Blog Posts Tagged with "Documentation"
June 28, 2012 Added by:Keith Mendoza
Some will argue that using the documentation is a cop out; that it's more of a liability protection than "secure programming". I would argue that the documentation should be part of the "secure programming" practice because it makes it clear to everyone what they should expect from the application...
February 09, 2012 Added by:Rafal Los
Odds are, you can usually close out multiple compliance requirements across multiple requirements regulations by doing something singular in a security program. Performing software security audits during various phases of your SDLC solves many compliance requirements...
October 16, 2011 Added by:Dan Dieterle
Run the Docx file through an unzip program and you can see several files and folders full of XML data. You will also find information that could be very useful for forensics, including file revision, creation and modify dates, document creator and the person one to modify the document...
June 08, 2011 Added by:Rafal Los
Over time the term has become widely over-used to the point where meaning is largely lost, and sadly most people on the buyer side of the aisle think it's just some marketing term or a way to get them to buy more of whatever widget is being sold...
June 03, 2011 Added by:Rebecca Herold
When trying to understand HIPAA regulations, and how to put them into practice within an organization, I’ve found it is best to break them down into bite-sized chunks, starting from the basics and building from there. Today I want to spend a little time looking at what makes up a DRS...
May 25, 2011 Added by:Alex Hamerstone
Writing to the correct audience is one of the most important elements of creating effective documentation. If the documentation is too technical, they will not understand it. If the documentation is too simple for the audience, they may skim over important points...
May 24, 2011 Added by:Global Knowledge
In light of today's information economy, security is essential across every aspect of both small and large organizations. Without sensible security, an organization is at risk not only from malicious outsiders but also ill-intentioned employees or random mistakes...
May 16, 2011 Added by:Alex Hamerstone
The purpose section should include information about why the policy is necessary. You may also wish to add some information about how the issue was dealt with historically. It is also a great place to reiterate some company values. An example is “To ensure compliance with..."
May 09, 2011 Added by:Alex Hamerstone
The formatting and structure of documentation is not the most enthralling topic. It is however one of the most important elements of effective documentation. Delivering information in a clear and consistent way is essential to ensure documents are easy to use and effective...
May 04, 2011 Added by:Alex Hamerstone
Search engines place a vast body of human knowledge at your fingertips. This vast knowledge often includes the intellectual property of others. Finding policies on the internet and using control H to place your organization’s name in place of another is not only wrong, it is also ineffective...
May 03, 2011 Added by:Alex Hamerstone
As far as information security, every organization will have a unique set of foundational policies. Although there will be many that are common to all organizations, the unique qualities of each organization call for custom policies. How then, do we determine what basic policies we need?
April 27, 2011 Added by:Dejan Kosutic
You shouldn't consider the Statement of Applicability as just an "overhead document" that has no use in real life. Written properly, an SoA is a perfect overview of what needs to be done in information security, why it has to be done, and how it is done...
March 12, 2011 Added by:Thomas Fox
Many companies focus on the specifics of a best practices FCPA compliance program, we believe they should also make documentation an over-arching principal in their compliance programs. Everything done or performed within the context of your FCPA compliance program should be documented...
February 13, 2011 Added by:Kurt Aubuchon
Conducting effective investigations requires specialized knowledge, skills, and abilities. It is not necessarily the case that the Infosec analyst who can manage a tight network perimeter can also conduct a good investigation. Investigations are risky and politically sensitive affairs...
February 04, 2011 Added by:Thomas Fox
Review the documentation of training attendance and confirm. Make your department, or group leaders, accountable for the attendance of their direct reporters and so on down the chain. Evidence of training is important to create an audit trail for any internal or external assessment...
January 18, 2011 Added by:PCI Guru
The PCI SSC’s Web site contains all of the documentation you need to interpret the PCI standards, yet it seems the only document that people download and read is the PCI DSS. If people would just read the rest of the documentation that is available, we would all be better off...
Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013
ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013
New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013