Call Us: 888 641 0500
28
AUG
2007

Required Acknowledgement of Security Policy Changes

Legal precedents are beginning to dictate a new standard for the notification of policy changes to your customers and employees. In the “old days” organizations would post changes to information security policies on the corporate intranet, and perhaps even notify...
09
AUG
2007

Contractors fined for not following security policy

In July 2007, several contractors of Los Alamos National Laboratory were fined a total of $3.3 million for failing to adequately protect data as required in their contracts. The Department of Energy (DOE) initiated formal enforcement actions against specific current and former...
06
NOV
2006

Policy Controls for Building Secure Applications

A number of recent surveys indicate that an increasing number of attacks are targeting applications, rather than operating systems. Hackers have discovered that applications are patched far less frequently than operating systems and web servers. For example, the recent release of...
30
OCT
2006

Security Policy and Responsibility

Last month we discussed the security policy problems revealed within the department of Veteran’s Affairs (VA) in the wake of the highly public data breach, including the firing of two employees responsible for information security. Over the last month, employees at both AOL...
27
SEP
2006

Information Shield Announces New Publication and Web Site for Employee Security Awareness

Information Protection Made Easy – A Guide for Employees and Contractors Now Available Houston, Texas – Information Shield, a global publisher of information security and privacy leading practices, today announced the release of Information Protection Made Easy...
09
MAR
2006

COBIT or ISO17799?

Many organizations just getting started with information security policies ask us the question: Should we use ISO 17799 (now ISO 27002) or COBIT? The answer, of course, is that it depends on what you are trying to accomplish. In fact, they are not mutually exclusive, but can be...
10
MAY
2005

Information Shield Announces New Version of Leading Security Policy Library

Information Security Policies Made Easy, Version 10 Now Available Houston, Texas – May 10, 2005 Information Shield, a leading developer and distributor of information security best-practices, today announced the release of Version 10 of Information Security Policies Made...
11
JAN
2005

About Security Policy University

Security Policy University is blog devoted to IT or information security professionals responsible for writing, publishing, maintaining and enforcing information security and data privacy policies. The blog has posts from a variety of experts in the field of information security...