Creating and Managing Information Security Policies

MUST READ Perfecting the security policy process TIP - Phebe Waterfield, Security Analyst, Yankee Group discusses tactics for perfecting the security policy process in this presentation from Information Security Decisions. Integrating interdepartmental security strategies TIP - In this tip, Mike Chapple explains the four-stage process to building a coherent interdepartmental information security strategy. Information security policies: Distinct from guidelines and standards BOOK CHAPTER - Information security policies differ from both standards and guidelines. In this excerpt from Information Security Policies Made Easy, author Charles Cresson Wood explains what policies are, and how they differ from standards ...

EXPERT TECHNICAL ADVICE: 1 - 3 of 131

CREATING AND MANAGING INFORMATION SECURITY POLICIES EXPERTS
			David Mortman ASK A QUESTION

	Security and audit relationships: Uneasy antagonists or partners in arms? 16 Dec 2008 TIP - The relationship between information security pros and auditors can be a rocky one, but there are a few specific steps that can make it smoother.

	Deleting user accounts: How to manage users during a layoff 09 Dec 2008 TIP - When budgets get cut across the enterprise, employees will probably get cut, too. So what's the best way to handle a large number of user account modifications or deletions?

	Security beyond compliance: A proactive and customized security framework 02 Dec 2008 TIP - Though compliance guidelines are a good place to start, they in no way guarantee the security of a network. Marcos Christodonte II explains how to create a security framework.

	VIEW ALL EXPERT TECHNICAL ADVICE ON CREATING AND MANAGING INFORMATION SECURITY POLICIES

NEWS: 1 - 3 of 60

	IT security pros face challenge during economic crisis SearchSecurity.com | 13 Oct 2008 INTERVIEW - In this Q&A, Steven Katz, a former CISO at Citigroup Inc., JP Morgan Chase & Co., and Merrill Lynch & Co., Inc., explains the role of IT security durring mergers and acquisitions.

	IT security not valued at many firms, study finds SearchSecurity.com | 30 Sep 2008 ARTICLE - A study conducted by research firm IDC found that IT security is seen as an obstacle to business innovation.

	Sound compliance policies, practices reduce legal costs SearchSecurity.com | 08 Sep 2008 ARTICLE - Results of a recent survey show that if large enterprises adhere to compliance best practices, they can significantly trim what they spend on legal fees.

	VIEW ALL NEWS ON CREATING AND MANAGING INFORMATION SECURITY POLICIES

REFERENCE & LEARNING: 1 - 3 of 16

	Quiz: Mitigating Web 2.0 threats SearchSecurity.com | 12 Nov 2008 QUIZ - Take this five-question quiz to test your knowledge of social networking sites, software-as-a-service and common Web attacks and threats.

	Security rules to live by: Compliance with laws and regulations Published by Information Shield, Inc. | 01 Nov 2006 BOOK CHAPTER - An excerpt of Chapter 3: Security Rules to Live By, from David J. Lineman's Information Protection Made Easy.

	Special considerations for network-based access control Auerbach Publications | 16 Oct 2006 BOOK CHAPTER - An excerpt from Chapter 13: Access Control of Information Security: Design, Implementation, Measurement, and Compliance, by Timothy P. Layton.

	VIEW ALL REFERENCE & LEARNING ON CREATING AND MANAGING INFORMATION SECURITY POLICIES

MAGAZINE CONTENT (free subscription required): 1 - 3 of 14

	Collaboration with auditors will benefit information security programs Information Security Magazine | 28 Nov 2008 COLUMNS - Security professionals should appreciate their relationships with internal auditors, who by pointing out security areas that need improvement, head off failures with external auditors.

	Interview: Chris Nickerson of TruTV's 'Tiger Team' Information Security Magazine | 01 Oct 2008 COLUMNS - Chris Nickerson of Lares Consulting explains best practices for penetration tests and the risks of outsourcing.

	How to be an Information Security Know-it-all Information Security Magazine | 17 Jul 2008 FEATURES - The essentials every chief information security officer must master, including PCI compliance, server and desktop security, securing the data lifecycle and how to best align security and business.

	VIEW ALL MAGAZINE CONTENT ON CREATING AND MANAGING INFORMATION SECURITY POLICIES

WEBCASTS: 1 - 3 of 7

	The Evolution of Controls for Compliance - The Next Phase: Controls Automation & Monitoring - Vendor Webcast VIEW WEBCAST PREMIERED:   13 SEP 2006, 09:00 EDT (13:00, GMT) SUMMARY:   Attend this webcast and discover how you can improve your company's overall business performance by automating and monitoring compliance controls.

	Smart strategies for evaluating policy management tools - Expert Webcast VIEW WEBCAST PREMIERED:   22 JUN 2006, 12:00 EDT (16:00, GMT) SUMMARY:   This webcast will evaluate the value of policy management tools, including how to determine which products best suit your organization's needs.

	Achieving Business Goals with Cost Effective & Sustainable Compliance - Vendor Webcast VIEW WEBCAST PREMIERED:   01 JUN 2006, 14:00 EDT (18:00, GMT) SUMMARY:   In this Webcast, you will learn how Chevron and other organizations are implementing solutions to cost-effectively address and sustain governance, risk and compliance management requirements.

	VIEW ALL WEBCASTS ON CREATING AND MANAGING INFORMATION SECURITY POLICIES

WHITE PAPERS

	Vulnerability Assessments: Guidelines to Maximize Performance Published by: Lumension Security | 07 Jan 2009 WHITE PAPER - This white paper outlines the process for successfully integrating vulnerability scanning and remediation capabilities to ensure your organization maintains a secure environment while complying with internal and external security policies.

	Real-Time Adaptive Security Published by: Sourcefire | 30 Dec 2008 WHITE PAPER - Real-time adaptive intrusion systems integrate with network access controls and user data repositories for tracing events to systems and specific users dynamically monitor traffic patterns to mitigate threats and leverage vulnerability assessment.

Akamai's Application Performance Solutions: For a Complete Application Delivery Strategy, Think Outside the Data-center Published by: Akamai Technologies | 30 Dec 2008 WHITE PAPER - Akamai's Web Application Accelerator takes a unique approach to solving the Web application delivery challenge by filling the gap between the data-center and end-users while requiring no additional hardware by the customer.

	VIEW ALL WHITE PAPERS IN THIS TOPIC

DEFINITIONS: 1 - 3 of 3

	defense in depth 19 May 2007 WORD - Defense in depth is the coordinated use of multiple security countermeasures to protect the integrity of the information assets in an enterprise. The strategy is based on the military principle that it is more difficult for ...

	security policy 28 Apr 2001 WORD - In business, a security policy is a document that states in writing how a company plans to protect the company's physical and information technology (IT) assets. A security policy is often considered to be a "living ...

	non-disclosure agreement WORD - A non-disclosure agreement (NDA) is a signed formal agreement in which one party agrees to give a second party confidential information about its business or products and the second party agrees not to share this information ...

	VIEW ALL DEFINITIONS ON CREATING AND MANAGING INFORMATION SECURITY POLICIES

	SEE ALSO - Topics Related to Creating and Managing Information Security Policies:  Remote Access Policy, Acceptable Use Policy, Device Security Policy