Security Policy Expert Q&A

Question: As a newly-minted CISO, I now have to deal extensively with our regulatory group. In meeting with the head of audit, she spoke about the various regulations we have to comply with and how my company interpreted them. I thought the regulations were black and white.   » Answer from Ben Rothke, CISSP

Question: How would you assess the overall awareness of senior management with regard to the privacy issues faced by their organizations? What are some of the common problems?   » Answer from Rebecca Herold

Question: With respect to Basel II, what security frameworks or guidelines (if any) are recommended to comply with the governance-risk aspects of Basel II??   » Answer from Mark Edmead

Question: We are a financial institution that would like to start the process of being compliant with ISO17799 Information Security Management System ISMS. What would be the proper initial steps recommended for such process in terms of training, preparation, building security policies, etc.?  Answer from Rebecca Herold

Question: I'm looking for policy guidance for portable mass storage devices such as might be relevant to a Blackberry, iPod, etc. What would you suggest?   Answer from Charles Cresson Wood

Question: I work for a bank that is subject to the Gramm-Leach-Bliley Act (GLBA). Do Information Shield publications help organizations comply with the requirements of GLBA?   Answer from David Lineman

Have an information security policy question?

Submit your questions via our expert request form.