SEARCH RESULTS
 
Showing 1-10 of 406 records
 
Expand article

Some Comments on PayPal's Security Vulnerability Disclosure Policy

2007-11-27 18:07:00 by Security Retentive in Security Retentive
 
...policy in the last few days I was personally involved in crafting the policy and while I can't make commitments or speak officially for PayPal I thought I'd take a few minutes to explain our thinking on a few of the items in the policy First, a few points. PayPal didn't have a great system for reporting security issues until this new policy...
 
Tags: disclosure, encourage responsible disclosure, responsible disclosure, security, security vulnerability disclosure, policy, security vulnerability, disclosure policies, disclosure statement
 
 
 
 
Expand article

New Paper "Five basic mistakes of security policy"

2008-02-29 09:14:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...policy." The actual mistakes are Not having a policy Not updating the security policy Not tracking compliance with the security policy Having a "tech only" policy Having a policy that is large and unwieldy Indeed, the stuff is pretty basic, but that is exactly the intention About me: http://www.chuvakin.org
 
Tags: policy, security policy, basic mistakes, pretty basic, actual mistakes, paper, compliance, org, tech
 
 
 
 
Expand article

New Privacy Policy Wrinkles: Online Behavioral Advertising; and Potential new EU Data Protection Policy

2008-01-31 11:24:31 by Geoffrey Turner in Security & Risk Management
 
...Policy and Consumer Rights. Both the FTC and the Senate were addressing not only anti-trust risks for competition but also the implications for consumer privacy of a merger of the leading Web search engine and leading behavioral advertising provider The discussion led the FTC to suggest last month that Web advertisers using behavioral...
 
Tags: consumer, consumer protection, privacy policy, consumer choice, consumer data, constitutes sensitive data, sensitive data, protection, ftc staff
 
 
 
 
Expand article

Asking the Right Questions When Implementing a Data Loss Prevention Policy

2008-12-10 00:00:00 by Meena Raju in Speaking of Security, the RSA Blog and Podcast
 
...policy. Policy is sometimes an overused word that sounds simpler than the complex thing it actually is, and if not properly thought out, can be a headache to implement. RSAs Information Classification and Policy Research team spends a lot of time focusing on the accuracy of Data Loss Prevention (DLP) policies. This week, were giving some...
 
Tags: policy, data loss prevention, word, word policy, rsas information classification, sounds simpler, figure, lot, time
 
 
 
 
Expand article

Cisco Acquires Securent - moving policy decisions to the network layer

2007-11-01 09:12:16 by Andras Cser in Security & Risk Management
 
...policy engine of their SONA architecture. Policy Enforcement Points (PEP) are currently implemented at the application endpoint. With this acquisition, in the future customers can implement hybrid PEPs distributed between the network and the application, thus starting to move non-business policy logic into the infrastructure layer. The...
 
Tags: iam, iam vendors, network, entitlement management product, iam market, product, entitlement management, network operations, operations
 
 
 
 
Expand article

Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management

2008-04-09 13:00:00 by Editor in Computerworld Security News
 
...policy. The next step is to manage your mobility policy successfully by putting effective controls in place with mobile device management In this web cast you'll learn how to create an effective mobility policy for your company. You'll also learn about a flexible, cost-effective solution that can help you control your company's mobile assets,...
 
Tags: mobility, mobility policy, effective mobility policy, mobile device, mobile device proliferation, mobile device management, data access requirements, data, gain control
 
 
 
 
Expand article

Insurance claims and policy information in the dumpster

The Article has images
2008-06-18 12:41:02 by Evan Francen in The Breach Blog
...policy paperwork including "names, social security numbers and policy numbers Breach Description Files containing sensitive confidential information were discovered in a dumpster in Richardson, Texas. The files are believed to have been thrown out by the owner of a company called Texas Insurance Claims Services Reference URL WFAA Channel 8...
 
Tags: information, dumpster, sensitive confidential information, personnel information, confidential customer information, dumpster dive, files, confidential information, people
 
 
 
 
Expand article

U.S. Government Policy for Seizing Laptops at Borders

2008-08-01 12:21:25 by schneier in Schneier on Security
 
...policy : they can take you laptop anywhere they want, for as long as they want, and share the information with anyone they want Here's the actual policy: Federal agents may take a traveler's laptop or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search...
 
Tags: policy, cover, policies cover, policies, actual policy, government, border protection, border, laptop
 
 
 
 
Expand article

Usable Global Network Access Policy for Process Control Systems

2008-12-17 05:43:07 by Editor in IEEE Security and Privacy
 
The Access Policy Tool (APT) verifies access policy implementation (expressed as rules) against specification of global policyfor example, policy that encodes best practice recommendations. PCS operators can use the APT to analyze their network configurations for compliance to best practice recommendations
 
Tags: policy, practice recommendations, access policy tool, network configurations, apt, pcs operators, global policyfor, compliance, encodes