Tag Archives: acceptable use policy

Policies on Social Networking at Work

A recent study showed that over 75% of workers aged 20-30 access social networking sites at work. When you add all of the social networks (over 500 according to some estimates) and all of the members (over 150 million) and all of the companies (over 4000 publicly traded in the US alone) you get a […]

Critical Security Policies for Preventing Cyber Attacks

Is it possible to declare some security policies as more critical than others? When it comes to protecting sensitive data, all security policies are important to reduce the risk of loss. However, when we look at risk mitigation from the perspective of stopping the latest attacks, some security controls rise to the top. In September […]

Effective Security Policy Management – Part 6

Part 6. A Verified Audit Trail Security policy documents will not be effective unless they are read and understood by all members of the target audience intended for each document. For some documents, such as Internet Acceptable Use or Code of Conduct, the target audience is likely the entire organization. Each policy document should have […]

Effective Security Policy Management – Part 5

Part 5. An Effective Date Range Written information security policies should have a defined “effective date” and “expiration” or “review” date. This is critical so that individuals and organizations know when they are subject to the rules outlined in the policy, and when they can expect updates. The effective dates within your security policies should […]

Acceptable Use Policies to Reduce Risk

A few weeks ago, Deloitte Touche Tohmatsu (DTT) released the results of its Annual Global Security Survey for 2008. The survey focuses on the information security needs, practices and priorities of the financial industry, which is among the most regulated of all vertical markets. Not surprisingly, the top priority for the security officers interviewed was [...]

Required Acknowledgement of Security Policy Changes

Legal precedents are beginning to dictate a new standard for the notification of policy changes to your customers and employees. In the “old days” organizations would post changes to information security policies on the corporate intranet, and perhaps even notify employees that these changes occurred via email or some other means. However, in legal actions […]