Author Archives: David Lineman

Required Acknowledgement of Security Policy Changes

Legal precedents are beginning to dictate a new standard for the notification of policy changes to your customers and employees. In the “old days” organizations would post changes to information security policies on the corporate intranet, and perhaps even notify employees that these changes occurred via email or some other means. However, in legal actions […]

Contractors fined for not following security policy

In July 2007, several contractors of Los Alamos National Laboratory were fined a total of $3.3 million for failing to adequately protect data as required in their contracts. The Department of Energy (DOE) initiated formal enforcement actions against specific current and former contractors, the reports said that investigations revealed that the contractors failed to prevent […]

Policy Controls for Building Secure Applications

A number of recent surveys indicate that an increasing number of attacks are targeting applications, rather than operating systems. Hackers have discovered that applications are patched far less frequently than operating systems and web servers. For example, the recent release of the SANS Top 20 vulnerabilities of 2005 points to a number of problems related […]

Information Shield Announces New Publication and Web Site for Employee Security Awareness

Information Protection Made Easy - A Guide for Employees and Contractors Now Available Houston, Texas - Information Shield, a global publisher of information security and privacy leading practices, today announced the release of Information Protection Made Easy - A Guide for Employees and Contractors. This new publication explains the critical role of employees and contractors [...]

COBIT or ISO17799?

Many organizations just getting started with information security policies ask us the question: Should we use ISO 17799 (now ISO 27002) or COBIT? The answer, of course, is that it depends on what you are trying to accomplish. In fact, they are not mutually exclusive, but can be used together. The basic difference between COBIT […]

Information Shield Announces New Version of Leading Security Policy Library

Information Security Policies Made Easy, Version 10 Now Available Houston, Texas – May 10, 2005 Information Shield, a leading developer and distributor of information security best-practices, today announced the release of Version 10 of Information Security Policies Made Easy (ISPME) by Charles Cresson Wood, CISSP, CISM, CISA. ISPME V10 is the newly updated version of […]

About Security Policy University

Security Policy University is blog devoted to IT or information security professionals responsible for writing, publishing, maintaining and enforcing information security and data privacy policies. The blog has posts from a variety of experts in the field of information security and data privacy and encourages thoughtful comments. This Information Security Policy University blog is maintained [...]