IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [governance]

This tag serves to address issues related to IT (Project) Management, anything related to managing IT performance and creating value for an organisation (from the IT standpoint) is well suited for this tag.

Governance relates to "government" in the sense that resources are managed following strategic goals. In the IT context this means using IT resources to create business value.

Different frameworks have been created to facilitate the process of IT Governance, to name a few:

15 questions
25
votes
6 answers

How to start with an Information Security Program?

I am a software tester, InfoSec is mostly tangential to my job, and people only ask me questions about InfoSec because I am not afraid to use Google or Stack Exchange when I don't know something. (which is most of the time) Our US operations manager…
Amedee Van Gasse
  • 369
  • 3
  • 10
20
votes
9 answers

How to get top management support for security projects?

I am facing an issue regarding security projects, for example: last year we bought an antivirus licence for 500 (end point security), and made a policy in order to force everyone to install it, however, at the end of year, we found out that only 50…
Akam
  • 1,327
  • 3
  • 14
  • 23
6
votes
1 answer

How to determine risk ratings for third party mobile apps

Having rolled out corporate mobile phones and tablets, we have MDM in place enabling us to centrally deploy apps to all our users, and can perform remote wipe in the event of a lost device etc, however in order for the device to be of any real use…
richhallstoke
  • 218
  • 1
  • 7
3
votes
4 answers

Thumbdrive and its obsolescence?

Using USB drives in the corporate environment is always the topic of security because viruses and malware can be introduced maliciously or unintentionally. For corporate environment, I am thinking to implement and enforce something like file…
Pang Ser Lark
  • 1,929
  • 2
  • 16
  • 26
2
votes
2 answers

Are there specific reasons or benefits to using a tiered information security policy architecture?

I had another question in mind, but thought that I should ask this one first. Background: Everywhere I have been in the past has used a tiered policy architecture. What I mean is there is one global Information Security Policy, with general…
Craine
  • 349
  • 2
  • 14
2
votes
1 answer

What are the FEDRAMP "complementary controls"?

Quoting the FedRAMP official FAQ: FedRAMP requirements include additional controls above the standard NIST baseline controls in NIST SP 800-53 Revision 4. These additional controls address the unique elements of cloud computing to ensure all…
niilzon
  • 1,587
  • 2
  • 10
  • 17
1
vote
1 answer

What is the relation between ANSI and ISO regarding ISO 27000?

So in one answer I was told that ANSI is a governing body (the only one in the world) for ISO 27000? I think I got something wrong, because I don't see ANSI mentioned anywhere when I read about standards (not that I'm looking for that intentionaly).…
ZygD
  • 247
  • 1
  • 2
  • 10
1
vote
1 answer

Choosing the Path in IT Security

I graduated last year from an Informatics and Security degree program. This program was taken in a Canadian college. It equipped me with the basic security knowledge in all fields; networks, systems including both Linux and Windows, web applications…
Abdullah ALM
  • 11
  • 1
1
vote
0 answers

Difference between IAG and IDM

What is the difference between Identity Management products (such as Forefront/MIM, PicketLink, OpenIDM) and Identity Access Governance tools (such as Sailpoint,Savyint, CyberArk)? Apologies for another one of these terminology questions, I did look…
aquaman
  • 73
  • 5
1
vote
2 answers

Storing customer data securely (compliance)

I came a cross this data breach where developers of an organization stored some customer PII data on their github account. Common sense tells me that this is obviously stupid and careless thing to do. My question is that is there any security…
MR.Elegant
  • 43
  • 4
1
vote
2 answers

Possible setup for a direct democracy voting system to prevent fraud

My Government is designing a direct democratic voting system and would like the system to be open sourced and unable to be corrupted by individuals and other stakeholders. Some requirements as of now: Citizen individual votes shall remain…
mateos
  • 165
  • 1
  • 6
1
vote
1 answer

Challenges in Information security management

Information security management involves challenges that are essentially unique due to the combination of technical and organizational constraints. Identify two such challenges and discuss in depth how these can affect the way information…
Jonovan
  • 11
  • 1
1
vote
1 answer

What does Technical Constraint and Organisational Constraint mean in terms of Internet Security Management

I am on an essay with regards to the following topic: Information security management involves challenges that are essentially unique due to the combination of technical and organisational constraints. Identify two such challenges and discuss …
gymcode
  • 135
  • 1
  • 4
0
votes
2 answers

A website had a breach and isn't telling customers. What can I do?

A website recently had a bug where users could effortlessly inadvertently access and operate other users accounts - payment information and all. This website has an official community forum where they are responding to some inquiries with a…
guestp-p-p-panda
  • 1
-1
votes
1 answer

Information Security Validation

One of the business units (ou1) within our company is in the process of establishing an encrypted communication feed with an external vendor. The vendor provided a set of requirements for the actual implementation. That ou1 is asking info sec to…
RIN
  • 1
  • 2