Security breaches are becoming a fact of life. We may be tempted to just discard a company’s official notification about a breach, especially when it’s couched in legalese and technical terms. But it’s worth reading such notifications so that you can determine what the company did to protect your information—and what actually happened to cause the breach. Continue reading
By Alan Kowlowitz, NYSTEC Information Security Consultant
If you are an information security professional, at one point you will probably be expected to write security policies and standards for your company or agency. You already know why such documentation is important: failure to produce sound policies and standards could lead to a lack of compliance or security awareness—leaving your data vulnerable to security breaches.
Many excellent guidelines, models, and resources are available, making it relatively easy for you to develop sound policies. However, it remains difficult to write policies and standards that can be readily implemented and actually improve your organization’s security posture. Continue reading