Items Tagged with "Policy"


0a8cae998f9c51e3b3c0ccbaddf521aa

The Patchwork Cloud - A Model Driven Approach

April 27, 2012 Added by:Rafal Los

As we discussed at OWASP AppSec APAC in Sydney recently, there is still too much focus being given to the security of infrastructure, and we're spending a disproportionate amount of time on the security of networks, servers, etc. rather than actually looking at the applications...

Comments  (0)

B09c361cbdc6cf629affdc7db30a186d

Positioning the Security Team Using Influence Part 2

April 22, 2012 Added by:Steven Fox, CISSP, QSA

Security engineers, analysts, and auditors are apt to use security policies or industry best practices as the foundation of their guidance rather than addressing business needs. While valid in its substance, these appeals to authority are perceived negatively...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Social Media Security Tips for Small Business

April 18, 2012 Added by:Robert Siciliano

Many companies restrict internal access to social media. Others prevent employees from discussing or mentioning the company in social media during private time. Follow these social media security tips for small business to prevent security issues...

Comments  (3)

C4363f41d25c216c53c8d71a1ac44a90

Dutch Response to AIV/CAVV Advice on Digital Warfare

April 09, 2012 Added by:Matthijs R. Koot

The digital domain is a new operational domain for the armed forces. The Ministry of Defense is investing to significantly strengthen existing capabilities and develop new ones including offensive. The right to self-defense also applies to cyber attacks...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Four Unanswered Questions about the Cyber Security Bills

April 04, 2012 Added by:Electronic Frontier Foundation

As Congress continues to weigh the legislation and negotiate potential amendments, users should ask some serious questions about how these proposals will affect thems, and tell Congress that we won't stand for cybersecurity bills that undermine our civil liberties...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Applications Need to Respect User Rights From the Start

March 28, 2012 Added by:Electronic Frontier Foundation

By installing and authorizing an app, users don’t know how much information they are handing over. Without details about policies and practices, how confident can they be in the security of that data against the threat of subpoenas, intrusions, or rogue employees?

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ENISA: Security Through a Public-Private Partnership

March 28, 2012 Added by:Infosec Island Admin

Cooperation in the form of Public Private Partnerships (PPPs) has evolved in many Member States. The European Commission has proposed concrete policy and regulations for improving the security and resilience of public telecommunications...

Comments  (0)

Ebe141392ea3ebf96ba918c780ea1ebe

Eating the Security Dog Food

March 23, 2012 Added by:Wendy Nather

It's harder to be accused of nefarious activities if you are completely above-board, show you're willing to be subject to appropriate limits, and make a point of relinquishing any powers you might have. Call it CYA, call it leading by example, whatever. It's ethically important...

Comments  (0)

5e402abc3fedaf8927900f014ccc031f

What do Credit Card Companies do with Your Personal Info?

March 23, 2012 Added by:Allan Pratt, MBA

The types of personal information companies collect and share depends on the product or service you get from them. This info can include: Social Security number and income, account balances and employment details, and credit history and transaction history...

Comments  (0)

6ba13f7544750cd81809eb83d296112a

Roundtable: Opportunities for HR in Consumerization of IT

March 15, 2012 Added by:Kyle Lagunas

Providing access to all sorts of internal systems for both employees and managers can make for a more adaptable organization regardless of size. IT has struggled with this loss of gatekeeper control, but the sound fiscal results are changing the minds of the C-suite...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Data Classification and Controls Policy for PCI DSS

March 01, 2012 Added by:Danny Lieberman

The first step in protecting customer data is to know what sensitive data you store, classify what you have and set up the appropriate controls. Here is a policy for any merchant or payment processor who wants to achieve and sustain PCI DSS 2.0 compliance and protect data...

Comments  (0)

F29746c6cb299c1755e4087e6126a816

Google Wants to Get to Know You Better... Uh-Oh

February 19, 2012 Added by:Kelly Colgan

The company that started out as a little search engine has grown into a behemoth that dabbles in everything from social networking to picture sharing to 3D modeling. And it plans to integrate information pulled from all of those Google services you use to learn more about you...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

NLRB Issued Second Report on Social Media Enforcement

February 17, 2012 Added by:David Navetta

As we have previously noted in prior posts about the NLRB’s social media enforcement actions, employers should carefully review and adjust their social media policies and practices in light of the NLRB’s guidance and enforcement...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

What Actually Changed in Google’s Privacy Policy

February 14, 2012 Added by:Electronic Frontier Foundation

Google did a great job of informing users that the privacy policy had been changed through emails and notifications. Unfortunately, while the policy might be easier to understand, Google did a less impressive job of publicly explaining what in the policy had actually been changed...

Comments  (0)

Ebbcdce0dfc85abf519d8b44a017f687

Data Privacy: Oxymoron, Wishful Thinking, or Strategic Goal?

February 03, 2012 Added by:Brian Dean

Consumers are desensitized to breaches, as evidenced by the meager rate of consumers applying for free credit monitoring services after a company breach. If you analyze the data that was breached, sometimes you have to ask, “Why are they even collecting all of that data?”

Comments  (0)

68b48711426f3b082ab24e5746a66b36

The What and Why of Compliance

January 19, 2012 Added by:Fergal Glynn

What is a compliance framework? It’s an architected system of policies, controls and objectives designed to keep your business out of trouble and operating securely. It should measure risk and effectiveness, and keep constituents aware and up to date, since risk changes...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »