Sister CISA CISSP:

information security policy

1

July 14, 2010  12:58 PM

The Advanced Data Threat of Persistent Leakage



Posted by: Arian Eigen Heald
information security policy, Start Laughing Now

Back from a lovely vacation on a lake (where there are no computers or TVs allowed) I am struck once again by a terrible case of whimsy. Thus the title of this entry, which I truly could not resist. There is an odd marketing marriage of some "security" terms. I put security in...

February 26, 2010  7:25 PM

Health Care Breaches and Third Party Associates



Posted by: Arian Eigen Heald
Data Breaches, DataManagement, Identity theft, information security, information security policy, medical identity theft

The Department of Health and Human Services has posted a list of the covered entities, (i.e., those that come under HIPAA regulations) that have reported health information data breaches...


February 17, 2010  2:58 AM

Beware the “Smoker Door!”



Posted by: Arian Eigen Heald
Adventures in Auditing, Data Center, Eigen's Rules of Thumb, Hardware & InfoSec, information security policy, Penetration testing, Physical Security, Start Laughing Now, Tools & Tricks of the Trade

When doing a physical security audit, there's always the "security by walking around" phase. I find PCs with no screensavers, passwords under keyboards and keys labeled "server room." Consider the cigarette smoker. Every company has them. (Better, by far, than the cigar smokers, in my opinion.)...


December 8, 2009  8:21 PM

“Social Media” and Business



Posted by: Arian Eigen Heald
etc, information security, information security policy, TCM (Truly Clueless Management), Twitter

My sister-in-law asked me yesterday about getting her company on Twitter and other social media sites like Facebook. She said that they would need to disable blocking functions in the office firewall to make it work. She also said that their IT department was very much against the idea, and she...


August 26, 2009  3:18 PM

Check out this Article on Wireless



Posted by: Arian Eigen Heald
free tools, information security policy, Wireless

I don't usually promote other articles - it's kind of "cheating," but short of copying and pasting the entire article, I've got to send you in the direction of Lisa Philfer's article on


July 31, 2009  4:25 PM

Things NOT To Do When You’ve Been Hacked, Part I



Posted by: Arian Eigen Heald
Data Breaches, Incident Response, information security, information security policy

The problem with being a "geek" is that we truly love to tinker, to fix, to improve, to test....etc. So when you announce to a bunch of us that a website on the network has been broken into, there's lots of leaping into action. Which is exactly what you don't want to do. At all. While...


May 18, 2009  3:08 PM

Looking for Some Good (and FREE!) IT Policy Templates?



Posted by: Arian Eigen Heald
Admins and Auditors, free tools, information security policy, IT Compliance - Policies, security policies, Tools & Tricks of the Trade, Tools for Auditing and Security

Thanks to an email, I've come across a great website to offer you when it's time to go looking for some good policy templates. SANS, the be-all end-all of security training, has organized a website that offers us


1