Do you have security protection for mobile computing and working from home? Although sometimes absolutely necessary (e.g., during a...

Organizations need to have definitions in place to support the segregation of control duties amongst internal personnel. Without these...

The risk for unauthorized access or inappropriate viewing of information increases for organizations if session timeouts are not in place...

A significant number of external security incidents or data breach threats begin with unauthorized remote access being gained to the...

Organizations need to implement system utility access controls to protect and ensure standard, non-administrative users do not have the...

It doesn’t take a rocket scientist to recognize that an access control policy need to be implemented to secure information systems when...

Organizations need to implement and maintain secure logon processes to ensure authorized users are authenticated prior to accessing...

Organizations need to have controls in place in place for the management of accounts with privileged access. Privileged access management...

The lack of an overall strong access control program generates opportunities for the unauthorized access to potentially sensitive data in...

Organizations must ensure that the process for the disposal or re-use of equipment is strictly controlled. The improper disposal or...

Information assets, including printed materials, email attachments, or other data, should be classified appropriately to ensure they are...

If organizations do not document, communicate, and have personnel agree to acceptable use requirements, personnel may not be limited to...

IT Asset inventories help your organization control IT costs, reduce risk, and automate modern IT environments. IT Assets cannot be...

Your organization should develop, document, and maintain a comprehensive Security Awareness Training Program. If security awareness...

Security implications need to be considered and addressed to ensure the organization remains protected and safe from threats. When an...

Managers of all departments need to be involved with ensuring their teams are performing their assigned operational duties in accordance...

In our ongoing blog series on security program pitfalls, we’ve been focusing most recently on a personnel security program. Today’s post...

All personnel need to be screened prior to starting employment. This helps to ensure organizations hire knowledgeable, ethical...

Personnel security is the focus of the third chapter of my eBook, Security Program Pitfalls and Prescription to Avoid Them, and the roles...

Security categories for an organization’s information systems need to be defined to enable appropriate risk decisions to be made. Without...