Items Tagged with "Policy"
April 27, 2012 Added by:Rafal Los
As we discussed at OWASP AppSec APAC in Sydney recently, there is still too much focus being given to the security of infrastructure, and we're spending a disproportionate amount of time on the security of networks, servers, etc. rather than actually looking at the applications...
April 22, 2012 Added by:Steven Fox, CISSP, QSA
Security engineers, analysts, and auditors are apt to use security policies or industry best practices as the foundation of their guidance rather than addressing business needs. While valid in its substance, these appeals to authority are perceived negatively...
April 18, 2012 Added by:Robert Siciliano
Many companies restrict internal access to social media. Others prevent employees from discussing or mentioning the company in social media during private time. Follow these social media security tips for small business to prevent security issues...
April 09, 2012 Added by:Matthijs R. Koot
The digital domain is a new operational domain for the armed forces. The Ministry of Defense is investing to significantly strengthen existing capabilities and develop new ones including offensive. The right to self-defense also applies to cyber attacks...
April 04, 2012 Added by:Electronic Frontier Foundation
As Congress continues to weigh the legislation and negotiate potential amendments, users should ask some serious questions about how these proposals will affect thems, and tell Congress that we won't stand for cybersecurity bills that undermine our civil liberties...
March 28, 2012 Added by:Electronic Frontier Foundation
By installing and authorizing an app, users don’t know how much information they are handing over. Without details about policies and practices, how confident can they be in the security of that data against the threat of subpoenas, intrusions, or rogue employees?
March 28, 2012 Added by:Infosec Island Admin
Cooperation in the form of Public Private Partnerships (PPPs) has evolved in many Member States. The European Commission has proposed concrete policy and regulations for improving the security and resilience of public telecommunications...
March 23, 2012 Added by:Wendy Nather
It's harder to be accused of nefarious activities if you are completely above-board, show you're willing to be subject to appropriate limits, and make a point of relinquishing any powers you might have. Call it CYA, call it leading by example, whatever. It's ethically important...
March 23, 2012 Added by:Allan Pratt, MBA
The types of personal information companies collect and share depends on the product or service you get from them. This info can include: Social Security number and income, account balances and employment details, and credit history and transaction history...
March 15, 2012 Added by:Kyle Lagunas
Providing access to all sorts of internal systems for both employees and managers can make for a more adaptable organization regardless of size. IT has struggled with this loss of gatekeeper control, but the sound fiscal results are changing the minds of the C-suite...
March 01, 2012 Added by:Danny Lieberman
The first step in protecting customer data is to know what sensitive data you store, classify what you have and set up the appropriate controls. Here is a policy for any merchant or payment processor who wants to achieve and sustain PCI DSS 2.0 compliance and protect data...
February 19, 2012 Added by:Kelly Colgan
The company that started out as a little search engine has grown into a behemoth that dabbles in everything from social networking to picture sharing to 3D modeling. And it plans to integrate information pulled from all of those Google services you use to learn more about you...
February 17, 2012 Added by:David Navetta
As we have previously noted in prior posts about the NLRB’s social media enforcement actions, employers should carefully review and adjust their social media policies and practices in light of the NLRB’s guidance and enforcement...
February 14, 2012 Added by:Electronic Frontier Foundation
February 03, 2012 Added by:Brian Dean
Consumers are desensitized to breaches, as evidenced by the meager rate of consumers applying for free credit monitoring services after a company breach. If you analyze the data that was breached, sometimes you have to ask, “Why are they even collecting all of that data?”
January 19, 2012 Added by:Fergal Glynn
What is a compliance framework? It’s an architected system of policies, controls and objectives designed to keep your business out of trouble and operating securely. It should measure risk and effectiveness, and keep constituents aware and up to date, since risk changes...