Call Us: 888 641 0500
17
MAY
2016

SEC Affirms the Need for Custom Security Policies

The Securities and Exchange Commission (SEC) has been increasing its focus on the cyber security program of registered firms. In a recent SEC action, the SEC has highlighted an important point:  That firms must show that they have worked to customize information security policies...
03
MAR
2016

Information Shield addresses SEC Information Security Requirements

Houston, Texas – Information Shield today announced that their latest information security product – ComplianceShield – can be used by clients to save time and money addressing security requirements from the Securities and Exchange Commission (SEC.) Since the...
11
NOV
2014

A Security Policy Framework for IT Risk Assessments

The completion of an information security risk assessment is a key requirement in all information security frameworks, including ISO 27002, NIST 800:53, HIPAA and PCI-DSS.  A recent analysis of regulatory enforcement under HIPAA identifies risk assessment as a key area of...
27
OCT
2014

Security Policies, Standards and Procedures: What’s the Difference?

One of the key challenges to developing effective information security policies is agreeing on a proper nomenclature.   Even before writing the first line of a security policy, many organizations get dragged into lengthy discussions regarding the definitions and nuances of these...
21
MAY
2014

Distributing Information Security Policies

To be effective, information security policies need to be read and understood by every member of the organization. This seemingly simple requirement is now becoming a standard practice to reduce risk, comply with regulations and demonstrate due-diligence.  Why is this control so...
25
MAR
2014

New Security Policy Map for US CyberSecurity Framework

In February 2014, NIST released version 1.0 of the Framework for Improving Critical Infrastructure Cyber-security.   The frameworks is intended to be a “voluntary” set of standards that can help small and medium sized businesses develop an information security...
25
MAR
2014

The ROI of Pre-Written Information Security Policies

Often it is difficult to justify security policy development to management.   In many cases, this is due to a lack of understanding on just how detailed and complex policy writing can be.  “Just go find a template on the internet.”   For those of you who have tried...
17
FEB
2014

New Point-of-Sale Device Security Policy

The piercing lens of information security changes focus quite often.  In recent weeks the security vulnerability lens is focused on point-of-sale (POS) devices.  And there seems to be good reason.  The Target breach, perhaps the largest reporting breach in history, seems to be...
11
FEB
2014

How to Structure Information Security Policies

We talk to customers every day about  security policies.   One of the most common questions we receive is this:  How should we structure our information security policies?  When we dig deeper, we usually find that this is a really a two-part question regarding policy structure....
17
NOV
2013

Information Security Policies for PCI-DSS V3

The PCI Security Standards Council just released Version 3.0 of the Payment Card Industry Data Security Standard (PCI-DSS), the set of requirements for protecting credit card data.  The update had some significant changes, including a greater focus on third-party information...