What Should be in a Good Cybersecurity Policy
I often get called in to evaluate cybersecurity documentation, more specific policies and procedures. One of the concerns is what to...
Policy, Procedure, or Plan
Some standards like PCI and NIST require policies that cover specific topics. Sometimes you will see a requirement for a policy and...
Cybersecurity Policies Made Easy
People often ask for advice regarding information security or cybersecurity policies. For the remainder of this article, I will use...
Cybersecurity Policy for Local Governments
Here is a sample high-level cybersecurity policy for a city, district, or county. It is designed to be a high-level statement adopted by...
Does Security Awareness Work?
According to the Verizon 2018 Data Breach Report, 93% of data breaches are linked to phishing or social engineering. With stats like...
Microsoft Compliance Manager
Microsoft has released Compliance Manager for general availability this week. The feature was made available in Public Preview in...
System Security Plans 101
I just came back from my trip to NASA's Marshall Space Flight Center on the U.S. Army's Redstone Arsenal in Huntsville, Alabama, where I...
Five Challenges of Computer Security
A Paper I wrote for American Military University, Criminal Justice Department Introduction After a recent lecture on information systems...
Violence in the Workplace
Academic Paper for Risk Analysis & Loss Prevention The question as to whether downsizing affects violence in the workplace is easy to...
