Press Release

New PolicyShield Update Addresses Security Awareness, Cloud Computing, and Supply Chain Security

New information security policy updates include 19 new security policies and resources that addrees the latest business issues including security awareness and training, secure system acquisition and supply chain security.

HOUSTON, Texas – July 17, 2009 - Information Shield (www.informationshied.com), a leading developer of information security policy and security awareness products, today announced the latest update of the PolicyShield Information Security Policy Subscription service. This update includes new security policies and development resources covering cloud computing, security awareness and training, secure system acquisition and supply chain security.

“Security policy development is not a one-time event, and organizations must periodically review and update written policies in response to new threats, new technologies and regulatory changes,” said David Lineman, president of Information Shield. "A number of recent technical and regulatory trends have increased the focus on risks related to third parties and outsourcing. Our goal is to address new business requirements from real-world incidents and regulatory bodies that are likely to impact the security policies of many organizations.”

The following topics are addressed in the latest release of PolicyShield:

Sample Security Awareness and Training Policy - Information security awareness and training are required for compliance with nearly all data protection laws. In this new Sample Security Awareness and Training Policy we help organizations formalize security awareness and training controls into written policy. This new document covers roles and responsibilities for both awareness and training activities, documented policies for specific both general and specific information security training, terms and definitions, as well as requirements for periodic updates and annual reports. Also included are key policy references to data protection laws including HIPAA, GLBA, FACTA, FISMA, and NERC-CIP.

Sample System Acquisition Security Policy - This new sample policy includes controls for the secure acquisition of new hardware and software systems, with a special focus on vendor assessment and security of the supply chain. Also included are specific references to key regulatory frameworks that require system acquisition policies for compliance.

Cloud Computing Policies - The movement of IT applications and services into remote "cloud" computing promises to revolutionize the computing industry. However, many organizations are jumping on cloud computing without proper due-diligence with regard to sensitive data protection. This release includes specific policies to help document the organizations specific stance with regard to using cloud computing.

PolicyShield is the first service that enables organizations to keep written security policies updated based on the latest threats. Many organizations don’t have the time or expertise to monitor the information security landscape for new threats and then prioritize and integrate them into written policies. PolicyShield is designed to reduce the burden on in-house staff and allow them to focus on other critical information security tasks.

PolicyShield is based on Information Security Policies Made Easy by Charles Cresson Wood, CISSP, CISM, CISA, which has been the “gold-standard” security policy reference library and used by more than 7000 customers in 59 different countries. PolicyShield takes this leading resource to the next level with more content, regular updates and an improved web-based interface.

PolicyShield contains everything an organization needs to build and maintain a complete set of written information security policies, including:

A Comprehensive Library of Information Security Policies - PolicyShield contains over 1700 pre-written information security policies covering all 123 different security topics within the ISO 17799:2005/27002 security standard. Each policy contains expert commentary on the risks mitigated by each policy, as well as links to related policies and filters to target policies based on organizational roles.

Regular Security Policy Updates - Each quarter subscribers receive information security and privacy policy updates in response the latest technologies, threats, and regulatory changes. PolicyShield includes real-world security incidents mapped to individual policies designed to help mitigate the risks of these incidents.

Time Saving Policy Development Tools - The PolicyShield Security Policy Resource Library contains a growing list of over 50 sample templates, checklists, whitepapers, and forms to help save time in policy development and deployment. The Resource Library contains 20 completely pre-written sample policy documents that are essential in most organizations.

Easy-to-Use Web Interface - PolicyShield's secure web-based system is easy to navigate and allows you to quickly locate the information you need, when you need it. Browse or search for security policies by keyword, ISO category or topic. Each policy contains a detail page with links to related policies, real-world incidents, and resources to help implement each policy with your organization. Easily locate policy-related development resources and news items.

Organizations can find more information or register for free policy samples from PolicyShield at www.informationshield.com.

Information Shield is a global provider of information security, data privacy and security awareness products with over 7000 customers in 60 different countries. Headquartered in Houston, Texas, Information Shield's library of publications allow organizations to effectively build policy-based security and privacy programs that focus on compliance with international regulations. For more information, please visit www.informationshield.com or email us at sales@informationshield.com.