Legal precedents are beginning to dictate a new standard for the notification of policy changes to your customers and employees. In the “old days” organizations would post changes to information security policies on the corporate intranet, and perhaps even notify employees that these changes occurred via email or some other means. However, in legal actions […]
Category Archives: Regulatory Compliance
A number of recent surveys indicate that an increasing number of attacks are targeting applications, rather than operating systems. Hackers have discovered that applications are patched far less frequently than operating systems and web servers. For example, the recent release of the SANS Top 20 vulnerabilities of 2005 points to a number of problems related […]