Management, compliance & auditing September 23, 2014 Dimitar Kostadinov The essentials of an acceptable use policy An Acceptable Use Policy (henceforward mentioned as "AUP") is agreement between two or more parties to a computer network community, expressing in writing...
Management, compliance & auditing September 11, 2014 Security Ninja Want to Limit PCI DSS Scope? Use Tokenization Every organization should follow a proactive rather than a reactive approach to protect against threats, risks and vulnerabilities, to which if their IT infrastructure...
Management, compliance & auditing August 13, 2014 Dimitar Kostadinov Cyber Insurance Introduction Cyber insurance coverage has been available on the market for a decade, but only recently companies have been seeing a significant growth—sales...
Management, compliance & auditing August 4, 2014 Dan Virgillito Bringing Down Security Risks With A BYOD Encryption Policy The number of employees using their personal devices for work-related purposes is absurd. Let's just say there's an employee or two in every organization using...
Management, compliance & auditing July 18, 2014 Security Ninja File integrity monitoring (FIM) and PCI-DSS In this article, we will learn about the requirement of file integrity monitoring in PCI-DSS (Payment Card Industry Data Security Standard). If we talk about...
Management, compliance & auditing June 27, 2014 Dimitar Kostadinov Key Elements of an E-mail Retention Policy 1. What is an E-mail Retention Policy? Simply put, an e-mail retention policy/ERP is the process of keeping emails for compliance or business reasons. It differs...
Management, compliance & auditing June 23, 2014 Infosec Data Access Governance: Security’s Biggest Unaddressed To-Do If you are like me, there are many things you can check off your to-do list every day. However, if you are really like me, then there are some things which...
Management, compliance & auditing June 12, 2014 Security Ninja PCI-DSS 3.0 – Key Drivers Every organization should follow a proactive rather than a reactive approach to protect against threats, risks, and vulnerabilities to which if their IT infrastructure...
Management, compliance & auditing May 27, 2014 Dawid Czagan Effective Risk Reduction 1. Introduction Risk reduction is often associated with prevention only. Effective security, however, also needs detection and response. Those three (prevention,...
Management, compliance & auditing May 21, 2014 Dawid Czagan Qualitative risk analysis with the DREAD model This article introduces two types of risk analysis (quantitative, qualitative) and presents how to perform qualitative risk analysis with the DREAD model. Finally,...