Questions tagged [corporate-policy]
A set of rules for employees of a corporation related to the use of information technology equipment and systems.
239
questions
32
votes
5
answers
7k
views
Does the recommendation to use password managers also apply to corporate environments?
In $SomeCorpo there is a policy that passwords must never be stored anywhere else except employees' heads. Paper notes, password managers, storing passwords in browsers, etc, are all forbidden. To ...
2
votes
0
answers
86
views
Which security measures are reasonable for senior management in a Fortune 500 company if nation state threat actors like APT28 become a concern?
Current Threat Intelligence leads me to believe, that Senior Management of my company could be targeted by Threat Actors like APT28.
Threats I am concerned about are - listed by priority:
Information ...
0
votes
0
answers
100
views
How to properly protect company laptop on a business trip to China [duplicate]
This question (How safe are employee laptops in China against International corporate espionage?) got me thinking - what is the proper way to go on a business trip to China and protect your laptop. ...
1
vote
3
answers
2k
views
Sharing internal security policies with potential customers?
We have a set of ISMS documents like master security policy, supplier relations etc. classified as INTERNAL according to data classification policy.
Now a potential customers infosec department is ...
-1
votes
1
answer
590
views
Difference between the telegram (win1) desktop app and web interface when it is "managed by your organization"?
Sometime ago I was told by our cyber department that Telegram desktop app is not "safe" as it allows silent installation of programs (first I heard about it, and they could not back it by ...
1
vote
2
answers
680
views
What is the reason for Sensitive But Unclassified (SBU)?
I've been reading about security classifications, and have a fundamental question I can't seem to find an answer to. Why does the designation Sensitive But Unclassified (SBU) exist? Why not just ...
-3
votes
1
answer
145
views
Is Windows 10 Insider Build usable within SOC 2 compliance? [closed]
Or Windows 11 pre-release, just cause I'm curious?
(By employees if that wasn't implicit.)
1
vote
1
answer
197
views
Cyber Essentials at a small business (20 employees) that keeps all business data within SaaS
Background
I've recently joined a rapidly growing small business (from 4 to 20 people in last 12 months) with a very DIY IT setup. It's fallen to me (I'm a developer so I just happen to be sitting ...
0
votes
0
answers
207
views
What is a good common approach for encrypted backup/restore on an embedded device?
An embedded device with Linux supports backup/restore of files encrypted with openssl. The idea of backup is: tar -c .... | openssl smime -encrypt -binary -aes-256-cbc -out backupfile.encrypted -...
0
votes
1
answer
202
views
Do the organisational policies need to have ownership to ensure accountability?
Policies are the high-level statement from Senior Management. It's a philosophy for the management to be guided by, and management has the direction to plan, build, run and monitor the activities to ...
0
votes
1
answer
152
views
Making Users Prove They Have Reviewed The Information Security Policy Documents [closed]
I am looking for a way to hold the departments accountable and ensure they atleast review the policies that we have. I was thinking about using adobe sign but don't want to go cloud. An application ...
0
votes
1
answer
177
views
Why does Chrome display "Managed by Organisation"? [closed]
My wife inadvertently clicked on a flash player update and suddenly my chrome browser displays that it is being managed by an Organisation.
I tried deleting chrome and reinstalling it but nothing ...
0
votes
2
answers
210
views
Measuring the Risk of Not Managing Risk
I've seen scenarios in which organizations don't invest enough in cybersecurity, are short-handed, and thus have a difficult time meeting the policy requirements defined within their Security Programs....
2
votes
1
answer
193
views
Requiring an on-site visit to reset a password or get VPN access
This is a question born more from the user perspective but I'm wondering how it fits into a proper user creation and management policy. As a consultant I tend to work with various different clients ...
0
votes
1
answer
139
views
Do corporate systems need to be updated immediately after updates are available? [duplicate]
I lived under impression that timely updates were very important. Even a home user wouldn't like their computer to demand ransom for their data. However, the less home and the more corporate our ...