Information security policies, procedures and guidelines
Browse the articles and tips in this section for the latest information on how to create, manage and implement effective information security policies, procedures and guidelines, such as acceptable use, device and remote access policies.
New & Notable
Information security policies, procedures and guidelines News
-
April 01, 2021
01
Apr'21
CISA: U.S. agencies must scan for Exchange Server attacks
CISA has not said whether any federal agencies have been hit by Exchange Server attacks, but the directive requires them to use Microsoft's detection tools to identify threats.
-
March 25, 2021
25
Mar'21
Cyber insurance company CNA discloses cyber attack
Though the nature of the cyber attack is unclear, CNA confirmed the attack caused a network disruption and affected systems such as corporate email and the company's website.
-
January 19, 2021
19
Jan'21
FBI warns against vishing attacks targeting enterprises
Though the FBI vishing warning references attacks that began in December 2019, the alert is reminiscent of the Twitter social engineering attacks that took place last July.
-
November 18, 2020
18
Nov'20
President Trump fires CISA director Christopher Krebs
President Trump fired Krebs as director of CISA after the agency pushed back on unfounded accusations about widespread voter fraud and voting system hacks during the election.
Information security policies, procedures and guidelines Get Started
Bring yourself up to speed with our introductory content
-
red teaming
Red teaming is the practice of rigorously challenging plans, policies, systems and assumptions by adopting an adversarial approach. Continue Reading
-
principle of least privilege (POLP)
The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what are strictly required to do their jobs. Continue Reading
-
information security (infosec)
Information security, often shortened to infosec, is the practice, policies and principles to protect data and other kinds of information. Continue Reading
Evaluate Information security policies, procedures and guidelines Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
-
CCISO exam guide authors discuss the changing CISO role
Learn more about EC-Council's Certified CISO exam and how the certification helps CISOs at any organization manage successful infosec programs and a changing threat landscape. Continue Reading
-
Can a new DHS cybersecurity strategy help the private sector?
The U.S. Department of Homeland Security outlines federal plans to improve public and private cybersecurity, but analysts advise caution over strategies that can't be mandated. Continue Reading
-
The ultimate guide to cybersecurity planning for businesses
This in-depth cybersecurity planning guide provides information and advice to help organizations develop a successful strategy to protect their IT systems from attacks. Continue Reading
Manage Information security policies, procedures and guidelines
Learn to apply best practices and optimize your operations.
-
5 cybersecurity testing areas CISOs need to address
With increasing board interest in cybersecurity risk, CISOs need to explain the preventive steps they are taking to have the right cybersecurity testing in place to minimize risk. Continue Reading
-
3 post-SolarWinds supply chain security best practices
Following the devastating SolarWinds breach, IT leaders should renew their focus on third-party risk management. Start by implementing supply chain security best practices. Continue Reading
-
How to manage third-party risk in the supply chain
From third-party risk assessments to multifactor authentication, follow these steps to ensure suppliers don't end up being your enterprise cybersecurity strategy's weakest link. Continue Reading
Problem Solve Information security policies, procedures and guidelines Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
-
Collaboration tool security: How to avoid common risks
As the use of collaborations tools and platforms surges, new research from Metrigy emphasizes organizations need to focus on collaboration tool security to reduce risk. Continue Reading
-
Use business email compromise training to mitigate risk
Effective BEC training can prevent scams designed to exploit the brain's automatic responses. It starts by teaching employees to slow down and make the unconscious conscious. Continue Reading
-
5 cybersecurity lessons from the SolarWinds breach
Ransomware attack simulations, accessing enterprise logs and pen testing software code are among the best practices cybersecurity pros suggest following the SolarWinds breach. Continue Reading