Author Archives: David Lineman

Social Media Security Policies Lagging Adoption

In August of 2010, the social network IT Toolbox released their latest study on the use of mobile and social media technologies in the enterprise. The survey included over 2200 IT professionals from 109 different countries. One of the areas of the survey included questions about corporate guidance and security policies. While Social media use […]

Confessions of a Security Policy Geek

Why I Love Information Security Policies Being a vendor of information security policy content is somewhat strange. Many times during the week we talk to folks who need to write security policies for their company. The story is often the same: They are staring at the long list of requirements (say from the ISO 27002 [...]

Quickly Developing Draft Security Policies

We recently posted a video on how to create a draft information security policy in minutes using templates from Information Security Policies Made Easy. While our libraries contain thousands of individual policy statements, we also provide sample policy documents that you can customize. How to Create a Security Policy in 5 Minutes (or less)

Enabling Business with Information Security and Privacy Policies

With a dramatic increase in legislation and consumer awareness of identity theft, businesses are finding that security and privacy policies are becoming an essential business tool. In some highly regulated market, it is difficult to do business at all without a sound set of policies. In this overview we discuss various ways that effective, written […]

Implied Security Policies Create Added Risk

The US Supreme Court has overturned a lower-court ruling and concluded that management has a right to review employee text messages on company-issued devices. If used as a precedent, this case may have far-reaching consequences for employee expectations of privacy in workplace communications. However, the ruling should also serve as a wake-up call for organizations […]

The Total Cost of Information Security Policy Management

In this paper we develop a cost model for estimating the Total Cost of Policy Management (TCPM). This paper is designed to help organizations estimate the true costs of ongoing policy management by understanding the details of each phase of security policy management. The Total Cost of Information Security Policy Management

Regulatory Requirements for Establishing Information Security Roles and Responsibilities

There are many security and privacy regulations that are very specific about the proper assignment of security responsibilities. Yet in many organizations, the information security effort is not managed with the same precision as other disciplines. There are a variety of reasons for this, not the least of which is that information security is a [...]

The ROI of Pre-written Security Policies

Security Policy University is blog devoted to IT or information security professionals responsible for writing, publishing, maintaining and enforcing information security and data privacy policies. The blog has posts from a variety of experts in the field of information security and data privacy and encourages thoughtful comments. This Information Security Policy University blog is maintained [...]

Policies on Social Networking at Work

A recent study showed that over 75% of workers aged 20-30 access social networking sites at work. When you add all of the social networks (over 500 according to some estimates) and all of the members (over 150 million) and all of the companies (over 4000 publicly traded in the US alone) you get a […]

Security Policy Controls for Home-based Employee Access

Attackers follow the weakest link The never-ending battle to secure the corporate desktop against viruses, unauthorized software, and spyware now consumes significant resources for many companies. However, as organizations continue to adopt security best-practices to protect their networks, attackers are increasingly targeting the weakest link – the home internet user. Recent studies are now confirming […]