Security Management Strategies for the CIO
Email Alerts
-
How to implement a change management that works and reduces security risks
Unmanaged changes to IT systems and networks can recklessly increase risk to enterprises. The key is rolling out an accepted change management process, and sticking to it. Read this magazine and find out how a consistent change management process put... E-Zine
-
IT content and vendor engagement evaluation survey
When IT professionals, such as you, have an IT project at their organization, there is a need to research multiple pieces of content from a variety of sources including vendors, third-parties and experts. This survey will allow TechTarget to identify... Survey
-
Enterprise mobile device security 2012
See exclusive enterprise mobile device security survey results and analysis from the editors of SearchSecurity.com. Survey
-
Risk Management
guide
-
Eye On IT Security
guide
-
IT security policy management: Effective polices to mitigate threats
In this mini guide, you will gain a better understanding of IT security policy management and learn how to create an effective IT security policy, how to ensure security polices are managed appropriately, best practices for policy implementation and ... Learning Guide
-
Information Security Learning Guides
Information security learning guides cover topics such as firewalls, Snort, VoIP, Bluetooth security, intrusion prevention, spyware, web security, network access control and more. SearchSecurity.com's Lear
-
Developing and Maintaining Policies
Book Chapter
-
PING with Nikk Gilbert
In this exclusive interview with Information Security magazine, Nikk Gilbert, IT security and telecom director reviews the obstacles he encountered when placed at the helm of an enterprise that didn't have a dedicated security team and what enterpris... Information Security maga
-
Special considerations for network-based access control
An excerpt from Chapter 13: Access Control of "Information Security: Design, Implementation, Measurement, and Compliance," by Timothy P. Layton. Book Chapter
-
Information Security Governance Guide
This guide provides an introduction to what information security governance and a security program are, and examines how to deploy security policies within any environment. Learning Guide
- See more Essential Knowledge on Information Security Policies, Procedures and Guidelines
-
Panel: Cyber-intelligence alone can't stop enterprise security threats
Panelists at the SANS Cyber Threat Intelligence Summit lament the challenges of using cyber-intelligence to thwart enterprise security threats. News | 27 Mar 2013
-
Can SMBs sue their bank and recover losses from a hacked bank account?
RSA Conference 2012 panelists discussed court rulings on liability for hacked bank accounts, and gave advice to security pros for protecting financial assets. News | 01 Mar 2012
-
RSA Conference 2012 keynote prescribes intelligence-driven security
RSA’s Arthur Coviello urged security pros to break down silos and intelligence-driven security programs, or face a tough year. News | 28 Feb 2012
-
Legal risks abound for firms without a mobile device security policy
Companies without a mobile device security policy risk not only losing data, but also running afoul of the law. News | 20 Sep 2011
-
Standardizing federal security regulations easier said than done
While Oregon officials have had success with a cross-government compliance program, standardizing federal requirements is another matter. News | 07 Sep 2011
-
State IT security model for IRS compliance could work at federal level
Oregon's model for compliance with IRS information security requirements could be used for cross-agency security at the federal level. News | 16 Aug 2011
-
Verizon launches Incident Analytics Service to meld DBIR data with risk analysis
New service aims to help businesses measure their security programs against Verizon’s Data Breach Investigations Report and the VERIS classification and reporting data. News | 21 Jun 2011
-
Eye On: Virtualization Security
SearchSecurity.com's "Eye On" series examines a security topic each month. In May, the series explores virtualization security and the technologies and methodologies available to reduce vulnerabilities and improve virtualization processes. Article | 25 May 2011
-
ICASI publishes new vulnerability reporting framework
A new Common Vulnerability Framework sets a standard so organizations can share vulnerability information in a common readable format. News | 18 May 2011
-
Sony attack: Sony expands scope of its massive data security breach
Sony executives said an attack on its PlayStation Network systems, also exposed the data of 24.6 million users at its Online Entertainment division. News | 03 May 2011
- See more News on Information Security Policies, Procedures and Guidelines
-
More cybersecurity laws needed for operational IT security
The U.S. has already adopted several cybersecurity laws, but few affect operational IT security. Column
-
How to reduce IT security risk with IT asset management
IT asset management expert Barb Rembiesa explains how ITAM best practices like IT asset standardization and rationalization reduce IT security risk. Tip
-
SEC disclosure rules: Public company reporting requirements explained
Learn the public company reporting requirements necessary to comply with CF Disclosure Guidance Topic No. 2, the SEC's cybersecurity reporting rules. Tip
-
Building a compliance culture means learning from mistakes
In this bonus to our "Compliance scorecard" Security School lesson, Eric Holmquist covers the importance of learning from failure by assessing how and why mistakes happen. Tip
-
How to write an effective enterprise mobile device security policy
Expert Lisa Phifer explains the process for creating a winning enterprise mobile device security policy that reduces the risk of mobile data threats. Tip
-
Continuous monitoring strategy for government security managers
A security expert offers insights and advice for government security managers on implementing a continuous monitoring strategy. Tip
-
SOX compliance checklist: Five ways to refine a SOX compliance program
SOX compliance is still too burdensome for many enterprises. Expert Charles Denyer offers five ways to streamline a lagging SOX compliance program. Tip
-
Forrester: Developing an enterprise risk assessment template
Despite skeptics, an enterprise risk assessment template is worth investing in. Forrester’s Chris McClean explains why and how to get started. Tip
-
COBIT 5: A first look at the recent updates
In this tip, learn how to integrate the new management practices from COBIT 5 into current IT security framework implementations. Tip
-
Proactive security measures: How to prevent malware attacks
Security teams don't always need to be on the reactive. Learn how to implement proactive security strategies that prevent malware infections. Tip
-
Identity Ecosystem should make life a little easier for IT shops
While implementation of the Identity Ecosystem is a long way off, the benefits for projects such as electronic health records could be significant. Tip
- See more Tips on Information Security Policies, Procedures and Guidelines
-
SANS Top 20 Critical Security Controls vs. Defence Signals Directorate
Expert Michael Cobb compares the value of the SANS Top 20 Critical Security Controls with Australia's Defence Signals Directorate advice. Answer
-
Information Sharing and Analysis Centers: Getting started with ISACs
Joe Granneman explains how ISACs enable cybersecurity information sharing and the basic requirements for joining an ISAC. Answer
-
How to address password change frequency, reuse for third-party apps
Expert Michael Cobb explains how password change frequency and reuse for third-party apps should be addressed in enterprise password policies. Answer
-
Updating firewall policies with the frequency of firewall testing
Should firewall testing frequency be decided and documented when updating firewall policies? Expert Brad Casey discusses how often to test firewalls. Answer
-
Can ISO 27002 be used as a standalone guide for security management?
Learn the difference between ISO 27001 and ISO 27002, and how the latter can be used to build an infosec program. Answer
-
Advice on IT security for users when the BYOD security policy fails
Security expert Nick Lewis suggests how each individual enterprise can deal with mobile security risk by instituting a BYOD security policy to fit its needs. Answer
-
Revisiting JRE security policy amid new ways to exploit Java
Expert Nick Lewis analyzes the increasing ability by hackers to exploit Java and the need to perform a JRE security policy analysis in response. Answer
-
How acceptable use agreements can combat BYOD security issues
Is your organization facing BYOD security issues? Learn how the implementation of acceptable use agreements can help contain these issues. Answer
-
Best practices: Gaining executive support for the software security lifecycle
Recent BSIMM3 study results provide guidelines for why executive support for the software security lifecycle is so important. Michael Cobb explains. Answer
-
Talking with lawyers: How to manage information security legal issues
Dealing with lawyers is often a challenge. Ernie Hayden offers advice for CISOs dealing with enterprise information security legal issues. Answer
- See more Expert Advice on Information Security Policies, Procedures and Guidelines
-
four eyes principle
The four eyes principle is a requirement that two individuals review and approve some action before it can be taken. In a business context, the two individuals are often the CEO and the CFO. However, the principle can be applied to decisions at all l... Definition
-
confidentiality, integrity, and availability (CIA)
Confidentiality, integrity, and availability (CIA) is a model designed to guide policies for information security within an organization. In this context, confidentiality is a set of rules that limits access to information, integrity is the assurance... Definition
-
information-centric security
Information-centric security is an approach to information security paradigm that emphasizes the security of the information itself rather than the security of networks, applications, or even simply data. Definition
-
PCI Security Standards Council
The PCI Security Standards Council is an organization created by the major credit card companies in an effort to better protect credit card holder data. Definition
-
PA-DSS (Payment Application Data Security Standard)
Payment Application Data Security Standard (PA-DSS) is a set of requirements that are intended to help software vendors develop secure payment applications that support PCI DSS compliance. Definition
-
PCI policy
A PCI policy is a type of security policy that covers how an organization addresses the 12 requirements of the Payment Card Industry Data Security Standard (PCI DSS). Definition
-
defense in depth
Defense in depth is the coordinated use of multiple security countermeasures to protect the integrity of the information assets in an enterprise... (Continued) Definition
-
security policy
In business, a security policy is a document that states in writing how a company plans to protect the company's physical and information technology (IT) assets. Definition
-
non-disclosure agreement (NDA)
A non-disclosure agreement (NDA) is a signed formal agreement in which one party agrees to give a second party confidential information about its business or products and the second party agrees not to share this information with anyone else for a sp... Definition
-
PayPal CISO: Laws must foster better cybersecurity information sharing
PayPal's Michael Barrett says many firms fear misuse of shared cybersecurity data. He also discusses the evolution of PCI DSS and mobile payment security. Video
-
Martin Roesch: Increase in cybersecurity breaches demands new tactics
Video: Sourcefire interim CEO Martin Roesch discusses the need for new tactics amid rampant cybersecurity breaches, plus APTs, big data and CISO priorities. Video
-
Creating a normalized corporate compliance program
It's essential for IT security managers to create a corporate compliance program to adhere to regulations while maintaining a productive workplace. Video
-
Meeting PCI DSS compliance requirements with a data management program
In order to meet PCI DSS requirements and compliance, it is important to organize and sort the data coming in by devising a data management plan. Video
-
Security data mining techniques to weed through data overload
These security data mining techniques will allow security professionals to find and tackle the real issues while overcoming data overload. Video
-
Formulate a more effective information security incident response plan
In this Hot Type podcast, author Neal McCarthy discusses how enterprises should create and maintain an information security incident response plan. Hot Type
-
Understanding the insider threat
In this video, Dawn Cappelli, a member of the Technical Staff in CERT at Carnegie Mellon University's Software Institute, outlines three different types of intentional insider threats. Video
-
Inside the NSA trusted computing strategy
The NSA’s Tony Sager discusses the NSA trusted computing strategy and the importance of finding cost-effective ways to disrupt potential attackers. Video
-
PCI analysis: Wade Baker on Verizon PCI report findings
In this video, Verizon's Director of Risk Wade Baker explains the company's PCI report and what it has to say about the state of the standard. Video
-
Verizon VERIS: Wade Baker discusses incident sharing
In this video, Wade Baker discusses his company's incident sharing system, Verizon VERIS, and explains how they hope to improve the incident response process. Video
- See more Multimedia on Information Security Policies, Procedures and Guidelines
-
SANS Top 20 Critical Security Controls vs. Defence Signals Directorate
Expert Michael Cobb compares the value of the SANS Top 20 Critical Security Controls with Australia's Defence Signals Directorate advice. Answer
-
IT content and vendor engagement evaluation survey
When IT professionals, such as you, have an IT project at their organization, there is a need to research multiple pieces of content from a variety of sources including vendors, third-parties and experts. This survey will allow TechTarget to identify... Survey
-
How to reduce IT security risk with IT asset management
IT asset management expert Barb Rembiesa explains how ITAM best practices like IT asset standardization and rationalization reduce IT security risk. Tip
-
Information Sharing and Analysis Centers: Getting started with ISACs
Joe Granneman explains how ISACs enable cybersecurity information sharing and the basic requirements for joining an ISAC. Answer
-
four eyes principle
The four eyes principle is a requirement that two individuals review and approve some action before it can be taken. In a business context, the two individuals are often the CEO and the CFO. However, the principle can be applied to decisions at all l... Definition
-
confidentiality, integrity, and availability (CIA)
Confidentiality, integrity, and availability (CIA) is a model designed to guide policies for information security within an organization. In this context, confidentiality is a set of rules that limits access to information, integrity is the assurance... Definition
-
PayPal CISO: Laws must foster better cybersecurity information sharing
PayPal's Michael Barrett says many firms fear misuse of shared cybersecurity data. He also discusses the evolution of PCI DSS and mobile payment security. Video
-
How to address password change frequency, reuse for third-party apps
Expert Michael Cobb explains how password change frequency and reuse for third-party apps should be addressed in enterprise password policies. Answer
-
Updating firewall policies with the frequency of firewall testing
Should firewall testing frequency be decided and documented when updating firewall policies? Expert Brad Casey discusses how often to test firewalls. Answer
-
Panel: Cyber-intelligence alone can't stop enterprise security threats
Panelists at the SANS Cyber Threat Intelligence Summit lament the challenges of using cyber-intelligence to thwart enterprise security threats. News
- See more All on Information Security Policies, Procedures and Guidelines
About Information Security Policies, Procedures and Guidelines
Browse the articles and tips in this section for the latest information on how to create, manage and implement effective information security policies, procedures and guidelines, such as acceptable use, device and remote access policies.