Items Tagged with "Policies and Procedures"
August 20, 2012 Added by:Rafal Los
In far too many organizations leaders and practitioners tell me that the role of Information Security is to protect the organization. Accepting this thinking got us into the predicament where are today, where security isn't everyone's job and only Infosec is thinking about security. This couldn't be more wrong...
August 19, 2012 Added by:Christopher Laing
Activities that threaten your business are the downloading and opening of attachments and Internet files that contain malicious software, and the electronic delivery/distribution of business sensitive information without encryption. This may done either accidentally or deliberately by a disgruntled employee...
August 15, 2012 Added by:Rafal Los
Does it make sense to repurpose "security awareness" to be inclusive of corporate and personal responsibility? Should we have users sign agreements that make them aware they are responsible, personally, when bad things happen as a result of their actions? Should there be HR actions against users who are reckless?
August 15, 2012
During the chaotic first minutes when a computer system is under attack, having a well-prepared incident response plan to follow ensures that steps occur in the correct order. The revised NIST guide provides instructions for new or well-established incident response teams to create a proper policy and plan...
August 09, 2012 Added by:Michelle Drolet
There’s no one-size-fits-all solution. In creating a policy you have to consider what devices to support, how much access to give them, and what kind of budget to allocate. Do you have specific compliance issues? Are you willing to subsidize data plans or device purchases? How do you ensure company data is secure?
August 08, 2012 Added by:Fergal Glynn
Devices aren’t the main problem in a BYOD strategy: employees are. That’s why BYOD is not just a technical issue. It needs a holistic approach that includes HR, data security and legal stakeholders. Organizations adopting a BYOD strategy should put in place a strategy that includes policies and technical constraints...
August 08, 2012 Added by:Thomas Fox
This is not the problem where the legal department or compliance department is viewed as the Land of No, inhabited by only Dr. No. It is, instead, the perception that legal or compliance simply institutes requirements without even talking to the people they affect the most, the business unit employees...
August 07, 2012 Added by:Rafal Los
When it comes down to it, BYOD is only possible if you've got the basics of data-centric security right. You know, protecting the actual data rather than trying to build elaborate structures around the things that work with that data in order to compensate. Let me explain...
August 06, 2012 Added by:Neira Jones
With social networks transforming the rules of business engagement, many businesses think the biggest risk of social media is the brand and reputational damage that could result from negative interactions or the potential disclosure of proprietary or sensitive information...
August 06, 2012 Added by:Rafal Los
BYOD is going to take the many small holes in your environment and drive a semi truck through them... blowing a hole the size of a Buick in what security we have now. And it's not just because BYOD is going to happen whether you like it or not - but because we need to fix this train wreck we call corporate security...
August 05, 2012 Added by:PCI Guru
Security awareness training has its place, but it is not a silver bullet. The world is full of risks and a security professional’s job is to minimize those risks and manage the remaining residual risk. This is why security is done in layers, so that when people make that mistake you minimize the impact...
August 05, 2012 Added by:Allan Pratt, MBA
If we don’t continue to raise issues about online privacy and security, websites and their companies’ leadership will continue to demand access to our confidential information under the pretense of doing business, or in scarier terms, doing business as usual. One website that causes concern is Foursquare...
August 02, 2012 Added by:Dave Shackleford
Most security awareness programs SUCK. I bet the majority of the awareness proselytizers are doing the same old crap with some stupid Web-based Flash thingie that people click through as fast as they can, and a little printout goes in their HR folder. UGH. That doesn’t work, never has, and never will...
August 01, 2012 Added by:Rafal Los
Productivity is nice to talk about when you can sit at home and read your corporate email on your tablet, or mobile phone - but what if that device is ridden with malware, or hijacked to be part of a botnet, there are very serious security and productivity implications there. Let's expand on this a bit...
July 29, 2012 Added by:Christopher Laing
Risks are just circumstances that if they occurred, would have some impact on the business. Naturally risks can potentially disrupt the business, but if identified, planned for, and effectively managed, risks can have a beneficial impact on the business. The key word here is managed...
July 27, 2012 Added by:Kelly Colgan
It’s not just about protecting ourselves from identity theft or fraud like when our account number or government-issued ID numbers are exposed. It’s what I like to call privacy for the sake of privacy. Just knowing that someone could be looking at our personal histories doesn’t sit well with the public...