08/13/2007 - Contingency and computer-security emergency-response plans must be kept in a state of readiness. Three key components of readiness are tests that ensure that the plan will work as described; training that informs personnel of their roles and responsibilities vis-a-vis the plan; and exercises that simulate an emergency to test the plan's viability. The National Institute of Standards and Technology has created an in-depth guide to tests, training, and exercise programs as they relate to IT plans. The guide includes checklists as well as detailed sample objectives and scenarios. Read the guide: Test, Training, and Exercise Programs for IT Plans and Capabilities.
08/10/2007 - A trio of computer scientists at Stanford University is developing a conceptual framework for understanding privacy expectations and their implications using the tenets of a principle called contextual integrity.
08/10/2007 - The CISO Handbook: A Practical Guide To Securing Your Company is written by several Certified Information Systems Security Professionals who have set out to write the ultimate information officer’s handbook.
08/10/2007 - While the ability to access databases from anywhere via the Internet enhances everyone’s efficiency, it also raises the risk that personal and proprietary information will fall into the wrong hands.
08/10/2007 - Hak.5 calls itself “a television show for geeks, hackers, and do-it-yourselfers” that is distributed online in short YouTube segments. Find out more about the exploits that are coming your way by visiting Hak.5., this month’s Site to See.
08/10/2007 - The average stock prices of six companies that had disclosed an information security breach between February 2005 and June 2006 fell by five percent within a month of the disclosure and remained as much as 8.5 percent below predisclosure levels for nearly a year.