Information Security Policy Solution Addresses FERC Cyber-Security Standards

Press Releases » FERC Cyber-Security Standards

Press Release

Information Security Policy Solution Addresses FERC Cyber-Security Standards

New Information Security Policy and Security Awareness Products Address Key Areas of FERC/NERC Mandatory Reliability Standards for Critical Infrastructure Protection

HOUSTON, Texas – March 1, 2008 - Information Shield, a leading developer and distributor of information security policy and awareness products, today released their FERC Security Solution Bundle. This new solution bundle allows organizations responsible for protecting the nation’s critical infrastructure to address key security policy and security awareness provisions of the newly adopted cyber-security standards.

“To effectively protect critical information, organizations must develop a robust set of written information security policies and also educate employees on how to use these policies,” said David Lineman, president of Information Shield. “Our information security policy and security awareness products can save organizations thousands of dollars and hundreds of man-hours maintaining a cyber-security plan based on a robust set of security policies that address the latest threats.”

The requirements to develop information security policies and provide ongoing awareness are critical components of any information security program and have been formally documented in the new FERC standards. To help address the standard, Information Shield has bundled their two leading subscription products into a NERC Solution Bundle. This bundle provides a discounted price for all of their leading products.

Time Saving Information Security Policy Solutions

Section R1 (Security Policy Controls) of CIP-003-1 of the standard requires the development and implementation of a written security policy that addresses all of the various security requirements of the entire cyber-security standard. Requirement R3 provides that a responsible entity must document exceptions to its policy with documentation and senior management approval.

The new PolicyShield Security Policy Subscription Service contains everything an organization needs to build and maintain a complete set of written information security policies, including:

A comprehensive library of over 1400 pre-written information security policies and expert commentary covering each of the security areas identified FERC security standard. These include:
Critical Cyber Asset Identification; Security Management Controls; Personnel and Training; Electronic Security Perimeters; Physical Security of Critical Cyber Assets; Systems Security Management; Incident Reporting and Response Planning; and Recovery Plans for Critical Cyber Assets.
Quarterly security policy updates in response to the latest technologies, incidents and regulatory changes.
A complete policy-development tutorial based on the 25 year consulting experience of author Charles Cresson Wood, CISSP, CISM, CISA.
18 completely pre-written sample policy documents that every organization should have, covering essential topics such as email, network security, firewalls, data classification, internet use, telecommuting, and many others.
Time-saving policy development resources to help your organization get policies developed, approved and implemented quickly.

PolicyShield is based on the “gold standard” policy resource Information Security Policies Made Easy by Charles Cresson Wood, CISSP, CISM, CISA used by more than 7000 customers in 59 different countries. The security policies within PolicyShield come in HTML, PDF and MS-Word format for easy customization, and include an organization-wide license to republish the material inside one organization. Organizations can find out more about using ISPME for implementing the FERC standards and receive free sample policies by visiting the company web site at www.informationshield.com.

Ongoing Security Awareness Requirements

Section R1 of the Personnel and Training (CIP–004–1) requirements specifies that organizations must provide regular, ongoing security awareness education on at least a quarterly basis.

Protecting Information is a new quarterly security and privacy awareness newsletter designed for this exact requirement. Protecting Information is edited by data privacy and security expert Rebecca Herold, CISSP, CISM and goes well beyond traditional newsletters, providing audio files and interactive exercises to engage personnel and help them truly understand security and privacy concepts.

Protecting Information enables organization to save time and money educating employees on the latest threats to sensitive information and is a cost-effective way to demonstrate compliance with the cyber-security standards for security awareness education.

Effectively educate employees on information security and privacy principles using real-world examples relevant to all personnel and their families.
Ensure that your message reaches the most people by using a variety of learning styles and formats
Enhance existing education and awareness programs by easily integrating your own branding and messages.
Establish metrics to verify the effectiveness of your awareness efforts
Receive relevant and timely best-practices from a leading data security and privacy expert.
Provide a cost-effective method for ensuring compliance with state, federal and international privacy, data protection and security laws, regulations and standards

Protecting Information is published four times a year and each issue of features information security and data privacy topics that impact employees both within and outside the workplace. Topics such as social-networking, social engineering, mobile computing, e-mail and safe data handling are covered using real-world examples from today’s headlines. Each issue is published in MS-Word and PDF formats and can be customized easily with the organization’s logo and content.

As an additional bonus, each issue includes a companion subscription to Awareness Advisor, a special newsletter containing practical, time-saving advice for security and privacy practitioners written by security, privacy and education expert Rebecca Herold. Organizations can receive a free evaluation version of Protecting Information at www.informationshield.com.

About Information Shield, Inc.

Information Shield is a global provider of information security, data privacy and security awareness products with over 7000 customers in 60 different countries. Headquartered in Houston, Texas, Information Shield's library of publications allow organizations to effectively build policy-based security and privacy programs that focus on compliance with international regulations. For more information, please visit www.informationshield.com or email us at sales@informationshield.com.