Tuesday, June 9, 2009

Secunia PSI

Check my earlier post on this topic.

Secunia PSI is one of my favorite programs, a new release is out with some new features, check it out


Tuesday, June 2, 2009

Information Security Policies

While doing some research, I came across this Cisco study.

There are two interesting policy findings,

  • Majority of businesses (77 percent) have security policies in place.
  • More than half of the employees surveyed admitted that they do not always adhere to corporate security polices.

So, what are the reasons for it? In my view there are many possibilities,
  • Policies are not defined correctly
  • Users are not able to understand it
  • It is not aligned with the business processes
  • It does not have management's and business leader's buy-in
  • It is not communicated properly
  • There are no monitoring mechanisms in place to verify compliance
  • There are no action taken in case of policy violations