New information security policy updates address key elements of operational security
HOUSTON, Texas – Janurary 31, 2012 – Information Shield (www.informationshield.com) today announced the latest update of the PolicyShield Information Security Policy Subscription service. The latest release includes includes over thirty new pre-written security policy statements, three addition pre-written sample documents and eleven addition policy-related news items focused on the operational security: operating procedures, change management, separation of development, test and production systems, and third-party service delivery.
“Operation and change management forms the core of effective system control ” said David Lineman, President of Information Shield. “In this release we include the specific operational security requirements of Section 10.1 – 10.3 – within the ISO 27002 Standard.”
In addition, this release includes several incident-related policies in response to new attacks on the supply chain via product fraud and the growing threat of targeted attacks on SCADA systems. Also included are policies to reduce the risk of organizations being impacted by Distributed-Denial-Service (DDOS) attacks against third parties that share the same resources.
PolicyShield is the first service that enables organizations to keep written security policies updated based on the latest threats. Many organizations don’t have the time or expertise to monitor the information security landscape for new threats and then prioritize and integrate them into written policies. PolicyShield is designed to reduce the burden on in-house staff and allow them to focus on other critical information security tasks.
PolicyShield is based on Information Security Policies Made Easy by Charles Cresson Wood, CISSP, CISM, CISA, which has been the “gold-standard” security policy reference library and used by more than 7000 customers in 59 different countries. PolicyShield takes this leading resource to the next level with more content, regular updates and an improved web-based interface.
PolicyShield contains everything an organization needs to build and maintain a complete set of written information security policies, including:
A Comprehensive Library of Information Security Policies – PolicyShield contains over 1900 pre-written information security policies covering all 123 different security topics within the ISO 17799:2005/27002 security standard. Each policy contains expert commentary on the risks mitigated by each policy, as well as links to related policies and filters to target policies based on organizational roles.
Time Saving Policy Development Tools – The PolicyShield Security Policy Resource Library contains a growing list of over 70 sample templates, checklists, whitepapers, and forms to help save time in policy development and deployment. The Resource Library contains 20 completely pre-written sample policy documents that are essential in most organizations.
Easy-to-Use Web Interface – PolicyShield’s secure web-based system is easy to navigate and allows you to quickly locate the information you need, when you need it. Browse or search for security policies by keyword, ISO category or topic. Each policy contains a detail page with links to related policies, real-world incidents, and resources to help implement each policy with your organization. Easily locate policy-related development resources and news items.
Organizations can find or more or register for free policy samples from PolicyShield at www.informationshield.com