Items Tagged with "Policy"


BYOD is really BYOPMD

May 07, 2012 Added by:Phil Klassen

BYOD should make the security society very nervous. For those who still believe that personal devices will never be a part of your network, remember, never say never. Regardless if non-corporate devices have accessed your network or not, the first step is acceptable use policy...

Comments  (2)


The Patchwork Cloud - A Model Driven Approach

April 27, 2012 Added by:Rafal Los

As we discussed at OWASP AppSec APAC in Sydney recently, there is still too much focus being given to the security of infrastructure, and we're spending a disproportionate amount of time on the security of networks, servers, etc. rather than actually looking at the applications...

Comments  (0)


Positioning the Security Team Using Influence Part 2

April 22, 2012 Added by:Steven Fox, CISSP, QSA

Security engineers, analysts, and auditors are apt to use security policies or industry best practices as the foundation of their guidance rather than addressing business needs. While valid in its substance, these appeals to authority are perceived negatively...

Comments  (0)


Social Media Security Tips for Small Business

April 18, 2012 Added by:Robert Siciliano

Many companies restrict internal access to social media. Others prevent employees from discussing or mentioning the company in social media during private time. Follow these social media security tips for small business to prevent security issues...

Comments  (3)


Dutch Response to AIV/CAVV Advice on Digital Warfare

April 09, 2012 Added by:Matthijs R. Koot

The digital domain is a new operational domain for the armed forces. The Ministry of Defense is investing to significantly strengthen existing capabilities and develop new ones including offensive. The right to self-defense also applies to cyber attacks...

Comments  (0)


Four Unanswered Questions about the Cyber Security Bills

April 04, 2012 Added by:Electronic Frontier Foundation

As Congress continues to weigh the legislation and negotiate potential amendments, users should ask some serious questions about how these proposals will affect thems, and tell Congress that we won't stand for cybersecurity bills that undermine our civil liberties...

Comments  (0)


Applications Need to Respect User Rights From the Start

March 28, 2012 Added by:Electronic Frontier Foundation

By installing and authorizing an app, users don’t know how much information they are handing over. Without details about policies and practices, how confident can they be in the security of that data against the threat of subpoenas, intrusions, or rogue employees?

Comments  (0)


ENISA: Security Through a Public-Private Partnership

March 28, 2012 Added by:Infosec Island Admin

Cooperation in the form of Public Private Partnerships (PPPs) has evolved in many Member States. The European Commission has proposed concrete policy and regulations for improving the security and resilience of public telecommunications...

Comments  (0)


Eating the Security Dog Food

March 23, 2012 Added by:Wendy Nather

It's harder to be accused of nefarious activities if you are completely above-board, show you're willing to be subject to appropriate limits, and make a point of relinquishing any powers you might have. Call it CYA, call it leading by example, whatever. It's ethically important...

Comments  (0)


What do Credit Card Companies do with Your Personal Info?

March 23, 2012 Added by:Allan Pratt, MBA

The types of personal information companies collect and share depends on the product or service you get from them. This info can include: Social Security number and income, account balances and employment details, and credit history and transaction history...

Comments  (0)


Roundtable: Opportunities for HR in Consumerization of IT

March 15, 2012 Added by:Kyle Lagunas

Providing access to all sorts of internal systems for both employees and managers can make for a more adaptable organization regardless of size. IT has struggled with this loss of gatekeeper control, but the sound fiscal results are changing the minds of the C-suite...

Comments  (0)


Data Classification and Controls Policy for PCI DSS

March 01, 2012 Added by:Danny Lieberman

The first step in protecting customer data is to know what sensitive data you store, classify what you have and set up the appropriate controls. Here is a policy for any merchant or payment processor who wants to achieve and sustain PCI DSS 2.0 compliance and protect data...

Comments  (0)


Google Wants to Get to Know You Better... Uh-Oh

February 19, 2012 Added by:Kelly Colgan

The company that started out as a little search engine has grown into a behemoth that dabbles in everything from social networking to picture sharing to 3D modeling. And it plans to integrate information pulled from all of those Google services you use to learn more about you...

Comments  (0)


NLRB Issued Second Report on Social Media Enforcement

February 17, 2012 Added by:David Navetta

As we have previously noted in prior posts about the NLRB’s social media enforcement actions, employers should carefully review and adjust their social media policies and practices in light of the NLRB’s guidance and enforcement...

Comments  (0)


What Actually Changed in Google’s Privacy Policy

February 14, 2012 Added by:Electronic Frontier Foundation

Google did a great job of informing users that the privacy policy had been changed through emails and notifications. Unfortunately, while the policy might be easier to understand, Google did a less impressive job of publicly explaining what in the policy had actually been changed...

Comments  (0)


Data Privacy: Oxymoron, Wishful Thinking, or Strategic Goal?

February 03, 2012 Added by:Brian Dean

Consumers are desensitized to breaches, as evidenced by the meager rate of consumers applying for free credit monitoring services after a company breach. If you analyze the data that was breached, sometimes you have to ask, “Why are they even collecting all of that data?”

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »