Blog Posts Tagged with "Policies and Procedures"
Securing Your Company Against BYOD-Created Threats
May 14, 2012 Added by:Ashley Furness
The increasing emergence of Bring Your Own Device (BYOD) policies has both good and bad implications. Here are four strategies your company should implement to keep data secure while supporting employees' choice to use their own laptops, smartphones and tablets in the workplace...
Comments (2)
The Importance of Mobile Device Management for Enterprise Security
May 14, 2012 Added by:Drayton Graham
Almost everyone has their own mobile phone these days, nd they are quickly becoming a necessity in business. In order to enable the kind of freedom BYOD brings, the corporate network and data needs to be protected. Mobile Device Management is a solution that will help with this...
Comments (1)
Breached! Now What? Seven Steps to Avoid Failure Panic
May 08, 2012 Added by:Rafal Los
To many organizations, a security breach means a catastrophic failure in security signifying a breakdown in the mechanisms installed to keep the organization secure, and by its very nature represents failure. The problem with this situation is it really represents two failures...
Comments (1)
Ninth Circuit Narrows Computer Fraud and Abuse Act Reach
May 07, 2012 Added by:David Navetta
The crux is the recent application of the Computer Fraud and Abuse Act criminalizing violations of website terms of use and employer restrictions on employee computer uses, stemming in particular from what the statute’s term “exceeds authorized access” does and does not mean...
Comments (0)
Password Policy: Sharing Passwords
May 03, 2012 Added by:benson dana
I once worked at a place where a senior manager collected the passwords of employees. There had been resistance to giving up this policy, and the excuse was that this unit's mission was unique and that this was necessary. How often does the internal auditor hear this excuse?
Comments (0)
What Good is PCI-DSS?
May 03, 2012 Added by:david barton
Credit card processors have valuable information that bad guys would love to get their hands on. So processors are the Fort Knox of the modern world. When bad guys are motivated, no amount of security can keep them out. Does that mean PCI-DSS standards are worthless?
Comments (9)
Cybersecurity at the International Level
May 02, 2012 Added by:Headlines
Countries are drafting policies to combat cyber attacks, but what can be done on the multilateral level since the digital world routinely ignores national boundaries? So far, international initiatives are plagued by the lack of frameworks, institutions and procedures...
Comments (0)
ICS-CERT: Event Auditing and Log Management
April 30, 2012 Added by:Infosec Island Admin
Without properly configured auditing and logging practices, incident response teams often find it difficult to determine the significance of a cybersecurity event. ICS-CERT has provided a collection of resources to assist vendor and asset-owner security teams...
Comments (0)
When Statistics Fail: Planning for Things You Can't Expect
April 27, 2012 Added by:Rafal Los
In incident preparedness, if you don't already, maybe it's time for a chapter on worst case scenarios. Lots of organizations have these, but as I pointed out, many aren't even thinking about testing their own incident response plans much less looking at the absolute worst-case...
Comments (0)
Protecting Data in Use
April 26, 2012 Added by:Simon Heron
The security of data in use is about risk mitigation. However, with the current targeted attacks and the proliferation of zero day threats, the risk level is high. It is necessary that action is taken to implement the required precautions that reduce the risk to an acceptable level...
Comments (0)
Exposing Unproven Enterprise Security
April 26, 2012 Added by:Rafal Los
Before you call me an alarmist, unless you've tested your defenses you can't actually be sure with any amount of certainty whether they work. I don't mean this in a "can we ever be really sure?" philosophical sense here - I mean this in a concrete "does this even work?" sense...
Comments (0)
The Security, Privacy and Legal Implications of BYOD
April 24, 2012 Added by:David Navetta
Some organizations believe that BYOD will allow them to avoid significant costs. Other companies believe that company data on personal devices is inevitable. Unfortunately, BYOD raises significant data security concerns which can lead to potential legal risk...
Comments (0)
Making Security Metrics That Matter
April 23, 2012 Added by:Robb Reck
The traditional role of security in the organization has been that of a cost-center to be minimized. Security’s success has historically been defined by internally developed measures. We work to create best-practice metrics that show how mature the security program is...
Comments (1)
What the Titanic Teaches Techies
April 16, 2012 Added by:Allan Pratt, MBA
No one wants to think that disaster will strike, but it’s better to have policies in place and not need them – because you never know when you may encounter an iceberg - especially for those of us who live and breathe in the information security arena...
Comments (0)
Why Security is in Trouble
April 10, 2012 Added by:Rafal Los
Everything you do as an infosec leader needs to be aligned to your organization's mission statement and goals. Everything you do, every security-related decision you make, and every purchase and project you sign off on must first and foremost be aligned to the organization...
Comments (1)
Six Good Reasons Not to Ask for Social Media Passwords
April 05, 2012 Added by:Rebecca Herold
There have been a barrage of stories recently about organizations asking applicants and employees for their Facebook, Twitter, LinkedIn and other social networking passwords. Compelled password disclosure is a very bad idea for organizations to do for many reasons...
Comments (0)
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR
- Who Are You Preaching to Anyway?
- Some Observations on Klout Scores
- Where Will the Buck Stop in Cloud Security?
- How Does Your Bank Protect Your Data?