcare community that are driving the greater application and adoption of IT-based strategies that ensure compliance witht he Health Information Portability and Accountability Act (HIPAA). The paper details the various IT strategies and how they assist medical practices to fulfill the requirements of the HIPAA standards and regulations.

Outline:
Introduction
Background
Conclusion

From the Paper
"Giving employees the freedom to gain control over their medical records regardless of their employer is one of the greatest benefits of the Health Information Portability and Accountability Act of 1996 (HIPAA) (Kibbe, 2005). The HIPAA Act, which formally went into effect in Aril 21, 2005 and concentrates on defining standards for administrative, technical and physical security procedures (Miller, 2006). The HIPAA Act required healthcare organizations to fundamentally re-order and re-define the processes they used for capturing, analyzing, recording and archiving healthcare records. The strategies healthcare organizations are relying on are not incremental, yet more strategic in focus, creating Enterprise Content Management (ECM) frameworks (Secor, Laplante, 2006)."

Tags:IT, security, patient, confidentiality, technologies

Abstract
This paper focuses on the security, privacy, and confidentiality issues around electronic health records. The paper explains that the advances in computer technology and the development of the Internet that enable the healthcare community to maintain medical records electronically, which has been beneficial for patients and healthcare providers alike. However, the paper notes, there is a downside as well, for this system of electronic record keeping also renders the private medical records of patients vulnerable to unauthorized access.

From the Paper
"Advances in computer technology and the development of the Internet have enabled the healthcare community to maintain medical records electronically, which has been beneficial for patients and healthcare providers alike. But there is a downside as well, for this system of electronic record keeping also renders the private medical records of patients vulnerable to unauthorized access."

Tags:HIPAA, privacy, security, internet

Abstract
This paper discusses the issues of security, confidentiality, and international issues of e-commerce. The paper addresses the need for implementing controls and safeguards and looks at the scrutiny of government regulators.

From the Paper
"Security, confidentiality and international issues in e-commerce are a thorn in the sides of e-tailers, in part because implementing controls and safeguards for them can be expensive, and in part because these issues can be difficult to keep up with and regulate. However, these areas are increasingly coming under the scrutiny of legal, ethical and regulatory authorities and must be carefully guarded by e-tailers. Security takes several forms. First, there is the physical security of the computer system used for the web..."

Tags:security, e-commerce, e-business, international, confidentiality, government, regulators

Abstract
This paper describes a virtual website, similar to KaZaA in the file-swapping aspect, but instead of music, provides first-rate Hollywood-caliber movies, from which members have the opportunity to download specialized encryption software to their system. The author points out that website security for the Internet and internal networked environments has three basic objectives: confidentiality, integrity, and availability. The paper states that the website will require various software tools, such as encryption and database software, firewalls, routers and other hardware, but the keys to security are reputable vendors, who are reliable with support and well-trained, and knowledgeable network administrators and personnel.

Table of Contents
Introduction
Define the Website
Basic Threats, Risks, and Security Requirements
Corporate Policies
Secure Assets
Mechanisms
Conclusion

From the Paper
"Whatever the case, our website security aspirations will be very difficult to achieve. In the modern world, a high school kid with a failing average could easily gain unauthorized access to an insecure network or website environment. The real problem is that many people know exactly what they are doing because today's adolescents have grown up with technology and they understand it. Couple this with the fact that whole nations and industries have become computer crime intruders such as what has occurred in China. Network security engineers have to be on the lookout for many attacks."

Tags:confidentiality, integrity, availability, encryption, firewalls

Abstract
The paper discusses the ethics of the medical care non-disclosure agreement between doctor and patient, which ensures that patients have the freedom to be absolutely honest with their physicians. Frequently the lives of patients depend upon the assurance of confidentiality, which ensures that patients will release all the information necessary to be treated in a targeted and effective way. The paper highlights that the American Medical Association has provided guidelines for doctor-patient confidentiality and its maintenance, particularly as relevant to computer databases. The paper discusses the general guidelines for the relationship between physicians and their patients, along with the maintenance of their confidentiality levels.

From the Paper
"To provide optimal protection of privacy, the computerized medical database should be online to the terminal only when computer programs with the necessary authorization, and specifically requiring the data, are in use. No person or entity outside of the clinical facility should have access to any online computerized database with medical records of patients who can be identified via the program. This ensures continued doctor-patient confidentiality, which belongs to the patient according to standard medical ethics, as well as the law."

Tags:unauthorized, access, security, databases, standard, medical, ethics

Abstract
This paper examines how the violation of the Constitution of the United States, which is formally termed as "non-compliance', has been seen throughout the history of the United States and how, specifically, it has occurred during times of war during civil disturbances, with the use of extrajudicial force used to supercede the ordinary process of law. It looks at how one such instance occurred during the Civil War and how the violations, which have occurred during the "War on Terrorism", are some of the most blatant violations of constitutional ideals and principles ever witnessed.

Outline
Statement of Thesis
Introduction
Preamble to the United States Constitution
Definitive of the Language in the Preamble
Historical Incidents of Non-Compliance
What Does the Constitution Say?
Conclusion

From the Paper
"Although it is understandable for some restrictions during war time in order to keep citizens safe and the country secure it is evident that since September 1, 2001, that the non-compliance to the Constitution which is evidenced by the implementation of the Homeland Security Act and the Patriot Act that the all inclusive powers of the government in spying on citizens is too broad of a scope of powers to be vested in a government of a democracy."

Tags:terrorism, security, federal, iraq, 9/11, patriot

Abstract
This paper explains that the expansion of teleworking employment arrangements in the federal government has significant implications on organizations' data security and information technology operational strategies. The paper points out that telecommuting security concerns are an important area of study due to the sheer number of teleworkers, the rapidly changing information technology and the increase in remote access. The paper reveals several different solutions for the telework security problem; however, the most reasonable solution seems to be increased awareness and training regarding this problem. The paper also includes a section paraphrasing and summarizing source material and an extensive working annotated bibliography.

Outline:
Executive Summary
Literature Review
Recommended Solutions
Paraphrasing and Summarizing Source Material
Working Annotated Bibliography

From the Paper
"Of course, with every argument there is a counter-argument, and not all of the literature reviewed reports that teleworkers cause a greater threat to security. In fact there are some reports, such as one described by Sternstein (2007) that Federal teleworkers are actually less of a security threat than traditional office Federal workers. The report Sternstein is referring to comes from the Telework Exchange and explains that the reasons security threats are reduced via telework is that materials are not being physically transferred from place to place to place."

Tags:leakage, breaches of confidentiality, geographical distance, remote access, banning

Abstract
This paper explains that the Health Insurance Portability and Accountability Act of 1996 (HIPAA) required that the Secretary of Health and Human Services (HHS) propose federal standards protecting the privacy of individually identifiable health information by August 21, 1997. The paper then provides historical background information on the Act and points out that with everything, there is a cost associated with it and this includes the HIPAA. The paper then examines these costs by applying economic principles to the Act and explains that these principles help predict how overall cost will be impacted. The paper also discusses the legislative and regulatory influences of HIPPA. The paper concludes that the instillation of this act has had a great economic impact upon our nation's federal budget.

Table of Contents:
Historical Background
Economic Principles
Legislative and Regulatory Influences
Conclusion

From the Paper
"Human resources as well as fiscal resources are needed to meet the demands associated with HIPAA compliance. Human resources are the staff assigned to task related to HIPAA compliance; these resources include consultants, policy developers, information technology staff and any additional staff required to ensure compliance. The fiscal resources are the funds or revenue available and allocated for implementation and maintenance of HIPAA compliance. The availability of these resources will impact the degree of compliance an organization will be able to maintain in relation to HIPAA."

Tags:compliance confidentiality security identifiable, electronic healthcare transactions