New & Notable
Information Security Policies, Procedures and Guidelines News
July 29, 2014
Corporate boards have increased their awareness of security issues, but experts say they still lack information security principles.
April 22, 2014
The Verizon DBIR 2014 shows that organizations should build a security strategy around industry-specific threats and incident patterns.
March 26, 2014
The Affordable Care Act introduced a number of infosec issues, but an expert at SecureWorld Boston 2014 said the right mitigations can ease concerns.
March 12, 2014
Veteran CISOs say Target's move to create and fill its CISO role is a good one, but that can't be the end of the Target security program overhaul.
Information Security Policies, Procedures and Guidelines Get Started
Bring yourself up to speed with our introductory content
In his debut 'Security that Works' column for SearchSecurity, Eric Cole of the SANS Institute challenges infosec pros to grade themselves on the three fundamental aspects of any successful enterprise security program. Continue Reading
Immature products and a lack of standardization raise critical questions about first-party risk and third-party liability. Continue Reading
Information security (infosec) is the set of business processes that protects information assets regardless of how the information is formatted or whether it is being processed, is in transit or is being stored. Continue Reading
Evaluate Information Security Policies, Procedures and Guidelines Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
Though perhaps a ways off, it may be worthwhile to prepare a Google Glass security policy now, before it's a problem. Expert Joseph Granneman explains what to expect. Continue Reading
Expert Ernie Hayden takes an in-depth look at the development of NIST SP800-82 since its birth, and what the standard includes in the most recent revision. Continue Reading
Video: Securicon executive consultant Ernie Hayden discusses what the NIST cybersecurity framework got right, and how the document can be improved. Continue Reading
Product ReviewsPowered by IT Central Station
Chose Zabbix over Nagios but wouldn’t suggest an in-house Zabbix implementation without a technical staffPowered by IT Central Station
Use Of Solution: I've been using the solution since version 1.4 which was around 2008, so I've been using the product for six years now....Continue Reading
ZABBIX is a 'all-in-on' and 'true opensource' monitoring solution but needs needs improved reporting functionsPowered by IT Central Station
Use Of Solution: I've been using ZABBIX since 2005. Valuable Features: This software is the most powerfull monitoring tool that I know....Continue Reading
Powered by IT Central Station
IMO there is no comparison between Nagios and Zabbix. Zabbix wins hands down. Having worked with Zabbix since 1.4 it has evolved into a great...Continue Reading
Manage Information Security Policies, Procedures and Guidelines
Learn to apply best practices and optimize your operations.
Security deserves a seat at the risk management table. Continue Reading
John Pescatore on why the SANS Institute's Critical Security Controls make up for other security deficiencies; plus, secrets of working with Gartner. Continue Reading
Compliance expert Mike Chapple reviews changes to HIPAA business associate agreements under the Omnibus Rule and what they mean for covered entities. Continue Reading
Problem Solve Information Security Policies, Procedures and Guidelines Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
Expert Joseph Granneman explains the best way for employers to approach social media monitoring as part of a social media policy for employees. Continue Reading
Cloud-based storage introduces a number of risks, but banning these services outright is unlikely to generate the desired results. Continue Reading
Expert Ernie Hayden explains how critical infrastructure organizations can use the NIST cybersecurity framework to assess, improve infosec practices. Continue Reading