Items Tagged with "Policy"


On Branding Your Enterprise Compliance Project

July 25, 2011 Added by:Thomas Fox

Even with the economy on the upswing, corporations being extremely conservative on funding, especially for departments which are viewed as more overhead than revenue generating. Project teams who embrace a brand mentality put themselves in a stronger position to achieve their goals...

Comments  (0)


On Romulan Ale and Bird of Prey Malware

July 20, 2011 Added by:Vulcan Mindm3ld

Defenders are bound by a set of process and procedures. An organization’s inflexibility in deviating from them compound the problems. Many changes are often rejected on the basis of economic concerns. The majority are focusing on useless security guidelines such as the DISA PDI GEN001280...

Comments  (2)


Where Are Your Default Admin Passwords?

June 24, 2011 Added by:Bozidar Spirovski

The passwords should be constructed in two parts, each part entered by different person, which increases the complexity significantly and reduces the possibility of using social knowledge of a single person to attack the password. Also, no one single person knows the password...

Comments  (0)


The Permanent Security Issue of Top Management

June 21, 2011 Added by:Bozidar Spirovski

No top manager wants to be bothered with the problems and challenges that security and IT guys are facing. Usually that means that the security request aspects of the solution have not been researched or even familiarized. All this results in a half-baked workaround solution...

Comments  (0)


Five Issues With Obama’s Breach Notification Policy

May 31, 2011 Added by:Kelly Colgan

The proposed bill is nothing more than an outdated, bandwagon approach that creates more red tape for businesses, weakens state law, and overprotects small- to medium-sized companies that suffer data breaches. Bottom line: It offers little, meaningful help to the consumer...

Comments  (0)


Onsite Personnel "Don't Need No Stinkin' Badges" for PCI

May 30, 2011 Added by:Joe Schorr

To truly improve their security posture, companies should create (and enforce) a mandatory ID Badge policy for visitors and employees. An effective policy coupled with good security awareness training will go a long way to closing up this particular gap in PCI-DSS 2.0...

Comments  (2)


Infosec: Is the Cynic-Signal Broken?

May 27, 2011 Added by:Javvad Malik

Why do they put brakes in cars? If you answered “to make you stop”, you’re kind of wrong. The correct answer is, they put brakes in cars so that you can go faster. In many ways, security is similar. However, security doesn’t just bolt onto a business - it's a mindset...

Comments  (0)


Fourteen Important Security Policy Strategies

May 24, 2011 Added by:Global Knowledge

In light of today's information economy, security is essential across every aspect of both small and large organizations. Without sensible security, an organization is at risk not only from malicious outsiders but also ill-intentioned employees or random mistakes...

Comments  (0)


On Data Retention – When Not to Backup Data

May 24, 2011 Added by:Danny Lieberman

How much damage would be incurred if there was breach? For the purpose of asset valuation, we distinguish between customer data without PII and customer data that may have PII. Let’s consider 4 key assets of a company that designs and manufactures widgets and sells them over the Internet...

Comments  (0)


Convenience or Security?

May 19, 2011 Added by:Emmett Jorgensen

Can mobile devices be managed without limiting their functionality and convenience? Obviously, there’s no easy answer to this question. Much of how an organization handles its security policy depends on the type of business it is and the sensitivity of the information being handled...

Comments  (0)


Every Employee is a Security Partner

May 18, 2011 Added by:Robb Reck

By using a well-tested framework we can ensure that our organization’s security needs are adequately documented. The policies are critical, but they are only the framework. To flesh out the program we need the actual implementation, and that’s where the rest of the staff comes in...

Comments  (4)


An Example of a Successful BCP Implementation

May 08, 2011 Added by:Nabeel Shamsi

A BCP is more just running the networks and servers. It is about the customers. It is about making sure that the company can do business with its customers with minimum interruption. The goal is to be there when you customers need you and not to lose any of your customers...

Comments  (0)


The Importance of a Statement of Applicability for ISO 27001

April 27, 2011 Added by:Dejan Kosutic

You shouldn't consider the Statement of Applicability as just an "overhead document" that has no use in real life. Written properly, an SoA is a perfect overview of what needs to be done in information security, why it has to be done, and how it is done...

Comments  (0)


Five Ways to Improve Enterprise Data Security Programs

April 22, 2011 Added by:Headlines

What constitutes an acceptable level of information security risk in an environment when intellectual property, personal customer information and the brand are at stake? It’s a tough decision, but one that should be made to form the foundation of an information security program...

Comments  (0)


Information Security Risk Management Programs Part 3

April 21, 2011 Added by:kapil assudani

Business use cases must be consumed by the IT group to build functional/non-functional requirements. Security mis-use cases in their remediated language turn into functional/non-functional requirements. If security is engaged - we translate them into detailed technical requirements...

Comments  (0)


Information Security Risk Management Programs Part Two

April 18, 2011 Added by:kapil assudani

In many companies, the culture is to embrace security only where it is absolutely necessary, and this usually comes through corporate security policies and industry regulations. Beyond these, security groups hardly have any teeth - unless its a critical security issue...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »