Security Quality Control: There is much to recommend about the ISO 9000 quality control approach as it is applies to the discipline of information security. In fact the ISO 27001 standard, entitled Information Security Management System (ISMS), in large measure reflects that same methodology. In other words, ISO 27001 suggests a continuous improvement approach to [...]
Category Archives: security policy development
Please Don’t Do This A number of years ago I was asked to come in and do an information security risk assessment at a major company. Of course gathering and reading copies of relevant documentation is part of the background work necessary to orient myself to the client’s current information security situation. With this particular […]
We recently posted a video on how to create a draft information security policy in minutes using templates from Information Security Policies Made Easy. While our libraries contain thousands of individual policy statements, we also provide sample policy documents that you can customize. How to Create a Security Policy in 5 Minutes (or less)
Security Policy University is blog devoted to IT or information security professionals responsible for writing, publishing, maintaining and enforcing information security and data privacy policies. The blog has posts from a variety of experts in the field of information security and data privacy and encourages thoughtful comments. This Information Security Policy University blog is maintained [...]
The Information Security Policy Weblog is published by Information Shield. We provide this weblog (aka blog) to share and discuss various ideas that relate to the protection of both corporate and personal information through information security policies. We hope this will provide a forum to discuss real-world issues involving the practice of protecting information. We […]
A number of recent surveys indicate that an increasing number of attacks are targeting applications, rather than operating systems. Hackers have discovered that applications are patched far less frequently than operating systems and web servers. For example, the recent release of the SANS Top 20 vulnerabilities of 2005 points to a number of problems related […]
- 1
- 2