Category

Please Don’t Do This A number of years ago I was asked to come in and do an information security risk assessment at a major company. Of course gathering and reading copies of relevant documentation is part of the background work necessary to orient myself to the...

We recently posted a video on how to create a draft information security policy in minutes using templates from Information Security Policies Made Easy. While our libraries contain thousands of individual policy statements, we also provide sample policy documents that you can...

Security Policy University is blog devoted to IT or information security professionals responsible for writing, publishing, maintaining and enforcing information security and data privacy policies. The blog has posts from a variety of experts in the field of information security...

The Information Security Policy Weblog is published by Information Shield. We provide this weblog (aka blog) to share and discuss various ideas that relate to the protection of both corporate and personal information through information security policies. We hope this will...

A number of recent surveys indicate that an increasing number of attacks are targeting applications, rather than operating systems. Hackers have discovered that applications are patched far less frequently than operating systems and web servers. For example, the recent release of...