Category

The British Standards Institute (BSI)  recently released an updated version of ISO/IEC 27002 – Code of Practice for Information Security Controls.  This was the first major update since the 2005 release.  Many organizations are interested in how the changes will impact...

In general, every business should have some number of information security policies.  For example, any business that collects personal information about customers (PII) will be required by law to protect that data.   At least 43 states in the US have laws to protect customers...

Ideally, information security policies should be developed by a small team.  While there are no hard-and-fast rules, it is essential that at least one of the authors of written security policies has specific expertise in the field of information security.  Information security...