Blog Posts Tagged with "Policy"

959779642e6e758563e80b5d83150a9f

How to Make Federal Data Security Effective

April 06, 2011 Added by:Danny Lieberman

In order to improve IT security countermeasure effectiveness in the Federal Government, the OMB should reduce base payments to contractors who provide IT security services and link their compensation to a reduction in the damage caused to government data and network assets...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Compliance and Ethics: Tone from the Middle

March 25, 2011 Added by:Thomas Fox

In the communication of company values, a company must speak with one voice. This core concept needs to be communicated throughout the organization. It is not meant as challenge to employee’s personal views or their lifestyle, but as a company, it is important to speak as one...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

Privacy Enforcement: FTC Settles with Twitter and Chitika

March 20, 2011 Added by:David Navetta

Companies are well advised to take proactive approach to compliance with privacy and information security laws, regulations, guidelines and best practices. The FTC expects businesses to collect, use, disclose and process personal information in a fair and transparent way...

Comments  (0)

485f5553442ebdfbfa4926166697c319

Enforcing Authentication on Employee Smartphones

March 14, 2011 Added by:Roman Yudkin

As employees continue to use their smartphones for both personal and business purposes, businesses must begin implementing stringent security measures and educating their employees on the importance of protecting the mobile devices and specific applications with layers of authentication...

Comments  (0)

509ea0c1f4a210534eb004d35c10aa2d

ISA Endorses Civil Liberties Cybersecurity Document

March 07, 2011 Added by:Marjorie Morgan

"When it comes to enhancing our nation’s cyber security we understand that the devil is in the details. That’s why we have worked over the past six months to hammer out very specific policy positions... in a way that protects our national security, our economy and our civil liberties..."

Comments  (0)

37d5f81e2277051bc17116221040d51c

Shoring Up National Cyber Security Infrastructure

February 21, 2011 Added by:Robert Siciliano

Corporations and government agencies are legally required to secure their systems. But no such standards exist for the consumer. No laws require you to take a single step for the sake of your own security. Software vendors should certainly be held accountable if their products aren’t secure...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

The ERC on Whistleblowing Workplace Misconduct

February 19, 2011 Added by:Thomas Fox

In strong ethical cultures, with a tone at the top that makes it clear that ethics do matter, where supervisors aggressively reinforce the ethics message, and where both employees and managers alike are held to high ethical standards, more employees report misconducts to their direct supervisor...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Four Components of a Successful SSA Program

February 15, 2011 Added by:Rafal Los

Process can be outlined in documentation and stored on a network share or published in a booklet on everyone's desktop. Process can be a workflow-driven project management system that requires a security-infused approach from requirements gathering all the way through post-release...

Comments  (0)

D10dcc9a486fad27327de115a81f51d8

The Second Law of Risk Management

February 14, 2011 Added by:Healthcare CSO

One of the most critical things that security practitioners tend to not get, to not understand, is that being part of the business means you contribute to the success of the business. Better information security, generally, is not considered contributing to the success of the business...

Comments  (1)

972cda1e62b72640cb7ac702714a115f

Managing the Infosec Investigative Function

February 13, 2011 Added by:Kurt Aubuchon

Conducting effective investigations requires specialized knowledge, skills, and abilities. It is not necessarily the case that the Infosec analyst who can manage a tight network perimeter can also conduct a good investigation. Investigations are risky and politically sensitive affairs...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Internal Controls Under the FCPA

February 11, 2011 Added by:Thomas Fox

Generally speaking, Internal Controls are policies, procedures and training which are installed to safeguard that a business’ assets are utilized in an appropriate manner; with proper oversight and approval and that all company transactions are properly recorded in its books and records...

Comments  (0)

B44a73900ca3197c2d8f148e303b3faa

Policies: What I Learned From Being a “Dummy”

February 10, 2011 Added by:Brad Bemis

I wonder what the world would be like if we wrote our policies and supporting documentation in a for-dummies-like format. Why? Because right now the common security policy fits the same bill that all those stuffy, confusing, technical references once did – and they simply don’t work...

Comments  (5)

C787d4daae33f0e155e00c614f07b0ee

On Being the "Department of No"

February 03, 2011 Added by:Robb Reck

Being known as the “Department of No” is problematic. Once a reputation is established that information security is where good ideas go to die, people start finding ways around it. Projects get pushed through without security being involved or without being involved early enough to make a difference...

Comments  (7)

69dafe8b58066478aea48f3d0f384820

Top Ten Security Questions for CEOs to Ask

February 03, 2011 Added by:Headlines

Translating the jargon laden techno babble of information security into a language the CxO level can understand and find actionable is one of the biggest hurdles the infosec professional faces. In an article by Gary Loveland, the top ten questions CEOs need to ask about security issues are outlined...

Comments  (0)

D10dcc9a486fad27327de115a81f51d8

The First Law of Risk Management

February 03, 2011 Added by:Healthcare CSO

Failure to escalate the risk to the management level with scope, authority and ability to manage the risk inevitably leads to a crisis. Every case of security crisis that I have ever been involved with inevitably had a situation where risk was being managed at the wrong level of the organization...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Eleven Log Management Resolutions for 2011

February 01, 2011 Added by:Anton Chuvakin

One of the simplest ways to commit to logging in 2011 is to commit to monitoring when logging stops. Apart from being a violation of a few regulatory compliance mandates, termination of logging – whether due to an attacker or by mistake – is something you need to know right when it happens...

Comments  (0)

Page « < 4 - 5 - 6 - 7 - 8 > »