Journal Journal: Corporate Information Security Policy Musts?
I'm drafting a document that will be used as sort of an "Information Security Best Practices" / "Corporate Information Security Policies" reference for a handful of organizations.
One of the topics that inspired the need for the document is use of public wireless hotspots for business correspondence, especially in conjunction with insecure protocols like FTP (which sends both content and authentication data in cleartext) or many instant messengers (which send your conversation in cleartext), so that's an example of an issue that would appear in the document.
If you were writing such a document for your organization (or if you have already), what would your top 5 topics be? Also, what snazzy tools/services do you recommend for defeating and preventing common security blunders (free and otherwise)?
One of the topics that inspired the need for the document is use of public wireless hotspots for business correspondence, especially in conjunction with insecure protocols like FTP (which sends both content and authentication data in cleartext) or many instant messengers (which send your conversation in cleartext), so that's an example of an issue that would appear in the document.
If you were writing such a document for your organization (or if you have already), what would your top 5 topics be? Also, what snazzy tools/services do you recommend for defeating and preventing common security blunders (free and otherwise)?
