You are viewing 'security policy'

Incident Response Checklists

Understanding the Importance of Checklists

John Moran

March 29, 2016 - Posted by John Moran to Security Insight


Whether required by industry regulations or simply implemented as part of a solid incident response program, most organizations have at least a rudimentary incident response policy in place. A carefully crafted policy lays a foundation for the entire program. This policy, however, should be viewed as the jumping off point, not the end game. A successful incident response program needs to be supported, and not just by a few policies, but by procedures, checklists, people, training and tools.

An essential part of every incident response program is a checklist. Using procedures as a guide, checklists should provide direction for those who will be carrying out the tasks. Perhaps because they are the last step in the process, or perhaps because of their need for frequent updates, incident response checklists are often overlooked, underutilized, or at best, outdated.

Responding to a security incident can be stressful and chaotic. Well-designed checklists can supplement a... read more >

Security Review Policies in Higher Education

CMU and Advocacy for Strong Security Review Policies

Zach Holt

November 19, 2015 - Posted by Zach Holt to Security Insight


Last week the Tor Project created a bit of controversy when it accused Carnegie Mellon University (CMU) of accepting $1 million dollars in order to unmask Tor users.

At a high level, Tor is a privacy focused technology that routes traffic to hide the identity of its users. Tor became a favored technology by political activists and whistleblowers who need such protection, as well as cyber criminals and other unsavory types who want to abuse this protection. It isn’t a surprise that a government agency would be interested in breaking the veil of anonymity. The FBI supposedly used research from CMU to help bring down an illegal marketplace known as the Silk Road, which offered services ranging from normal legal goods, to forged documents, and a... read more >

Top Ten Tips to Protect Keys and Credentials

The impact of culture on cybersecurity

Derek Weakley

October 16, 2015 - Posted by Derek Weakley to Security Insight

In our blog last week, we discussed items that can influence culture and dabbled a bit into ‘planning to fail’ or ‘failing to plan’, oddly synonymous. I wanted to share a quick story that hopefully is motivational in some way to a very wide audience about the influences that culture can have on a defense-in-depth approach and some of the cataclysmic events that can ensue.

Last month, photos of the Transportation Safety Administration (TSA) master keys for unlocking TSA approved luggage locks were recently re-published by popular news and media outlets. Why is this a problem? The photos allow other master keys to be derived or cloned and used to gain physical access to travelers' possessions with little effort. Copies of the key be can be easily made by taping the paper printout to a blank key, sheet metal, plastic, etc. and using a grinder or Dremel tool to make a replica.

Surely, a dedicated... read more >

Is Your Organization Compliant or Secure?

Compliance doesn’t equal security

Derek Weakley

June 18, 2015 - Posted by Derek Weakley to Security Insight

Compliance Check

Security enables the continued success of any compliance program, not the other way around. If an organization chooses to do the bare minimum for security, then they should (in theory) expect a maximal impact as a result of a breach.

Take a moment and think about 2014, “The Year of the Data Breach.” It is highly unlikely that the information security (IS) and information technology (IT) teams in each of the major 2014 breaches were not aware of the vulnerabilities or the poor security architecture. However, was management aware of these vulnerabilities? And if so, what mitigation action did they take to correct those vulnerabilities?

It is crazy to me, as an information security manager at Solutionary, that an organization will wait for a catastrophic event or a third-party review before... read more >

Lobby Security and Beyond – Week 7 of 7

Developing Policy, Training Employees and Ensuring Compliance

Brad Curtis

April 30, 2015 - Posted by Brad Curtis to Security Insight

Last weeks’ post, Lobby Security and Beyond – Week 6 of 7: Utilizing Signage Effectively, offered guidance on how to use signage as a communication tool. This final blog in the seven week Lobby Security blog series, covers the importance of defining and publishing policies, providing training to employees and ensuring compliance.


It is very important to develop policies regarding the physical security measures you implement. These policies will help to define your security standards, and ultimately integrate with your overall security plan. Once you define your policies, be sure to get executive sponsorship for those policies, and then publish and communicate the policies to the organization.

Two items not... read more >

1 | 2 | 3 | 4 | 5 | 6 | 7 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)