New & Notable
Information security policies, procedures and guidelines News
April 01, 2021
CISA has not said whether any federal agencies have been hit by Exchange Server attacks, but the directive requires them to use Microsoft's detection tools to identify threats.
March 25, 2021
Though the nature of the cyber attack is unclear, CNA confirmed the attack caused a network disruption and affected systems such as corporate email and the company's website.
January 19, 2021
Though the FBI vishing warning references attacks that began in December 2019, the alert is reminiscent of the Twitter social engineering attacks that took place last July.
November 18, 2020
President Trump fired Krebs as director of CISA after the agency pushed back on unfounded accusations about widespread voter fraud and voting system hacks during the election.
Information security policies, procedures and guidelines Get Started
Bring yourself up to speed with our introductory content
Red teaming is the practice of rigorously challenging plans, policies, systems and assumptions by adopting an adversarial approach. Continue Reading
The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what are strictly required to do their jobs. Continue Reading
Information security, often shortened to infosec, is the practice, policies and principles to protect data and other kinds of information. Continue Reading
Evaluate Information security policies, procedures and guidelines Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
Learn more about EC-Council's Certified CISO exam and how the certification helps CISOs at any organization manage successful infosec programs and a changing threat landscape. Continue Reading
The U.S. Department of Homeland Security outlines federal plans to improve public and private cybersecurity, but analysts advise caution over strategies that can't be mandated. Continue Reading
This in-depth cybersecurity planning guide provides information and advice to help organizations develop a successful strategy to protect their IT systems from attacks. Continue Reading
Manage Information security policies, procedures and guidelines
Learn to apply best practices and optimize your operations.
With increasing board interest in cybersecurity risk, CISOs need to explain the preventive steps they are taking to have the right cybersecurity testing in place to minimize risk. Continue Reading
Following the devastating SolarWinds breach, IT leaders should renew their focus on third-party risk management. Start by implementing supply chain security best practices. Continue Reading
From third-party risk assessments to multifactor authentication, follow these steps to ensure suppliers don't end up being your enterprise cybersecurity strategy's weakest link. Continue Reading
Problem Solve Information security policies, procedures and guidelines Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
As the use of collaborations tools and platforms surges, new research from Metrigy emphasizes organizations need to focus on collaboration tool security to reduce risk. Continue Reading
Effective BEC training can prevent scams designed to exploit the brain's automatic responses. It starts by teaching employees to slow down and make the unconscious conscious. Continue Reading
Ransomware attack simulations, accessing enterprise logs and pen testing software code are among the best practices cybersecurity pros suggest following the SolarWinds breach. Continue Reading