SEARCH RESULTS
 
Showing 1-10 of 393 records
 
Expand article

Some Comments on PayPal's Security Vulnerability Disclosure Policy

2007-11-27 18:07:00 by Security Retentive in Security Retentive
 
...policy in the last few days I was personally involved in crafting the policy and while I can't make commitments or speak officially for PayPal I thought I'd take a few minutes to explain our thinking on a few of the items in the policy First, a few points. PayPal didn't have a great system for reporting security issues until this new policy...
 
Tags: disclosure, encourage responsible disclosure, responsible disclosure, security, security vulnerability disclosure, policy, security vulnerability, disclosure policies, disclosure statement
 
 
 
 
Expand article

New Paper "Five basic mistakes of security policy"

2008-02-29 09:14:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...policy." The actual mistakes are Not having a policy Not updating the security policy Not tracking compliance with the security policy Having a "tech only" policy Having a policy that is large and unwieldy Indeed, the stuff is pretty basic, but that is exactly the intention About me: http://www.chuvakin.org
 
Tags: policy, security policy, basic mistakes, pretty basic, actual mistakes, paper, compliance, org, tech
 
 
 
 
Expand article

New Privacy Policy Wrinkles: Online Behavioral Advertising; and Potential new EU Data Protection Policy

2008-01-31 11:24:31 by Geoffrey Turner in Security & Risk Management
 
...Policy and Consumer Rights. Both the FTC and the Senate were addressing not only anti-trust risks for competition but also the implications for consumer privacy of a merger of the leading Web search engine and leading behavioral advertising provider The discussion led the FTC to suggest last month that Web advertisers using behavioral...
 
Tags: consumer, consumer protection, privacy policy, consumer choice, consumer data, constitutes sensitive data, sensitive data, protection, ftc staff
 
 
 
 
Expand article

Cisco Acquires Securent - moving policy decisions to the network layer

2007-11-01 09:12:16 by Andras Cser in Security & Risk Management
 
...policy engine of their SONA architecture. Policy Enforcement Points (PEP) are currently implemented at the application endpoint. With this acquisition, in the future customers can implement hybrid PEPs distributed between the network and the application, thus starting to move non-business policy logic into the infrastructure layer. The...
 
Tags: iam, iam vendors, network, entitlement management product, iam market, product, entitlement management, network operations, operations
 
 
 
 
Expand article

Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management

2008-04-09 13:00:00 by Editor in Computerworld Security News
 
...policy. The next step is to manage your mobility policy successfully by putting effective controls in place with mobile device management In this web cast you'll learn how to create an effective mobility policy for your company. You'll also learn about a flexible, cost-effective solution that can help you control your company's mobile assets,...
 
Tags: mobility, mobility policy, effective mobility policy, mobile device, mobile device proliferation, mobile device management, data access requirements, data, gain control
 
 
 
 
Expand article

Insurance claims and policy information in the dumpster

The Article has images
2008-06-18 12:41:02 by Evan Francen in The Breach Blog
...policy paperwork including "names, social security numbers and policy numbers Breach Description Files containing sensitive confidential information were discovered in a dumpster in Richardson, Texas. The files are believed to have been thrown out by the owner of a company called Texas Insurance Claims Services Reference URL WFAA Channel 8...
 
Tags: information, dumpster, sensitive confidential information, personnel information, confidential customer information, dumpster dive, files, confidential information, people
 
 
 
 
Expand article

U.S. Government Policy for Seizing Laptops at Borders

2008-08-01 12:21:25 by schneier in Schneier on Security
 
...policy : they can take you laptop anywhere they want, for as long as they want, and share the information with anyone they want Here's the actual policy: Federal agents may take a traveler's laptop or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search...
 
Tags: policy, cover, policies cover, policies, actual policy, government, border protection, border, laptop
 
 
 
 
Expand article

Google Changes Privacy Policy

2007-03-15 08:31:00 by Eric Marvets in The Security Samurai
 
...policy that would anonymize the data after an 18 to 24 months period unless they are legally required to retain them. They also said they would look at improving users privacy across the board, including services like Google Chat and Google Desktop This announcement was a change in corporate policy, rather than a detailed technical plan. We...
 
Tags: privacy, google, privacy concerns, policy, google chat, financial data, data, google desktop, users privacy
 
 
 
 
Expand article

New Paper: "Security policy in the age of compliance"

2008-01-28 17:53:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...policy in the age of compliance In my previous articles, I have covered specific topics (log management, incident response, intrusion detection, and computer forensics), but now it's time to take a step back and look at the forest rather than the trees. Those specific subjects are all covered by the same broader umbrella: the corporate...
 
Tags: security policy, age, compliance, log management, broader umbrella, previous articles, specific subjects, specific topics, incident response