Security Policy Exceptions

Not long ago, I was reading a debate on a Linkedin.com forum discussing all kinds of edge cases that some participants were arguing needed to be considered in a security policy regarding some particular aspect of security.  In fact, I forget what the issue was, but it was clear that … Continue reading

Why Have Security Policy?

I have found that not everyone has considered the role of security policy in an organization’s information security management program.  Therefore, I will share some of my insights with the hope that it will help others articulate it to their organizations. A Security Policy is a written document that states … Continue reading

My Security Philosophy

A brand is a promise that is made to the company’s customers.  Over time, customers trust the brand based on the trustworthiness of the company.  Security plays an important role in protecting that trust by managing risks to confidentiality, availability, and integrity.  Customers expect that the information systems that they … Continue reading

  • The postings and views on this site are my own and do not necessarily reflect the positions, strategies, or opinions of any current or previous employer.