security policy

  • Survey: younger employees break the rules and put your company at risk

    Posted October 29, 2013 - 1:53 pm

    Many Generation Y workers are willing to circumvent BYOD and security policies if they don't agree with them.
  • Facebook, Twitter need corporate security policies

    Posted May 13, 2011 - 10:48 am

    Social networks such as Facebook and Twitter open threats to sensitive corporate data that businesses need to deal with aggressively, Interop attendees were told.
  • Warning came four months before huge Epsilon data breach

    Posted April 8, 2011 - 2:46 pm

    Epsilon data was warned about phishing attacks like the one that cracked it -- four months before it was eventually cracked, according to reports.
  • Employees think they understand security policies -- but they don't

    Posted November 30, 2010 - 3:09 pm

    Employee awareness of their companies' security policies is high--if you ask the employees. In a survey of 2,000 office workers, software security company Clearswift found almost three quarters, 74 percent, felt 'confident' that they understand their employers' Internet security policies. That is, policy designed to safeguard data and IT security, as well as maintain productivity. But the confidence is misplaced, Clearswift suggests in their summary of the findings, because a third of those surveyed have not received any training on IT security since joining their firm. And more than two thirds of those who have not had recent training joined their organization more than five years ago--a 'technological lifetime,' notes Clearswift.
  • Want to get security done? Skip the details (yes, really)

    Posted August 16, 2010 - 7:53 am

    More often than not, details confuse and delay. They take the focus off of root, systemic issues. If you want to get things done, start big, bring up uncomfortable security topics, continually assess, and then do something with that information.
  • Workarounds: 5 ways employees try to access restricted sites

    Posted August 11, 2010 - 12:36 pm

    Company policy may forbid access to certain web sites, but some employees try creative techniques to view them anyway. Here are five common workarounds and what security can do about them.
  • The Many Benefits of a Clean Desk

    Posted July 28, 2010 - 11:22 am

    One of the security policies that has taken hold across a wide range of businesses is the "clean desk" and often the "clean desk and clear screen" policy. Intended to keep both PII (personally identifiable information) and company proprietary information away from prying and wandering eyes, policies such as these have more advantages than first glance might suggest.
  • Network security for the masses

    Posted July 19, 2010 - 8:23 pm

    Information security is an exalted field. Exalted both in the sense of "noble" and in the sense of "inflated". We practice security as a dark art, a complex discipline of insiders with obscure acronyms. Even more than other areas of IT, security professionals are a "special" breed, as one can clearly see by the many certifications following our names, almost like titles of nobility. Yes, security is complex and esoteric. No, it should not be the practice of the few, but the practice of the many.
  • Responding to security questions successfully

    Posted July 19, 2010 - 4:40 pm

    Give the explanation, not just the answer.
  • 3 security best practices you should be following (but probably aren't)

    Posted June 30, 2010 - 8:10 am

    These proven tactics will help ward off cybercriminals -- if you make them part of your security regimen.
  • How to write a security policy your users will read (and follow)

    Posted January 15, 2010 - 9:00 am

    Your end user security policy should be short enough that people can read and interpret it within 10 minutes. Any longer than that and your users will read half of it, maybe skim the rest of it and throw it in a big pile of papers on their desk.
  • Best Time to Update Corporate Security Policies

    Posted December 4, 2009 - 7:39 pm

    Corporations that have gone through any of a number of adverse situations – a bad audit, a lawsuit, a lost business deal, an intrusion, or complaints related to security – should review their policy following the incident. Otherwise, companies should update corporate security policies at least once a year.
  • The Seven Deadly Sins of Security Policy

    Posted October 7, 2009 - 3:01 pm

    Are your security policies really managing your organization's risks? Or are they just 'check-the-box' rules? We detail common policy mistakes security pros often make.
  • A reasonable approach to oversight

    Posted September 18, 2009 - 9:23 pm

    When it comes to security, how do you balance between being "big brother" and being a responsible enforcer of corporate policy?
  • How to Write an Information Security Policy

    Posted June 22, 2009 - 11:52 am

    A security professional whose job it is to compose security policy must listen carefully to executive management and document the content of those conversations faithfully without embellishment or annotation. The time and effort spent to gain executive consensus on policy will pay off in the authority it lends to the policy enforcement process.
  • Cisco study: IT security policies unfair

    Posted October 28, 2008 - 4:27 pm

    Unfair policies prompt most employees to break company IT security rules, and that could lead to lost customer data, a Cisco study found.
  • How to fortify your connection

    Posted September 29, 2008 - 10:35 am

    Mobile workers connect to hot spots in airports and hotels, they access the Internet through their home router while working from home and they use public WiFi to check company email while taking a coffee break at Starbucks. It's essentially impossible for anyone in today's business climate to completely avoid public networks. But there are things you can do to keep your company's IP safe.
Join us:






Join today!

See more content
Ask a Question