Security

Web application security risks: Accept, avoid, mitigate or transfer?

Web application security is a very hot topic these days. What shall CISOs do with the related risks?

Without information security processes, you are flying blind

Third-party vendors must abide by HIPAA privacy rules as well

Keeping up with the latest HIPAA rules and guidance

Practical tips to ensure PCI DSS compliance when dealing with message queues

In this final piece, I will continue with some more detailed items on how to ensure PCI message queue compliance.

How to ensure PCI DSS compliance when dealing with message queues

Does your message queue contain data in-scope for PCI DSS? For many, the answer seems to be that they’ve never even considered that data stream. Well, they should.

Defending against insider security threats hangs on trust

If your security strategy only considers malicious insiders when addressing the insider threat, you may be miscalculating the risk. Accidental incidents are nearly impossible to guard against.

What is your risk number?

What is your risk number as a CISO and what is the risk number for the enterprise

Sample bomb threat procedures

Sample personnel file access policy

Sample concealed weapons policy