Items Tagged with "Policy"
January 12, 2017 Added by:Nathan Wenzler
Any security program can benefit immediately by reviewing internal policies, improving the metrics used to measure their program's success, and consulting with legal counsel to ensure proper insurances and other risk mitigation plans are in place.
February 11, 2013 Added by:Steve Ragan
If you need a one off example this week of why internal policies are important, or why failure to adhere to them could spell trouble, look no further than Bit9.
December 18, 2012 Added by:Ben Rothke
While few organizations have specific policies around big data, even less how though about the ways in which people in their organization use that data and the ethical issues involved. The benefits of big data analytics are significant, but the potential for abuse is also considerable...
December 13, 2012 Added by:Electronic Frontier Foundation
It shouldn't be controversial to demand evidence-based policies in the copyright space. But Congress has failed to engage in an informed discussion over which copyright policies advance the public interest, and which ones cause harm. That's why we're supporting our friends at Fight for the Future...
September 18, 2012 Added by:Joel Harding
We are stuck in “Definitional Wars” or the struggle to get definitions approved that are not only accurate but widely accepted. A bigger problem is the constant evolution of technology and terminology, by the time a definition is published, it is usually obsolete...
September 11, 2012 Added by:Stefano Mele
According to a new report from the DoD Inspector General, security policies "often overlap, are fragmentary, or inconsistent". The sheer volume of policies that are not integrated makes it difficult for those in the field to ensure consistent and comprehensive policy implementation...
August 28, 2012 Added by:Christopher Rodgers
Management sometimes assumes that when they have identified and summarized the top risks to their organization through a Strategic Risk Assessment, that they have implemented ERM. This is simply not the case. Strategic Risk Assessment is an important component of ERM and usually a starting point, but not a final destination...
August 28, 2012 Added by:Tripwire Inc
The common reason to push the security team over to the side or down the org chart is due to a belief that what they do isn’t a core value proposition for the company. By reinforcing the idea that security is low priority it creates impediments for the business and the security team to negotiate risk and work collaboratively...
August 22, 2012 Added by:Tripwire Inc
This typical reaction I get in the US is many organizations see compliance as a “tax” and try to get away with doing the bare minimum. How do you and your organizations view compliance? Do you see it as a four-letter word, a nuisance, or as a step along the path to more effective security?
August 19, 2012 Added by:Electronic Frontier Foundation
The public has been pushing back on broad use of drones by law enforcement. At the request of reporters, advocacy organizations and city councils, public agencies have been required to justify their drone purchases and develop clear policies on when and under what conditions they will use drones for surveillance...
July 31, 2012 Added by:Don Eijndhoven
What is neutral behavior in the context of cyber warfare? Are you, as a neutral country obliged to drop all traffic between these two waring nations that crosses your networks? And if you’re not, are you obliged to make sure none of the cyber attacks are originating from compromised systems within your borders?
July 18, 2012 Added by:Matthijs R. Koot
The biggest threat in the digital domain is due to high-end and complex digital offensive capabilities that are targeted at a specific targets that can severely limit the the armed forces' ability to act. A lack of insight into digital possibilities to carry out attacks is a real risk to the armed forces...
July 15, 2012 Added by:Tripwire Inc
Want to add layers, or change your defense in depth approach? Your Information Systems team is just the beginning. What business unit will you impact? How will they be impacted, and when is the optimum time to do this? Depending on scope, this could even ripple through your business continuity program...
July 11, 2012
The purpose of this publication is to help organizations centrally manage and secure mobile devices against a variety of threats. This publication provides recommendations for selecting, implementing, and using centralized management technologies, and it explains the security concerns inherent in mobile device use...
June 29, 2012
The report, ‘Incentives and barriers to the cyber insurance market in Europe,’ highlights the fact that while cyber security is an important concern for policy makers, businesses and citizens, traditional coverage offered by insurance providers may not comprehensively address digital risk...
June 28, 2012 Added by:Keith Mendoza
Some will argue that using the documentation is a cop out; that it's more of a liability protection than "secure programming". I would argue that the documentation should be part of the "secure programming" practice because it makes it clear to everyone what they should expect from the application...