Blog Posts Tagged with "Policies and Procedures"

47d6748b0a28ace8263ed75fec1afe4c

Information Security Policies and Procedures Part 4

May 09, 2011 Added by:Alex Hamerstone

The formatting and structure of documentation is not the most enthralling topic. It is however one of the most important elements of effective documentation. Delivering information in a clear and consistent way is essential to ensure documents are easy to use and effective...

Comments  (0)

47d6748b0a28ace8263ed75fec1afe4c

Information Security Policies and Procedures Part 3

May 04, 2011 Added by:Alex Hamerstone

Search engines place a vast body of human knowledge at your fingertips. This vast knowledge often includes the intellectual property of others. Finding policies on the internet and using control H to place your organization’s name in place of another is not only wrong, it is also ineffective...

Comments  (0)

47d6748b0a28ace8263ed75fec1afe4c

Information Security Policies and Procedures Part 2

May 03, 2011 Added by:Alex Hamerstone

As far as information security, every organization will have a unique set of foundational policies. Although there will be many that are common to all organizations, the unique qualities of each organization call for custom policies. How then, do we determine what basic policies we need?

Comments  (0)

4085079c6fe0be2fd371ddbac0c3e7db

Do Software Engineers Encourage Bad Security Practices?

April 26, 2011 Added by:Jamie Adams

As software engineers, we want to deliver the right solutions but when it comes to commercial products, the customers drive the features. Do we simply submit to these demands in order to make a buck or do we take a stand as leaders in information security?

Comments  (2)

67a9d83011f3fbb2cf8503aff453cc24

Web Application Security: Can Developers Learn Secure Coding?

April 25, 2011 Added by:kapil assudani

With a secure coding skillset missing from their primary job responsibility, and no enterprise process that introduces/enforces a secure coding process, there are really no incentives for developers to go the extra mile of introducing security into their code...

Comments  (0)

67a9d83011f3fbb2cf8503aff453cc24

Information Security Risk Management Programs Part 3

April 21, 2011 Added by:kapil assudani

Business use cases must be consumed by the IT group to build functional/non-functional requirements. Security mis-use cases in their remediated language turn into functional/non-functional requirements. If security is engaged - we translate them into detailed technical requirements...

Comments  (0)

Dd9902bc56a9d85cdc62c00083ea4871

Whistleblower Costs CVS $17.5 Million... OK, Then What?

April 20, 2011 Added by:Katie Weaver-Johnson

The federal government is paying whistleblowers, and now that we also have Wikileaks and other public web sites to report to, organizations need to make sure they have more holistic and comprehensive platforms for employees to report suspicious incidents internally...

Comments  (0)

67a9d83011f3fbb2cf8503aff453cc24

Information Security Risk Management Programs Part Two

April 18, 2011 Added by:kapil assudani

In many companies, the culture is to embrace security only where it is absolutely necessary, and this usually comes through corporate security policies and industry regulations. Beyond these, security groups hardly have any teeth - unless its a critical security issue...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

The Biggest Shortcomings of ISO 27001

March 28, 2011 Added by:Dejan Kosutic

This standard will certainly need to change - the current version of is now six years old, and hopefully the next revision will address most of these issues. Although these shortcomings can often cause confusion, I think that the positives of the standard outweigh the negative in large measure...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

Writing Mandatory Procedures for ISO 27001 / BS 25999-2

March 21, 2011 Added by:Dejan Kosutic

By implementing the procedures in a proper way, not only will you have your documentation up-to-date and under control, but you will also ensure that your internal audit makes sense and runs smoothly, and that you always improve your system in a systematic way...

Comments  (3)

9259e8d30306ac2ef4c5dd1936e67634

Seven Steps for Implementing Policies and Procedures

March 17, 2011 Added by:Dejan Kosutic

Have you ever been given the task to write a security policy or a procedure, but you don't want your document to end up gathering dust in some forgotten drawer? Here are some thoughts that might help you...

Comments  (2)

0a8cae998f9c51e3b3c0ccbaddf521aa

Security and the Path of Least Resistance

March 08, 2011 Added by:Rafal Los

When confronted with a complex, convoluted, and difficult set of security controls, users find ways around them. Once these ways are discovered, they proliferate in the organization as people figure out how to get their work done while avoiding the ugly hoops security makes them jump through...

Comments  (2)

47d6748b0a28ace8263ed75fec1afe4c

Information Security Policies and Procedures Part 1

March 04, 2011 Added by:Alex Hamerstone

It is important to note that certain policies may be confidential according to an asset classification program. A Network Security Policy delineating requirements for protections such as connection restrictions or intrusion protection and detection may be valuable for an attacker...

Comments  (0)

Page « < 8 - 9 - 10 - 11 - 12 > »