SEARCH RESULTS
 
Showing 1-10 of 208 records
 
Expand article

Will Retention Policies Go Away?

2008-05-21 16:26:50 by Editor in Cheap Hack
 
...policies, including the destruction of documents, in the normal course of business. In my interview with Judge John Facciola of the DC Circuit he was clear about this, while pointing out that a document hold over pending litigation changes matters of course. But such policies may be more trouble than they're worth. As David Ferris of Ferris...
 
Tags: retention policies, policies, abandon retention policies, abandon, ferris research argues, judge john facciola, david ferris, tough choice, lawyers talk
 
 
 
 
Expand article

Enforceable Policies

2008-06-27 14:23:29 by Burton Group in Security and Risk Management Strategies Blog
 
...policies to make sure they keep up with the solutions being considered. Questions to ask When did we review our policies last Do we have not enough or too many Will they still be valid Are there other influencers on them But while changes will most likely be needed for many current policies, a question that often isnt asked is, Are they...
 
Tags: policies, policy, valid policy, common policy, policies based, valid, valid processes, current policies, catalyst attendees
 
 
 
 
Expand article

Enforceable Policies

2008-06-27 14:23:29 by Burton Group in Security and Risk Management Strategies Blog
 
...policies to make sure they keep up with the solutions being considered. Questions to ask When did we review our policies last Do we have not enough or too many Will they still be valid Are there other influencers on them But while changes will most likely be needed for many current policies, a question that often isn???t asked is, ???Are they...
 
Tags: policies, policy, valid policy, common policy, policies based, valid, valid processes, current policies, catalyst attendees
 
 
 
 
Expand article

Privacy Policies Best Practices

2008-03-28 08:19:18 by Jen Albornoz Mulligan in Security & Risk Management
 
...policies and I wanted to share some of the top tips with you. You have probably come across some illegible privacy policies if you've ever stopped to read them. They are pages and pages long and finding the information you actually want is difficult if not impossible. So how should you write your privacy policy The main privacy policy should...
 
Tags: main privacy policy, privacy policy, policy, privacy policies, level policy, policy apply, apply, illegible privacy policies, potential customer
 
 
 
 
Expand article

Why Don't Financial Institutions Have Vulnerability Reporting Policies Online?

2007-09-16 12:36:00 by Security Retentive in Security Retentive
 
...policies a little while ago. I was interested in crafting a vulnerability disclosure policy that was responsible both for the company posting it, security researchers, but also took into account the liability issues surrounding security researchers testing web applications In my previous piece I pulled together a quick summary of the...
 
Tags: financial institutions, online, vulnerability disclosure policy, disclosure policy, policies, vulnerability, security, security researchers, major financial institutions
 
 
 
 
Expand article

Privacy Policies: Perception vs. Reality

2008-09-04 13:15:54 by schneier in Schneier on Security
 
...policies prohibit third-party information sharing. A majority of Californians believes that privacy policies create the right to require a website to delete personal information upon request, a general right to sue for damages, a right to be informed of security breaches, a right to assistance if identity theft occurs, and a right to access...
 
Tags: california consumers overvalue, consumers, california consumers, privacy policy, consumers interpret, website, privacy policies, website operators, delete personal information
 
 
 
 
Expand article

How aware are your employees on IT security and risk policies?

The Article has images
2008-01-08 18:50:00 by Ryan Shopp in practical risk management
...policies and procedures for detecting, preventing and mitigating identity theft Part of this process is prevention. One of the best ways to prevent something is through education. By having automated capabilities that require each employee to read what is expected of them in helping prevent Identity Theft. IT-GRC automation can help with...
 
Tags: employees, theft red flags, malicious insider, insider, red flags, prevent identity theft, identity theft, security, risk
 
 
 
 
Expand article

Users continue to ignore security policies, while security organizations are overlooking non-technical controls

The Article has images
2007-12-13 12:37:00 by Ryan Shopp in practical risk management
...policies, procedures and education in place for your users (aka non-technical controls After reading this I decided to do some searching around for some type of survey numbers around technical vs. non-technical controls. I didn't see much out there but did come across this (" Is Information Security Under Control ') from IEEE Computer...
 
Tags: non-technical controls, technical controls, security, controls, aka non-technical controls, non-technical, quality, quality security controls, technical
 
 
 
 
Expand article

Circumventing Enterprise Security Policies

2008-04-08 18:41:00 by Ryan Shopp in practical risk management
 
...policies This of course as we know exposes the company to IT GRC concerns (Governance, Risk & Compliance). A couple hard numbers that jumped out at me 80 percent of the enterprises are supporting proxy applications, such as KProxy or CGI proxies, which mask the user's identity and surfing habits from IT monitoring tools half of the...
 
Tags: security department policies, assessment automation products, traffic enforcement mechanisms, grc concerns, cgi proxies, user, palo alto, enterprises, quickly resolve