What is PCI Compliance?

PCI Compliance is an industry-mandated security standard that applies to all businesses that handle, process or store credit cards. The Payment Card Industry (PCI) data security framework was created by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International. The PCI DSS framework is divided into 12 security requirements as follows: 1. Install […] Continue reading →

What is ISO 27001?

The ISO 27001 information security standard is a management system specification that provides direction to organizations to implement an Information Security Management System, as well as to obtain a third-party certificate to prove that security controls exist and operate according to the requirements of the standard. This provides confidence to an organization, and its customers […] Continue reading →

Sample Business Continuity Management Policy

Purpose The purpose of this policy is to provide guidance on how to mitigate interruptions to business activities establish a framework for developing plans and procedures to be used in the event of an outage. This includes both Business Continuity plans and IT Disaster Recovery plans to cover the whole organization. Scope This policy applies […] Continue reading →

Sample Internet and Email Security Policy

Purpose The purpose of the policy is to minimize risk associated with Internet and e-mail services, and defines controls against the threats of unauthorized access, theft of information, theft of services, and malicious disruption of services. Scope This policy applies to all users of information assets including <Organization-Name> employees, employees of temporary employment agencies, vendors, […] Continue reading →

Sample Fraud Management Policy

Purpose This policy sets out <Organization-Name>’s policy towards the prevention, detection and investigation of fraud and other similar irregularities. Scope This policy applies to all users of information assets including <Organization-Name> employees, employees of temporary employment agencies, vendors, business partners, and contractor personnel and functional units regardless of geographic locations. This Policy covers all Information […] Continue reading →

Sample Physical and Environmental Security Policy

Purpose This policy establishes guidelines to prevent unauthorized access and interference to <Organization-Name> Company’s premises and information assets. It also suggests guidelines to build security controls to prevent damage from physical security threats and environmental hazards. Scope This policy applies to all users of information assets including <Organization-Name> employees, employees of temporary employment agencies, vendors, […] Continue reading →

Sample Service Level Agreement Policy

Purpose The purpose of the policy is to ensure the availability of the information system resources and services from outsourced parties. It also highlights the issues related to integrity and protection of data, from environmental threats, while using the services of a third party. Scope This policy applies to all users of information assets including […] Continue reading →

Sample Employee Exit Policy

Purpose The purpose of the policy is to reduce risk with respect to the confidentiality, integrity and availability of <Organization-Name> information assets from an employee, contractor or other third party service provider who exits <Organization-Name> or is involuntarily terminated. This document relates <Organization-Name>’s policy towards terminated employees, contractors or other third party service providers. Scope […] Continue reading →

Adobe Flash Player and Shockwave Player security updates – December 2013

Adobe has released the following security advisories on 10, December 2013: Security updates for Adobe Flash Player: Adobe has released security updates for Adobe Flash Player. This update addresses vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Affected Software: Adobe Flash Player 11.9.900.152 and earlier […] Continue reading →

ColdFusion and Adobe Flash Player Security Updates

Adobe has released the following security advisories: Security updates available for ColdFusion Adobe has released a security update for ColdFusion. This update addresses a reflected cross site scripting vulnerability that could be exploited by a remote, authenticated user on ColdFusion 10 and earlier when the CFIDE directory is exposed. Affected Software: ColdFusion 10, 9.0.2, 9.0.1 […] Continue reading →