Security best practices
Conquer the challenges of enterprise information security management with helpful information and advice on corporate governance and regulatory compliance; risk management; information security standards; security frameworks; and online user security, privacy and policies.
Sub-Topics
Covers regulatory compliance management and planning, including training and "how to" information on Sarbanes-Oxley, HIPAA, FFIEC, PCI Data Security Standard and data breach notification.
Browse the articles and tips in this section for the latest information on how to provide end user security.
Information security governance is a subset discipline of corporate governance focused on information security systems and their performance and risk management.
Information security policies are a special type of documented business rule for protecting information and the systems which store and process the information. Within an organization, these written policy documents provide a high-level description of the various controls the organization will use to protect information.
News, advice and education on information security standards like ITIL, ISO 17799, COBIT and Six Sigma, and applying them to information security program management and governance.
News, advice and commentary on legal and ethical topics such as CAN-SPAM, CALEA, information security legislation, vulnerability disclosure, intellectual property, electronic records and more.
Information security industry trends and forecasts from research firms and analysts, and predictions on hot technologies and market futures from industry experts.
Enterprise risk management includes the methods and processes used by organizations to manage risks related to the achievement of their objectives. It provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress.
Security is in the news quite a lot these days and security professionals can come here to see what the industry's top executives, researchers, analysts and hackers have to say.
Browse the articles and tips in this section for the latest information on how to get the best value and protection from security vendors and resellers.
List Topic Article
Highlights
The consensus in the RSA conference 2010 on PCI tokenization is that while it bears potential in credit card protection, the lack of standards to back it up is an issue for concern.
In the RSA conference 2010, security experts are saying that federal government intervention may be necessary to protect the privacy of critical network infrastructures but it should continue to mind the civil rights of its citizens.
In one of the discussions in the RSA conference 2010, Tim Stanley, a Microsoft and Adobe customer voiced out his concerns on vulnerability disclosures.
With the current direction of transferring data, mobile devices and social networking sites are becoming more and more prevalent. How should enterprise security administrators react?
A discussion at the RSA conference 2010 has urged organizations to share information about data breaches to law authorities to aid in the process of pinpointing cybercriminals.
