Sage Advice - Cybersecurity Blog

Information Security vs. Cybersecurity

Before cybersecurity became a standard part of our lexicon, the practice of keeping information and data safe was simply known as information security. Although the two terms are still used interchangeably, there is a definite distinction between the two, which provides context and explains the evolution this discipline has recognized over the past two decades. This paradigm provides perspective and instruction for when your organization starts to build and implement a cybersecurity program today.

Read More

Topics: Security Policy, Information Security

The Information Security Policy Lifecycle

Regardless of whether a policy is based on guiding principles or regulatory requirements, its success depends in large part upon how the organization approaches the tasks of policy development, publication, adoption, and review. This process is collectively referred to as the policy lifecycle. The responsibilities associated with the policy lifecycle processes are distributed throughout an organization. Organizations that understand the lifecycle and take a structured approach will have a much better chance of success with their cybersecurity practices. Let’s breakdown the Information Security Policy (ISP) lifecycle into further detail.

Read More

Topics: Cybersecurity, Security Policy, Information Security

How to Start Developing Your ISP

The role of policy is to codify guiding principles, shape and require behavior, provide guidance to those who are tasked with making present and future decisions, and serve as an implementation roadmap. An information security policy (ISP) is a directive that:

Read More

Topics: Cybersecurity Tips, Regulations, Information Security

3 'Must Have' Cybersecurity Documents

We see news of devastating cyberattacks every day in private and public organizations of all sizes. From phishing attempts, to business email compromises, to full-blown ransomware attacks, any device that’s connected to the internet is at risk for an attack.

Read More

Topics: Security Policy, Incident Response, Information Security