Creating and Managing Information Security Policies

MUST READ Perfecting the security policy process TIP - Phebe Waterfield, Security Analyst, Yankee Group discusses tactics for perfecting the security policy process in this presentation from Information Security Decisions. Integrating interdepartmental security strategies TIP - In this tip, Mike Chapple explains the four-stage process to building a coherent interdepartmental information security strategy. Information security policies: Distinct from guidelines and standards BOOK CHAPTER - Information security policies differ from both standards and guidelines. In this excerpt from Information Security Policies Made Easy, author Charles Cresson Wood explains what policies are, and how they differ from standards ...

EXPERT TECHNICAL ADVICE: 1 - 3 of 125

CREATING AND MANAGING INFORMATION SECURITY POLICIES EXPERTS
			Mike Rothman President and Principal Analyst ASK A QUESTION

	The 100-day plan: Achieving success as a new security manager 25 Nov 2008 TIP - One of the top priorities of any newly minted information security manager is to implement a new enterprise security strategy.

	How to implement and enforce a social networking security policy 12 Nov 2008 TIP - David Sherry explains why a social networking policy is important, and details how to implement and enforce it.

	Richard Mackey: Building a framework-based compliance program 29 Oct 2008 TIP - Richard Mackey talks about frameworks that can help you find the holes in your compliance program.

	VIEW ALL EXPERT TECHNICAL ADVICE ON CREATING AND MANAGING INFORMATION SECURITY POLICIES

NEWS: 1 - 3 of 60

	IT security pros face challenge during economic crisis SearchSecurity.com | 13 Oct 2008 INTERVIEW - In this Q&A, Steven Katz, a former CISO at Citigroup Inc., JP Morgan Chase & Co., and Merrill Lynch & Co., Inc., explains the role of IT security durring mergers and acquisitions.

	IT security not valued at many firms, study finds SearchSecurity.com | 30 Sep 2008 ARTICLE - A study conducted by research firm IDC found that IT security is seen as an obstacle to business innovation.

	Sound compliance policies, practices reduce legal costs SearchSecurity.com | 08 Sep 2008 ARTICLE - Results of a recent survey show that if large enterprises adhere to compliance best practices, they can significantly trim what they spend on legal fees.

	VIEW ALL NEWS ON CREATING AND MANAGING INFORMATION SECURITY POLICIES

REFERENCE & LEARNING: 1 - 3 of 16

	Quiz: Mitigating Web 2.0 threats SearchSecurity.com | 12 Nov 2008 QUIZ - Take this five-question quiz to test your knowledge of social networking sites, software-as-a-service and common Web attacks and threats.

	Security rules to live by: Compliance with laws and regulations Published by Information Shield, Inc. | 01 Nov 2006 BOOK CHAPTER - An excerpt of Chapter 3: Security Rules to Live By, from David J. Lineman's Information Protection Made Easy.

	Special considerations for network-based access control Auerbach Publications | 16 Oct 2006 BOOK CHAPTER - An excerpt from Chapter 13: Access Control of Information Security: Design, Implementation, Measurement, and Compliance, by Timothy P. Layton.

	VIEW ALL REFERENCE & LEARNING ON CREATING AND MANAGING INFORMATION SECURITY POLICIES

MAGAZINE CONTENT (free subscription required): 1 - 3 of 12

	Interview: Chris Nickerson of TruTV's 'Tiger Team' Information Security Magazine | 01 Oct 2008 COLUMNS - Chris Nickerson of Lares Consulting explains best practices for penetration tests and the risks of outsourcing.

	Security Awareness Training Essential Part of Infosec Program Information Security Magazine | 01 Jun 2008 FEATURES - AWARENESS TRAINING Nothing circumvents pricey defense-in-depth faster than people; educating workers about security is essential.

	Interview: Arizona CISO David VanderNaalt Information Security Magazine | 01 Apr 2008 COLUMNS - The CISO for the state of Arizona helps craft an executive order that prioritizes information security in every state agency.

	VIEW ALL MAGAZINE CONTENT ON CREATING AND MANAGING INFORMATION SECURITY POLICIES

WEBCASTS: 1 - 3 of 7

	The Evolution of Controls for Compliance - The Next Phase: Controls Automation & Monitoring - Vendor Webcast VIEW WEBCAST PREMIERED:   13 SEP 2006, 09:00 EDT (13:00, GMT) SUMMARY:   Attend this webcast and discover how you can improve your company's overall business performance by automating and monitoring compliance controls.

	Smart strategies for evaluating policy management tools - Expert Webcast VIEW WEBCAST PREMIERED:   22 JUN 2006, 12:00 EDT (16:00, GMT) SUMMARY:   This webcast will evaluate the value of policy management tools, including how to determine which products best suit your organization's needs.

	Achieving Business Goals with Cost Effective & Sustainable Compliance - Vendor Webcast VIEW WEBCAST PREMIERED:   01 JUN 2006, 14:00 EDT (18:00, GMT) SUMMARY:   In this Webcast, you will learn how Chevron and other organizations are implementing solutions to cost-effectively address and sustain governance, risk and compliance management requirements.

	VIEW ALL WEBCASTS ON CREATING AND MANAGING INFORMATION SECURITY POLICIES

WHITE PAPERS

	Virtualization Security: Issues, Adoption, and Strategy for Success Published by: Stonesoft Inc. | 25 Nov 2008 WHITE PAPER - In this document Andreas Antonopoulos and Mark Boltz will discuss about securing the benefits of virtulization with a different twist on what one may have heard before on virtulization security.

	Comparing Email Management Systems that Protect Against Spam, Viruses, Malware & Phishing Attacks Published by: Sunbelt Software | 24 Nov 2008 WHITE PAPER - In this whitepaper, Sunbelt Software engaged Osterman Research to survey organizations that are using five different email management systems in order to understand different perceptions about various email management systems.

	Converged Network Security for Dummies Published by: Avaya Inc. | 21 Nov 2008 BOOK - This Dummies piece focuses on securing the enteprise converged network through a multi-layered security model.

	VIEW ALL WHITE PAPERS IN THIS TOPIC

DEFINITIONS: 1 - 3 of 3

	defense in depth 19 May 2007 WORD - Defense in depth is the coordinated use of multiple security countermeasures to protect the integrity of the information assets in an enterprise. The strategy is based on the military principle that it is more difficult for ...

	security policy 28 Apr 2001 WORD - In business, a security policy is a document that states in writing how a company plans to protect the company's physical and information technology (IT) assets. A security policy is often considered to be a "living ...

	non-disclosure agreement WORD - A non-disclosure agreement (NDA) is a signed formal agreement in which one party agrees to give a second party confidential information about its business or products and the second party agrees not to share this information ...

	VIEW ALL DEFINITIONS ON CREATING AND MANAGING INFORMATION SECURITY POLICIES

	SEE ALSO - Topics Related to Creating and Managing Information Security Policies:  Remote Access Policy, Acceptable Use Policy, Device Security Policy