Items Tagged with "Policies and Procedures"
How to Save Your Photos from a BYOD Security Policy
June 24, 2012 Added by:Brent Huston
One of the more common rules is to enable the remote wipe and lock feature. This means that if your device was ever stolen or compromised, the IT department can remotely lock the device and then wipe any data from it. And yes, that would include all of your photos as well as other items...
Comments (0)
Feds Release Digital Government Strategy
June 22, 2012 Added by:Headlines
The Federal government released The Digital Government Strategy, a 12-month action plan for the deployment of new technology is designed to enable the delivery of digital information and services anytime, anywhere, on any device, safely and securely-throughout the Federal workforce and to the American public...
Comments (0)
Napoleon’s Invasion of Russia and Risk Management
June 20, 2012 Added by:Thomas Fox
As compliance programs become more mature, you can use the information generated in a risk assessment in a variety of ways to facilitate an overall risk management program. To create an effective risk management system, understand the qualitative distinctions among types of risk an organization faces...
Comments (0)
Insider Threats Confound Enterprise Security Efforts
June 20, 2012 Added by:Headlines
"The majority of staff within any organization are trustworthy and honest. But businesses must understand the scale of the threat posed by the small proportion of staff who act dishonestly and defraud their employer and the numerous ways in which an organization can be targeted"...
Comments (1)
The DOD's Mobility Device Strategy Released
June 20, 2012
“This strategy is not simply about embracing the newest technology - it is about keeping the DoD workforce relevant in an era when information and cyberspace play a critical role in mission success," said Teri Takai, Department of Defense chief information officer...
Comments (0)
Is BYOD a Nightmare for IT Security or a Dream Come True?
June 19, 2012 Added by:Megan Berry
While you still may be debating whether or not to allow employees to use their own smartphones or tables for work, many organizations realize that they may not have a choice. Though it may seem that the risks of unsecured devices are a security nightmare, with the right tools, companies can work BYOD to their advantage...
Comments (24)
Congressional Witnesses Agree: Multistakeholders Right for Internet Regulation
June 15, 2012 Added by:Electronic Frontier Foundation
The threat posed by the International Telecommunication Union (ITU) is not limited to an outright "takeover" by Russia or China. ITU's vision of Internet policy-making is more like "taking control" than the transparent and bottom-up multi-stakeholder process typically associated with Internet governance...
Comments (0)
Tripwire Examines the State of Risk-Based Security Management
June 14, 2012 Added by:Headlines
"Though organizations profess a commitment to RBSM... this security practice is still in its infancy. To establish an effective... program, certain barriers need to be addressed. These include securing adequate resources, having employees with the necessary expertise and designating strong leaders..."
Comments (0)
Fashionable But Vulnerable: Mobile Devices in the Workplace
June 12, 2012 Added by:Simon Heron
Mobile devices are contributing to improved efficiency and are undoubtedly popular with employees, but they are also inherently vulnerable. To minimise the risks, organisations must develop specific mobile device management policies – and then enforce them...
Comments (0)
Pink Floyd’s "The Wall" and Compliance
June 12, 2012 Added by:Thomas Fox
Compliance: One of the most important things is that sometimes you just hit a brick wall. You can carefully plan a strategy, implement the planned strategy and then measure the results, but it can still fall completely flat. In other words, you hit the proverbial wall...
Comments (0)
Lies We Tell Ourselves: 5 Misconceptions Infosec Needs to Change
June 10, 2012 Added by:Rafal Los
Good security practices and principles can save your organization money in a real, measurable way, and it can contribute to making more money by getting to market faster, having more clients... so stop thinking of security as a cost center and start thinking of ways to help the business top or bottom lines...
Comments (0)
LinkedIn Failed to Meet Standards or Better Standards are Needed
June 10, 2012 Added by:Jeffrey Carr
LinkedIn doesn't have a CSO or CISO, which for a publicly traded company communicates that security is not a priority. Considering they still don't know how this breach occurred and the minimal attention payed to password security, I can't help but wonder how secure the credit card information is...
Comments (0)
It’s Time to Convert from Passwords to Passphrases
June 08, 2012 Added by:Stacey Holleran
The traditional password must die. The whole concept is fatally flawed. The sheer volume of attacks should be a wake-up call to anyone utilizing a password (pretty much everyone). Now is the time to practice vigilance and to secure systems, accounts and security applications such as firewalls with Passphrases...
Comments (0)
DOE: Twenty-One Steps to Improve SCADA Security
June 05, 2012
Action is required by all organizations to secure their SCADA networks as part of the effort to protect the nation’s critical infrastructure. The President’s Critical Infrastructure Protection Board and the Department of Energy have developed steps to help organizations improve SCADA security...
Comments (0)
FTC MySpace Settlement: Say What You Do and Do What You Say
May 30, 2012 Added by:David Navetta
The settlement bars MySpace from making future misrepresentations regarding the extent to which it protects users’ personal information, requires it to implement a comprehensive privacy program and requires it to undergo biennial, independent, third party privacy assessments for the next 20 years...
Comments (0)
How to Secure Patient Data in a Healthcare Organization
May 23, 2012 Added by:Danny Lieberman
If you are a HIPAA covered entity, securing patient data is central to your business. If you are a big organization, you probably don’t need my advice. If you are small to mid-size provider without a large budget, the question is “How can I do this for as little money as possible?”