In my last article I spoke at some length about not just why a Security Policy is important, what its content should be, but also how it should be written. There is no default setting for Security Policy. Remember, what works for one organisation probably won’t work for another.
Verizon has published its 2014 PCI Compliance Report, which can be downloaded from here. Like their Data Breach Investigation Report (DBIR) it is an excellent piece of research and provides insight into the challenges associated with complying with the Payment Card Industry’s Data Security Standard (PCI DSS) v2.0.
Interesting article in the NY Times here
It discusses the loss of an unencrypted laptop by a NASA employee that contained the confidential details of 10,000 employees including names, birth dates, social security numbers and, in some cases, personal information from background checks.