6 myths about security policies

Friday, 4 October 2002, 10:39 AM EST

As a technical director in my company's corporate infosec department, I assumed I knew all I had to know about writing information security policies. After spending a lot of time in the past year as part of a team assigned to update and enhance our organization's policies, I can say without qualification that most of my assumptions were wrong.

My company (I can't tell you the name, because that would be against our information security policy) delivers services to the financial sector. Our original infosec policy was written back in the days of the dinosaurs--1995. It was a simpler time. We connected to our business partners over leased lines and knew who was on the other end. Our systems were isolated, aside from a dial-up here and there. The Internet was a fad--why would we ever connect our mission-critical networks to it?

Fast-forward to 2001. Our business partners now used value-added networks and the Internet to send us important stuff. E-mail had become as important as the telephone, and we were doing business on the Web. Our world had become more complex. Our policies were seriously in need of an update.

In the course of working on the new policies, I learned the truth about my assumptions, which I now call the "Six Myths of Infosecurity Policies."

[ Read more ]




Spotlight

Android Fake ID bug allows malware to impersonate trusted apps

Posted on 29 July 2014.  |  Bluebox Security researchers unearthed a critical Android vulnerability which can be used by malicious applications to impersonate specially recognized trusted apps - and get all the privileges they have - without the user being none the wiser.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //