Information Shield provides research on Information Security Policy and Governance, Risk and Compliance (GRC). Our mission is to help organizations streamline the development, documentation, tracking and validation of a robust cyber security program. For more information, check out the Security Policy Blog.

  • Policy Development Steps
    Information Security Policy: The Complete Guide
    Complete Guide to Information Security Policy: Success in policy development and deployment In today’s digital age, data breaches, cyberattacks, and privacy violations are not just risks—they’re daily headlines. That’s why having a well-structured information security policy isn’t optional anymore; it’s absolutely critical. Whether you’re running a multinational corporation or a small business, the foundation of […]
  • Cyber Risk Assessment
    Ultimate Guide to Cyber Risk Assessment: Tips & Tools (2025)
    Cyber risk assessment isn’t just for large enterprises. Small and medium businesses, non-profits, and even schools benefit from assessing their cyber vulnerabilities. A robust cyber risk assessment can mean the difference between preventing an attack and suffering a devastating data breach.
  • Streamline DORA Compliance
    5 Steps to Simplify DORA Compliance
    Streamline Compliance with the Digital Operational Resilience Act (DORA). Save thousands building and documenting a cyber program.
  • Information Shield Certification
    3 Ways to Validate your Cyber Security Program
    If you are handling sensitive data in your business, sooner or later you will be asked to “validate” your cyber security program. This can happen for several reasons. A large customer or prospect may need to assess the cyber risk of your organization. You may try to purchase Cyber Breach Insurance. Or maybe you are […]
  • Example Information Security Policies
    Information Security Policies: Address Regulatory Requirements
    Management often struggles to justify the expense of developing and maintaining written information security policies. In the following table we show various regulatory frameworks that explicitly or implicitly require written information security policies. Security Policies: Requirements Regulatory Map Regulation/Framework Industry/Region Policy Requirement Payment Card Industry Data Security Standard PCI-DSS Credit Card Processing Requirement 12: Maintain […]