July 8, 2019

Recently technical guidance was released for CIOs and CISOs on how to prepare for a ransomware attack.  This guide was a joint effort of multiple Federal agencies to address the growing concern of ransomware. In, “How to protect your Networks from Ransomware,” they pro...

May 17, 2019

Cybersecurity Supporting Documentation

In previous posts I outlined the required topics for cybersecurity policies and procedures.  In this post I will cover the cybersecurity related supporting documents.

The table below lists items or topics, that should be address eit...

May 10, 2019

In a previous post I outlined the required topics for cybersecurity policies.  In this post I will cover the required procedures from various cybersecurity standards and in a future post will cover the cybersecurity related supporting documents.

The table below lists it...

March 20, 2019

What topics need to be covered in cybersecurity policies?

In this post I will cover the required cybersecurity policies from various cybersecurity standards and in future posts I will cover cybersecurity procedures and cybersecurity related supporting documents.  The ta...

January 15, 2019

As an IT auditor for local governments, one of the most often asked questions I get during audits is this: “Who should setup user access in the financial application?”  There is a debate concerning whether it should be IT or finance staff that creates accounts and is i...

October 26, 2018

I often get called in to evaluate cybersecurity documentation, more specifically policies and procedures. One of the concerns is what to include in such documents.  For local governments, it is often easy to borrow a policy or procedure from another local government. A...

October 25, 2018

Some standards like PCI and NIST require policies that cover specific topics.  Sometimes you will see a requirement for a policy and procedure around a given topic, and other times you will see a requirement that says “policy and procedures.”  People often get hung up...

September 14, 2018

Many practitioners use these terms governance and management synonymously.  While there is some overlap in practice, there are key differences between governance and management of information systems.  For the highest-level stakeholders want to ensure the best use of I...

August 7, 2018

People often ask for advice regarding information security or cybersecurity policies.  For the remainder of this article, I will use cybersecurity and information security interchangeably.  Nearly always it is a loaded question, exactly what do they mean by policy?   C...

Please reload

Featured Posts

Does Security Awareness Work?

July 18, 2018

1/10
Please reload

Archive
Please reload

Follow Me
  • Facebook Basic Square
  • LinkedIn Social Icon
  • Twitter Basic Square
  • YouTube Social  Icon
  • SlideShare

© 2018 by Donald E. Hester. Proudly created with Wix.com     |    Sponsored by

  • Facebook Social Icon
  • LinkedIn Social Icon
  • Twitter Social Icon
  • YouTube Social  Icon
  • SlideShare