Blog Posts Tagged with "Policy"


The Permanent Security Issue of Top Management

June 21, 2011 Added by:Bozidar Spirovski

No top manager wants to be bothered with the problems and challenges that security and IT guys are facing. Usually that means that the security request aspects of the solution have not been researched or even familiarized. All this results in a half-baked workaround solution...

Comments  (0)


Five Issues With Obama’s Breach Notification Policy

May 31, 2011 Added by:Kelly Colgan

The proposed bill is nothing more than an outdated, bandwagon approach that creates more red tape for businesses, weakens state law, and overprotects small- to medium-sized companies that suffer data breaches. Bottom line: It offers little, meaningful help to the consumer...

Comments  (0)


Onsite Personnel "Don't Need No Stinkin' Badges" for PCI

May 30, 2011 Added by:Joe Schorr

To truly improve their security posture, companies should create (and enforce) a mandatory ID Badge policy for visitors and employees. An effective policy coupled with good security awareness training will go a long way to closing up this particular gap in PCI-DSS 2.0...

Comments  (2)


Infosec: Is the Cynic-Signal Broken?

May 27, 2011 Added by:Javvad Malik

Why do they put brakes in cars? If you answered “to make you stop”, you’re kind of wrong. The correct answer is, they put brakes in cars so that you can go faster. In many ways, security is similar. However, security doesn’t just bolt onto a business - it's a mindset...

Comments  (0)


Fourteen Important Security Policy Strategies

May 24, 2011 Added by:Global Knowledge

In light of today's information economy, security is essential across every aspect of both small and large organizations. Without sensible security, an organization is at risk not only from malicious outsiders but also ill-intentioned employees or random mistakes...

Comments  (0)


On Data Retention – When Not to Backup Data

May 24, 2011 Added by:Danny Lieberman

How much damage would be incurred if there was breach? For the purpose of asset valuation, we distinguish between customer data without PII and customer data that may have PII. Let’s consider 4 key assets of a company that designs and manufactures widgets and sells them over the Internet...

Comments  (0)


Convenience or Security?

May 19, 2011 Added by:Emmett Jorgensen

Can mobile devices be managed without limiting their functionality and convenience? Obviously, there’s no easy answer to this question. Much of how an organization handles its security policy depends on the type of business it is and the sensitivity of the information being handled...

Comments  (0)


Every Employee is a Security Partner

May 18, 2011 Added by:Robb Reck

By using a well-tested framework we can ensure that our organization’s security needs are adequately documented. The policies are critical, but they are only the framework. To flesh out the program we need the actual implementation, and that’s where the rest of the staff comes in...

Comments  (4)


An Example of a Successful BCP Implementation

May 08, 2011 Added by:Nabeel Shamsi

A BCP is more just running the networks and servers. It is about the customers. It is about making sure that the company can do business with its customers with minimum interruption. The goal is to be there when you customers need you and not to lose any of your customers...

Comments  (0)


The Importance of a Statement of Applicability for ISO 27001

April 27, 2011 Added by:Dejan Kosutic

You shouldn't consider the Statement of Applicability as just an "overhead document" that has no use in real life. Written properly, an SoA is a perfect overview of what needs to be done in information security, why it has to be done, and how it is done...

Comments  (0)


Five Ways to Improve Enterprise Data Security Programs

April 22, 2011 Added by:Headlines

What constitutes an acceptable level of information security risk in an environment when intellectual property, personal customer information and the brand are at stake? It’s a tough decision, but one that should be made to form the foundation of an information security program...

Comments  (0)


Information Security Risk Management Programs Part 3

April 21, 2011 Added by:kapil assudani

Business use cases must be consumed by the IT group to build functional/non-functional requirements. Security mis-use cases in their remediated language turn into functional/non-functional requirements. If security is engaged - we translate them into detailed technical requirements...

Comments  (0)


Information Security Risk Management Programs Part Two

April 18, 2011 Added by:kapil assudani

In many companies, the culture is to embrace security only where it is absolutely necessary, and this usually comes through corporate security policies and industry regulations. Beyond these, security groups hardly have any teeth - unless its a critical security issue...

Comments  (0)


Detailed FISMA Logging Guidance Continued

April 18, 2011 Added by:Anton Chuvakin

Configuring tools needs to happen after the policy is created. Goals first, infrastructure choices second. In case of privacy and other regulations on top of FISMA, the legal department should also have their say, however unpalatable it may be to the security team...

Comments  (0)


Business Continuity for SMB's – A Necessity or Not?

April 13, 2011 Added by:Dejan Kosutic

There is no difference between large organizations and small with regard to business continuity framework - they both have to think in detail what preparations they need to perform in order to survive a disaster. The difference is SMB's can do it with very little investment...

Comments  (0)


Incident Response: Practice Makes Perfect

April 09, 2011 Added by:Brent Huston

Perhaps you will be lucky and never experience a bad information security incident. But if you do, you will be very glad indeed if you have a well practiced information security incident response program in place...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »