Archive for December, 2013

Yes, You Still Need Policies for Your Outsourced Activities!

Friday, December 27th, 2013

Here’s a statement I’ve answered over 100 times (seriously!) in the past few years.

“We’ve outsourced that IT activity, so we don’t we don’t need a policy for it.”

The one word reply to this statement is, (more…)

If it was Intentional it is *NOT* Incidental

Wednesday, December 11th, 2013

In the past week I got the third question in a one month time-frame about the same topic. My unwritten, loosely followed rule is that if three different organizations ask me pretty much the same question in a month, then it is something worth writing about; why are so many (well, a handful) of the same questions occurring in such a short period of time? Is some vendor out there spreading horribly bad advice? Let’s consider the topic… (more…)

Organizations Need to Use More Than One Type of Encryption

Tuesday, December 3rd, 2013

Encryption has been talked about a lot lately.  I’ve gotten at least a couple dozen questions from my Compliance Helper clients in the past month.  They can pretty much be boiled down to this question:

What encryption solution should we use?

Many of the small and mid-size businesses I help, and many start-ups of any size, are under the assumption that if they get one encryption solution, it will (more…)