Rothstein Associates Inc. Business Survival ™ Weblog

The downturn in security investments and vulnerabilities in social networking are regarded as major threats to corporate information security, according to research from Deloitte Touche Tohmatsu.

Read the rest of this entry »

Data breaches cost organizations $202 per exposed record last year [2008], a 2.3 percent increase over 2007, concluded the fourth annual Ponemon Institute study.

Read the rest of this entry »

The European Network and Information Security Agency (ENISA) site’s purpose is to: “Promote Risk Assessment and Risk Management methods to enhance the capability of dealing with network and information security threats” [ENISA Regulation].

Read the rest of this entry »

“Without question, 2008 was an eventful year for major financial institutions, with massive losses, questions of solvency and, ultimately, government bailouts now totaling over a trillion dollars. The corporate fire sales, downsizing and mergers now commonplace in the financial industry are a cause for not only serious concern about the health of our economy, but also concerns relating to the security of personal and financial data.”

Read the rest of this entry »

Information Security Policies Made Easy is your definitive resource for a comprehensive information security policies for your enterprise.

Until April 30, 2009, Rothstein Associates is offering a $100 discount on this valuable tool - including both print AND CD-ROM - regularly $795, now only $695.00 PLUS FREE STANDARD SHIPPING! (prepaid orders only).

Information Security Policies Made Easy is the “gold standard” information security policy resource based on the 25 year consulting experience of Charles Cresson Wood, CISSP, CISA. The most complete security policy library available, ISPME contains over 1360 pre-written information security policies covering over 200 security topics and organized in ISO 17799 format. Take the work out of creating, writing, and implementing security policies!

Information Security Policies Made Easy has everything you need to save time and money building or updating written security policies, including:

1. A complete information security policy library with over 1360 individual pre-written security policies including:

• Coverage of the latest technical, legal and regulatory issues
• ISO 17799 outline format, allowing for easy gap-analysis against existing standards and security frameworks
• Expert commentary discussing the risks mitigated by each policy
• Target audience (management, technical, or user) and security environment (low, medium, high) for each policy
• Policy coverage maps for Sarbanes-Oxley (COBIT) and HIPAA security

2. Eighteen complete pre-written security policy documents that every company should have, updated and ready to use “as is” or with easy customization, including:

• User-targeted policies such as: Electronic Mail Policy, Internet Security Policy for End Users and Web Privacy Policy
• Organization-wide policies such as: High-Level Security Policy, Privacy policy, Information Ownership Policy
• Technology-based policies such as: Firewall Policy, Data Classification Policy and Network Security Policy
• Sample risk acceptance memo for the approval of out of compliance situations, a sample non-disclosure agreement, and a user policy acceptance agreement.

3. Expert advice on the security policy development and review process, including:

• A step-by-step checklist of security policy development tasks to quickly start a policy development project
• Helpful tips and tricks for getting management buy-in for information security policies and education
• Tips and techniques for raising security policy awareness
• Real-world examples of problems caused by missing or poor information security policies
• Policy development resources such as Information Security Periodicals, professional associations and related security organizations

4. All content included on an easy-to-use CD-ROM with an indexed and searchable HTML interface for easy location, featuring:

• Policies available in HTML, PDF, MS-Word format
• Easy cut-and-paste into existing corporate documents
• Extensive cross-references between policies that help the user quickly understand alternative solutions and complimentary controls

Information Security Policies Made Easy covers virtually every aspect of corporate information security including:

• Privacy issues
• Identity Theft
• Web pages
• Firewalls
• Employee surveillance
• Electronic commerce
• Digital signatures
• Computer viruses
• Encryption
• Contingency planning
• Logging controls
• Internet
• Intranets
• Corporate Governance
• Outsourcing security functions
• Computer emergency response teams
• Microcomputers
• Local area networks
• Voice Over IP
• Password selection
• Electronic mail
• SPAM Prevention
• Data Classification
• Telecommuting
• Telephone systems
• Portable computers
• User security training
• Information Security Related Terrorism

=====================================================================

To receive your $100 discount and free standard ground shipping (or equivalent discount), either click below, OR go to the full product description of Information Security Policies Made Easy and enter Coupon Code “ispme09” at checkout. Discount applies to prepaid orders only. Shipping charge will be adjusted at time of shipment.

=====================================

Take advantage of this limited offer on Information Security Policies Made Easy!

Information Security Policies Made Easy is your definitive resource for a comprehensive information security policies for your enterprise.

Until April 30, 2009, Rothstein Associates is offering a $100 discount on this valuable tool - including both print AND CD-ROM - regularly $795, now only $695.00 PLUS FREE STANDARD SHIPPING! (prepaid orders only).

Information Security Policies Made Easy is the “gold standard” information security policy resource based on the 25 year consulting experience of Charles Cresson Wood, CISSP, CISA. The most complete security policy library available, ISPME contains over 1360 pre-written information security policies covering over 200 security topics and organized in ISO 17799 format. Take the work out of creating, writing, and implementing security policies!

Information Security Policies Made Easy has everything you need to save time and money building or updating written security policies, including:

1. A complete information security policy library with over 1360 individual pre-written security policies including:

• Coverage of the latest technical, legal and regulatory issues
• ISO 17799 outline format, allowing for easy gap-analysis against existing standards and security frameworks
• Expert commentary discussing the risks mitigated by each policy
• Target audience (management, technical, or user) and security environment (low, medium, high) for each policy
• Policy coverage maps for Sarbanes-Oxley (COBIT) and HIPAA security

2. Eighteen complete pre-written security policy documents that every company should have, updated and ready to use “as is” or with easy customization, including:

• User-targeted policies such as: Electronic Mail Policy, Internet Security Policy for End Users and Web Privacy Policy
• Organization-wide policies such as: High-Level Security Policy, Privacy policy, Information Ownership Policy
• Technology-based policies such as: Firewall Policy, Data Classification Policy and Network Security Policy
• Sample risk acceptance memo for the approval of out of compliance situations, a sample non-disclosure agreement, and a user policy acceptance agreement.

3. Expert advice on the security policy development and review process, including:

• A step-by-step checklist of security policy development tasks to quickly start a policy development project
• Helpful tips and tricks for getting management buy-in for information security policies and education
• Tips and techniques for raising security policy awareness
• Real-world examples of problems caused by missing or poor information security policies
• Policy development resources such as Information Security Periodicals, professional associations and related security organizations

4. All content included on an easy-to-use CD-ROM with an indexed and searchable HTML interface for easy location, featuring:

• Policies available in HTML, PDF, MS-Word format
• Easy cut-and-paste into existing corporate documents
• Extensive cross-references between policies that help the user quickly understand alternative solutions and complimentary controls

Information Security Policies Made Easy covers virtually every aspect of corporate information security including:

• Privacy issues
• Identity Theft
• Web pages
• Firewalls
• Employee surveillance
• Electronic commerce
• Digital signatures
• Computer viruses
• Encryption
• Contingency planning
• Logging controls
• Internet
• Intranets
• Corporate Governance
• Outsourcing security functions
• Computer emergency response teams
• Microcomputers
• Local area networks
• Voice Over IP
• Password selection
• Electronic mail
• SPAM Prevention
• Data Classification
• Telecommuting
• Telephone systems
• Portable computers
• User security training
• Information Security Related Terrorism

=====================================================================

To receive your $100 discount and free standard ground shipping (or equivalent discount), either click below, OR go to the full product description of Information Security Policies Made Easy and enter Coupon Code “ispme09” at checkout. Discount applies to prepaid orders only. Shipping charge will be adjusted at time of shipment.

=====================================

Take advantage of this limited offer on Information Security Policies Made Easy!

Affixing a dollar cost to a problem has immense benefit, and The Ponemon Institute goes to great lengths to arrive at the figures for its Annual Cost of a Data Breach Study.

Read the rest of this entry »

IBM recently announced results from its annual 2008 X-Force Trend and Risk report, which found that corporations are unwittingly putting their own customers at risk for cybercriminal activity.

Read the rest of this entry »

ASIS International recently released the results of a January 2009 survey of its members to assess the impact of the current economic environment.   Survey respondents were asked about the economic impact on security functions of their organizations during the previous six months (June-December 2008).

Read the rest of this entry »

The New York City Police Department (NYPD) is in the process of notifying around 80,000 active and retired police officers that their personal information has been compromised. One employee from the New York City Police Pension Fund (NYCPPF) has been arrested for stealing tapes containing the records.
Read the rest of this entry »

Benchmarking study highlights where firms are failing.

A recent benchmarking study suggests that much work still needs to be done to ensure that a combined IT and corporate security function is adequately prepared to protect businesses from 21st century threats.

Read the rest of this entry »