Security Management Strategies for the CIO
Email Alerts
-
Security rules to live by: Compliance with laws and regulations
Learn how complying with enterprise and federal laws and regulations affects information security and receive guidelines practitioners can use to protect themselves and their organization, in this excerpt of Chapter 3: Security Rules to Live By from ... Book Chapter
-
PING with Aviel Rubin
In this exclusive interview with Information Security magazine, Aviel Rubin, author of "Brave New Ballot" examines security problems in e-voting machines, and details why isn't just a cause for concern, it's a matter of national security. Information Security maga
-
PING with Heidi Kujawa
In an exclusive interview with Information Security magazine, Heidi Kujawa, director of enterprise architecture services for Sony Pictures Entertainment, explains how combatting piracy takes more than just keeping bootleggers out of the theaters. Information Security maga
-
Steal this Computer Book 4.0: Prevent Google hacking
Learn how to prevent Google hacking in this excerpt from Chapter 8: Stalking the Computer of "Steal this Computer Book 4.0," by Wallace Wang. Book Chapter
-
The Oversight Function
Security Architectural Mo
-
Ensure that legal responsibilities are clear -- Especially when trouble strikes
Excerpt from Chapter 15 of Information Nation Warrior: Information Management Compliance Boot Camp. Book Chapter
-
If he had just paid the rent
In this excerpt of Chapter 3 from "High-Tech Crimes Revealed," author Steven Branigan introduces "Wesley" and the incidents that led to a computer forensics investigation. Book Chapter
-
Praise, criticism for retiring cybersecurity coordinator Howard Schmidt
Security experts say some issues haven’t been adequately addressed by the White House security chief. News | 17 May 2012
-
CISPA threat intelligence bill passes House
The Cyber Intelligence Sharing and Protection Act (CISPA), clears security vendors of any liability for sharing customer attack data with federal officials. News | 27 Apr 2012
-
ISP’s anti-botnet code of conduct accomplishes little
Leading ISPs sign the U.S. Anti-Bot Code of Conduct, which stops short of demanding ISPs provide a clean pipe to customers. News | 26 Mar 2012
-
Former CIA official cites rise in government cybersecurity awareness
Former CIA ops director Cofer Black urges the security community to educate decision makers and validate how cyberattacks endanger national defense. News | 03 Aug 2011
-
Microsoft offers bounty in hunt for Rustock spambot operators
A $250,000 reward is being offered to anyone who provides new information that results in the identification, arrest and criminal conviction of the cybercriminals behind the Rustock botnet. News | 18 Jul 2011
-
Cisco: Targeted phishing helped hackers earn $150 million last month
Cybercriminals made an estimated $150 million from targeted phishing attacks in June, according to researchers at Cisco Systems Inc. News | 01 Jul 2011
-
Feds break up scareware crime rings
Twenty-two computers and servers n the U.S. were seized in connection with the scareware scheme. News | 23 Jun 2011
-
Store dealing with dishonest employees uses internal theft prevention software
A London-based sushi chain expects to save almost £1 million this year with the help of new fraud-detection software. News | 03 May 2011
-
Cybercriminals offer new sales tactics for stolen data
Cybercriminals are resorting to new sales tactics to remain viable in an increasingly competitive environment, according to a new report. Article | 25 Jan 2011
-
Microsoft's Internet access control plan deserves a chance
Microsoft is pushing a plan to prevent consumer computers from spreading malware. Senior Site Editor Eric B. Parizo says it's an idea that enterprise infosec pros should support. Column | 22 Oct 2010
- See More: News on Information Security Laws, Investigations and Ethics
-
For U.S. companies, EU cookie compliance calls for website changes
With recent changes to European data privacy laws, U.S. enterprises must make website changes to meet EU cookie compliance deadlines. Tip
-
SEC disclosure rules: Public company reporting requirements explained
Learn the public company reporting requirements necessary to comply with CF Disclosure Guidance Topic No. 2, the SEC's cybersecurity reporting rules. Tip
-
DATA Act protection: Effects of a federal breach notification law
The federal Data Accountability and Trust (DATA) Act is still awaiting congressional approval, but what sort of effect would such a law have on overall compliance requirements? Expert Richard Mackey weighs in. Tip
-
Learn from NIST: Best practices in security program management
Security success means sweating the small stuff, like ensuring proficiency in implementing patches and configuring systems. Security management expert Mike Rothman offers advice on how certain NIST guidelines can help an organization highlight proble... Tip
-
Employee profiling: A proactive defense against insider threats
Employee profiling is one technique to combat malicious insiders, but organizations should tread carefully. As identity and access management expert Joel Dubin writes, protecting data and systems against insiders with criminal intentions requires a m... Tip
-
Is the CAN-SPAM Act a help or a hindrance?
Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin examines if the law has effectively cracked down on spamming activities and examines how to... Tip
-
Limiting the risk and liability of federated identities
You'll learn the legal issues involved in federated identity and how to best manage them. Tip
-
Protecting online copyright
In this week's tip, Mike Chapple highlights intellectual property responsibilities, and provides principles and recommendations for protecting Web copyright. Tip
-
Regulating information security
Ira discusses the benefits of regulating information security. Tip
-
Know Your Enemy -- Learning about Security Threats: Chapter 8, Legal Issues
Find out more about the legal issues swirling around the use of Honeypots. Tip
- See More: Tips on Information Security Laws, Investigations and Ethics
-
Explaining how trusted SSL certificates and forged SSL certificates work
Web security relies on valid, trusted SSL certificates, but as Michael Cobb explains, forged SSL certificates undermine the model for trusted Web connections. Answer
-
Exchange Server administration policy: Managing privileged user access
Randall Gamby explains the important particulars involved with setting up and securely supervising an enterprise Exchange Server administration policy. Answer
-
Should national information security standards be enforceable?
In this expert response, Ernie Hayden discusses the feasibility of creating nation information security standards that applied to all U.S. organizations deemed to have sensitive data. Ask the Expert
-
Remote webcam security surveillance: Invasion of privacy?
Using remote webcam security surveillance to check the whereabouts of stolen laptops might seem like a good idea, but is it an invasion of privacy? In this expert response, Ernie Hayden discusses the best ways to maintain privacy and keep laptops saf... Ask the Expert
-
How to prevent and build protection against online identity theft
In this expert response, John Strand explains what to do when your personal identity is impersonated online. Ask the Expert
-
What are the ethical issues when consulting for two competing companies?
Security consulting is a job in which privacy is paramount. Leaking security strategies to the wrong people -- especially a company's competition -- could lead to breaches or break ins. In this expert response, David Mortman gives best practices for ... Ask the Expert
-
Do European laws prevent a U.S. company from blocking spam?
Michael Cobb explores how the Internet -- and the ability to send messages quickly and easily to other countries --has complicated matters of jurisdiction. Ask the Expert
-
After a data breach, are there legal implications of sharing details?
After a data breach, it may be helpful to share the highs and lows of the experience with other companies to help prevent similiar breaches, but what are the legal implications of this? Learn how to share details without breaking the law or your ente... Ask the Expert
-
How to create a policy to avoid disgruntled employee data leaks
When crafting a data security policy, take into account that disgruntled employees may leak data. Learn how to prevent employee data leakage, and how to handle data loss if it occurs. Ask the Expert
-
Do mobile devices put sensitive data at risk when used overseas?
Any wireless electronic device is subject to eavesdropping or infection, but the risk increases dramatically when traveling to countries where a device connects to a local service provider which may be government-controlled. Ask the Expert
- See More: Expert Advice on Information Security Laws, Investigations and Ethics
-
I-SPY Act -- Internet Spyware Prevention Act of 2005 (H.R. 744)
The I-SPY Act, formally known as the Internet Spyware Prevention Act of 2005 (H.R. 744), is a bill in the U.S. Congress that would criminalize the unauthorized use of spyware, phishing, and other methods of using the Internet to obtain sensitive pers... Definition
-
intelligence community
The term intelligence community refers to government and other public agencies as well as private agencies that gather, assemble, and report information that pertains to world or national security. Definition
-
lifestyle polygraph
A lifestyle polygraph is a lie-detector (polygraph) test that is administered as a requirement for employment in certain fields. Definition
-
HSPD-7 (Homeland Security Presidential Directive No. 7)
HSPD-7 (Homeland Security Presidential Directive No. 7) was a directive issued by U.S. President George W. Bush in December, 2003 that updated policies intended to protect the country from terrorist attacks. This directive superseded the earlier PDD-... Definition
-
CALEA (Communications Assistance for Law Enforcement Act)
CALEA (Communications Assistance for Law Enforcement Act) is a United States federal law that enables the government to intercept wire and electronic communications and call-identifying information under certain circumstances -- in particular, when i... Definition
-
National Security Agency (NSA)
The National Security Agency (NSA) is the official U.S. cryptologic (the science of cryptographic design and decryption) organization. Definition
-
FERPA (Family Educational Rights and Privacy Act of 1974)
FERPA (Family Educational Rights and Privacy Act of 1974) is legislation that protects the privacy of students' personally identifiable information (PII). The act applies to all educational institutions that receive federal funds. Definition
-
Electrohippies Collective
The Electrohippies Collective is an international group of hacktivists based in Oxfordshire, England, whose purpose is to express its displeasure with the use of the Internet "as a tool for corporate communications and propaganda. Definition
-
hacktivism
Hacktivism is the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose. Definition
-
cyberstalking
Cyberstalking is a crime in which the attacker harasses a victim using electronic communication, such as e-mail or instant messaging (IM), or messages posted to a Web site or a discussion group. Definition
- See More: Definitions on Information Security Laws, Investigations and Ethics
-
What you need to do for MA 201 CMR 17 compliance
In this video, expert Richard Mackey outlines the steps that every organization must take to comply with Massachusetts 201 CMR 17 data protection law. Video
-
Data Accountability and Trust Act
Attorney David Navetta discusses the proposed DATA law, including the similarities and differences with existing state data privacy laws. Video
-
Face-off: Who should be in charge of cybersecurity?
Security experts Bruce Schneier and Marcus Ranum debate how the federal government should handle cybersecurity initiatives. Video
-
Federal efforts to secure cyberinfrastrucure
RSA 2009: Former White House senior advisor Paul Kurtz and James Lewis, director of technology policy at the Center for Strategic and International Studies talk about the state of cybersecurity readiness at the federal level. Video
-
Courts turn aside data breach suits
Class action suits based on data breaches have failed without exception. But, companies still face heavy sanctions and have settled in most cases rather than risk losing in court. Video
-
Webcast: FRCP requirements force new thinking on e-discovery policy
In this presentation, Frank Lagorio discusses e-discovery policy best practices under FRCP requirements, how to get started and pitfalls to avoid. Webcast
-
Praise, criticism for retiring cybersecurity coordinator Howard Schmidt
Security experts say some issues haven’t been adequately addressed by the White House security chief. News
-
CISPA threat intelligence bill passes House
The Cyber Intelligence Sharing and Protection Act (CISPA), clears security vendors of any liability for sharing customer attack data with federal officials. News
-
ISP’s anti-botnet code of conduct accomplishes little
Leading ISPs sign the U.S. Anti-Bot Code of Conduct, which stops short of demanding ISPs provide a clean pipe to customers. News
-
For U.S. companies, EU cookie compliance calls for website changes
With recent changes to European data privacy laws, U.S. enterprises must make website changes to meet EU cookie compliance deadlines. Tip
-
SEC disclosure rules: Public company reporting requirements explained
Learn the public company reporting requirements necessary to comply with CF Disclosure Guidance Topic No. 2, the SEC's cybersecurity reporting rules. Tip
-
Explaining how trusted SSL certificates and forged SSL certificates work
Web security relies on valid, trusted SSL certificates, but as Michael Cobb explains, forged SSL certificates undermine the model for trusted Web connections. Answer
-
Exchange Server administration policy: Managing privileged user access
Randall Gamby explains the important particulars involved with setting up and securely supervising an enterprise Exchange Server administration policy. Answer
-
Former CIA official cites rise in government cybersecurity awareness
Former CIA ops director Cofer Black urges the security community to educate decision makers and validate how cyberattacks endanger national defense. News
-
Microsoft offers bounty in hunt for Rustock spambot operators
A $250,000 reward is being offered to anyone who provides new information that results in the identification, arrest and criminal conviction of the cybercriminals behind the Rustock botnet. News
-
Cisco: Targeted phishing helped hackers earn $150 million last month
Cybercriminals made an estimated $150 million from targeted phishing attacks in June, according to researchers at Cisco Systems Inc. News
- See More: All on Information Security Laws, Investigations and Ethics
About Information Security Laws, Investigations and Ethics
Get news, advice and commentary on information security laws and ethics such as CAN-SPAM, CALEA, information security legislation, vulnerability disclosure, intellectual property, cybercrime, electronic records and more.