Information security policies, procedures and guidelines
Browse the articles and tips in this section for the latest information on how to create, manage and implement effective information security policies, procedures and guidelines, such as acceptable use, device and remote access policies.
Top Stories
-
Tip
01 Feb 2024
10 cybersecurity best practices and tips for businesses
Looking to improve your business's cybersecurity program? Study these 10 cybersecurity best practices and tips. Continue Reading
-
Tip
31 Jan 2024
Enterprise cybersecurity hygiene checklist for 2024
Enterprise cybersecurity hygiene must be a shared responsibility between employees and employers. Learn how both can get the job done with this checklist. Continue Reading
-
Opinion
03 Aug 2020
Develop internal cybersecurity talent to build your dream team
Cybersecurity duties have changed, with cloud and coding being essential knowledge now. But CISOs can still build their dream cybersecurity team through internal talent development. Continue Reading
-
Infographic
03 Aug 2020
7 security awareness statistics to keep you up at night
As if protecting corporate systems and data wasn't hard enough, beware of another potential foe: those well-meaning but woefully uninformed staff members. Continue Reading
- E-Zine 03 Aug 2020
-
Opinion
03 Aug 2020
Importance of cybersecurity awareness never greater
Security awareness is more essential than ever, but in a world of increasingly sophisticated threats, making it a reality requires more than set-it-and-forget-it training. Continue Reading
-
Feature
22 Jul 2020
Minorities in cybersecurity face unique and lasting barriers
IT is facing renewed scrutiny into its lack of diversity. Explore the unique barriers minorities in cybersecurity face and why hiring approaches are ill equipped to address them. Continue Reading
-
Tip
20 Jul 2020
Post-pandemic cybersecurity: Lessons learned
Pandemic lockdowns provided companies with valuable cybersecurity experience. Here's how to make sure post-pandemic cybersecurity operations are prepared for a second wave. Continue Reading
-
Tip
08 Jul 2020
5 steps to help prevent supply chain cybersecurity threats
Follow five steps to lower the risk of supply chain cybersecurity threats, from creating third-party risk management teams to using blockchain and hyperledger and more. Continue Reading
-
Answer
15 Jun 2020
How to protect workloads using a zero-trust security model
Never trust, always verify. Learn how to implement a zero-trust security model to help manage risk and protect IT workloads at your organization. Continue Reading
-
Tip
10 Jun 2020
How security teams can prevent island-hopping cyberattacks
Learn how to prevent island-hopping cyberattacks to keep hackers from gaining the confidence of a phishing victim who could then accidentally commit corporate financial fraud. Continue Reading
-
Tip
19 May 2020
Top 2 post-COVID-19 CISO priorities changing in 2020
CISO priorities for 2020 were upended when the COVID-19 pandemic hit. Learn two ways forward-thinking CISOs are planning to deal with the new normal. Continue Reading
-
News
28 Apr 2020
Bugcrowd launches 'classic' penetration testing service
The crowdsourcing security company launched the Bugcrowd Classic Pen Test service to offer enterprises a more cost-effective and efficient way to test their cybersecurity posture. Continue Reading
-
Feature
28 Apr 2020
Cybersecurity impact analysis template for pandemic planning
This template from IANS Research can help IT and security professionals document and prioritize essential processes, staffing and systems when faced with a pandemic event. Continue Reading
-
Feature
27 Apr 2020
Securing a remote workforce amplifies common cybersecurity risks
Securing a remote workforce during the pandemic has not only created unforeseen cybersecurity risks, but also magnified old ones with more employees using home networks. Continue Reading
-
Feature
24 Apr 2020
Coronavirus phishing threats force heightened user awareness
As coronavirus phishing threats ramp up, organizations must turn to user education, in addition to traditional network security, as their best defense. Continue Reading
-
News
23 Apr 2020
COVID-19 strains critical certificate authority processes
Border crossings. Police checkpoints. Security cages. Secret safes. These are just some of the hurdles certificate authorities face as they strive to maintain security during COVID-19. Continue Reading
-
Feature
20 Apr 2020
Zero-trust management challenges outweighed by benefits
The zero-trust model's adoption, deployment and management challenges are easily outweighed by its ability to offset modern threats, IEEE senior member Jack Burbank advises. Continue Reading
-
Feature
15 Apr 2020
Do IT service providers need MSP cybersecurity insurance?
Today's fraught threat landscape puts MSPs and customers at risk. Purchasing liability insurance reassures subscribers while protecting providers in case of a malware incident. Continue Reading
-
Feature
31 Mar 2020
Will nonprofit's evolution of zero trust secure consumer data?
An Australian nonprofit aims to deliver an improved security protocol through what it calls a 'true zero-trust custody layer.' Will the protocol improve consumer data protection? Continue Reading
-
Tip
17 Mar 2020
4 tips to ensure secure remote working during COVID-19 pandemic
Don't let teleworkers compromise your enterprise's security. Follow these tips to ensure secure remote working in the event of a teleworker boom during a pandemic. Continue Reading
-
Feature
16 Mar 2020
How privacy compliance rules will affect IT security
As companies scramble to comply with consumer data privacy compliance mandates, like GDPR, CCPA and others on the horizon, IT security will shoulder much of the process burden. Continue Reading
-
Podcast
06 Mar 2020
Risk & Repeat: Recapping RSA Conference 2020
This Risk & Repeat podcast looks back at RSA Conference and discusses some of the highlights from the show, from ransomware trends to nation-state hacking discussions. Continue Reading
-
News
04 Mar 2020
Should ransomware payments be insurable? Experts weigh in
Ransomware payments are insurable, but should they be? Several experts weighed in on the question, and the effect of cyberinsurance, during RSA Conference 2020. Continue Reading
-
Tip
04 Mar 2020
Tips for cybersecurity pandemic planning in the workplace
Is your security team prepared for a workplace pandemic? This guidance will ensure your company's cybersecurity posture can be maintained despite a potentially severe health event. Continue Reading
-
Tip
26 Feb 2020
Stop business email compromise with three key approaches
Why is BEC such a popular attack? Because it works, unfortunately, tempting hackers with huge potential payouts. Learn how to keep them from lining their pockets with your assets. Continue Reading
-
News
25 Feb 2020
RSA Security president: We're excited about sale to STG
In his RSA Conference keynote, Rohit Ghai didn't say much about his company's sale to a private equity firm, instead urging attendees to focus on the 'human element' of security. Continue Reading
-
Tip
12 Feb 2020
How to handle nation-state cyberattacks on the enterprise
It's only a matter of time before nation-state cyberattacks that threaten government entities today target the enterprise. Follow our expert's tips to prepare in time. Continue Reading
-
Feature
10 Feb 2020
Beat common types of cyberfraud with security awareness
Hackers are taking deception to a new level, but security awareness programs are instrumental in helping employees detect various types of cyberfraud. Continue Reading
-
Podcast
05 Feb 2020
Risk & Repeat: 2019 data breaches in review
This week's Risk & Repeat podcast looks at some of the biggest data breach disclosures from the second half of 2019 and discusses the trends around these incidents. Continue Reading
-
Feature
03 Feb 2020
Cisco CISO says today's enterprise must take chances
Cisco CISO Steve Martino talks about taking chances, threats, how the security leader's role is changing and what really works when it comes to keeping the company secure. Continue Reading
-
News
23 Jan 2020
AWS leak exposes passwords, private keys on GitHub
UpGuard discovered a public GitHub repository that contained sensitive AWS customer data, including passwords, authentication tokens and private encryption keys. Continue Reading
-
Tip
16 Jan 2020
Craft an effective application security testing process
For many reasons, only about half of all web apps get proper security evaluation and testing. Here's how to fix that stat and better protect your organization's systems and data. Continue Reading
-
News
14 Jan 2020
CrowdStrike: Intrusion self-detection, dwell time both increasing
The 2019 CrowdStrike Services Cyber Front Lines Report found that while the percentage of organizations that self-detected an intrusion is up, dwell time has gone up as well. Continue Reading
-
News
08 Jan 2020
Experts weigh in on risk of Iranian cyberattacks against U.S.
Cybersecurity experts weigh in on the risks of potential nation-state cyberattacks from Iran following a DHS warning and heightened tensions between the country and the U.S. Continue Reading
-
Tip
31 Dec 2019
NIST CSF provides guidelines for risk-based cybersecurity
Organizations benefit from identifying their unique risks when developing cybersecurity processes. Here's how the NIST Cybersecurity Framework can help guide risk-based IT protection. Continue Reading
-
Feature
16 Dec 2019
The ins and outs of cyber insurance coverage
Cyber insurance coverage can help companies successfully navigate the aftereffects of a data breach. However, choosing a policy in the first place can be confusing. Continue Reading
-
News
12 Dec 2019
Pentagon CMMC program to vet contractor cybersecurity
The U.S. Department of Defense has developed a five-level certification framework designed to vet the cybersecurity posture of potential contractors in an effort to avoid future risks. Continue Reading
-
Feature
11 Dec 2019
Ideal DevSecOps strategy requires the right staff and tools
Sometimes viewed as an obstacle to speedy software rollout, the DevSecOps model helps security teams drive innovation in development. Learn how to build a DevSecOps strategy. Continue Reading
-
Answer
09 Dec 2019
How can companies identify IT infrastructure vulnerabilities?
New, sophisticated technology is available to help infosec pros find IT infrastructure vulnerabilities. Automated pen testing and outsourcing threat intelligence services can help. Continue Reading
-
Tip
25 Nov 2019
As cybersecurity insurance coverage becomes common, buyer beware
Cybersecurity insurance coverage can certainly have its benefits after a breach, but companies must consider a variety of unique business factors before choosing a policy. Continue Reading
-
Feature
22 Nov 2019
GDPR compliance benefits emerge a year and a half later
While some may see GDPR as a set of restrictions, it can improve business practices. Learn more about the GDPR compliance benefits. Continue Reading
-
Tip
21 Nov 2019
7 tips to improve unified communications security
Unified communications security should not be overlooked. Follow these seven best practices to ensure all the elements of your UC system are secure. Continue Reading
-
Tip
12 Nov 2019
A fresh look at enterprise firewall management
Enterprises need to know where and how to install firewalls for maximum protection. Find out firewall management best practices that can help protect your organization. Continue Reading
-
Tip
11 Nov 2019
Zero-trust framework creates challenges for app dev
Enterprises implement zero-trust frameworks to adapt to today's changing IT infrastructures. Learn about the implications for app developers. Continue Reading
-
News
08 Nov 2019
Microsoft cybersecurity training to become mandatory for its workers
Microsoft's cybersecurity training program, which uses AI-powered tools to reinforce learning, is mandated for all employees. It will also be launched in a version for customers. Continue Reading
-
Feature
07 Nov 2019
Creating and managing a zero-trust security framework
IEEE senior member Kevin Curran outlines how enterprises should introduce a zero-trust security framework and discusses implementation challenges they are likely to face. Continue Reading
-
Feature
06 Nov 2019
4 innovative ways to remedy the cybersecurity skills gap
Learn how companies should adapt to hire, recruit and retain top-notch employees during the current cybersecurity workforce shortage. Continue Reading
-
Quiz
04 Nov 2019
Test your grasp of AI threats, privacy regulations and more
Test your grasp of current security topics like AI in cybersecurity and what privacy regulations require. Then receive CPE credit by passing this quiz. Continue Reading
-
Opinion
01 Nov 2019
CISOs, does your incident response plan cover all the bases?
Security incidents, let's face it, are essentially inevitable. How do you cover the key bases -- education, inventory, and visibility -- in planning for incident response? Continue Reading
- 01 Nov 2019
-
Feature
01 Nov 2019
Report shows CISOs, IT unprepared for privacy regulations
Several data management principles are common across new and developing privacy regulations, but Internet Society reports that many U.S. organizations are falling behind. Continue Reading
-
Answer
29 Oct 2019
What are the roles and responsibilities of a liaison officer?
While liaison officer responsibilities vary depending on the company they work for, their strong organizational and communications skills make them critical to incident response. Continue Reading
-
Feature
28 Oct 2019
How the future of data privacy regulation is spurring change
Some companies have taken steps to improve data governance in anticipation of data privacy rules. Experts discuss the challenges of compliance in a shifting regulatory landscape. Continue Reading
-
Feature
23 Oct 2019
Combat the human aspect of risk with insider threat management
When it comes to insider threat awareness and prevention, enterprises would be wise to marry a people-centric approach with a technology-centric approach. Continue Reading
-
Answer
17 Oct 2019
Is a cybersecurity insurance policy a worthy investment?
Variables such as third-party business partners create unique cyberthreats for organizations. Find out when a cybersecurity insurance policy is a wise investment to prevent risk. Continue Reading
-
Answer
16 Oct 2019
How should I choose a cybersecurity insurance provider?
To vet potential cybersecurity insurance providers, there are a few questions every customer should ask. Learn more about the questions to ask and how to get the answers you need. Continue Reading
-
Answer
15 Oct 2019
What types of cybersecurity insurance coverage are available?
Cybersecurity insurance coverage could prove invaluable to risk mitigation -- if it's chosen carefully. Find out which type of insurance plan is right for your organization. Continue Reading
-
Opinion
15 Oct 2019
NIST offers a handy vendor-neutral overview of zero trust architecture
Curious about zero trust but don’t understand it yet or how to achieve it, then NIST is here to help you. Continue Reading
-
Feature
01 Oct 2019
Your third-party risk management best practices need updating
Organizations must modernize third-party risk management best practices to adapt to the changing technology landscape. Diversify risk assessments with these expert tips. Continue Reading
-
Feature
25 Sep 2019
How to use SOAR tools to simplify enterprise infosec programs
SOAR tools are designed to deliver convenience and simplicity to cybersecurity programs. Explore the many benefits security orchestration and automation promises users. Continue Reading
-
Feature
24 Sep 2019
Using DNS RPZ to pump up cybersecurity awareness
Combining DNS with threat intelligence feeds could hold a key to improving cybersecurity awareness by educating users who attempt to access potentially malicious websites. Continue Reading
-
Quiz
16 Sep 2019
Test your infosec smarts about IAM and other key subjects
Solidify your knowledge and get CPE credits by taking this quiz on IAM, security frameworks, IoT third-party risks and more. Continue Reading
-
News
07 Aug 2019
Black Hat 2019 keynote: Software teams must own security
In the keynote for Black Hat 2019, Square's Dino Dai Zovi emphasizes security as a collaborative effort by all software teams that relies on communication, automation and feedback. Continue Reading
-
News
05 Aug 2019
BlackBerry Intelligent Security enables flexible security policy
BlackBerry launched a new unified endpoint management platform, BlackBerry Intelligent Security, which changes security policies by calculating user risk. Continue Reading
-
Feature
02 Aug 2019
Why is third-party risk management essential to cybersecurity?
Attackers know third parties hold many of the keys to the enterprise network, so third-party risk management is crucial for security professionals. Continue Reading
-
Feature
30 Jul 2019
Tackling IT security awareness training with a county CISO
A Michigan county CISO says government workers are under siege by cybercriminals. In this case study, he shares how his IT security awareness training strategy has evolved. Continue Reading
-
Feature
23 Jul 2019
Portrait of a CISO: Roles and responsibilities
Success in the role of CISO requires security experts to wear many hats. Couple that with changes in compliance regulations and sophisticated cyberthreats, and CISOs are left with a full plate. Continue Reading
-
Tip
17 Jul 2019
The benefits of IAM can far outweigh the costs
Identity and access management is a critical piece of enterprise information security. But the benefits of IAM go beyond illuminating who -- and what -- might be using your network. Continue Reading
-
Feature
26 Jun 2019
Build a proactive cybersecurity approach that delivers
Whether it's zero-trust, adaptive security or just plain common sense, IT leaders must embrace an approach to IT security that's proactive, not reactive. Continue Reading
-
Tip
25 Jun 2019
What identity governance tools can do for your organization
Learn how to evaluate available security tools that manage the governance of your users' identity and access to company systems and data. Continue Reading
-
Tip
24 Jun 2019
4 steps to critical infrastructure protection readiness
Government and private industry share responsibility for critical infrastructure and key resources protection. Follow four steps to understand and know who you're gonna call to protect CIKR. Continue Reading
-
News
20 Jun 2019
Gartner: Application security programs coming up short
At the 2019 Gartner Security and Risk Management Summit, experts discussed how enterprise application security efforts are falling short and what can be done about it. Continue Reading
-
Podcast
07 Jun 2019
Tenable CEO Amit Yoran wants to stop 'cyber helplessness'
This week's Risk & Repeat podcast features Tenable CEO Amit Yoran, who discusses what he calls 'cyber helplessness' and how the mentality is infecting enterprises. Continue Reading
-
Feature
06 Jun 2019
Security awareness training for executives keeps whaling at bay
Security awareness training for executives teaches an enterprise's biggest fish to recognize potential whaling attacks -- before they take the bait. Continue Reading
-
News
28 May 2019
Cylance CSO: Let's name and shame failed security controls
Malcolm Harkins, the chief security and trust officer at BlackBerry Cylance, says security controls that don't live up to their billing should be taking more blame for data breaches. Continue Reading
-
Feature
23 May 2019
10 ways to prevent computer security threats from insiders
Whether via the spread of malware, spyware or viruses, insiders can do as much damage as outside attackers. Here's how to prevent computer security threats from insiders. Continue Reading
-
Feature
20 May 2019
What makes BSA's secure software development framework unique?
BSA rolled out a new secure software development framework in an effort to promote best practices for secure software development and improve security for all. Continue Reading
-
Opinion
01 May 2019
Putting cybersecurity for healthcare on solid footing
CISO Kevin Charest talks security threats he sees in the healthcare field and the means his company is using to thwart them, including HCSC's Cyber Fusion Center. Continue Reading
-
Guide
29 Apr 2019
How to manage email security risks and threats
When faced with email security risks -- and who isn't? -- do you have the right tools, features, training and best practices in place to face down phishing attacks and manage other threats proactively? Start with this guide. Continue Reading
-
Feature
15 Apr 2019
Challenges and benefits of using the Mitre ATT&CK framework
Taking the first step might be the biggest hurdle to using the Mitre ATT&CK cybersecurity framework. Find out more about the benefits, challenges and how to get started. Continue Reading
-
Tip
12 Apr 2019
Top 5 reasons for a zero-trust approach to network security
As network perimeters disintegrate and enterprises adopt cloud computing, discover the top reasons organizations are opting for a zero-trust approach to network security. Continue Reading
-
Answer
10 Apr 2019
What are the most important security awareness training topics?
Organizations looking to heighten security awareness among employees need to cover a wide variety of security awareness training topics, but social engineering tops the list. Continue Reading
-
Feature
09 Apr 2019
DHS-led agency works to visualize, share cyber-risk information
A Department of Homeland Security initiative strives to improve cybersecurity information sharing between the public and private sector, but familiar challenges remain. Continue Reading
-
Feature
29 Mar 2019
HPE takes aim at STEM and cybersecurity education, awareness
HPE CISO Liz Joyce worked with the Girl Scouts on an educational cybersecurity game for girls and ensures HPE's Women in Cybersecurity encourages more women to join the industry. Continue Reading
-
Feature
29 Mar 2019
New game provides cybersecurity education for Girl Scouts
A new game provides cybersecurity education for Girl Scouts, who can earn virtual and real badges by playing. HPE's Liz Joyce talks about the partnership that led to the game. Continue Reading
-
Tip
28 Mar 2019
Simplify incident response for zero-day vulnerability protection and beyond
Protection against a zero-day vulnerability and other cyber-risks is complicated, but simplifying cybersecurity incident management could be the key to protecting online assets. Continue Reading
-
Feature
26 Mar 2019
Zero-trust security model primer: What, why and how
What exactly is a zero-trust security model? This primer explains the basics about the philosophy behind how designing a security architecture strictly limits access to all, not just outsiders. Continue Reading
-
Conference Coverage
07 Mar 2019
RSAC 2019: Coverage of the premiere security gathering
Find out what's happening at the at the 2019 RSA Conference in San Francisco, the information security industry's biggest event, with breaking news and analysis by the SearchSecurity team. Continue Reading
-
Tip
04 Mar 2019
To improve incident response capability, start with the right CSIRT
Is your organization ready to build a computer security incident response team? Here are the questions that should be answered when building a CSIRT to maximize incident response capability. Continue Reading
-
Tip
20 Feb 2019
Key steps to put your zero-trust security plan into action
There are three key categories of vendor zero-trust products. Learn what they are, and how to evaluate and implement the one that's best for your company. Continue Reading
-
Answer
12 Feb 2019
Should large enterprises add dark web monitoring to their security policies?
Security expert Nick Lewis says dark web monitoring can help enterprises gather threat intelligence, but enterprises need to understand how to validate the data they find. Continue Reading
-
Feature
01 Feb 2019
CISO tackles banking cybersecurity and changing roles
Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations. Continue Reading
-
Feature
01 Feb 2019
Top 10 CISO concerns for 2019 span a wide range of issues
From dealing with data and staffing shortages to adapting to an ever-expanding set of job responsibilities, CISOs face an array of serious issues in 2019. Continue Reading
-
Feature
01 Feb 2019
Battling nation-state cyberattacks in a federal leadership vacuum
Nation-state cyberattacks could be better fought with a united front. But the U.S. government has failed to find a reliable way to deter or stop attackers. Continue Reading
-
Opinion
01 Feb 2019
What a proactive cybersecurity stance means in 2019
Meeting cyberthreats head-on is no longer a choice but a necessity. Learn what dangers IT security teams may face in 2019 and why a proactive attitude is vital. Continue Reading
- 01 Feb 2019
-
Feature
01 Feb 2019
Cyber NYC initiative strives to make New York a cybersecurity hub
New York City officials have launched Cyber NYC, a multifaceted initiative to grow the city's cybersecurity workforce while helping companies drive cybersecurity innovation. Continue Reading
-
Tip
25 Jan 2019
Cybersecurity maturity model lays out four readiness levels
To assess cybersecurity maturity, Nemertes Research developed a four-point scale to determine a company's ability to effectively detect, understand and contain breaches. Continue Reading
-
Opinion
27 Dec 2018
How paradigms shifting can alter the goals of attackers and defenders
The use of disruptive technology is altering the way attackers and defenders set goals for network security. Learn more about the shifting field with Matt Pascucci. Continue Reading
-
Tip
10 Dec 2018
5 actionable deception-tech steps to take to fight hackers
Consider taking these five 'deceptive' steps to make your detection and response capabilities speedier, more effective and to improve your company's security posture. Continue Reading
-
Blog Post
29 Nov 2018
Will cybersecurity safety ever equal air travel safety?
Guaranteeing cybersecurity safety is one of the biggest challenges facing the tech industry, but using aviation safety as a model may help achieve that goal. Continue Reading