Blog Posts Tagged with "Policy"


Should We Strike Iran? How About the Information War?

November 16, 2011 Added by:Joel Harding

A pre-emptive information strike would only cause the Iranians to involuntarily spasm and deploy suicide teams to attack US and other targets worldwide. Anything less would just be posturing for political purposes and could possibly result in more senseless deaths...

Comments  (0)


Seven Deadly Sins for a Compliance Program

November 11, 2011 Added by:Thomas Fox

Feldman’s seven deadly mistakes provide an excellent framework for any company to assess their overall compliance program from a high level. While perhaps not rising to the level of “sins”, the answers will allow the compliance practitioner to be ready to respond if the DoJ comes a calling...

Comments  (0)


#EntSec pt. II -- Accepting Exceptional Mediocrity

November 04, 2011 Added by:Ali-Reza Anghaie

Respect of a brand can carry through decades. It's my belief that if you influence through Enterprise Security, you will attract a better breed of customer and customer loyalty. This is a worthy selling point and worth marketing. And you still don't have to shave or put on shoes to do it...

Comments  (0)


Security Risk Management

October 07, 2011 Added by:Tony Campbell

The author explores the risk management lifecycle, describes methodologies for qualifying and quantifying risk and levels of risk, and provides examples of how these can best be described and/or presented at a senior management level...

Comments  (0)


How Social Media Impacts Your Compliance Program

October 02, 2011 Added by:Thomas Fox

In a September 26, 2011 article in Forbes magazine, titled “Social Power and the Coming Corporate Revolution”, author David Kirkpatrick argues that the social media revolution has so empowered employees and customers that they will soon be calling the shots, not management...

Comments  (0)


Data Breaches - Beyond the Impact of Fines

September 27, 2011 Added by:Emmett Jorgensen

With several high profile breaches this year, regulators have proposed data breach notification bills and heavy fines for organizations that fail to keep sensitive information safe. The real concern for organizations that have experienced a data breach, however, is customer confidence...

Comments  (8)


NLRB Report Reviews Social Media Enforcement Actions

September 13, 2011 Added by:David Navetta

The Associate General Counsel of the NLRB issued a report analyzing the Board’s recent social media enforcement actions. The report seeks to provide guidance to employers that want to ensure that their social media policies appropriately balance employee rights and company interests...

Comments  (0)


INSA Releases Cyber Intelligence Report

September 13, 2011 Added by:Headlines

"We are not quite ready to propose a definitive definition... At this point, we are talking about threats that can originate anonymously within this cyber domain with potentially enormous consequences: physical destruction to economic chaos..."

Comments  (0)


Casey Jones - or How to Stop a Compliance Train Wreck

August 12, 2011 Added by:Thomas Fox

The evaluation of C-Suite leadership can be problematic in the best of times. The C-Suite can be an active part of the problem. While not FCPA violations, the criminal prosecutions at the highest echelon at Enron, WorldCom and Adelphia certainly speak to ethical lapses at the top...

Comments  (1)


Juniper SRX Tips: Altering Default Deny Behavior

August 10, 2011 Added by:Stefan Fouant

With just a couple of lines of code we can streamline the configuration, in this case creating an explicitly defined deny policy which logs all traffic that would otherwise be silently discarded. Best of all, we can do so without having to resort to manual configurations of each one...

Comments  (0)


Juniper SRX Tips: Uniform Security Policy Modification

August 01, 2011 Added by:Stefan Fouant

With a couple of lines of code we can alter all of the existing policies on our device without having to resort to manual configuration of each and every one. This type of functionality is perfect when we want to have a singular set of configuration elements apply to all of our policies uniformly...

Comments  (0)


Authentication: Who Are You and Why Are You Here?

July 29, 2011 Added by:Mike Meikle

You may have robust network security, stringent password policies and a tightly locked down user environment, but if you don’t know what you own, both data and hardware, it is akin to having a bank vault door standing alone in a field...

Comments  (0)


Stroke Development Versus Not Drowning

July 28, 2011 Added by:Rafal Los

Sony, Fox/Murdoch, et al, are all being harried by vulnerabilities left open in the backwaters of their infrastructure, not by bruteforce through the main gates. What little surprises might one find by using this time for review and planning?

Comments  (0)


On Branding Your Enterprise Compliance Project

July 25, 2011 Added by:Thomas Fox

Even with the economy on the upswing, corporations being extremely conservative on funding, especially for departments which are viewed as more overhead than revenue generating. Project teams who embrace a brand mentality put themselves in a stronger position to achieve their goals...

Comments  (0)


On Romulan Ale and Bird of Prey Malware

July 20, 2011 Added by:Vulcan Mindm3ld

Defenders are bound by a set of process and procedures. An organization’s inflexibility in deviating from them compound the problems. Many changes are often rejected on the basis of economic concerns. The majority are focusing on useless security guidelines such as the DISA PDI GEN001280...

Comments  (2)


Where Are Your Default Admin Passwords?

June 24, 2011 Added by:Bozidar Spirovski

The passwords should be constructed in two parts, each part entered by different person, which increases the complexity significantly and reduces the possibility of using social knowledge of a single person to attack the password. Also, no one single person knows the password...

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »