Search results for:

Error 404 - Page Not Found

Sorry, I've looked everywhere but I can't find the page you're looking for.

If you follow the link from another website, I may have removed or renamed the page some time ago. You may want to try searching for the page:

Suggested results

I've done a courtesy search for the term for you. See if you can find what you're looking for in the list below:

  • Five Reasons Why Security Policies Don’t Get Implemented

    This article will explore five serious problems preventing information security policies from being implemented, even though these policies may have been written with the best of intentions. Cutting across all five of these causative factors is a theme involving a lack of understanding about the nature of policies. All too often policies are written in …

    Continue reading »

  • Security Policies to Address Internal Threat

    We hear reports of new data breaches almost daily.  While most of them are fairly complex stories, they most always begin at some point with a human “insider” making a mistake.  In fact, 2011 could be considered the “Year of the Insider.”  From the RSA hack and Sony Playstation breach, to the Epsilon e-mail breach …

    Continue reading »

  • One Security Policy Document Or A Series Of Documents?

    Plan First: We all know that it’s advisable to create a plan before undertaking a large and complex project. For instance, most reasonable people would not consider building a modern residential house, with plumbing, heating, electrical, lighting, and communications systems, if they did not first have a clear and specific plan (aka blueprint). Of course, …

    Continue reading »

  • Selling Management On Information Security Policies

    Laws & Regulations: This post is for organizations that could use help raising the level of management awareness and support for information security policies. From the get-go, let’s be clear that this post is not for established organizations that are already far along when it comes to their information security efforts. They will have long …

    Continue reading »

  • The Shared Password Strikes Again!

    One of the most intriguing cyber-security stories ever is the recent hack and public smearing of information security from HB Gary by hacker group Anonymous.  The incident relates to the WikiLeaks scandal, and the ongoing fear that major corporations might be the next victims of embarrassing document leaks.  Tech writers Michael Riley and Brad Stone …

    Continue reading »

  • A Security Policy Standard of Due Care

    Divergent Directions: Looking back over the last 30+ years of my work in information security, I see two diverging trends when it comes to defining the information security-related standard of due care. By the “standard of due care,” in this column I mean the actions that management needs to take (for instance the controls that …

    Continue reading »

  • The Information Security Policy Hierarchy

    Developing A Governing Policy & Subsidiary Policies A Maturing Field: As the discipline of information security becomes more sophisticated, codified, standardized, and mature, it is not surprising that the old-fashioned approach to information security policy writing is no longer appropriate. We are talking here about the “one-size-fits-all” information security policy that is supposed to apply …

    Continue reading »

  • Levels Of Maturity In The Security Policy Development Process

    Litmus Test: One high-tech company that this author was working with recently was considering the acquisition of another high-tech company. In order to gauge the sophistication of the information security effort at the target company, top management at the acquiring company requested a copy of the information security policy. The policy document in that moment …

    Continue reading »

  • Using Security Policies As Catalysts For Internal Change

    Security Quality Control: There is much to recommend about the ISO 9000 quality control approach as it is applies to the discipline of information security. In fact the ISO 27001 standard, entitled Information Security Management System (ISMS), in large measure reflects that same methodology. In other words, ISO 27001 suggests a continuous improvement approach to …

    Continue reading »

  • Security Policy Lessons from SCADA Attacks

    Reports from the last few months have generated another wake-up call for those concerned with the security of the nation’s critical infrastructure.  In addition to audit reports of widespread vulnerabilities among agencies managing the infrastructure, the first malicious software was discovered “in the wild” that specifically targets the SCADA system employed to manage these networks. …

    Continue reading »

Older posts «