Author Archives: David Lineman

Information Shield Adds New Vendor Cyber Risk Management Features

On February 22nd we introduced new features to streamline Vendor Cyber Risk Assessment and Management. These features are now integrated within ComplianceShield Enterprise. We are pleased to introduce these new innovations to our clients and hope to save them many hours of work designing and implementing a vendor risk assessment program. The formal Press Release […]

How to Simplify Vendor Risk Management

Every major cyber security framework and law requires that an organization must manage the cyber risk of third party vendors. In fact, vendor cyber risk management must now be considered “best practice” for having a defensible cyber program. Over the last several years, many vendor cyber risk management tools have entered the market. In general, […]

Information Shield Supports New NIST-HIPAA Guidelines

In February, the National Institute of Standards (NIST) released the updated version of agency guidance for implementing the HIPAA Security and Privacy Rule. NIST SP 800-66r2, Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, is the second version and contains updated guidance on how Covered Entities can comply with HIPAA. HIPAA enforcement […]

Information Shield Supports New Cyber Guidance for Water and Wastewater Systems Sector

The Cyber Security Infrastructure and Assurance Agency (CISA) recently posted an updated alert on how water utilities can protect from cyber attacks. The Alert – called Securing Water Systems – is based on a new fact sheet from both the Environmental Protection Agency (EPA), and the Federal Bureau of Investigation (FBI). Changes in Cyber Security […]

Simplify Compliance with NYS-DFS Cyber Law

The New York Department of Financial Services (NYS-DFS) recently updated the model cyber security law (23 NYCRR 500) that requires financial institutions to build, update and validate a robust cyber security program. In this article we discuss key requirements and how organizations can simplify the compliance process. What is the NYS-DFS Cyber Security Law? The […]

Security Policies, Standards and Procedures: What’s the Difference?

One of the key challenges to developing effective information security policies is agreeing on a proper nomenclature.   Even before writing the first line of a security policy, many organizations get dragged into lengthy discussions regarding the definitions and nuances of these three key elements:  Information security policies, standards and procedures.   In this article we will […]

Simplify Compliance with EPA Cyber Security Requirements

Understand the key cyber security requirements of the new EPA Cyber Rule for water and see how to effectively build and maintain and written information security program to maintain compliance. What are the EPA water cyber security requirements? The U.S. Environmental Protection Agency (EPA) created a new memorandum in March 2023 to require public water […]

3 Ways to Validate your Cyber Security Program

If you are handling sensitive data in your business, sooner or later you will be asked to “validate” your cyber security program. This can happen for several reasons. A large customer or prospect may need to assess the cyber risk of your organization. You may try to purchase Cyber Breach Insurance. Or maybe you are […]

New Certification Validates Cyber Security Program Readiness

The Information Shield Cyber Certification enables any business to effectively demonstrate cyber security readiness to third parties Information Shield today announced the release of the Information Shield Cyber Certification ™. This new program dramatically simplifies the process of validating cyber security readiness to management and third parties. The certification allows authorized security professionals to validate that an […]

8 Rules for Passing Cyber Vendor Assessments

We often speak to businesses struggling to pass a cyber security assessment from one of their key clients. The business has received a huge spreadsheet with 100+ cyber security questions, many of which they have no idea how to answer. If they don’t “pass” the assessment, they may lose the client entirely. Sometimes it is […]