Blog Posts Tagged with "Policy"
January 12, 2017 Added by:Nathan Wenzler
Any security program can benefit immediately by reviewing internal policies, improving the metrics used to measure their program's success, and consulting with legal counsel to ensure proper insurances and other risk mitigation plans are in place.
February 11, 2013 Added by:Steve Ragan
If you need a one off example this week of why internal policies are important, or why failure to adhere to them could spell trouble, look no further than Bit9.
December 18, 2012 Added by:Ben Rothke
While few organizations have specific policies around big data, even less how though about the ways in which people in their organization use that data and the ethical issues involved. The benefits of big data analytics are significant, but the potential for abuse is also considerable...
December 13, 2012 Added by:Electronic Frontier Foundation
It shouldn't be controversial to demand evidence-based policies in the copyright space. But Congress has failed to engage in an informed discussion over which copyright policies advance the public interest, and which ones cause harm. That's why we're supporting our friends at Fight for the Future...
September 18, 2012 Added by:Joel Harding
We are stuck in “Definitional Wars” or the struggle to get definitions approved that are not only accurate but widely accepted. A bigger problem is the constant evolution of technology and terminology, by the time a definition is published, it is usually obsolete...
September 11, 2012 Added by:Stefano Mele
According to a new report from the DoD Inspector General, security policies "often overlap, are fragmentary, or inconsistent". The sheer volume of policies that are not integrated makes it difficult for those in the field to ensure consistent and comprehensive policy implementation...
August 28, 2012 Added by:Christopher Rodgers
Management sometimes assumes that when they have identified and summarized the top risks to their organization through a Strategic Risk Assessment, that they have implemented ERM. This is simply not the case. Strategic Risk Assessment is an important component of ERM and usually a starting point, but not a final destination...
August 28, 2012 Added by:Tripwire Inc
The common reason to push the security team over to the side or down the org chart is due to a belief that what they do isn’t a core value proposition for the company. By reinforcing the idea that security is low priority it creates impediments for the business and the security team to negotiate risk and work collaboratively...
August 22, 2012 Added by:Tripwire Inc
This typical reaction I get in the US is many organizations see compliance as a “tax” and try to get away with doing the bare minimum. How do you and your organizations view compliance? Do you see it as a four-letter word, a nuisance, or as a step along the path to more effective security?
August 19, 2012 Added by:Electronic Frontier Foundation
The public has been pushing back on broad use of drones by law enforcement. At the request of reporters, advocacy organizations and city councils, public agencies have been required to justify their drone purchases and develop clear policies on when and under what conditions they will use drones for surveillance...
July 31, 2012 Added by:Don Eijndhoven
What is neutral behavior in the context of cyber warfare? Are you, as a neutral country obliged to drop all traffic between these two waring nations that crosses your networks? And if you’re not, are you obliged to make sure none of the cyber attacks are originating from compromised systems within your borders?
July 18, 2012 Added by:Matthijs R. Koot
The biggest threat in the digital domain is due to high-end and complex digital offensive capabilities that are targeted at a specific targets that can severely limit the the armed forces' ability to act. A lack of insight into digital possibilities to carry out attacks is a real risk to the armed forces...
July 15, 2012 Added by:Tripwire Inc
Want to add layers, or change your defense in depth approach? Your Information Systems team is just the beginning. What business unit will you impact? How will they be impacted, and when is the optimum time to do this? Depending on scope, this could even ripple through your business continuity program...
June 28, 2012 Added by:Keith Mendoza
Some will argue that using the documentation is a cop out; that it's more of a liability protection than "secure programming". I would argue that the documentation should be part of the "secure programming" practice because it makes it clear to everyone what they should expect from the application...
June 20, 2012 Added by:gaToMaLo r. amores
"Threats are rapidly evolving both in frequency and sophistication. Threats emanating from cyberspace – whether from states, hacktivists or criminal organizations, among many others – pose a considerable challenge to the Alliance and must be dealt with as a matter of urgency"...
June 13, 2012 Added by:Headlines
Attribution is hard because of the nature of attacks, which tend to have several stages and the whole attack is spread over a long period of time. It is of no help either that the Internet is governed by multiple jurisdictions so international cooperation is necessary but often lacking...
Hacker to Release Symantec's PCAnywhere Sour... Jerry Shaw on 10-05-2015
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015