Security Management Strategies for the CIOEmail Alerts
-
Risk Management
guide
-
Eye On IT Security
guide
-
IT security policy management: Effective polices to mitigate threats
In this mini guide, you will gain a better understanding of IT security policy management and learn how to create an effective IT security policy, how to ensure security polices are managed appropriately, best practices for policy implementation and ... Learning Guide
-
Information Security Learning Guides
Information security learning guides cover topics such as firewalls, Snort, VoIP, Bluetooth security, intrusion prevention, spyware, web security, network access control and more. SearchSecurity.com's Lear
-
Developing and Maintaining Policies
Book Chapter
-
PING with Nikk Gilbert
In this exclusive interview with Information Security magazine, Nikk Gilbert, IT security and telecom director reviews the obstacles he encountered when placed at the helm of an enterprise that didn't have a dedicated security team and what enterpris... Information Security maga
-
Special considerations for network-based access control
An excerpt from Chapter 13: Access Control of "Information Security: Design, Implementation, Measurement, and Compliance," by Timothy P. Layton. Book Chapter
-
Information Security Governance Guide
This guide provides an introduction to what information security governance and a security program are, and examines how to deploy security policies within any environment. Learning Guide
-
Automated provisioning quiz answers
SearchSecurity Retention
-
Endpoint security quiz
Take this five-question quiz to see how much you've learned about endpoint security. Identity and Access Manag
- See More: Essential Knowledge on Information Security Policies, Procedures and Guidelines
-
Can SMBs sue their bank and recover losses from a hacked bank account?
RSA Conference 2012 panelists discussed court rulings on liability for hacked bank accounts, and gave advice to security pros for protecting financial assets. News | 01 Mar 2012
-
RSA Conference 2012 keynote prescribes intelligence-driven security
RSA’s Arthur Coviello urged security pros to break down silos and intelligence-driven security programs, or face a tough year. News | 28 Feb 2012
-
Legal risks abound for firms without a mobile device security policy
Companies without a mobile device security policy risk not only losing data, but also running afoul of the law. News | 20 Sep 2011
-
Standardizing federal security regulations easier said than done
While Oregon officials have had success with a cross-government compliance program, standardizing federal requirements is another matter. News | 07 Sep 2011
-
State IT security model for IRS compliance could work at federal level
Oregon's model for compliance with IRS information security requirements could be used for cross-agency security at the federal level. News | 16 Aug 2011
-
Verizon launches Incident Analytics Service to meld DBIR data with risk analysis
New service aims to help businesses measure their security programs against Verizon’s Data Breach Investigations Report and the VERIS classification and reporting data. News | 21 Jun 2011
-
Eye On: Virtualization Security
SearchSecurity.com's "Eye On" series examines a security topic each month. In May, the series explores virtualization security and the technologies and methodologies available to reduce vulnerabilities and improve virtualization processes. Article | 25 May 2011
-
ICASI publishes new vulnerability reporting framework
A new Common Vulnerability Framework sets a standard so organizations can share vulnerability information in a common readable format. News | 18 May 2011
-
Sony attack: Sony expands scope of its massive data security breach
Sony executives said an attack on its PlayStation Network systems, also exposed the data of 24.6 million users at its Online Entertainment division. News | 03 May 2011
-
Eye On: Secure Software Development
This special report explores software security: reducing vulnerabilities and improving development processes. Article | 21 Apr 2011
- See More: News on Information Security Policies, Procedures and Guidelines
-
SEC disclosure rules: Public company reporting requirements explained
Learn the public company reporting requirements necessary to comply with CF Disclosure Guidance Topic No. 2, the SEC's cybersecurity reporting rules. Tip
-
Building a compliance culture means learning from mistakes
In this bonus to our "Compliance scorecard" Security School lesson, Eric Holmquist covers the importance of learning from failure by assessing how and why mistakes happen. Tip
-
How to write an effective enterprise mobile device security policy
Expert Lisa Phifer explains the process for creating a winning enterprise mobile device security policy that reduces the risk of mobile data threats. Tip
-
Continuous monitoring strategy for government security managers
A security expert offers insights and advice for government security managers on implementing a continuous monitoring strategy. Tip
-
SOX compliance checklist: Five ways to refine a SOX compliance program
SOX compliance is still too burdensome for many enterprises. Expert Charles Denyer offers five ways to streamline a lagging SOX compliance program. Tip
-
Forrester: Developing an enterprise risk assessment template
Despite skeptics, an enterprise risk assessment template is worth investing in. Forrester’s Chris McClean explains why and how to get started. Tip
-
COBIT 5: A first look at the recent updates
In this tip, learn how to integrate the new management practices from COBIT 5 into current IT security framework implementations. Tip
-
Proactive security measures: How to prevent malware attacks
Security teams don't always need to be on the reactive. Learn how to implement proactive security strategies that prevent malware infections. Tip
-
Identity Ecosystem should make life a little easier for IT shops
While implementation of the Identity Ecosystem is a long way off, the benefits for projects such as electronic health records could be significant. Tip
-
Understanding iPad security concerns for better iPad enterprise management
Are iPad security concerns burdening your company’s adoption of the technology? Expert Michael Cobb discusses common security concerns and iPad enterprise management issues. Tip
- See More: Tips on Information Security Policies, Procedures and Guidelines
-
How acceptable use agreements can combat BYOD security issues
Is your organization facing BYOD security issues? Learn how the implementation of acceptable use agreements can help contain these issues. Answer
-
Best practices: Gaining executive support for the software security lifecycle
Recent BSIMM3 study results provide guidelines for why executive support for the software security lifecycle is so important. Michael Cobb explains. Answer
-
Talking with lawyers: How to manage information security legal issues
Dealing with lawyers is often a challenge. Ernie Hayden offers advice for CISOs dealing with enterprise information security legal issues. Answer
-
Privileged account policy: Securely managing privileged accounts
Randall Gamby discusses how to securely implement a privileged account policy within the enterprise and collectively manage sensitive account information. Answer
-
Getting started with an ISO implementation
Struggling to develop an ISO implementation plan? Expert Charles Denyer offers advice on getting started with an enterprise ISO implementation. Answer
-
Separation of duties: Internal user account controls
If your user account administration is dispersed among different departments, you might be looking into centralizing it. This can work, provided you have a trustworthy administrator and separation of duties controls. Ask the Expert
-
Best practices: Separation of duties for security administrators
In this Q&A, expert Michael Cobb explores separation of duties for security administrators with access to domain controllers and servers running Windows, UNIX and Linux. Ask the Expert
-
Remote webcam security surveillance: Invasion of privacy?
Using remote webcam security surveillance to check the whereabouts of stolen laptops might seem like a good idea, but is it an invasion of privacy? In this expert response, Ernie Hayden discusses the best ways to maintain privacy and keep laptops saf... Ask the Expert
-
What are the key provisions of Massachusetts Executive Order 412?
Agencies must now give their full cooperation to the Massachusetts Information Technology Division (ITD), which has been given more control over IT spending. Michael Cobb reviews Massachusetts' Executive Order 412 Ask the Expert
-
How to set up a corporate cell phone management strategy
Mobile devices are ubiquitous in today's enterprise environments, but how can security pros keep them from becoming malware-laden, data-leaking devices? In this expert response, Mike Chapple gives pointers on a corporate cell phone management strateg... Ask the Expert
- See More: Expert Advice on Information Security Policies, Procedures and Guidelines
-
information-centric security
Information-centric security is an approach to information security paradigm that emphasizes the security of the information itself rather than the security of networks, applications, or even simply data. Definition
-
PCI Security Standards Council
The PCI Security Standards Council is an organization created by the major credit card companies in an effort to better protect credit card holder data. Definition
-
PA-DSS (Payment Application Data Security Standard)
Payment Application Data Security Standard (PA-DSS) is a set of requirements that are intended to help software vendors develop secure payment applications that support PCI DSS compliance. Definition
-
PCI policy
A PCI policy is a type of security policy that covers how an organization addresses the 12 requirements of the Payment Card Industry Data Security Standard (PCI DSS). Definition
-
defense in depth
Defense in depth is the coordinated use of multiple security countermeasures to protect the integrity of the information assets in an enterprise... (Continued) Definition
-
security policy
In business, a security policy is a document that states in writing how a company plans to protect the company's physical and information technology (IT) assets. Definition
-
non-disclosure agreement (NDA)
A non-disclosure agreement (NDA) is a signed formal agreement in which one party agrees to give a second party confidential information about its business or products and the second party agrees not to share this information with anyone else for a sp... Definition
-
Inside the NSA trusted computing strategy
The NSA’s Tony Sager discusses the NSA trusted computing strategy and the importance of finding cost-effective ways to disrupt potential attackers. Video
-
PCI analysis: Wade Baker on Verizon PCI report findings
In this video, Verizon's Director of Risk Wade Baker explains the company's PCI report and what it has to say about the state of the standard. Video
-
Verizon VERIS: Wade Baker discusses incident sharing
In this video, Wade Baker discusses his company's incident sharing system, Verizon VERIS, and explains how they hope to improve the incident response process. Video
-
Intersecting state and federal data protection acts and regulations
Expert Richard Mackey discusses data protection acts and regulations from Massachusetts and Nevada and shows why compliance plays such an important role. Video
-
SearchSecurity.com Blogs
Blogs
-
Security researcher calls for greater focus on supply chain assurance
Hart Rossman, vice president and CTO for cyber programs at SAIC says more needs to be done to secure hardware and software moving in the global supply chain. Rossman explains the threat posed by poorly manufactured, bogus parts and software. Unfortun... Video
-
Incident response planning
Jack Phillips, managing partner of security research firm, IANS, talks about how companies can prepare to appropriately handle a security incident. Video
-
Fact or fiction: Don't forget about your intellectual prop
By creating a data protection plan, security professionals are able to ensure valuable data remains under control and make more effective use of the assets within a company. Check out the expert Podcast featured here and learn more about creating an ... Podcast
-
Webcast: FRCP requirements force new thinking on e-discovery policy
In this presentation, Frank Lagorio discusses e-discovery policy best practices under FRCP requirements, how to get started and pitfalls to avoid. Webcast
-
Information security podcasts: 2005 archive
Listen to past editions of SearchSecurity.com's Security Wire Weekly podcast, offering news, interviews and current events in the information Security market. Podcasts
-
How acceptable use agreements can combat BYOD security issues
Is your organization facing BYOD security issues? Learn how the implementation of acceptable use agreements can help contain these issues. Answer
-
information-centric security
Information-centric security is an approach to information security paradigm that emphasizes the security of the information itself rather than the security of networks, applications, or even simply data. Definition
-
PCI Security Standards Council
The PCI Security Standards Council is an organization created by the major credit card companies in an effort to better protect credit card holder data. Definition
-
PA-DSS (Payment Application Data Security Standard)
Payment Application Data Security Standard (PA-DSS) is a set of requirements that are intended to help software vendors develop secure payment applications that support PCI DSS compliance. Definition
-
PCI policy
A PCI policy is a type of security policy that covers how an organization addresses the 12 requirements of the Payment Card Industry Data Security Standard (PCI DSS). Definition
-
Can SMBs sue their bank and recover losses from a hacked bank account?
RSA Conference 2012 panelists discussed court rulings on liability for hacked bank accounts, and gave advice to security pros for protecting financial assets. News
-
RSA Conference 2012 keynote prescribes intelligence-driven security
RSA’s Arthur Coviello urged security pros to break down silos and intelligence-driven security programs, or face a tough year. News
-
SEC disclosure rules: Public company reporting requirements explained
Learn the public company reporting requirements necessary to comply with CF Disclosure Guidance Topic No. 2, the SEC's cybersecurity reporting rules. Tip
-
Best practices: Gaining executive support for the software security lifecycle
Recent BSIMM3 study results provide guidelines for why executive support for the software security lifecycle is so important. Michael Cobb explains. Answer
-
Talking with lawyers: How to manage information security legal issues
Dealing with lawyers is often a challenge. Ernie Hayden offers advice for CISOs dealing with enterprise information security legal issues. Answer
- See More: All on Information Security Policies, Procedures and Guidelines
About Information Security Policies, Procedures and Guidelines
Browse the articles and tips in this section for the latest information on how to create, manage and implement effective information security policies, procedures and guidelines, such as acceptable use, device and remote access policies.