As I mentioned in my last article, security policies serve to protect (data, customers, employees, technological systems), define (the company’s stance on security), and minimize risk (internal and external exposure and publicity fallout in the event of a breach).
Security policy creation and dissemination are not just a good idea; both are mandated by a slew of corporate regulations, including PCI, HIPAA, and FISMA. This story presents five mistakes that companies commonly make when writing and implementing security policies. As simplistic as some of these errors sound, they happen often enough and cause heavy damage to companies’ bottom lines. Five basic mistakes of security policy
From around the Web
- Users not patching third party apps
- Mozilla patches 12 Firefox bugs, a third of them critical
- IE 7 and 8 Default Security Leaves Intranets At Risk
- Microsoft ships fixes for Excel, WordPad malware attacks
- 15 Firefox addons for Web developers
- Windows 7 will nag users 29% less often, Microsoft claims
- Vista7 more secure than Linux and Mac OS X
- Conficker self updates, launches false infection alert
- SSH server attacks resurface
- Hacking Tools & Techniques and How to Protect Your Network from Them
- Microsoft Black Tuesday: Microsoft finally fixes Excel zero day, plus more
- Conficker self updates, launches false infection alert
- Conficker reprogrammed for new attack run
- Rogue security software a rising threat
- Further Windows 7 features revealed