All Questions
Tagged with audit corporate-policy
16
questions
0
votes
1
answer
202
views
Do the organisational policies need to have ownership to ensure accountability?
Policies are the high-level statement from Senior Management. It's a philosophy for the management to be guided by, and management has the direction to plan, build, run and monitor the activities to ...
- 13
2
votes
2
answers
265
views
Does an admin need legitimaly to access his own logs generated by auditd?
In my understanding, admins need to access logs of the servers, workstations, services and applications they manage, either for administration or debugging purposes, never to logs generated by auditd ...
- 617
2
votes
1
answer
340
views
Corporate penetration testing/phishing [closed]
If a company employs a security company to 'hack' into their systems and agrees to allow this security company to send fake phishing emails to employees...
...is that company (or the security company)...
- 121
3
votes
2
answers
12k
views
Can Google Policy Profile remotely erase all data on the device?
I'd like to configure my company's Google e-mail on my iPhone, however when enabling e-mail profile in Inbox, Gmail, Mail or any other app, the following Device Policy Alert is shown:
To use Google ...
- 819
0
votes
1
answer
214
views
Surveillance in the Workplace? [closed]
Auditing, surveillance and logging are typical and common place in the workplace, understandably so. These actions are crucial to establishing metrics and performance of the network and its resources.
...
- 1,259
5
votes
1
answer
463
views
Should I have special emoticon handling for compliance, audit and logging?
I'm required to audit various communications (email, sms, messenger, social media) for keywords relating to financial data, HIPPA, and other PII.
Is there any rational reason I should extend my ...
- 51k
3
votes
2
answers
672
views
In CIA triad of information security, what's the difference between confidentiality and availability?
I sometimes get confused between confidentiality and availability. This site defines confidentiality as
Measures undertaken to ensure confidentiality are designed to prevent
sensitive information ...
- 10.2k
5
votes
3
answers
318
views
How to check that passwords are not stored in a readable format
I'm writing a plan to audit my password policy, and I was stuck on one of my policy controls which was making sure that No password should be stored in a readable format.
What is the best practice ...
- 51
1
vote
1
answer
162
views
Advice needed regarding "Information Security Policy" - EI3PA requirements
Our new startup is required to jump through hoops in order to get authorization to use Experian. We are working out of WeWork (shared space). No experian data is stored on our local machines.
We do ...
- 153
1
vote
1
answer
152
views
Internal access to security sensitive data in a company
I'm building a software that requires a lot of security for the data. The user data in essence is very sensitive. So we are building a lot of encryption, 2 step authentication, app call tokenization ...
- 729
4
votes
1
answer
3k
views
Which security documents do providers typically share with their customers?
In the context of managed/cloud hosting, what level of information does a provider typically share (under NDA) with its customers for compliance audit/3rd party risk assessment purposes? What are ...
- 306
1
vote
1
answer
1k
views
Can a security control be both management, technical and operational?
I know that security controls are divided into three categories, namely technical, management and operational. Going through them I always felt as a though a control belonging to one of the above ...
- 233
1
vote
3
answers
735
views
In a company is it good to have a back door account?
Having a backdoor account (that is a username/password that can login in to an administrative account on all machines) can be very useful for IT staff. However, some believe it's a security breach. ...
- 10.2k
1
vote
2
answers
204
views
Security controls to implement on a private environment
On a large project, my company is responsible of administering the internal servers where applications used within the intranet are installed. One of our sites are accessible from outside but we do ...
user15194
1
vote
1
answer
311
views
Which are open problems on policy-based access control system?
I'm working on access control system and on analysis tools for reasoning on it. In A.C. system based on policy, think about XACML specifications, the overall behaviour of the system cannot be clearly ...
- 13