Call Us: 888 641 0500
15
NOV
2013

ISO 27002:2013 Change Summary Heatmap

The British Standards Institute (BSI)  recently released an updated version of ISO/IEC 27002 – Code of Practice for Information Security Controls.  This was the first major update since the 2005 release.  Many organizations are interested in how the changes will impact...
28
JAN
2011

Does my organization need information security policies?

In general, every business should have some number of information security policies.  For example, any business that collects personal information about customers (PII) will be required by law to protect that data.   At least 43 states in the US have laws to protect customers...
26
JAN
2011

Who should develop information security policies?

Ideally, information security policies should be developed by a small team.  While there are no hard-and-fast rules, it is essential that at least one of the authors of written security policies has specific expertise in the field of information security.  Information security...