First Enforcement Action Signals a Need for Cyber Review In March 2017, the New York State Department of Financial Services passed their cyber law - Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (NYS-DFS 500). The law imposed formal cyber security requirements for covered insurance entities and their vendors. This law was groundbreaking at [...]
Author Archives: David Lineman
Compliance platform update streamlines Tier 3 compliance with the US Cyber Security Framework Information Shield – a leading provider of cyber security compliance software – today announced a new Control Baseline for the US Cyber Security Framework (US-CSF). This new template dramatically reduces the time and cost of building and validating an information security program [...]
New “IT Security Made Easy” platform automates key compliance requirements of new DFS cyber data protection law May 4, 2017 – Information Shield – a leading provider of IT security compliance software – announced support for the new NYS Department of Financial Services (DFS) Cyber Law. Information Shield’s compliance software platform dramatically reduces the time and […]
Attorneys Create New Control Framework The Association of Corporate Counsel (ACC), which represents over 42,000 in-house counsel across 85 countries, recently released a new control model to help organizations interact with outside parties when dealing with sensitive information. This is among the many new business domains areas where vendor risk management has become a key issue. […]
Many of our Information Shield customers are asking how to address “Shadow IT” within their information security policy programs. In this article we will identify the common risks with unapproved IT devices and services and how to address them in your governance and security policy framework. What is “Shadow IT”? In short, “shadow IT’ is […]
Third Party Vendors and Data Breaches So the bad news is sinking in. Data breach reports are showing that significant information security risk can lie with third party vendors. Starting with the now-famous Home Depot breach, a steady stream of breaches have been reported that involve third party vendors. In some studies, as many as […]
Many financial services firms are currently building programs to comply with the information security requirements of the Securities and Exchange Commission (SEC). In this article we discuss some key information security policy and compliance lessons that organizations can learn and adopt for their own programs. In 2016 the SEC has increased its focus on cyber […]
Houston, Texas – Information Shield and NetDiligence announced a strategic alliance to enhance information security options within the cyber insurance industry. NetDiligence® operates the ERiskHUB(TM), a platform that provides loss-mitigation and breach response solutions to dozens of leading cyber insurance providers and brokers. As part of the alliance, Information Shield’s new platform – ComplianceShield – […]
The Securities and Exchange Commission (SEC) has been increasing its focus on the cyber security program of registered firms. In a recent SEC action, the SEC has highlighted an important point: That firms must show that they have worked to customize information security policies to meet their specific needs. The Safeguards Rule (which the Commission […]
Houston, Texas – Information Shield today announced that their latest information security product – ComplianceShield – can be used by clients to save time and money addressing security requirements from the Securities and Exchange Commission (SEC.) Since the SEC originally established requirements for protecting sensitive financial information, it has increased focus on the cyber security […]