Blog Posts Tagged with "Documentation"

Af9c34417f8e5e0d240850bb353b5d40

In Secure Programming, the Documentation Matters Too

June 28, 2012 Added by:Keith Mendoza

Some will argue that using the documentation is a cop out; that it's more of a liability protection than "secure programming". I would argue that the documentation should be part of the "secure programming" practice because it makes it clear to everyone what they should expect from the application...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Straight Talk about Compliance from a Security Viewpoint

February 09, 2012 Added by:Rafal Los

Odds are, you can usually close out multiple compliance requirements across multiple requirements regulations by doing something singular in a security program. Performing software security audits during various phases of your SDLC solves many compliance requirements...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

File Forensics: Unzipping Word Docs to See XML Source

October 16, 2011 Added by:Dan Dieterle

Run the Docx file through an unzip program and you can see several files and folders full of XML data. You will also find information that could be very useful for forensics, including file revision, creation and modify dates, document creator and the person one to modify the document...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Solution Architecture: A Critical Service or Sales Talk?

June 08, 2011 Added by:Rafal Los

Over time the term has become widely over-used to the point where meaning is largely lost, and sadly most people on the buyer side of the aisle think it's just some marketing term or a way to get them to buy more of whatever widget is being sold...

Comments  (0)

65be44ae7088566069cc3bef454174a7

HIPAA: Designated Record Sets - Know What They Are

June 03, 2011 Added by:Rebecca Herold

When trying to understand HIPAA regulations, and how to put them into practice within an organization, I’ve found it is best to break them down into bite-sized chunks, starting from the basics and building from there. Today I want to spend a little time looking at what makes up a DRS...

Comments  (0)

47d6748b0a28ace8263ed75fec1afe4c

Information Security Policies and Procedures Part 6

May 25, 2011 Added by:Alex Hamerstone

Writing to the correct audience is one of the most important elements of creating effective documentation. If the documentation is too technical, they will not understand it. If the documentation is too simple for the audience, they may skim over important points...

Comments  (0)

0dc5fdbc98f80f9aaf2b43b8bc795ea8

Fourteen Important Security Policy Strategies

May 24, 2011 Added by:Global Knowledge

In light of today's information economy, security is essential across every aspect of both small and large organizations. Without sensible security, an organization is at risk not only from malicious outsiders but also ill-intentioned employees or random mistakes...

Comments  (0)

47d6748b0a28ace8263ed75fec1afe4c

Information Security Policies and Procedures Part 5

May 16, 2011 Added by:Alex Hamerstone

The purpose section should include information about why the policy is necessary. You may also wish to add some information about how the issue was dealt with historically. It is also a great place to reiterate some company values. An example is “To ensure compliance with..."

Comments  (1)

47d6748b0a28ace8263ed75fec1afe4c

Information Security Policies and Procedures Part 4

May 09, 2011 Added by:Alex Hamerstone

The formatting and structure of documentation is not the most enthralling topic. It is however one of the most important elements of effective documentation. Delivering information in a clear and consistent way is essential to ensure documents are easy to use and effective...

Comments  (0)

47d6748b0a28ace8263ed75fec1afe4c

Information Security Policies and Procedures Part 3

May 04, 2011 Added by:Alex Hamerstone

Search engines place a vast body of human knowledge at your fingertips. This vast knowledge often includes the intellectual property of others. Finding policies on the internet and using control H to place your organization’s name in place of another is not only wrong, it is also ineffective...

Comments  (0)

47d6748b0a28ace8263ed75fec1afe4c

Information Security Policies and Procedures Part 2

May 03, 2011 Added by:Alex Hamerstone

As far as information security, every organization will have a unique set of foundational policies. Although there will be many that are common to all organizations, the unique qualities of each organization call for custom policies. How then, do we determine what basic policies we need?

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

The Importance of a Statement of Applicability for ISO 27001

April 27, 2011 Added by:Dejan Kosutic

You shouldn't consider the Statement of Applicability as just an "overhead document" that has no use in real life. Written properly, an SoA is a perfect overview of what needs to be done in information security, why it has to be done, and how it is done...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Documentation and the TRACE Due Diligence Guidebook

March 12, 2011 Added by:Thomas Fox

Many companies focus on the specifics of a best practices FCPA compliance program, we believe they should also make documentation an over-arching principal in their compliance programs. Everything done or performed within the context of your FCPA compliance program should be documented...

Comments  (0)

972cda1e62b72640cb7ac702714a115f

Managing the Infosec Investigative Function

February 13, 2011 Added by:Kurt Aubuchon

Conducting effective investigations requires specialized knowledge, skills, and abilities. It is not necessarily the case that the Infosec analyst who can manage a tight network perimeter can also conduct a good investigation. Investigations are risky and politically sensitive affairs...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Evaluation of FCPA Compliance Training

February 04, 2011 Added by:Thomas Fox

Review the documentation of training attendance and confirm. Make your department, or group leaders, accountable for the attendance of their direct reporters and so on down the chain. Evidence of training is important to create an audit trail for any internal or external assessment...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

RTFM: Take the Time to Read the Documentation

January 18, 2011 Added by:PCI Guru

The PCI SSC’s Web site contains all of the documentation you need to interpret the PCI standards, yet it seems the only document that people download and read is the PCI DSS. If people would just read the rest of the documentation that is available, we would all be better off...

Comments  (0)

Page « < 1 - 2 > »