Management, compliance & auditing

The aim of business is to be profitable — and as we all know, investing in new systems, devices, and technology costs money that may otherwise be logged...

Like many other information security professionals, you probably have a library of books on the topic of your career choice. Not only that, but like many others,...

An information security policy is a set of rules enacted by an organization to ensure that all users of networks or the IT structure within the organization’s...

The financial services industry is heavily regulated with compliance requirements focusing on the management of risk and fraud. The sector must comply with...

If the government enforces regulations, then its various departments and functions must also comply with those same regulations. Major data security regulations...

Whether it’s the General Data Protection Regulation (GDPR) or the New York Stop Hacks and Improve Electronic Data Security Act (NY SHIELD), nearly every...

Also called the Financial Modernization Act of 1999, GLBA governs the way in which financial institutions must prevent the disclosure of consumer nonpublic...

A secure process audit is a type of security audit in which the tester (auditor) tests the application or server or any network device where he or she captures...

This is Chapter 6 in Tom Olzak's book, "Enterprise Security: A practitioner’s guide." Chapter 5 is available here: VLAN Network Segmentation and Security-...

Acceptable Use Policies (AUPs) are an essential component to all organizations, companies, and other establishments offering Internet or Intranet access. According...