Security Policy Subscription Update Includes Physical Security and Risk Assessment Policy

Press Releases » Latest PolicyShield Update

Press Release

New PolicyShield Update Addresses Risk Assessments, Physical Security and Employee Privacy

New information security policy updates include security policies and resources that addrees the latest business issues including Risk Assessment, physical security and employee privacy

HOUSTON, Texas – January 17, 2009 - Information Shield (www.informationshied.com), a leading developer of information security policy and security awareness products, today announced the latest update of the PolicyShield Information Security Policy Subscription service. This update includes new security policies and development resources covering IT Risk Assessments, physical security, and employee privacy. Additional incident-related topics include use of social networking sites and security of customer-support applications.

“Security policy development is not a one-time event, and organizations must periodically review and update written policies in response to new threats, new technologies and regulatory changes,” said David Lineman, president of Information Shield. "Our goal with this release was to address new business requirements from real-world incidents and regulatory bodies that are likely to impact the security policies of many organizations.”

The following topics are addressed in the latest release of PolicyShield:

Risk Assessment Policy - Information Security risk assessments are required for compliance with nearly all data protection laws. In this new Sample Risk Assessment Policy we help organizations formalize risk assessment controls into written policy. This new document covers roles and responsibilities for organizational risk assessments, documented risk methodology, terms and definitions, as well as requirements for periodic updates and annual reports. Risk Assessments are required for compliance with all data protection laws including HIPAA, GLBA, FACTA, FISMA, and NERC-CIP.

Risk Assessment Resources - Also included are three new supporting documents for risk assessments: Risk Assessment Process Diagram and Data Model, Sample Risk Assessment Threat Table, and Sample Wireless Network Risk Assessment Form.

Physical Security Policy - In this update we have created a complete new Sample Information Security Policy for physical security. These new documents are intended to organize a variety of physical controls within the policy library as well as the addition of several new policies related to visitor access, computing center locations, physical security logging and testing of physical security controls. These additional policy statements may also help organizations better assess the likelihood of environmental threats to the computing center during risk assessments. Physical security controls are required in all common frameworks such as ISO 27002, NIST, HIPAA, GLBA, and NERC-CIP.

Employee Information Privacy Policy - In response to the growing problem of identity theft, a number of states have passed laws which require the specific protection of sensitive employee data, such as social security numbers. As of this update, at least 34 different U.S. states had some type of law protecting employee or customer privacy. To help address these requirements, we have included a new Sample Employee Privacy Policy. The policy includes specific controls to limit the exposure of personal identifiable information (PII) of employees.

About the PolicyShield Security Policy Subscription Service

PolicyShield is the first service that enables organizations to keep written security policies updated based on the latest threats. Many organizations don’t have the time or expertise to monitor the information security landscape for new threats and then prioritize and integrate them into written policies. PolicyShield is designed to reduce the burden on in-house staff and allow them to focus on other critical information security tasks.

PolicyShield is based on Information Security Policies Made Easy by Charles Cresson Wood, CISSP, CISM, CISA, which has been the “gold-standard” security policy reference library and used by more than 7000 customers in 59 different countries. PolicyShield takes this leading resource to the next level with more content, regular updates and an improved web-based interface.

PolicyShield contains everything an organization needs to build and maintain a complete set of written information security policies, including:

A Comprehensive Library of Information Security Policies - PolicyShield contains over 1500 pre-written information security policies covering all 123 different security topics within the ISO 17799:2005/27002 security standard. Each policy contains expert commentary on the risks mitigated by each policy, as well as links to related policies and filters to target policies based on organizational roles.

Regular Security Policy Updates - Each quarter subscribers receive information security and privacy policy updates in response the latest technologies, threats, and regulatory changes. PolicyShield includes real-world security incidents mapped to individual policies designed to help mitigate the risks of these incidents.

Time Saving Policy Development Tools - The PolicyShield Security Policy Resource Library contains a growing list of over 50 sample templates, checklists, whitepapers, and forms to help save time in policy development and deployment. The Resource Library contains 20 completely pre-written sample policy documents that are essential in most organizations.

Easy-to-Use Web Interface - PolicyShield's secure web-based system is easy to navigate and allows you to quickly locate the information you need, when you need it. Browse or search for security policies by keyword, ISO category or topic. Each policy contains a detail page with links to related policies, real-world incidents, and resources to help implement each policy with your organization. Easily locate policy-related development resources and news items.

Organizations can find or more or register for free policy samples from PolicyShield at http://www.informationshield.com/information-security-policies.html

About Information Shield, Inc.

Information Shield is a global provider of information security, data privacy and security awareness products with over 7000 customers in 60 different countries. Headquartered in Houston, Texas, Information Shield's library of publications allow organizations to effectively build policy-based security and privacy programs that focus on compliance with international regulations. For more information, please visit www.informationshield.com or email us at sales@informationshield.com.