Security Policy Update on Mobile Devices, Internet Privacy and Third-Party Security Policy

Press Releases » Latest Security Policy Update

Press Release

New PolicyShield Update Addresses Mobile Devices, Internet Privacy and Third-Party Security

New information security policy updates include security policies and resources that addrees the latest business issues including Mobile Devices, Internet Privacy and Third-Party Security

HOUSTON, Texas – April 17, 2009 - Information Shield (www.informationshied.com), a leading developer of information security policy and security awareness products, today announced the latest update of the PolicyShield Information Security Policy Subscription service. This update includes new security policies and development resources covering mobile devices, internet privacy and third-party information security.

“Security policy development is not a one-time event, and organizations must periodically review and update written policies in response to new threats, new technologies and regulatory changes,” said David Lineman, president of Information Shield. "A number of recent technical and regulatory trends have increased the focus on risks related to third parties and outsourcing. Our goal is to address new business requirements from real-world incidents and regulatory bodies that are likely to impact the security policies of many organizations.”

The following topics are addressed in the latest release of PolicyShield:

Third-Party Security - New data security provisions of HITECH Act make it essential that third-parties handling personal health data take precautions to identify and report potential security incidents. This new sample security policy covers controls for third-party access and handling of information, including security requirements in outsourced contracts. Control areas include: Third Party Risk Assessment, Security in Third Party Contracts, use of Application Service Providers (ASP), Third-Party Access control approval and monitoring, and security incident reporting.

Mobile Device Security - A majority of security incidents continue to be caused by lost or stolen mobile devices containing sensitive information. This sample Mobile Security Policy defines information security controls for the protection of mobile devices, including laptop and notebook computers, Personal Digital Assistants (PDA) and cell phones. Policies cover the issuing of mobile devices, secure configuration, secure access control, physical security, travel considerations and device destruction. The document incorporates recommendations from recent NIST guidelines for cell phone and PDA security.

Updated Web Site Privacy Policy - The Web Site Privacy Policy has been updated with new controls and guidance for protecting customer privacy via public web sites. New technology that enables "behavioral targeting" has created both opportunities and privacy risks associated with web site monitoring. The FTC recently updated its self-regulation principles for protecting customer information online. In response to these guidelines, we have updated the sample Web Site Privacy Policy. This new annotated privacy policy contains enhanced commentary with direct references to specific regulations such as COPPA.

About the PolicyShield Security Policy Subscription Service

PolicyShield is the first service that enables organizations to keep written security policies updated based on the latest threats. Many organizations don’t have the time or expertise to monitor the information security landscape for new threats and then prioritize and integrate them into written policies. PolicyShield is designed to reduce the burden on in-house staff and allow them to focus on other critical information security tasks.

PolicyShield is based on Information Security Policies Made Easy by Charles Cresson Wood, CISSP, CISM, CISA, which has been the “gold-standard” security policy reference library and used by more than 7000 customers in 59 different countries. PolicyShield takes this leading resource to the next level with more content, regular updates and an improved web-based interface.

PolicyShield contains everything an organization needs to build and maintain a complete set of written information security policies, including:

A Comprehensive Library of Information Security Policies - PolicyShield contains over 1500 pre-written information security policies covering all 123 different security topics within the ISO 17799:2005/27002 security standard. Each policy contains expert commentary on the risks mitigated by each policy, as well as links to related policies and filters to target policies based on organizational roles.

Regular Security Policy Updates - Each quarter subscribers receive information security and privacy policy updates in response the latest technologies, threats, and regulatory changes. PolicyShield includes real-world security incidents mapped to individual policies designed to help mitigate the risks of these incidents.

Time Saving Policy Development Tools - The PolicyShield Security Policy Resource Library contains a growing list of over 50 sample templates, checklists, whitepapers, and forms to help save time in policy development and deployment. The Resource Library contains 20 completely pre-written sample policy documents that are essential in most organizations.

Easy-to-Use Web Interface - PolicyShield's secure web-based system is easy to navigate and allows you to quickly locate the information you need, when you need it. Browse or search for security policies by keyword, ISO category or topic. Each policy contains a detail page with links to related policies, real-world incidents, and resources to help implement each policy with your organization. Easily locate policy-related development resources and news items.

Organizations can find more information or register for free policy samples from PolicyShield at www.informationshield.com.

About Information Shield, Inc.

Information Shield is a global provider of information security, data privacy and security awareness products with over 7000 customers in 60 different countries. Headquartered in Houston, Texas, Information Shield's library of publications allow organizations to effectively build policy-based security and privacy programs that focus on compliance with international regulations. For more information, please visit www.informationshield.com or email us at sales@informationshield.com.