Security Management Strategies for the CIO
Email Alerts
-
NERC compliance strategies
SearchSecurity.com presents a comprehensive guide to NERC compliance. Our experts cover all the angles in order to help your efforts in meeting compliance with the information security standards established by the North American Electric Reliability ... E-Book
-
Are you secure? Adam Putnam says, "Prove it!"
Rep. Adam Putnam crusades to improve the security of the nation's critical infrastructure. The Florida Republican sounded a wake-up call in the fall of 2003 by drafting, but not filing, the Corporate Information Security Accountability Act. E-Zine
-
Beyond privacy policies: Practical privacy for websites and mobile apps
Posting a privacy policy is not enough. Here's practical advice for privacy on websites and mobile apps. Feature
-
Security rules to live by: Compliance with laws and regulations
Learn how complying with enterprise and federal laws and regulations affects information security and receive guidelines practitioners can use to protect themselves and their organization, in this excerpt of Chapter 3: Security Rules to Live By from ... Book Chapter
-
PING with Aviel Rubin
In this exclusive interview with Information Security magazine, Aviel Rubin, author of "Brave New Ballot" examines security problems in e-voting machines, and details why isn't just a cause for concern, it's a matter of national security. Information Security maga
-
PING with Heidi Kujawa
In an exclusive interview with Information Security magazine, Heidi Kujawa, director of enterprise architecture services for Sony Pictures Entertainment, explains how combatting piracy takes more than just keeping bootleggers out of the theaters. Information Security maga
-
Steal this Computer Book 4.0: Prevent Google hacking
Learn how to prevent Google hacking in this excerpt from Chapter 8: Stalking the Computer of "Steal this Computer Book 4.0," by Wallace Wang. Book Chapter
-
The Oversight Function
Security Architectural Mo
-
Ensure that legal responsibilities are clear -- Especially when trouble strikes
Excerpt from Chapter 15 of Information Nation Warrior: Information Management Compliance Boot Camp. Book Chapter
-
If he had just paid the rent
In this excerpt of Chapter 3 from "High-Tech Crimes Revealed," author Steven Branigan introduces "Wesley" and the incidents that led to a computer forensics investigation. Book Chapter
-
How to avoid federal Wiretap Act issues with a honeypot network security system
Hackers have rights, too. How can you deploy honeypots without running afoul of the law? Feature
-
Black Hat 2013 keynote: Alexander details NSA surveillance programs
In his keynote at Black Hat 2013, Gen. Keith Alexander said NSA surveillance programs have strict oversight, despite many inaccurate media reports. News | 01 Aug 2013
-
Mullen: Cybersecurity threats demand leadership from Capitol Hill
Adm. Mike Mullen criticized U.S. politicians for a lack of leadership on vital cybersecurity issues and called the NSA PRISM leak a 'huge breach.' News | 11 Jun 2013
-
For CISOs, California Right to Know Act would raise privacy emphasis
The proposed California Right to Know Act may compel CISOs to develop additional privacy policies or create new privacy officer roles. News | 09 Apr 2013
-
'Internet underground' fight demands better cybersecurity intelligence
Former U.S. national security advisor Greg Rattray believes better cybersecurity intelligence is needed to combat a growing "Internet underground." News | 22 Mar 2013
-
DoD security panel calls for new cyber-defense, offense
A Pentagon advisory panel suggests both beefed-up U.S. cyber-defenses and a proactive plan for offense. News | 14 Mar 2013
-
Obama's cybersecurity executive order issued for critical infrastructure
President Obama issued an executive order aimed at fostering public-private information sharing among critical infrastructure sectors. News | 13 Feb 2013
-
Critical infrastructure security: Electric industry shows the path
Expert Brian Zimmet believes the electric industry is the one to watch for a look at the future of critical infrastructure security regulations. News | 30 Jan 2013
-
Many in industry at odds over pending cybersecurity executive order
Some security industry veterans fear regulatory overreach, others believe an executive order won't go far enough. News | 03 Dec 2012
-
Cybersecurity legislation mired as executive order looms
Internet Security Alliance President Larry Clinton sees little hope that Congress would act on legislation aimed at bolstering cybersecurity lapses. News | 30 Oct 2012
-
A bold view on prioritizing computer security laws
The number of computer security laws in the U.S. can be daunting. One bold lawyer suggests a way to prioritize the laws and avoid most legal battles. News | 24 May 2012
- See more News on Information Security Laws, Investigations and Ethics
-
Ten years later: The legacy of SB 1386 compliance on data privacy laws
A decade after becoming law, the ripple effects of California's SB 1386 have surfaced in a new breed of proactive, granular state data privacy laws. Column
-
Congress should encourage bug fixes, reward secure systems
Cybersecurity policy should encourage bug fixes instead of simply recording and reporting attacks, software security expert Gary McGraw explains. Opinion
-
More cybersecurity laws needed for operational IT security
The U.S. has already adopted several cybersecurity laws, but few affect operational IT security. Column
-
Stored Communications Act ruling muddles business online data privacy
A state supreme court decision addressing webmail hacking under the Stored Communications Act affects email privacy and the ability to sue hackers. Tip
-
For U.S. companies, EU cookie compliance calls for website changes
With recent changes to European data privacy laws, U.S. enterprises must make website changes to meet EU cookie compliance deadlines. Tip
-
SEC disclosure rules: Public company reporting requirements explained
Learn the public company reporting requirements necessary to comply with CF Disclosure Guidance Topic No. 2, the SEC's cybersecurity reporting rules. Tip
-
DATA Act protection: Effects of a federal breach notification law
The federal Data Accountability and Trust (DATA) Act is still awaiting congressional approval, but what sort of effect would such a law have on overall compliance requirements? Expert Richard Mackey weighs in. Tip
-
Learn from NIST: Best practices in security program management
Security success means sweating the small stuff, like ensuring proficiency in implementing patches and configuring systems. Security management expert Mike Rothman offers advice on how certain NIST guidelines can help an organization highlight proble... Tip
-
Employee profiling: A proactive defense against insider threats
Employee profiling is one technique to combat malicious insiders, but organizations should tread carefully. As identity and access management expert Joel Dubin writes, protecting data and systems against insiders with criminal intentions requires a m... Tip
-
Is the CAN-SPAM Act a help or a hindrance?
Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin examines if the law has effectively cracked down on spamming activities and examines how to... Tip
-
Limiting the risk and liability of federated identities
You'll learn the legal issues involved in federated identity and how to best manage them. Tip
-
Protecting online copyright
In this week's tip, Mike Chapple highlights intellectual property responsibilities, and provides principles and recommendations for protecting Web copyright. Tip
-
Regulating information security
Ira discusses the benefits of regulating information security. Tip
- See more Tips on Information Security Laws, Investigations and Ethics
-
Purchasing a next-gen firewall: Buying from vendors in legal battles
Mike Chapple discusses whether enterprises should purchase next-gen firewall products from allegedly patent-infringing vendors. Answer
-
Explaining how trusted SSL certificates and forged SSL certificates work
Web security relies on valid, trusted SSL certificates, but as Michael Cobb explains, forged SSL certificates undermine the model for trusted Web connections. Answer
-
Exchange Server administration policy: Managing privileged user access
Randall Gamby explains the important particulars involved with setting up and securely supervising an enterprise Exchange Server administration policy. Answer
-
Should national information security standards be enforceable?
In this expert response, Ernie Hayden discusses the feasibility of creating nation information security standards that applied to all U.S. organizations deemed to have sensitive data. Ask the Expert
-
Remote webcam security surveillance: Invasion of privacy?
Using remote webcam security surveillance to check the whereabouts of stolen laptops might seem like a good idea, but is it an invasion of privacy? In this expert response, Ernie Hayden discusses the best ways to maintain privacy and keep laptops saf... Ask the Expert
-
How to prevent and build protection against online identity theft
In this expert response, John Strand explains what to do when your personal identity is impersonated online. Ask the Expert
-
What are the ethical issues when consulting for two competing companies?
Security consulting is a job in which privacy is paramount. Leaking security strategies to the wrong people -- especially a company's competition -- could lead to breaches or break ins. In this expert response, David Mortman gives best practices for ... Ask the Expert
-
Do European laws prevent a U.S. company from blocking spam?
Michael Cobb explores how the Internet -- and the ability to send messages quickly and easily to other countries --has complicated matters of jurisdiction. Ask the Expert
-
After a data breach, are there legal implications of sharing details?
After a data breach, it may be helpful to share the highs and lows of the experience with other companies to help prevent similiar breaches, but what are the legal implications of this? Learn how to share details without breaking the law or your ente... Ask the Expert
-
How to create a policy to avoid disgruntled employee data leaks
When crafting a data security policy, take into account that disgruntled employees may leak data. Learn how to prevent employee data leakage, and how to handle data loss if it occurs. Ask the Expert
- See more Expert Advice on Information Security Laws, Investigations and Ethics
-
I-SPY Act -- Internet Spyware Prevention Act of 2005 (H.R. 744)
The I-SPY Act, formally known as the Internet Spyware Prevention Act of 2005 (H.R. 744), is a bill in the U.S. Congress that would criminalize the unauthorized use of spyware, phishing, and other methods of using the Internet to obtain sensitive pers... Definition
-
intelligence community
The term intelligence community refers to government and other public agencies as well as private agencies that gather, assemble, and report information that pertains to world or national security. Definition
-
lifestyle polygraph
A lifestyle polygraph is a lie-detector (polygraph) test that is administered as a requirement for employment in certain fields. Definition
-
HSPD-7 (Homeland Security Presidential Directive No. 7)
HSPD-7 (Homeland Security Presidential Directive No. 7) was a directive issued by U.S. President George W. Bush in December, 2003 that updated policies intended to protect the country from terrorist attacks. This directive superseded the earlier PDD-... Definition
-
CALEA (Communications Assistance for Law Enforcement Act)
CALEA (Communications Assistance for Law Enforcement Act) is a United States federal law that enables the government to intercept wire and electronic communications and call-identifying information under certain circumstances -- in particular, when i... Definition
-
National Security Agency (NSA)
The National Security Agency (NSA) is the official U.S. cryptologic (the science of cryptographic design and decryption) organization. Definition
-
FERPA (Family Educational Rights and Privacy Act of 1974)
FERPA (Family Educational Rights and Privacy Act of 1974) is legislation that protects the privacy of students' personally identifiable information (PII). The act applies to all educational institutions that receive federal funds. Definition
-
Electrohippies Collective
The Electrohippies Collective is an international group of hacktivists based in Oxfordshire, England, whose purpose is to express its displeasure with the use of the Internet "as a tool for corporate communications and propaganda. Definition
-
hacktivism
Hacktivism is the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose. Definition
-
cyberstalking
Cyberstalking is a crime in which the attacker harasses a victim using electronic communication, such as e-mail or instant messaging (IM), or messages posted to a Web site or a discussion group. Definition
- See more Definitions on Information Security Laws, Investigations and Ethics
-
Bruce Schneier: China cyberwar rhetoric risks dangerous implications
Video: Bruce Schneier explains why ongoing China cyberwar rhetoric evokes the wrong responses and may damage personal privacy, and ultimately freedom. Video
-
PayPal's CISO on cybercrime prevention, Internet security issues
Video: PayPal CISO Michael Barrett discusses hot-button issues surrounding cybercrime prevention, Internet security and nation-state attacks. Video
-
What you need to do for MA 201 CMR 17 compliance
In this video, expert Richard Mackey outlines the steps that every organization must take to comply with Massachusetts 201 CMR 17 data protection law. Video
-
Data Accountability and Trust Act
Attorney David Navetta discusses the proposed DATA law, including the similarities and differences with existing state data privacy laws. Video
-
Face-off: Who should be in charge of cybersecurity?
Security experts Bruce Schneier and Marcus Ranum debate how the federal government should handle cybersecurity initiatives. Video
-
Federal efforts to secure cyberinfrastrucure
RSA 2009: Former White House senior advisor Paul Kurtz and James Lewis, director of technology policy at the Center for Strategic and International Studies talk about the state of cybersecurity readiness at the federal level. Video
-
Courts turn aside data breach suits
Class action suits based on data breaches have failed without exception. But, companies still face heavy sanctions and have settled in most cases rather than risk losing in court. Video
-
Webcast: FRCP requirements force new thinking on e-discovery policy
In this presentation, Frank Lagorio discusses e-discovery policy best practices under FRCP requirements, how to get started and pitfalls to avoid. Webcast
-
Black Hat 2013 keynote: Alexander details NSA surveillance programs
In his keynote at Black Hat 2013, Gen. Keith Alexander said NSA surveillance programs have strict oversight, despite many inaccurate media reports. News
-
Ten years later: The legacy of SB 1386 compliance on data privacy laws
A decade after becoming law, the ripple effects of California's SB 1386 have surfaced in a new breed of proactive, granular state data privacy laws. Column
-
Mullen: Cybersecurity threats demand leadership from Capitol Hill
Adm. Mike Mullen criticized U.S. politicians for a lack of leadership on vital cybersecurity issues and called the NSA PRISM leak a 'huge breach.' News
-
Beyond privacy policies: Practical privacy for websites and mobile apps
Posting a privacy policy is not enough. Here's practical advice for privacy on websites and mobile apps. Feature
-
For CISOs, California Right to Know Act would raise privacy emphasis
The proposed California Right to Know Act may compel CISOs to develop additional privacy policies or create new privacy officer roles. News
-
Bruce Schneier: China cyberwar rhetoric risks dangerous implications
Video: Bruce Schneier explains why ongoing China cyberwar rhetoric evokes the wrong responses and may damage personal privacy, and ultimately freedom. Video
-
'Internet underground' fight demands better cybersecurity intelligence
Former U.S. national security advisor Greg Rattray believes better cybersecurity intelligence is needed to combat a growing "Internet underground." News
-
DoD security panel calls for new cyber-defense, offense
A Pentagon advisory panel suggests both beefed-up U.S. cyber-defenses and a proactive plan for offense. News
-
PayPal's CISO on cybercrime prevention, Internet security issues
Video: PayPal CISO Michael Barrett discusses hot-button issues surrounding cybercrime prevention, Internet security and nation-state attacks. Video
-
Obama's cybersecurity executive order issued for critical infrastructure
President Obama issued an executive order aimed at fostering public-private information sharing among critical infrastructure sectors. News
- See more All on Information Security Laws, Investigations and Ethics
About Information Security Laws, Investigations and Ethics
Get news, advice and commentary on information security laws and ethics such as CAN-SPAM, CALEA, information security legislation, vulnerability disclosure, intellectual property, cybercrime, electronic records and more.