Tag

Laws & Regulations: This post is for organizations that could use help raising the level of management awareness and support for information security policies. From the get-go, let’s be clear that this post is not for established organizations that are already far along when...

Developing A Governing Policy & Subsidiary Policies A Maturing Field: As the discipline of information security becomes more sophisticated, codified, standardized, and mature, it is not surprising that the old-fashioned approach to information security policy writing is no...

Information security policies are a special type of documented business rule that provide instructions for how the organization will protect information assets.  Policies are high-level statements that provide guidance to workers who must make present and future decisions.  For...

Litmus Test: One high-tech company that this author was working with recently was considering the acquisition of another high-tech company. In order to gauge the sophistication of the information security effort at the target company, top management at the acquiring company...

This article will explore five serious problems preventing information security policies from being implemented, even though these policies may have been written with the best of intentions. Cutting across all five of these causative factors is a theme involving a lack of...

Please Don’t Do This A number of years ago I was asked to come in and do an information security risk assessment at a major company. Of course gathering and reading copies of relevant documentation is part of the background work necessary to orient myself to the...

Why I Love Information Security Policies Being a vendor of information security policy content is somewhat strange. Many times during the week we talk to folks who need to write security policies for their company. The story is often the same: They are staring at the long list of...

We recently posted a video on how to create a draft information security policy in minutes using templates from Information Security Policies Made Easy. While our libraries contain thousands of individual policy statements, we also provide sample policy documents that you can...

In this paper we develop a cost model for estimating the Total Cost of Policy Management (TCPM). This paper is designed to help organizations estimate the true costs of ongoing policy management by understanding the details of each phase of security policy management. The Total...

Is it possible to declare some security policies as more critical than others? When it comes to protecting sensitive data, all security policies are important to reduce the risk of loss. However, when we look at risk mitigation from the perspective of stopping the latest attacks,...