Sage Advice - Cybersecurity Blog

Putting Federal Cybersecurity Policy in Perspective

The cyber-threat ecosystem is complex, relentless, and rapidly evolving. It’s appropriate that those characteristics describe the work of creating national cybersecurity policy.

Read More

Topics: Security Policy, CyberCrime Symposium

Why Technology Lifecycle Management is Important to your Business

If you’re like most businesses, your IT environment is constantly evolving – operating systems are upgraded, new hardware is added, and new applications are launched. This ecosystem of connected and interdependent resources must be managed to ensure everything runs smoothly and is kept up-to-date, which can be a daunting task.

Read More

Topics: Security Policy

Lifecycle Management: How to Minimize Risks as Technology Evolves

Most businesses today could not operate without technology, and it often feels like technology is evolving at breakneck speed. Consider this… the personal computer has only been around for about 40 years, and now almost everyone carries a mini-computer around with them everywhere they go! While innovative technology provides many benefits, it also introduces risks to businesses large and small, especially if you aren’t managing your IT environment using the principles of lifecycle management.

Read More

Topics: Security Policy

Measuring the Effectiveness of your Cybersecurity Program

Cybersecurity spending continues to rise, but cybercrime doesn’t seem to be slowing down. While there’s no shortage of new technologies to invest in, the reality is that there’s no silver bullet solution to protect your organization from an attack. A layered approach, one that involves people, process, and technology, is required. But how do you know which solutions work best for your organization? The answer is metrics!

Read More

Topics: Security Policy

Elements of an Information Security Policy Hierarchy

An Information Security Policy provides the foundation for a successful cybersecurity program that can protect your information, help you prepare for and adapt to changing threat conditions, and withstand and recover rapidly from disruptions. A well-written policy clearly defines guiding principles, provides guidance to those who must make present and future decisions, and serves as an implementation roadmap. Policies are important, but alone they are limited in what they can accomplish. Policies need supporting documents to give them context and meaningful application.

Read More

Topics: Security Policy

Understanding Information Security Policies

Information security policies, standards, procedures, and plans exist for one reason – to protect the organization and, by extension, its constituents from harm. The lesson of the Information Security Policy domain is threefold:

  1. Information security directives should be codified in a written policy document.
  2. It is important that management participate in policy development and visibly support the policy.
  3. Information security should be strategically aligned with business requirements and relevant laws and regulations.
Read More

Topics: Security Policy

Fundamental Objectives of Information Security: The CIA Triad

In the information security world, CIA represents something we strive to attain rather than an agency of the United States government. Confidentiality, integrity, and availability (CIA) are the unifying attributes of an information security program.

Read More

Topics: Security Policy

Creating a Cybersecurity Culture Part 1: Institutional Memory

In the current cyber threat environment, organizations must be vigilant. Vigilance begins with preparation. Being prepared starts with being aware. To be successful, you need to develop cybersecurity awareness throughout your entire organization, which leads to institutional practices that support the secure execution of your business strategy. You need to create a culture of cybersecurity.

Read More

Topics: Security Policy, Cybersecurity Culture

What to Consider When Creating Your Business' Mobile Device Policy

It’s commonplace to use a mobile device in your day-to-day business life. Most companies have a mobile offering. And just like any business tool – especially one that has online capabilities – it’s important to assess the risks that mobile devices pose to your business, and then implement controls that can help mitigate those risks. From there, you should create a mobile device policy. 

Read More

Topics: Security Policy, Mobile Security

What’s the Best Mobile Device Management Strategy for my Organization?

Today being mobile in business is essential – and determining how your business manages mobile devices is important. There are cost considerations, use considerations, and management considerations.  But security considerations should also be an integral part of your mobile device strategy.  Almost every company out there has some kind of mobile offering, but if you’ve never considered the strategic elements of your program, it’s worth revisiting and potentially changing your practices based on what you find.

Read More

Topics: Security Policy, Mobile Security