Category Archives: Other Security Topics

ISO 27002:2013 Change Summary Heatmap

The British Standards Institute (BSI)  recently released an updated version of ISO/IEC 27002 – Code of Practice for Information Security Controls.  This was the first major update since the 2005 release.  Many organizations are interested in how the changes will impact their information security program. What Really Changed? In our review, very little in the […]

Does my organization need information security policies?

In general, every business should have some number of information security policies.  For example, any business that collects personal information about customers (PII) will be required by law to protect that data.   At least 43 states in the US have laws to protect customers against identity theft.  Sometimes a certain facet of your business may […]

Who should develop information security policies?

Ideally, information security policies should be developed by a small team.  While there are no hard-and-fast rules, it is essential that at least one of the authors of written security policies has specific expertise in the field of information security.  Information security uses specific terminology that has been developed over years to help reduce the […]