Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Viewpoint: Let's add policy to GRC

How Do You Spell Data Governance? P-o-l-i-c-y
Regarding the Perspectives column by Julie Tower-Pierce ("Think Like a Lawyer," March 2008) there is a very crucial word missing: policy.

One of the most important aspects of any healthy e-discovery strategy is policy governing how data is handled, retained, destroyed and retrieved. Without standing policy (i.e., one you did not create after being served a subpoena) that spells out how your organization handles its data, you will find yourself on the very wrong end of a judge's orders requiring the (very expensive) production of records...and perhaps in need of refreshing your resume...or worse.

Stephen Yelick
Information technology security administrator, Macomb County, Mich.

Open Source Does the Job
I just finished reading "Encrypt Them All" (February 2008), and I have to admit that I am surprised that the open source solution, TrueCrypt, was never mentioned.

We have been using SecureDoc for many years and recently decided to give TrueCrypt a try as an alternative. I must admit, I was thoroughly surprised. Although not without problems, it turned out to be a very capable open source solution, and it is very possible that this will be our software of choice. So I must ask, why was it not given consideration for the article?

Art Beard
Manager of information technology, Community Financial

Editor's Note:
The product chart that accompanied the "Encrypt Them All" article was a representative sample of commercial products.


It's Time to recognize the industry's Best

Information Security magazine and will honor innovative security practitioners in seven vertical markets this fall with our annual Security Seven Awards. The awards, to be handed out at the Information Security Decisions conference in Chicago and featured in the magazine's October issue, will recognize the efforts, achievements and contributions of practitioners in financial services, telecommunications, manufacturing, energy, government, education and health care.

While vendor executives are not eligible, we're inviting you to nominate your most innovative practitioners. Nominees must have made a noteworthy contribution to their organizations or the security community in areas including research, product development and standards.

Download the nomination form at and email it to

Nomination Deadline: June 25

Article 3 of 14

Dig Deeper on Information security policies, procedures and guidelines

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All