Blog Posts Tagged with "Policy"


How to Make Federal Data Security Effective

April 06, 2011 Added by:Danny Lieberman

In order to improve IT security countermeasure effectiveness in the Federal Government, the OMB should reduce base payments to contractors who provide IT security services and link their compensation to a reduction in the damage caused to government data and network assets...

Comments  (0)


Compliance and Ethics: Tone from the Middle

March 25, 2011 Added by:Thomas Fox

In the communication of company values, a company must speak with one voice. This core concept needs to be communicated throughout the organization. It is not meant as challenge to employee’s personal views or their lifestyle, but as a company, it is important to speak as one...

Comments  (0)


Privacy Enforcement: FTC Settles with Twitter and Chitika

March 20, 2011 Added by:David Navetta

Companies are well advised to take proactive approach to compliance with privacy and information security laws, regulations, guidelines and best practices. The FTC expects businesses to collect, use, disclose and process personal information in a fair and transparent way...

Comments  (0)


Enforcing Authentication on Employee Smartphones

March 14, 2011 Added by:Roman Yudkin

As employees continue to use their smartphones for both personal and business purposes, businesses must begin implementing stringent security measures and educating their employees on the importance of protecting the mobile devices and specific applications with layers of authentication...

Comments  (0)


ISA Endorses Civil Liberties Cybersecurity Document

March 07, 2011 Added by:Marjorie Morgan

"When it comes to enhancing our nation’s cyber security we understand that the devil is in the details. That’s why we have worked over the past six months to hammer out very specific policy positions... in a way that protects our national security, our economy and our civil liberties..."

Comments  (0)


Shoring Up National Cyber Security Infrastructure

February 21, 2011 Added by:Robert Siciliano

Corporations and government agencies are legally required to secure their systems. But no such standards exist for the consumer. No laws require you to take a single step for the sake of your own security. Software vendors should certainly be held accountable if their products aren’t secure...

Comments  (0)


The ERC on Whistleblowing Workplace Misconduct

February 19, 2011 Added by:Thomas Fox

In strong ethical cultures, with a tone at the top that makes it clear that ethics do matter, where supervisors aggressively reinforce the ethics message, and where both employees and managers alike are held to high ethical standards, more employees report misconducts to their direct supervisor...

Comments  (1)


Four Components of a Successful SSA Program

February 15, 2011 Added by:Rafal Los

Process can be outlined in documentation and stored on a network share or published in a booklet on everyone's desktop. Process can be a workflow-driven project management system that requires a security-infused approach from requirements gathering all the way through post-release...

Comments  (0)


The Second Law of Risk Management

February 14, 2011 Added by:Healthcare CSO

One of the most critical things that security practitioners tend to not get, to not understand, is that being part of the business means you contribute to the success of the business. Better information security, generally, is not considered contributing to the success of the business...

Comments  (1)


Managing the Infosec Investigative Function

February 13, 2011 Added by:Kurt Aubuchon

Conducting effective investigations requires specialized knowledge, skills, and abilities. It is not necessarily the case that the Infosec analyst who can manage a tight network perimeter can also conduct a good investigation. Investigations are risky and politically sensitive affairs...

Comments  (0)


Internal Controls Under the FCPA

February 11, 2011 Added by:Thomas Fox

Generally speaking, Internal Controls are policies, procedures and training which are installed to safeguard that a business’ assets are utilized in an appropriate manner; with proper oversight and approval and that all company transactions are properly recorded in its books and records...

Comments  (0)


Policies: What I Learned From Being a “Dummy”

February 10, 2011 Added by:Brad Bemis

I wonder what the world would be like if we wrote our policies and supporting documentation in a for-dummies-like format. Why? Because right now the common security policy fits the same bill that all those stuffy, confusing, technical references once did – and they simply don’t work...

Comments  (5)


On Being the "Department of No"

February 03, 2011 Added by:Robb Reck

Being known as the “Department of No” is problematic. Once a reputation is established that information security is where good ideas go to die, people start finding ways around it. Projects get pushed through without security being involved or without being involved early enough to make a difference...

Comments  (7)


Top Ten Security Questions for CEOs to Ask

February 03, 2011 Added by:Headlines

Translating the jargon laden techno babble of information security into a language the CxO level can understand and find actionable is one of the biggest hurdles the infosec professional faces. In an article by Gary Loveland, the top ten questions CEOs need to ask about security issues are outlined...

Comments  (0)


The First Law of Risk Management

February 03, 2011 Added by:Healthcare CSO

Failure to escalate the risk to the management level with scope, authority and ability to manage the risk inevitably leads to a crisis. Every case of security crisis that I have ever been involved with inevitably had a situation where risk was being managed at the wrong level of the organization...

Comments  (0)


Eleven Log Management Resolutions for 2011

February 01, 2011 Added by:Anton Chuvakin

One of the simplest ways to commit to logging in 2011 is to commit to monitoring when logging stops. Apart from being a violation of a few regulatory compliance mandates, termination of logging – whether due to an attacker or by mistake – is something you need to know right when it happens...

Comments  (0)

Page « < 4 - 5 - 6 - 7 - 8 > »