Blog Posts Tagged with "Policies and Procedures"
Incident Response and PCI Compliance
March 25, 2012 Added by:Chris Kimmel
One question you should be asking your penetration testing company is, “Do you also test my incident response?” This is an important piece of PCI compliance. As stated by section 12.9 of the PCI DSS v2, a company must implement an IRP and be prepared to respond to an incident...
Comments (0)
Location, Location, Location: It Works in Risk Management
March 21, 2012 Added by:Edwin Covert
With the increase in cybercrime costs, organizations need to be able to ensure they are maximizing their return on risk management investment. An effective way of doing this is making sure the information security or risk management team is properly aligned within their organization...
Comments (0)
Manage Risk Before it Damages You - Part One
March 20, 2012 Added by:Neira Jones
Assuming we have managed to address the infosec gap, we’re left with ensuring the security of information assets and services. Because we are all governed by material pressures, it would be unrealistic that we should embark on all encompassing programs to secure all assets..
Comments (0)
Compliance: Moving Off Dead Center
March 19, 2012 Added by:Mary Shaddock Jones
The cost of implementing a compliance program will vary, however, it isn’t expensive enough to find yourself in front of the DOJ explaining why you spend money on air travel or paper clips than you do on a compliance program. Trust me, you don’t want to be in that position...
Comments (0)
Security Depends on IT Maturity
March 18, 2012 Added by:Robb Reck
Signs of an organization’s security fitness in metrics like patch levels, web application vulnerabilities, and firewall configurations. But in order to see the real state of our security programs, we need to include measures that capture the state of IT governance overall...
Comments (3)
On Effective Risk Handling
March 08, 2012 Added by:Michele Westergaard
An effective risk management process allows for decision making by management with the best likelihood of achieving the desired results. It is not meant to create a brick wall for management to operate within, but more of recommended parameter within which to operate...
Comments (0)
Twelve Security Best Practices for USB Drives
March 06, 2012 Added by:Kelly Colgan
Portable and mobile storage devices are significant players in most corporate offices. Ensuring proper protection with a best practices policy and strict enforcement offers significant risk reduction—and can prevent long nights on data breach investigations...
Comments (1)
Doing Biz with Hackers: Do Bad Guys Make the Best Good Guys?
March 06, 2012 Added by:Rafal Los
The significance of quality talent can't be overlooked - having a second-rate individual watching your virtual piggy-bank is as good as having none. It's not like there are thousands of ex-con hackers out there looking for work - but I suspect there are more than you think...
Comments (3)
Improving Compliance Performance in Your Supply Chain
March 05, 2012 Added by:Thomas Fox
One of the areas moving towards being incorporated into compliance programs is the supply chain. While many companies have focused significant compliance efforts towards the sales chain, the supply chain is now viewed as an area which requires compliance scrutiny...
Comments (0)
On President Obama’s Consumer Privacy Bill of Rights
February 29, 2012 Added by:Brian Dean
If new legislation is passed, those who have already embraced the CPBR concepts will be well positioned to comply with it. Also, meeting these objectives will meet your clients’ expectations, including those detailed by the CPBR, creating a competitive advantage...
Comments (0)
Compliance in the Digital Era: Watch Out for the Third Party
February 24, 2012 Added by:Neira Jones
It is crucial that businesses understand which controls are needed to maintain the security of their information assets and it is therefore crucial that suppliers are assessed against the business regulatory and compliance framework...
Comments (0)
Security: UR Doin It Rong
February 22, 2012 Added by:Wendy Nather
A number of talks at conferences focus on what we are doing wrong. The reason for this is practitioners are afraid to talk about how they're defending themselves for fear that someone will take it as a challenge and de-cyber-pants them before they've even gotten to the Q&A session...
Comments (3)
Best Practices to Prevent Document Leaks
February 16, 2012 Added by:Peter Weger
Unfortunate consequences occur when companies lose control over confidential assets and experience intentional or unintentional disclosure of the information. In some cases, even the possibility of information leakage can damage reputations and stock prices...
Comments (0)
Creating Sustainable Compliance Performance
February 16, 2012 Added by:Thomas Fox
Thriving employees - who are not only “satisfied and productive but also engaged in creating the future” for their organization - out produce non-thriving employees. These concepts matter within the context of promoting a culture of compliance within your organization...
Comments (0)
Disclosures: How Much Sharing is Too Much?
February 15, 2012 Added by:Jack Daniel
What is the point of telling you I was compromised by spear phishing, SQL injection, cross site scripting, cross site request forgery, default credentials, or anything else we’ve know about for years? If you are ignoring all of the well-known risks, it is a waste of time...
Comments (0)
Smart Grid Raises the Bar for Disaster Recovery
February 13, 2012 Added by:Brent Huston
Many of the organizations we have talked to simply have not begun the process of adjusting their risk assessments, disaster plans and the like for these types of operational requirements, even as smart grid devices begin to proliferate across the US and global infrastructures...
Comments (0)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!