Call Us: 888 641 0500
17
NOV
2013

Information Security Policies for PCI-DSS V3

The PCI Security Standards Council just released Version 3.0 of the Payment Card Industry Data Security Standard (PCI-DSS), the set of requirements for protecting credit card data.  The update had some significant changes, including a greater focus on third-party information...
01
DEC
2012

Most SMBs have no Information Security Policies

87% of Business in 2012 survey have no Acceptable Use Policies Phishing attacks are now among the top security risks for organizations. Yet, according to a recent survey of small and medium-sized businesses (SMB), a full Eighty-seven (87%) percent do not have a formal written...
11
SEP
2012

Information Classification – The Link between Security and Privacy

Most of the attention focused on information security today surrounds the public data breach. Almost daily we hear a new report about hundreds or thousands of records of personal information being improperly disclosed.  In fact, it is the loss of private data that drives most of...
28
FEB
2011

The Information Security Policy Hierarchy

Developing A Governing Policy & Subsidiary Policies A Maturing Field: As the discipline of information security becomes more sophisticated, codified, standardized, and mature, it is not surprising that the old-fashioned approach to information security policy writing is no...
08
JUL
2010

Implied Security Policies Create Added Risk

The US Supreme Court has overturned a lower-court ruling and concluded that management has a right to review employee text messages on company-issued devices. If used as a precedent, this case may have far-reaching consequences for employee expectations of privacy in workplace...
26
JUN
2010

The Total Cost of Information Security Policy Management

In this paper we develop a cost model for estimating the Total Cost of Policy Management (TCPM). This paper is designed to help organizations estimate the true costs of ongoing policy management by understanding the details of each phase of security policy management. The Total...
26
APR
2010

The ROI of Pre-written Security Policies

Security Policy University is blog devoted to IT or information security professionals responsible for writing, publishing, maintaining and enforcing information security and data privacy policies. The blog has posts from a variety of experts in the field of information security...
20
OCT
2009

Information Security Policies and ISO 27001 certification

The paper discusses the importance of information security policies within an information security management system (ISMS), including the benefits of using Information Shield publications in obtaining certification against the new ISO 27001 standard. Information Security...
06
NOV
2006

Policy Controls for Building Secure Applications

A number of recent surveys indicate that an increasing number of attacks are targeting applications, rather than operating systems. Hackers have discovered that applications are patched far less frequently than operating systems and web servers. For example, the recent release of...