Press Release

New PolicyShield Update Addresses Business Continuity, Application Security and Virtualization

New Updates to the PolicyShield Information Security Policy Subscription include security policies and resources that addrees the latest business risks including Business Continuity, Application Security and Virtualization

HOUSTON, Texas – July 7, 2008 - Information Shield (www.informationshied.com), a leading developer of information security policy and security awareness products, today announced the latest update of the PolicyShield Information Security Policy Subscription service. This update includes new security policies and development resources covering Disaster Recovery and Business Continuity Planning; secure application development and server virtualization. Additional incident-related topics include use of instant messaging (IM), anonymous web surfing, and access to sensitive corporate information via pubic web terminals.

“Security policy development is not a one-time event, and organizations must periodically review and update written policies in response to new threats, new technologies and regulatory changes,” said David Lineman, president of Information Shield. "Our goal with this release was to address new business requirements from real-world incidents and regulatory bodies that are likely to impact the security policies of many organizations.”

The following topics are addressed in the latest release of PolicyShield:

Updated BCP and IT Disaster Recovery Policies – This update expands coverage of business recovery and the continuity of IT operations, with additional policies that cover regional disasters. This update is in response to recent guidance from the financial services industry requires organizations to review their BCP policies, including pandemic planning. Recent events such as the Midwest flooding and California wildfires are painful reminders that regional disasters are part of the business environment and that business continuity and recovery are a critical part of business risk mitigation.

Application Security – This update also includes policy controls for the acquisition, development, testing and deployment of applications. From the threat perspective, an alarming number of web-based applications have been exploited to steal confidential information and distribute malware. From a regulatory perspective, PCI-DSS V1 includes specific requirement for secure application development and testing that went into effect June 30th. In addition, updated guidance from the OCC requires financial organizations to build controls around the acquisition and development of application software.

Server Virtualization – Virtualization is a new technology that is being adopted very quickly in many IT organizations. This new Sample Virtualization Policy captures a set of controls that can help mitigate the risks to virtual server environments.

PolicyShield is the first service that enables organizations to keep written security policies updated based on the latest threats. Many organizations don’t have the time or expertise to monitor the information security landscape for new threats and then prioritize and integrate them into written policies. PolicyShield is designed to reduce the burden on in-house staff and allow them to focus on other critical information security tasks.

PolicyShield is based on Information Security Policies Made Easy by Charles Cresson Wood, CISSP, CISM, CISA, which has been the “gold-standard” security policy reference library and used by more than 7000 customers in 59 different countries. PolicyShield takes this leading resource to the next level with more content, regular updates and an improved web-based interface.

PolicyShield contains everything an organization needs to build and maintain a complete set of written information security policies, including:

A Comprehensive Library of Information Security Policies - PolicyShield contains over 1500 pre-written information security policies covering all 123 different security topics within the ISO 17799:2005/27002 security standard. Each policy contains expert commentary on the risks mitigated by each policy, as well as links to related policies and filters to target policies based on organizational roles.

Regular Security Policy Updates - Each quarter subscribers receive information security and privacy policy updates in response the latest technologies, threats, and regulatory changes. PolicyShield includes real-world security incidents mapped to individual policies designed to help mitigate the risks of these incidents.

Time Saving Policy Development Tools - The PolicyShield Security Policy Resource Library contains a growing list of over 50 sample templates, checklists, whitepapers, and forms to help save time in policy development and deployment. The Resource Library contains 20 completely pre-written sample policy documents that are essential in most organizations.

Easy-to-Use Web Interface - PolicyShield's secure web-based system is easy to navigate and allows you to quickly locate the information you need, when you need it. Browse or search for security policies by keyword, ISO category or topic. Each policy contains a detail page with links to related policies, real-world incidents, and resources to help implement each policy with your organization. Easily locate policy-related development resources and news items.

Organizations can find or more or register for free policy samples from PolicyShield at http://www.informationshield.com/information-security-policies.html

Information Shield is a global provider of information security, data privacy and security awareness products with over 7000 customers in 60 different countries. Headquartered in Houston, Texas, Information Shield's library of publications allow organizations to effectively build policy-based security and privacy programs that focus on compliance with international regulations. For more information, please visit www.informationshield.com or email us at sales@informationshield.com.