Many financial services firms are currently building programs to comply with the information security requirements of the Securities and Exchange Commission (SEC). In this article we discuss some key information security policy and compliance lessons that organizations can learn and adopt for their own programs. In 2016 the SEC has increased its focus on cyber […]
Houston, Texas – Information Shield and NetDiligence announced a strategic alliance to enhance information security options within the cyber insurance industry. NetDiligence® operates the ERiskHUB(TM), a platform that provides loss-mitigation and breach response solutions to dozens of leading cyber insurance providers and brokers. As part of the alliance, Information Shield’s new platform – ComplianceShield – […]
The Securities and Exchange Commission (SEC) has been increasing its focus on the cyber security program of registered firms. In a recent SEC action, the SEC has highlighted an important point: That firms must show that they have worked to customize information security policies to meet their specific needs. The Safeguards Rule (which the Commission […]
Houston, Texas – Information Shield today announced that their latest information security product – ComplianceShield – can be used by clients to save time and money addressing security requirements from the Securities and Exchange Commission (SEC.) Since the SEC originally established requirements for protecting sensitive financial information, it has increased focus on the cyber security […]
Welcome to WordPress. This is your first post. Edit or delete it, then start blogging! Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam […]
Lorem ipsum dolor sit amet, consectetur adipiscing elit. In sed vulputate massa. Fusce ante magna, iaculis ut purus ut, facilisis ultrices nibh. Quisque commodo nunc eget tortor dapibus, et tristique magna convallis. Phasellus egestas nunc eu venenatis vehicula. Phasellus et magna nulla. Proin ante nunc, mollis a lectus ac, volutpat placerat ante. Vestibulum sit amet […]
Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat.Typi non habent claritatem insitam; est usus legentis in iis qui facit eorum claritatem. Investigationes demonstraverunt lectores legere me lius quod ii legunt saepius. Claritas est etiam processus dynamicus Typi non habent claritatem insitam; est […]
The completion of an information security risk assessment is a key requirement in all information security frameworks, including ISO 27002, NIST 800:53, HIPAA and PCI-DSS. A recent analysis of regulatory enforcement under HIPAA identifies risk assessment as a key area of weakness. While risk assessments are required, the specifics for how to perform a risk […]
One of the key challenges to developing effective information security policies is agreeing on a proper nomenclature. Even before writing the first line of a security policy, many organizations get dragged into lengthy discussions regarding the definitions and nuances of these three key elements: Information security policies, standards and procedures. In this article we will […]
To be effective, information security policies need to be read and understood by every member of the organization. This seemingly simple requirement is now becoming a standard practice to reduce risk, comply with regulations and demonstrate due-diligence. Why is this control so important and how can it be done in practice? Regulatory Requirements Every regulatory […]