New information security policy updates address key elements of operational security HOUSTON, Texas – Janurary 31, 2012 - Information Shield (www.informationshield.com) today announced the latest update of the PolicyShield Information Security Policy Subscription service. The latest release includes includes over thirty new pre-written security policy statements, three addition pre-written sample documents and eleven addition policy-related [...]
Author Archives: David Lineman
New PolicyShield Update Addresses Third Party Management New information security policy updates address key elements of operational security HOUSTON, Texas – Janurary 31, 2012 - Information Shield (www.informationshield.com) today announced the latest update of the PolicyShield Information Security Policy Subscription service. The latest release includes includes over thirty new pre-written security policy statements, three addition [...]
The Privacy Rights Clearinghouse recently released their review of what they call the most significant data breaches of 2011. Even if you have read about each of these incidents before, they are worth reading again in summary form. What is perhaps most striking is how the most basic security policies and procedures are often the […]
In September 2011 a security researcher purchased some used network equipment for about $30 USD from Ebay. Once the equipment was delivered, the researcher found that it used to belong to the UK National Air Traffic Services (NATS) and that loads of sensitive data was still stored on the device, including network IP addresses and […]
One of the most intriguing cyber-security stories ever is the recent hack and public smearing of information security from HB Gary by hacker group Anonymous. The incident relates to the WikiLeaks scandal, and the ongoing fear that major corporations might be the next victims of embarrassing document leaks. Tech writers Michael Riley and Brad Stone […]
We hear reports of new data breaches almost daily. While most of them are fairly complex stories, they most always begin at some point with a human "insider" making a mistake. In fact, 2011 could be considered the “Year of the Insider.” From the RSA hack and Sony Playstation breach, to the Epsilon e-mail breach [...]
In July 2011, The Australian Defence Signals Directorate (DSD) published an updated list of their Top 35 Mitigation Strategies. This list was based on the analysis of real-world events within the government agencies, and is designed to identify the top set of controls that would have the most impact on reducing actual incidents. The list […]
In general, every business should have some number of information security policies. For example, any business that collects personal information about customers (PII) will be required by law to protect that data. At least 43 states in the US have laws to protect customers against identity theft. Sometimes a certain facet of your business may […]
Regardless of an organization’s size, industry, geographical location, or the extent to which it uses computers; information security is an important matter that should be addressed by explicit policies. Some experts say that the lack of a well-defined corporate information security policy is the single biggest problem with most security efforts. Major data protection laws […]
Ideally, information security policies should be developed by a small team. While there are no hard-and-fast rules, it is essential that at least one of the authors of written security policies has specific expertise in the field of information security. Information security uses specific terminology that has been developed over years to help reduce the […]