Security Paradigms
by Steven Fox
  • A CEO's tale of disappointment

    I met the CEO of a holding company on a recent flight to North Carolina. Our conversation started on the topic of my 'Art of War' column. The column, I explained, is focused on sharing Sun Tzu's insights on strategy with information security practitioners. At firts he was silent, but I could tell something was wrong.

  • The effect of paradigms on our perspective of security.

    “Your paradigm is so intrinsic to your mental process that you are hardly aware of its existence, until you try to communicate with someone with a different paradigm.” --Donella Meadows For some of us, security is realized through physical and network controls that address the risks to a given environment. Others view techniques aimed at education and user empowerment as critical to organizational security. Then there are those who march onto the risk landscape under the banner of effective governance and oversight.

» read more

Olzak on Business Continuity
by Tom Olzak
  • Business Continuity Event Planning: The Incident Response Team

    No amount of planning or redundancy can prevent process failure. When a BCE occurs, an effective response helps ensure minimal impact on customers, employees, and investors. It also provides input into a process which incrementally improves both prevention and response.

  • Business Continuity Event Planning: Documentation Overview

    We continue with our look at Business Continuity Event Management (BCEM) planning by looking at developing and managing the two key BCEM documents: the incident response plan (IRP) and the business continuity plan (BCP).

  • Business Continuity Event Planning: Business Impact Analysis (BIA)

    BIA is a continuous process, with repeated analysis when new systems are implemented, major upgrades occur, or processes change. The output of the BCEM BIA includes not only useful insight into business continuity event risk and ways to mitigate it. It also includes documented controls and event response processes ensuring rapid detection and effective recovery of failed process components. In this article, we step through how to conduct a BIA as part of business continuity event management.

» read more

Security Blanket
by Robert McMillan

» read more

The Brave New World of InfoSec
by Jeff Bardin

» read more

Lohrmann on GovSpace
by Dan Lohrmann
  • Virtual Affair, Real Divorce: Selling Cyberethics at Home & Work

    Recent news headlines are full of intriguing stories about real-life consequences to virtual actions at home and work. Virtual world travels, combined with Web 2.0 interactions, are merging with real life behaviors at the office as never before. Security professionals had better take notice - now.

  • A new post-election Internet security paradigm?

    From Newsweek to The Drudge Report to The Huffington Post, it seems that everyone is talking about an unexpected big winner on election night - The Internet.

  • Research.gov Worth A Visit

    NASA has joined the National Science Foundations (NSF's) Research.gov portal. The site offers great information on federally funded research projects, grants, policies and more.

» read more

Overly on Security
by Michael Overly
  • Trojan Horse Contracts?

    Vendor contracts are increasingly including provisions that could lead to breaches of security. At first glance, these types of provisions may appear innocuous, but they create the circumstances under which compromises of security may occur. A few examples:

  • Basic Elements of Document Retention Policies

    Following up on my last posting, this week I talk about the basic elements of a document retention policy. While a review of the broad range of applicable laws cannot be addressed here, there are certain general guidelines for the establishment and implementation of a retention program that should be considered in developing a policy:

  • Document Retention Policies May Decrease Litigation Costs

    Most businesses have retention policies governing how long documents are to be retained before being destroyed or discarded. A growing number of businesses are extending their existing retention policies to include electronic documents, particularly e-mail. For example, a common retention policy for e-mail would require deletion after 60 days. In many instances, the deletion is accomplished automatically by programming the business’ computers to review the dates on e-mail and to delete those messages having dates beyond the allowed limit. If an employee desires to retain a message past the automatic deletion date, she must take affirmative action to preserve the e-mail (for example, contact the MIS department or copy the e-mail to a special directory).

» read more

Digital ID World
by Eric Norlin

» read more

The Business Side of Security
by Bob Bragdon

» read more

Movers and Shakers
by Derek Slater

» read more

Forensics Files
by Kris Haworth

» read more

VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WEBCAST
The Surest Path to Effective and Efficient Compliance

VeriSignIn this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.

» View the webcast

Sponsored Links

Think your data is safe? Think again. It's time to Outthink the Threat. Get eBook now

Diebold: Frost & Sullivan Global Physical Security Systems Integrator of the Year

Configuration Audit and Control for Virtualized Environments

Revolutionizing Endpoint Security with a Single Agent

Envision Identity-Based Access Control for the Datacenter

IT Service Management: Metrics That Matter

ITCi White Paper: Challenges and Opportunities of PCI

Effective Security with a Continuous Approach to ISO 27001 Compliance

Rolling the dice with your security? Take the Self-Assessment Test now

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

How Are Open Source Development Communities Embracing Security Best Practices?

IDC Defines an Identity and Access Management Submarket

Using Likewise to Comply with PCI Data Security Standard

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

Solving Online Credit Fraud Using Device Reputation

Learn how the new Quad-Core AMD Opteron™ processor improves performance

Prepare for (ISC)2® Certification With Villanova - Online

Ponemon Study: How Much Does a Data Breach "Cost"?

Data Protection: Challenges for the Traveling User

Key strategies for C-level executives and security staff

Configuration Assessment: Choosing the Right Solution

The PCI Data Security Standard

Configuration Audit and Control for Virtualized Environments

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Envision Identity-Based Access Control for the Datacenter

Digital Identity Protection and Data Security Get Personal

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage

The Case for Business Software Assurance ~ Securing Your Applications

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.