Sunday, 5 February 2012
Security best practices
Conquer the challenges of enterprise information security management with helpful information and advice on corporate governance and regulatory compliance; risk management; information security standards; security frameworks; and online user security, privacy and policies.
Sub-Topics
Covers regulatory compliance management and planning, including training and "how to" information on Sarbanes-Oxley, HIPAA, FFIEC, PCI Data Security Standard and data breach notification.
Browse the articles and tips in this section for the latest information on how to provide end user security.
Information security governance is a subset discipline of corporate governance focused on information security systems and their performance and risk management.
Information security policies are a special type of documented business rule for protecting information and the systems which store and process the information. Within an organization, these written policy documents provide a high-level description of the various controls the organization will use to protect information.
News, advice and education on information security standards like ITIL, ISO 17799, COBIT and Six Sigma, and applying them to information security program management and governance.
News, advice and commentary on legal and ethical topics such as CAN-SPAM, CALEA, information security legislation, vulnerability disclosure, intellectual property, electronic records and more.
Information security industry trends and forecasts from research firms and analysts, and predictions on hot technologies and market futures from industry experts.
Enterprise risk management includes the methods and processes used by organizations to manage risks related to the achievement of their objectives. It provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress.
Security is in the news quite a lot these days and security professionals can come here to see what the industry's top executives, researchers, analysts and hackers have to say.
Browse the articles and tips in this section for the latest information on how to get the best value and protection from security vendors and resellers.
List Topic Article
Highlights
Business transactions are faster and have a broader reach to more people in more countries than ever before. Businesses of all sizes can cast a global shadow by setting up a website and conducting business over the Internet. At the same time the volume of data is growing, so are the threats.
Red Cross named the first recipient of the CourionCare Program for Non-Profits with massive overhaul to security and identity management.
That program helped the agency reduce the risk of security and compliance breaches by automatically eliminating system access when a user changed responsibilities or left the organization.
In the past, businesses confronted the threat of cyber attacks and data breaches primarily by building firewalls and other “perimeter defenses” around their networks, but the threat has continued to evolve, and more criminals are hacking into applications that are running on a plethora of new devices and environments, including cloud, mobile, and social media. Which begets the question: Is it still worthwhile investing in application security?
When the U.S. Department of Justice shut down MegaUpload and sued its operators for copyright infringement last week, users who were storing files legally on the site became collateral damage. Now, some of them are looking to sue the government over lost data, TorrentFreak reports.
