Thursday, May 5, 2011

Quit Hoarding

Evaluate your security program’s maturity before dropping money on a quick-fix “hot” product.

Evidently, there is an increasing fascination within the American psyche with hoarding, the excessive collection of items, along with the inability to discard them. This is evident in the popularity of television shows such as “Buried Alive” and “Hoarders”.

Read more of this post on our new blog site http://blog.securestate.com/post/2011/05/05/Quit-Hoarding.aspx

Read more!

Information Policies & Procedures, Part 7

This is part of an ongoing series on documentation development.


Do words matter? Of course they do. There are few places where this statement is as true as in documentation. When developing policies and procedures, we must be very clear about the rules. Must and shall mean, as the name implies, that the action is not optional. May means that the action is allowed, but not required. This is an essential difference. Take for instance: sharing passwords. A policy statement should be in place saying something like “users shall not disclose passwords to others.” This clearly dictates that passwords must not be disclosed. May, on the other hand, allows a bit more flexibility. For example, take the statement “users may bring in their own monitors.” In this case, users are allowed, but not required, to use their own monitors.

Read the rest of this post at our new blog site: http://blog.securestate.com/post/2011/05/02/Information-Security-Policies-and-Procedures-Part-7.aspx

Read more!