Security Dogs and Their Uses

“Man's best friend” is a term that is used quite often to describe a dog, and why not? It's a term that fits! The companionship a dog can provide is unlike any other animal on the planet. However, for some people, a dog is more than just a best friend. To some, a dog is a tool that is utilized in situations where lives are at stake. Whether it be dogs that help soldiers in combat, patrol dogs out with their police partners, or even dogs that sniff out bombs, these heroes are found worldwide and are appreciated for their hard work.

For a dog to be able to perform jobs such as these, it requires a lot more than basic obedience training as well as specialized training. A lot of time, effort and money are put into each and every dog to not only train it, but to make sure that it grows up fit and healthy with a sound diet and proper vet care. These dogs are then used by businesses or the government to provide the tasks that they were trained to do. With a dog's special set of skills, they excel in their positions, and are an asset that are unlike any other in the world.

Detection Dogs

Dogs that make their way into detection, or nose work, use their most valuable sense – olfactory cells!  No human in the world could sniff out objects the way a dog can with his natural nose. Through training, a dog can help to pin point the exact location of an item that is or used to be in a location.  Bloodhounds are well known for their nose work in cadaver searching as well as search and rescue, but detection dogs need to have other skills as well for their irreplaceable jobs.

Humans may have the ability to use metal detectors and other scanning devices to help us find dangerous items, but nothing beats the trained dog's nose to find exact items one is looking for.  Airports often use both bomb and drug detection dogs.  Each dog has his own specialty of either explosive materials or illegal drugs and paraphernalia.  Even if the items are stashed in something as smelly as an old coffee can or cigar box, the dog can find it! Both public and private schools will regularly search lockers with the use of a detection dog unit to keep the area and students safe. Other establishments that may use such dogs include banks, public events, and cruise lines.

Guard Dogs

From the junk yard to the back yard, guard dogs are well known among the public for hard working and even slightly scary behavior.  However, a properly trained guard dog can make a public place of business safer and run more smoothly with peace of mind.  Guard dogs can be trained in a large manner of tasks or commands that will help provide security over his handler and property.  Theft, vandalism, and even violence can all be prevented with a properly trained and healthy guard dog.

While guard dogs are meant specifically to guard, they are not meant to attack and cause harm. Instead, many guard dogs will hold a person of interest using either intimidation techniques like that of the Bull Mastiff or by physically holding a person by their arm or leg.  Breeds that are used for guarding can vary, but many choose the German Shepherd Dog for his intelligence, size and athleticism.  Bully breeds are usually too friendly to be a guard dog, but English Mastiffs, Bull Mastiffs and others of this breed type when bred and trained to hone his natural instincts can be superb guard dogs for businesses as well as home steads.

Guard dog duty does not stop there!  Guarding is needed for farms to protect live stock from predators and thieves.  Livestock guard dogs are usually German Shepherd Dogs, Anatolian Shepherds, Great Pyrenees, Australian Shepherd and other breeds that have been bred for centuries to instinctively be weary of strangers and protect other animals.  Just because these breeds have the instincts to do the work, however, they still need trained in commands that will aid the human and keep the livestock secure.

Dog Jobs

Dogs have the ability to work in many jobs. Outside of guard duty and nose work, dogs can be used as patrol dogs, helping police chase down criminals or find evidence. These dogs are specially trained in taking down people without hurting them, usually by throwing them off balance and then using a vice like grip with their mouth to keep them in position. Once the suspect is restrained by the dog, the police humans move in with handcuffs. Combat dogs are similar, but instead are employed by the government for work with the armed forces. These dogs behave in a similar fashion, but will sometimes have secondary attributes that make them fit for the battlefield. Some are able to detect mines in the ground, help find bombs, or even track down soldiers and civilians that have been captured.

The amazing thing is, these are the same types of dogs we see walking down the road with their best friend. A lot of the dogs employed by businesses or the government are privately owned dogs, trained with certain specialties and then hired. Sarah Robinson from Lancaster Kennels says “Some dogs are even hired just for special events or certain times of the year. Many of these dogs are awarded medals of honor for their service in police work, detection or for helping soldiers in the line of duty”.

In other words, “Man's Best Friend” is more than just a best friend, but a guardian, soldier, brother in arms and more. These amazing animals are capable of fantastic things, things that help our businesses

One Hour Security Polices

one hour policies

Imagine having all your information security documentation with full ISO 27002 coverage written to a high standard within the next hour - with Security Bastion you can!

  • Simply sign up to our service and have instant access to a comprehensive range of security governance documentation templates, including information security policies standards and procedures.
  • Security Bastion`s security templates have been developed by our team of information security authors who have many years of experience developing and more importantly implementing information security management across a wide range of organizational types.
  • In addition, all information security templates are constantly reviewed to ensure that they are up-to-date with industry best practices.
  • Our information security documentation will give you complete regulatory compliance coverage providing statements which can be easily mapped back to any compliance regulation.

Security Bastion services and products combine actionable wisdom and relevant implementation advice embedded in security templates that cover the full range of information security controls....

Security Bastion's security templates are comprehensive and wide ranging with hundreds of policy and standard statements covering every aspect of information security.

Don’t Make Yourself A Target

Target Banner

Don't make yourself a target - get premium quality information security templates written by CISSP certified security professionals.

Catapult your organization to a high level of security by utilizing CISSP security professionals and the vast working knowledge of the International Standards Organization Code of Practice for Information Security Management (ISO 27002).

Security Bastion`s security templates have been developed by our team of information security authors who have many years of experience developing and more importantly implementing information security management across a wide range of organizational types.

Our templates are not just sample security examples, instead they are high-quality easily deployed information security governance templates, which can be easily customized and implemented.

Implement high-quality ISO 27002 information security policies, standards and processes -- In just a few hours you could have a complete information security governance documentation printed and fully customized to your organizations policy structure.

Because Security Bastions information security and risk management templates are developed based on industry standards you'll be reassured that your information security policies are complete and will:
(a) meet virtually any industry compliance regulation
(b) be credible and easy to communicate to senior management
(c) provide instant credibility and reassurance to business partners and clients.

Why do we need security management?

Today's commercial environment of eCommerce and highly sophisticated business offers many opportunities. The online world is rapidly growing and promoting a real global economy. This inter-networking of computers is creating border-less markets across many industries. To compete effectively within this global economy requires organizations to embrace a level of openness and accessibility. Companies intending to embrace this promising market and leverage the competitive advantages provided by Internet must devise and implement strong information security policies, both to safeguard their own information systems as well as maintain their customer’s confidence and trust.

Let's face it, developing and implementing information security policies and standards is an essential part of doing good business in today's highly sophisticated business world. Security Bastion consists of a group of senior security consultants with a mission to give every organization a chance to implement information security policies, standards and processes which are second to none, turning information security officers, managers, and information technology professionals into expert information security authors for their organizations. Sound business practices mandate security-protection for business assets. As business utilization of the Internet grows and many more private networks are linked to the Internet, the requirement for secure communications and networks grow at the same time.

Let Security Bastion do all the policy, standards and process writing and maintenance.

Writing an information security policy can be a difficult and daunting task that usually takes expert information security knowledge and a team of technical writers to complete effectively. Even when your information security policies are complete applicable standards and procedures must be written to communicate and enforce the policy statement requirements. To complete all this it can take many thousands of dollars and months to complete.

Policy Development Costs


Typical cost of developing an information security policy

Below we have set out the costs for developing one complete information security policy with a length of 100 pages. Our service provides access to thousands of pages of not only policies but standards, processes and more.

Ideally a technical writer and information security professional would be needed to develop information security documentation. Hourly rates for skilled information security professionals can range from anywhere between $80 to over $300 an hour and a technical writers between $50 and $100 an hour.

Security Policy/Standard/Process Development Cost = Policy Length (pages) x Time x Cost Per Hour

To make our point we will take a very conservative approach and assume that we got a bargain and hired a technical writer and information security consultant for a combined hourly fee of $120 an hour. To develop a draft 100 page ISO 27002 based information security policy it would take around 100+ hours for both a technical writer and information security consultant to complete. Generally speaking the total cost of development would depend on many factors so in this example we have used very conservative numbers.

Total time: 100 pages x 1 hour per page = 100 hours
Total cost: 100 hours x 120 per hour = $12,000.00

If we were to hire an information security consultant from a large consulting firm this number would look more like $20,000 to $30,000 depending on the your organization's requirements.

Estimated cost for security documentation maintenance

Developing the initial documentation is only part of the overall cost. All security documents must be reviewed and maintained to keep up-to-date. It is advised that the information security documentation be reviewed at least annually. Again here it can take up to a week of work to review all the policy documents for a typical mid-sized organization. If we use the same equation as before at $120 an hour for a technical writer and security consultant we would be looking at the figure below annually.

40 hours at $120 dollars an hour = $4,200.00

Again Security Bastion pays for itself many times over just on saved maintenance costs.

Security Policy Development Process

The following Information Security Policy Development Process is designed to offer a speedy breakdown of the most important actions of this particular development, refinement, and acceptance associated with a company information security policy document.

Many of the following steps can be pursued simultaneously or perhaps in an order distinct from the next:
Perform a risk assessment or information technology audit to determine your organization’s unique information security needs. These needs must be addressed in a policy document.This Will Clarify what the word “policy” means within your organization so that you are not preparing a “standard,” “procedure,” or some other related material.

1. Convince management that it is advisable to have documented information security policies.

2. Identify the top management staff who will be approving the final information security document and all influential reviewers.

3. Collect and read all existing internal information security awareness material and make a list of the included bottom-line messages.

4. Conduct a brief internal survey to gather ideas that stakeholders believe should be included in a new or updated information security policy.

5. Examine other policies issued by your organization such as those from Human Resources management, to identify prevailing format, style, tone, length, and cross-references. The goal is to produce information that conforms with previous efforts.

6. Identify the audience to receive information security policy materials and determine whether they will each get a separate document or a separate page on an intranet site.

7. Ensure that roles and responsibilities related to information security are clarified, including responsibility for issuing and maintaining policies.

8. Determine the extent to which the audience is literate, computer knowledgeable, and receptive to security messages. This includes understanding the corporate culture surrounding information security.

9. Decide whether some other awareness efforts must take place before information security policies are issued. For example, one effort might show that information itself has become a critical factor of production.

10. Using ideas from the risk assessment, prepare a list of absolutely essential policy messages that must be communicated. Consult the policy statements as well the as policy templates found 0n this site.

11. If there is more than one audience, match the audiences with the bottom-line messages to be communicated through a coverage matrix. For more information, see Chapter 2, “Instructions.”

12. Determine how the policy material will be disseminated, noting the constraints and implications of each medium of communication.

13. Review the compliance checking process, disciplinary process, and enforcement process to ensure that they all can work smoothly with the new policy document.

14. Determine whether the number of messages is too large to be handled all at one time, and if so, identify different categories of material that will be issued at different times.

15. Have an outline of topics to be included in the first document reviewed by several stakeholders. An information security management committee is the ideal review board.

16. Based on comments from the stakeholders, revise the initial outline and prepare a first draft, extracting policies as needed from this book.

17. Have the first draft document reviewed by the stakeholders for initial reactions, presentation suggestions, and implementation ideas.

18. Revise the draft in response to comments from stakeholders. Expect this step to repeat several times.

19. Request top management approval on the policy. Changes may be necessary, in which case this step may repeat several times.

20. Prepare extracts of the policy document for selected purposes. For example, for a form signed by users receiving new or renewed user IDs and passwords.

21. Develop an awareness plan that uses the policy document as a source of ideas and requirements.

22. Create a working papers memo indicating the disposition of all comments received from reviewers, even if no changes were made.

23. Write a memo about the project, what you learned, and what needs to be fixed so that the next version of the policy document can be prepared more efficiently, better received by the readers, and more responsive to the unique circumstances facing your organization.

24. Prepare a list of next steps that will be required to implement the requirements specified in the Information Security Policy Development Process and concluding information security policy. This can include the development of an information security architecture, manual procedures documents, and technical information security standards, and acquisition of new products, hiring new technical staff, and other matters.
Our premium information security policy package will save you weeks and thousands of dollars in resources. This package contains everything you need to get you going on your policy implementation.

Policy Samples

Policy samples can be used to assist an organisation's own policy development efforts. Writing an information security policy is a very difficult and arduous task. If you are unaccustomed to it you may find it frustrating and confusing. Many organisations have a standard set of organisational policies that govern the way the business is performed. These policies are implemented to support business objectives and the mission of the enterprise. Security Bastion has a large range of policies standards and procedures which can help you develop your own information security management framework quickly and effectively. Here Is a brief description of the different types of security policy samples you can expect to find at Security Bastion:

Levels of information security management documentation

In information security it is best practices to organise your information security management framework into segregated levels. The first level sometimes called an organisational policy level is where information security policy documents should reside. These top level policies are implemented to manage risks across the entire business holistically. On the second level we have more topic specific governance documents called information security standards which address issues like authentication and authorisation, communications and operations management etc. Finally on the third level we have low-level procedure documents which address requirements that support necessary steps for implementing standards and policies.

There are a number of good reasons to segregate these various types of documents:

• Each one of these security documentation types serves a different purpose and may communicate to a different audience. For example the domain of the reader may be different such as investors’ regulators and contractors would have different access and granularity of information than internal employees.

• More detailed levels of documentation will need to be updated and maintained more regularly as technology changes in the environment and across the organisation. Segregating documentation makes changes to standards, procedures and processes easier to update and maintain. While an update to the policy would take a lot longer due to its ratification process with senior executives.

Below are a number of descriptions of the various types of documents that should help the reader distinguish between each of them and provide a little guidance in segregating these documents from a single document that may contain them all and therefore be difficult to manage. Security Bastion’s policy samples are divided into each of the following:


Information security policy definition:

The information security policy is at the highest level that defines the organisation's commitment to information security and its importance to the organisations objectives and business. The information security policy captures an organisational commitment to securing information assets and the incorporation of security into the corporate strategy in an effort to manage operational risk. Additionally the information security policy authorises certain activities and assigns corporate responsibility and accountability for meeting the policies intent. This high-level document provides guidance for the development of all low-level documents that defines both requirements and measurements for the organisation and how the organisation should meet each requirement. By its nature an information security policy is senior management's instructions on how the organisation should be run from a security perspective. It is an overall statement of high-level objectives, ethics, goals and roles and responsibilities. Everyone corporate wide must comply and require executive approval when an individual or corporation desires to take an opposing course of action. An information security policy changes little overtime.


Information security standards definition

Information security standards dictate the use of Pacific technologies in a holistic way to meet individual statements set out by the information security policy. Like policies standards are compulsory and must be implemented across an organisation in a uniform way. Standards are generally changed and updated as technology and their requirements are updated and changed over time. The information security policy statements that standards are used to enforce need to be reviewed on a periodic basis, and if they are altered in any way then the standards should be adjusted to, comply. Standards are a set of rules for implementing policy. Standards direct the reader towards specific technologies, methodologies, and implementation procedures. Compliance with standards is compulsory, and exceptions must be managed via a risk management process without exception. Generally a simple single policy statement can generate many standards.


Information security Procedures definition

Information security procedures are the lowest level that a company will generally specify and document. Procedures can be described as various steps that are performed to accomplish a specific security related task. These detailed steps should be implemented by employees to meet security requirement or to implement other elements such as standard policy statements. Procedures will change over time more often than policies and more frequently than standards since they are driven by the business needs, structure and individual skill of the personnel that perform them. Information security standards have the most direct impact on the scale and development of procedures. Procedures generally include references to these other elements of the documented information security policy chain. Additionally information security procedures should include training and logging as necessary for employees performing their execution. Information security procedures contain specific operational steps employees must take to achieve goals which are often stated in policies and standards.

Security bastions policy samples

All of the above may sound very overwhelming to some but by using security bastions policy framework these individual documents can be produced in a matter of hours quickly and easily enforcing inducing best practices.

Security Policy Examples

Security Bastion provides First-class policy examples helping organisations quickly and effectively generate their own information security policy framework based on industry best practices today.

One should consider that securing an organisation and its information assets is not just about picking and choosing technical security controls. We have met many so-called information security professionals who can talk about nothing else but security gadgets and gizmos. However technical security controls such as firewalls, IDP,s are only as good as they are managed and configured. Left to their own devices they soon become weakened and ineffective. Security assessments of organisations with state-of-the-art information security technical controls using ineffective or totally absent information security policies usually results in a $20,000 firewall allowing traffic from unknown sources. Or expensive log management and alerting software with no one monitoring it or answering its ever repeating alerts. Organisations buying these expensive technical security controls do so in a hope that they will meet the control requirements of a compliance regulation, or on the advice of an information security vendors to meet certain control objectives.

It is advisable to be very careful as many information security tools are overly priced and too complex to be economically managed on the long-term. This over complexity weakens the security posture of the organisation risking a false state security. Technical controls are very important but they must be managed and configured to enforce the overall corporate risk management strategy, information security policy and information security standards that govern them.

All technical controls must be effective, controlled and understood at all times. Introducing whizz-bang gadgets and complex technical security software outside of your corporate risk management strategy increases the risk of a weakened security posture.

Risk management ensures that effective controls are placed were needed in an area that warrants such an investment. An information security policy will ensure that the correct safeguards are thought about and put in place throughout the organisation pervasively not leaving certain sections of the business wide open to an attacker. Information security standards will ensure that each technical area is configured to a predefined specification based on risk and threat levels.

We have been asked many times about how we know what needs to be assessed and controls that need to be in place to ensure that an organisation has a good defence in depth strategy in place. The answer is to simply use a widely recognised and accepted industry standard for information security management.

As a consultant if we just went into an organisation and made things up as we went along it would be very hard to defend our decisions and controls that we recommended putting in place. However by using widely recognised information security management standard defending our decisions and recommending controls can be very easily explained to our customers.

Security bastion's information security policy examples are based on the ISO 27002 which is today's industry best practice for information security management. Our Policy service offering provides an organisation with everything it needs to implement an effective information security management system throughout their organisation from the policies right down to the individual Standards that manage technical controls across an organisation.

A good reference can be found here

Security Policy Templates

Security Bastion provides first-class Information security policy templates for organizations wishing to create new or restructure their existing Information security policy Framework.

An Information security policy is a special form of documented business rules directed from senior management. Clearly there was no requirement for them 40 years back. The surge of information-processing systems such as intelligent smart phones, the internet, and personal electronic assistants has motivated this transformation. Those employed in the business enterprise setting will need to have distinct and conclusive directions that will help them in securing information assets. In the same way it truly is unthinkable that millions of car drivers might possibly be on the road with no laws and regulations, also it is unthinkable that an incredible number of business people would operate systems without information security policies.

A little information on policy compliance

Information Security policy and other types compliance have always been understood to be a part of just doing good business. Banking and financial industries have lived under regulation since the creation of the financial markets. In addition industries such as healthcare have gone under heavy oversight as well as other business sectors.

To comply with any of today’s regulations one must gain a thorough understanding of the particular regulation that is applicable to you. Confusion and misinformation cause organizations to lose millions day after day generating projects which are unnecessary and don’t provide any safeguards or cover gaps in the organization security compliance efforts.

What’s driving policy Compliance?

Policy compliance is generally introduced in the event of some sort of negative incident. A good example of this would be the securities and exchange Acts in the United States which was brought about in response to the stock market crash in 1929. The US Congress understood that better reporting requirements were necessary to ensure that investors would receive more accurate information and make better informed decisions. This worked at least for the second half of the 20th century.

Globalization and the fast pace of information technology has brought about a whole new range of threats and security risks.

In the nineties, laws and regulations for example the Health Insurance Portability and Accountability Act (HIPAA) and also the Financial Services Modernization Act – aka the Gramm-Leach-Bliley Act (GLBA) – had been approved in the United States to safeguard the privacy of private data. Every one of these polices has specific prerequisites for the security associated with Personally Identifiable Information (PII). Additionally, both these polices call for yearly risk assessments to ascertain compliance with the specifications. For GLBA, the audits are carried out by auditors from the govt bureau that oversees a specific financial institution. Instances of these types of organizations range from the Federal Reserve Bank (FRB), the Federal Deposit

Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC), and also the National Association of Credit Bureaus (NACB). During the 2000s, a number of policy makers thought that the failure associated with a pair of huge public companies – Enron and WorldCom – might have been recognized as well as avoided had suitable controls and accountability measures been in place. These, and several other less-publicized meltdowns, brought on the passing of the Sarbanes-Oxley Act in 2002.

Information security policy | important tips to remember!

When considering a revamped or new information security policy framework it is important to understand that this framework is merely not for the sake of any compliance efforts. If this attitude is taken the result will be a total and utter train wreck (believe me I’ve been there). During my time as a an information security management consultant I’ve seen many organizations go down this road thinking that they can introduce a good solid policy structure around a certain segment of information which has to comply to applicable compliance requirements. This has resulted in the spinning up project after project in an effort to hunt down application databases and servers which process store certain types of information which have to comply with the regulation in question. When these projects are complete and they have a dubious list of applicable Information Systems which they hope covers all the necessary information systems. From here on in the task gets even more difficult as the company tries to segment the applicable Information Systems from the other parts of their operational environment.

New project teams are hired to perform such tasks and work out the problems of segmentation from one system from another; consultants are hired to review architectural documents to give their opinions and report on if the segmentation is good enough to remove certain servers from compliance. It just gets messier and more complicated, people start losing their tempers and everybody loses sight of the fact that the reason the policy is being put in place is to make the organization’s operations secure and effective, and to ensure they run in harmony with the underlying objectives of policies that underpin the organization security management framework.

You should never forget about the big picture, this may sound a little obvious but I have seen more organizations plan their security controls around compliance than not. This has left them completely open to attack and misuses due to the fact that they missed the deployment of key controls on essential systems. There have been a countless number of security violations in companies which are certified as compliant.

Get a more detailed information on how to develop your information security policy Please refer to the following page "information security policy development process"

A good reference can be found here

Procedure Template

Procedures are very unique, in fact they are unique as the organization they are placed in. Unfortunately there is no generally accepted standard for the correct way to produce a good procedure. The main factor that will determine how your developed procedures will look will be how your current procedures templates are designed for your organization and how you intend the procedure to be used by its intended audience. Because of these factors your procedures may have a different look and not be completely unified in design because each procedure will have a different audience.

Writing a procedure is very different from writing a policy as it doesn't have to be approved by senior management. A procedure must only enforce policy and applicable standards and must be instructive in nature. It is recommended not to use teams of people to develop a good procedure. Large teams of people will actually slow down the process of development.

When information security professionals get to the procedures some believe that the large quantity of work is complete and now it is up to the individual technical subject matter experts to write the individual procedures. Generally this does not work because the subject matter experts are generally too busy with their day-to-day functions and already overworked to find the time to develop or worry about more paperwork. Writing procedures is usually the last thing they will want to do so it is usually left till last if done at all.

If budget warrants it is recommended that you hire a technical writer or dedicate a person to gather the relevant information from the subject matter expert and put the information into a procedure format. Good procedure templates can be found on this site and are a good foundation for building your own procedure documents. Using procedure templates will quickly speed up the process enabling you to concentrate on what needs to be done rather than worrying about the documentation of format. Procedure templates can also be used as a guideline to ensure that every base is covered in your role revision.

When scheduling meetings with the subject matter expert be sure to ask them to bring any current documentation they have including flowcharts or graphics that demonstrate the particular tasks that are performed. Visual aids such as flowcharts or an information flow model are very valuable in the procedure development process. Usually the meaning should only take around one hour which should be long enough to get the information necessary, you can use a procedure template to guide the questions and keep the subject matter expert on track. Once the questioning is complete make sure you tell subject matter expert what the next steps are so they understand clearly of forthcoming events.

Below are some general steps that will be performed after the interview:

• The information derived from the interview will be put into the procedure format

• A draft procedure document will be produced and sent to subject matter expert for their consideration and if necessary editing

• The technical writer or project person will update the procedure based on the subject matter experts comments or revisions

• Additional items can then added to the procedure

• The procedure will be put through some testing

• If the procedure is successful producing the proper results, it will be published according to the appropriate procedure approval process.

Security Bastion provides a range of excellent procedure templates which you can use to base your own procedure development project on. These templates have been developed using industry best practices as a guideline. These documents will help you have your procedures up and running in no time.

A good reference can be found here

Why Identity and credit card theft drives regulatory compliance

Identity and credit card theft are becoming increasingly major problems for organisations to deal with year over year. These types of criminal activity have predated the Internet, with the ironic truth that tools which are designed to improve business efficiency also make criminal activity more convenient and efficient.

High-tech criminals and increasingly criminal organisations have discovered that the Internet provides perfect ground to set up moneymaking activities. Criminals now no longer have two put themselves at risk by breaking into buildings and having to be physically present to commit a crime. These high-tech criminals range from pyjama wearing Coke drinking teenagers to organised sophisticated criminal organisations with an incredible amount of technology and large troops of security experts to execute their bidding.

Events in the news like Sony's PlayStation network being compromised in May 2011 leaking credit card and personal information seems to be becoming more common year after year. Official statistics provide us with an alarming number of successful recorded attacks which range from 40 - 50 million in the US alone in 2010. One should also consider that most attacks never get recorded and are kept secret by organisations seeking to save face and avoid a tarnished reputation.

Criminals every day are getting more creative designing exploits to secretly penetrate organisations and steal information.

The fact of the matter is that with the age of the Internet and digital computing, sensitive information assets have never been more at risk. Today even common attacks which have been utilised over many years are still effective when used against organisations which have an ineffective security management in place, or in most cases don't have any security management in place.

One should consider that millions of people join the Internet every day to conduct business or make personal purchases; this means that more companies are storing more data which makes it more important than ever for credit card companies, banks, companies and governments to ensure that the proper security controls are in place to protect financial and personal information being stored by organisations.

Today there are quite a number of laws and regulations which companies have to comply with which and have become increasingly popular over the last 10 years. Depending on the company's industry and how it does business effects which regulation they have to comply with. Examples of regulatory compliance include: Gramm-Leach Bliley Act of 1999 (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX), Payment Card Industry (PCI) Data Security Standards (DSS), and other regulatory mandates including privacy, or a combination. Some of the above regulations are laws and others are not, for example unlike SOX or HIPAA, the PCI DSS is not a law, non-compliance in the case of PCI will not land you in prison however penalties for non-compliance include having your merchant status removed or large fines. Depending on how a Company does business losing the ability to process credit cards could be extremely damaging and often fatal to the success of the business.

No matter what size organization you are it is important and good business to understand if you have to comply to regulations applicable to your business but more importantly it is critical that you understand how your information assets are being protected compared to best practices today.

Copyright - Security