Author Archives: David Lineman

Who should read information security policies?

Security policies are generalized requirements that must be written down and communicated to certain groups [...]

What are information security policies?

Information security policies are a special type of documented business rule that provide instructions for [...]

Security Policy Lessons from SCADA Attacks

Security Policy Library Addresses New FDIC Guidance

Social Media Security Policies Lagging Adoption

In August of 2010, the social network IT Toolbox released their latest study on the [...]

Confessions of a Security Policy Geek

Quickly Developing Draft Security Policies

We recently posted a video on how to create a draft information security policy in [...]

Implied Security Policies Create Added Risk

The US Supreme Court has overturned a lower-court ruling and concluded that management has a [...]

The Total Cost of Information Security Policy Management

In this paper we develop a cost model for estimating the Total Cost of Policy [...]

Regulatory Requirements for Establishing Information Security Roles and Responsibilities