Items Tagged with "Policy"


Ec9b0ab31140696dd578b354b1054635

On Romulan Ale and Bird of Prey Malware

July 20, 2011 Added by:Vulcan Mindm3ld

Defenders are bound by a set of process and procedures. An organization’s inflexibility in deviating from them compound the problems. Many changes are often rejected on the basis of economic concerns. The majority are focusing on useless security guidelines such as the DISA PDI GEN001280...

Comments  (2)

E973b16363b3de77b360563237df7e32

Where Are Your Default Admin Passwords?

June 24, 2011 Added by:Bozidar Spirovski

The passwords should be constructed in two parts, each part entered by different person, which increases the complexity significantly and reduces the possibility of using social knowledge of a single person to attack the password. Also, no one single person knows the password...

Comments  (0)

E973b16363b3de77b360563237df7e32

The Permanent Security Issue of Top Management

June 21, 2011 Added by:Bozidar Spirovski

No top manager wants to be bothered with the problems and challenges that security and IT guys are facing. Usually that means that the security request aspects of the solution have not been researched or even familiarized. All this results in a half-baked workaround solution...

Comments  (0)

F29746c6cb299c1755e4087e6126a816

Five Issues With Obama’s Breach Notification Policy

May 31, 2011 Added by:Kelly Colgan

The proposed bill is nothing more than an outdated, bandwagon approach that creates more red tape for businesses, weakens state law, and overprotects small- to medium-sized companies that suffer data breaches. Bottom line: It offers little, meaningful help to the consumer...

Comments  (0)

5d3b9af5a870b9a89f8fa51fb390d488

Onsite Personnel "Don't Need No Stinkin' Badges" for PCI

May 30, 2011 Added by:Joe Schorr

To truly improve their security posture, companies should create (and enforce) a mandatory ID Badge policy for visitors and employees. An effective policy coupled with good security awareness training will go a long way to closing up this particular gap in PCI-DSS 2.0...

Comments  (2)

99edc1997453f90eb5ac1430fd9a7c61

Infosec: Is the Cynic-Signal Broken?

May 27, 2011 Added by:Javvad Malik

Why do they put brakes in cars? If you answered “to make you stop”, you’re kind of wrong. The correct answer is, they put brakes in cars so that you can go faster. In many ways, security is similar. However, security doesn’t just bolt onto a business - it's a mindset...

Comments  (0)

0dc5fdbc98f80f9aaf2b43b8bc795ea8

Fourteen Important Security Policy Strategies

May 24, 2011 Added by:Global Knowledge

In light of today's information economy, security is essential across every aspect of both small and large organizations. Without sensible security, an organization is at risk not only from malicious outsiders but also ill-intentioned employees or random mistakes...

Comments  (0)

959779642e6e758563e80b5d83150a9f

On Data Retention – When Not to Backup Data

May 24, 2011 Added by:Danny Lieberman

How much damage would be incurred if there was breach? For the purpose of asset valuation, we distinguish between customer data without PII and customer data that may have PII. Let’s consider 4 key assets of a company that designs and manufactures widgets and sells them over the Internet...

Comments  (0)

8c4834b99847b9f7c9ee94b45df086f9

Convenience or Security?

May 19, 2011 Added by:Emmett Jorgensen

Can mobile devices be managed without limiting their functionality and convenience? Obviously, there’s no easy answer to this question. Much of how an organization handles its security policy depends on the type of business it is and the sensitivity of the information being handled...

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

Every Employee is a Security Partner

May 18, 2011 Added by:Robb Reck

By using a well-tested framework we can ensure that our organization’s security needs are adequately documented. The policies are critical, but they are only the framework. To flesh out the program we need the actual implementation, and that’s where the rest of the staff comes in...

Comments  (4)

B857c2d01b284ca0422ae1830275de40

An Example of a Successful BCP Implementation

May 08, 2011 Added by:Nabeel Shamsi

A BCP is more just running the networks and servers. It is about the customers. It is about making sure that the company can do business with its customers with minimum interruption. The goal is to be there when you customers need you and not to lose any of your customers...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

The Importance of a Statement of Applicability for ISO 27001

April 27, 2011 Added by:Dejan Kosutic

You shouldn't consider the Statement of Applicability as just an "overhead document" that has no use in real life. Written properly, an SoA is a perfect overview of what needs to be done in information security, why it has to be done, and how it is done...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Five Ways to Improve Enterprise Data Security Programs

April 22, 2011 Added by:Headlines

What constitutes an acceptable level of information security risk in an environment when intellectual property, personal customer information and the brand are at stake? It’s a tough decision, but one that should be made to form the foundation of an information security program...

Comments  (0)

67a9d83011f3fbb2cf8503aff453cc24

Information Security Risk Management Programs Part 3

April 21, 2011 Added by:kapil assudani

Business use cases must be consumed by the IT group to build functional/non-functional requirements. Security mis-use cases in their remediated language turn into functional/non-functional requirements. If security is engaged - we translate them into detailed technical requirements...

Comments  (0)

67a9d83011f3fbb2cf8503aff453cc24

Information Security Risk Management Programs Part Two

April 18, 2011 Added by:kapil assudani

In many companies, the culture is to embrace security only where it is absolutely necessary, and this usually comes through corporate security policies and industry regulations. Beyond these, security groups hardly have any teeth - unless its a critical security issue...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Detailed FISMA Logging Guidance Continued

April 18, 2011 Added by:Anton Chuvakin

Configuring tools needs to happen after the policy is created. Goals first, infrastructure choices second. In case of privacy and other regulations on top of FISMA, the legal department should also have their say, however unpalatable it may be to the security team...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »