Understand the key cyber security requirements of the new EPA Cyber Rule for water and see how to effectively build and maintain and written information security program to maintain compliance. What are the EPA water cyber security requirements? The U.S. Environmental Protection Agency (EPA) created a new memorandum in March 2023 to require public water […]
If you are handling sensitive data in your business, sooner or later you will be asked to “validate” your cyber security program. This can happen for several reasons. A large customer or prospect may need to assess the cyber risk of your organization. You may try to purchase Cyber Breach Insurance. Or maybe you are […]
The Information Shield Cyber Certification enables any business to effectively demonstrate cyber security readiness to third parties Information Shield today announced the release of the Information Shield Cyber Certification ™. This new program dramatically simplifies the process of validating cyber security readiness to management and third parties. The certification allows authorized security professionals to validate that an […]
We often speak to businesses struggling to pass a cyber security assessment from one of their key clients. The business has received a huge spreadsheet with 100+ cyber security questions, many of which they have no idea how to answer. If they don’t “pass” the assessment, they may lose the client entirely. Sometimes it is […]
Understand the key requirements of the FTC Safeguards Rule as it applies auto-dealerships and see how to effectively build and maintain and written information security program to maintain compliance. What are the NADA cyber security requirements? The National Automotive Dealers Association (NADA) proposed a set of cyber security requirements to help protect private customer data […]
NIS2 Directive What is the NIS 2 Directive? The NIS 2 Cyber Directive is move by the EU to set a new standard for cyber security across the member states. The EU Parliament calls it “A high common level of cybersecurity in the EU.” NIS 2 replaces the original Network and Information Security (NIS) Directive, […]
What is the NAIC Data Security Model Law? The National Association of Insurance Commissioners (NAIC) Data Security Model Law (Model Law) requires insurers and other entities licensed by state insurance departments to develop, implement, and maintain an information security program that contains key cyber security safeguards and management oversight. The NAIC was law adopted in […]
What is an information security policy? An Information Security Policy is a formal document that defines controls within your information security program. An information security policy is a high-level business rule that must be followed by the organization. Example Policy: All Company X user accounts must be approves by a member of the information technology […]
Understand the key requirements of the FTC Safeguards Rule and how to effectively build and maintain and written information security program to maintain compliance. What is the FTC Safeguards Rule? The Federal Trade Commission (FTC) created the Standards for Safeguarding Customer Information (“FTC Safeguards Rule”) to ensure that businesses maintain a cyber security program to protect private […]
In March 2022 the International Standards Institute (ISO) made an official update to the cyber security standard ISO/IEC 27002. The last update was in 2013, so nine years have passed. This is significant because many organizations decided to base their information security program on the ISO 27002:2013 framework. In this article we will summarize (1) […]