Viewpoint: Let's add policy to GRC

This article can also be found in the Premium Editorial Download: Information Security magazine: Seven questions to ask before committing to SaaS:

How Do You Spell Data Governance? P-o-l-i-c-y
Regarding the Perspectives column by Julie Tower-Pierce ("Think Like a Lawyer," March 2008) there is a very crucial word missing: policy.

One of the most important aspects of any healthy e-discovery strategy is policy governing how data is handled, retained, destroyed and retrieved. Without standing policy (i.e., one you did not create after being served a subpoena) that spells out how your organization handles its data, you will find yourself on the very wrong end of a judge's orders requiring the (very expensive) production of records...and perhaps in need of refreshing your resume...or worse.

Stephen Yelick
Information technology security administrator, Macomb County, Mich.


Open Source Does the Job
I just finished reading "Encrypt Them All" (February 2008), and I have to admit that I am surprised that the open source solution, TrueCrypt, was never mentioned.

We have been using SecureDoc for many years and recently decided to give TrueCrypt a try as an alternative. I must admit, I was thoroughly surprised. Although not without problems, it turned out to be a very capable open source solution, and it is very possible that this will be our software of choice. So I must ask, why was it not given consideration for the article?

Art Beard
Manager of information technology, Community Financial


Editor's Note:
The product chart that accompanied the "Encrypt Them All" article was a representative sample of commercial products.

Security7Awards

It's Time to recognize the industry's Best

Information Security magazine and SearchSecurity.com will honor innovative security practitioners in seven vertical markets this fall with our annual Security Seven Awards. The awards, to be handed out at the Information Security Decisions conference in Chicago and featured in the magazine's October issue, will recognize the efforts, achievements and contributions of practitioners in financial services, telecommunications, manufacturing, energy, government, education and health care.

While vendor executives are not eligible, we're inviting you to nominate your most innovative practitioners. Nominees must have made a noteworthy contribution to their organizations or the security community in areas including research, product development and standards.

Download the nomination form at www.searchsecurity.com/securityseven and email it to securityseven@infosecuritymag.com.

Nomination Deadline: June 25

This was first published in May 2008

Dig deeper on Security Resources

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close