Creating and Managing Information Security Policies

MUST READ Perfecting the security policy process TIP - Phebe Waterfield, Security Analyst, Yankee Group discusses tactics for perfecting the security policy process in this presentation from Information Security Decisions. Integrating interdepartmental security strategies TIP - In this tip, Mike Chapple explains the four-stage process to building a coherent interdepartmental information security strategy. Information security policies: Distinct from guidelines and standards BOOK CHAPTER - Information security policies differ from both standards and guidelines. In this excerpt from Information Security Policies Made Easy, author Charles Cresson Wood explains what policies are, and how they differ from standards ...

EXPERT TECHNICAL ADVICE: 1 - 3 of 112

CREATING AND MANAGING INFORMATION SECURITY POLICIES EXPERTS
			Mike Rothman President and Principal Analyst ASK A QUESTION

	How to lock down instant messaging in the enterprise 15 Apr 2008 TIP - Application security expert Michael Cobb offers several strategies enterprises can use to control, monitor and ultimately secure IM applications.

	Worst practices: Bad security incidents to avoid 10 Apr 2008 TIP - Some of information security's worst practices are just best ones ignored. Michael Cobb shares stories from the infosec trenches in this amusing set of true-life horror stories.

	Incident response success in five quick steps 05 Mar 2008 TIP - In this tip, expert Mike Rothman outlines five simple steps to help enterprise security managers start to develop an incident response plan that will work in times of crisis.

	VIEW ALL EXPERT TECHNICAL ADVICE ON CREATING AND MANAGING INFORMATION SECURITY POLICIES

NEWS: 1 - 3 of 57

	Thompson calls for marriage of data and security management SearchSecurity.com | 08 Apr 2008 ARTICLE - Symantec CEO John Thompson urged security professionals at RSA Conference 2008 to become content aware and build systems that integrate data and security management.

	With data breach costs soaring, companies should review data sharing policies SearchSecurity.com | 29 Nov 2007 ARTICLE - Companies are sharing intellectual property in increasing numbers, but many organizations fail to monitor and enforce their policies, according to a recent survey.

	Black Hat 2007: NSA official stumps for information sharing SearchSecurity.com | 01 Aug 2007 ARTICLE - In a rare public address, an NSA official told Black Hat attendees that information sharing is the key to better information security, both for the government and for enterprises.

	VIEW ALL NEWS ON CREATING AND MANAGING INFORMATION SECURITY POLICIES

REFERENCE & LEARNING: 1 - 3 of 15

	Security rules to live by: Compliance with laws and regulations Published by Information Shield, Inc. | 01 Nov 2006 BOOK CHAPTER - An excerpt of Chapter 3: Security Rules to Live By, from David J. Lineman's Information Protection Made Easy.

	Special considerations for network-based access control Auerbach Publications | 16 Oct 2006 BOOK CHAPTER - An excerpt from Chapter 13: Access Control of Information Security: Design, Implementation, Measurement, and Compliance, by Timothy P. Layton.

	Risk management: Implementation of baseline controls SearchSecurity.com | 30 Aug 2006 LEARNING GUIDE - This fourth article in the Insider Threat Management Guide examines the implementation of baseline controls.

	VIEW ALL REFERENCE & LEARNING ON CREATING AND MANAGING INFORMATION SECURITY POLICIES

MAGAZINE CONTENT (free subscription required): 1 - 3 of 6

	Security Awareness Training Essential Part of Infosec Program Information Security Magazine | 01 Jun 2008 FEATURES - AWARENESS TRAINING Nothing circumvents pricey defense-in-depth faster than people; educating workers about security is essential.

	Interview: Arizona CISO David VanderNaalt Information Security Magazine | 01 Apr 2008 COLUMNS - The CISO for the state of Arizona helps craft an executive order that prioritizes information security in every state agency.

	Companies Collecting Too Much Customer Data Increase Exposure Information Security Magazine | 01 Apr 2008 COLUMNS - If the risk of losing customer or partner information outweighs its value, why collect it in the first place?

	VIEW ALL MAGAZINE CONTENT ON CREATING AND MANAGING INFORMATION SECURITY POLICIES

WEBCASTS: 1 - 3 of 7

	The Evolution of Controls for Compliance - The Next Phase: Controls Automation & Monitoring - Vendor Webcast VIEW WEBCAST PREMIERED:   13 SEP 2006, 09:00 EDT (13:00, GMT) SUMMARY:   Attend this webcast and discover how you can improve your company's overall business performance by automating and monitoring compliance controls.

	Smart strategies for evaluating policy management tools - Expert Webcast VIEW WEBCAST PREMIERED:   22 JUN 2006, 12:00 EDT (16:00, GMT) SUMMARY:   This webcast will evaluate the value of policy management tools, including how to determine which products best suit your organization's needs.

	Achieving Business Goals with Cost Effective & Sustainable Compliance - Vendor Webcast VIEW WEBCAST PREMIERED:   01 JUN 2006, 14:00 EDT (18:00, GMT) SUMMARY:   In this Webcast, you will learn how Chevron and other organizations are implementing solutions to cost-effectively address and sustain governance, risk and compliance management requirements.

	VIEW ALL WEBCASTS ON CREATING AND MANAGING INFORMATION SECURITY POLICIES

WHITE PAPERS

	Continuing IT Excellence by Simplifying Remote Desktop Access Published by: Citrix Online - GotoMyPC | 03 Jul 2008 CASE STUDY - Through GoToMyPC Corporate we provide not just better service to citizens but much more timely delivery of services. The mission of Fulton County's Department of Information Technology is to provide public services to county constituents by leverag...

	Mobile Network Access Control: Extending Corporate Security Policies to Mobile Devices Published by: NetMotion Wireless | 27 Jun 2008 WHITE PAPER - Mobility XE features an optional Network Access Control (NAC) module that provides security controls to intelligently extend corporate security policies to mobile devices, including laptops, tablets, handheld devices and smartphones.

	Security Solutions Services Overview Published by: Accenture | 27 Jun 2008 SOFTWARE LISTING - Accenture's Security service line leverages its decades of experience in security, deep industry knowledge and business-process know-how to create pragmatic, flexible approaches to information and network security.

	VIEW ALL WHITE PAPERS IN THIS TOPIC

DEFINITIONS: 1 - 3 of 3

	defense in depth 19 May 2007 WORD - Defense in depth is the coordinated use of multiple security countermeasures to protect the integrity of the information assets in an enterprise. The strategy is based on the military principle that it is more difficult for ...

	security policy 28 Apr 2001 WORD - In business, a security policy is a document that states in writing how a company plans to protect the company's physical and information technology (IT) assets. A security policy is often considered to be a "living ...

	non-disclosure agreement WORD - A non-disclosure agreement (NDA) is a signed formal agreement in which one party agrees to give a second party confidential information about its business or products and the second party agrees not to share this information ...

	VIEW ALL DEFINITIONS ON CREATING AND MANAGING INFORMATION SECURITY POLICIES

	SEE ALSO - Topics Related to Creating and Managing Information Security Policies:  Acceptable Use Policy, Device Security Policy, Remote Access Policy