A few weeks ago, Deloitte Touche Tohmatsu (DTT) released the results of its Annual Global Security Survey for 2008. The survey focuses on the information security needs, practices and priorities of the financial industry, which is among the most regulated of all vertical markets. Not surprisingly, the top priority for the security officers interviewed was [...]
Tag Archives: information security policy
How mature is your information security policy program? Do you have a set of outdated documents stored in a binder or intranet site? Or do you have a documented management program that keeps your policies up to date, your users informed and your internal auditors sleeping at night? This is the first article in the [...]
Legal precedents are beginning to dictate a new standard for the notification of policy changes to your customers and employees. In the “old days” organizations would post changes to information security policies on the corporate intranet, and perhaps even notify employees that these changes occurred via email or some other means. However, in legal actions […]
A number of recent surveys indicate that an increasing number of attacks are targeting applications, rather than operating systems. Hackers have discovered that applications are patched far less frequently than operating systems and web servers. For example, the recent release of the SANS Top 20 vulnerabilities of 2005 points to a number of problems related […]