Call Us: 888 641 0500
30
MAY
2012

Defining Information Security Roles – Key to Governance

The proper definition and assignment of information security roles and responsibilities has always been a key principle of information security governance.  In fact, every major information security and data privacy regulation requires that the organization document roles and...
28
MAR
2012

Managing Vendor Security Risks Under HiTECH

Assessing the risk of third-party vendors has been a growing problem for compliance management.  Because of the growing number of data breaches related to third-parties, regulators have been focusing on the inherent risks of outsourcing.   Within the financial services industry,...
20
FEB
2012

EU Updates Data Protection Guidelines

The European Union recently released a set of draft recommendations for a major update to the current privacy framework that underpins Directive 95/46/EC. The changes would introduce a single set of rules on data protection, valid across the EU. The proposed changed give...
31
JAN
2012

New PolicyShield Update Addresses Operations and Change Management

New information security policy updates address key elements of operational security HOUSTON, Texas – Janurary 31, 2012 – Information Shield (www.informationshied.com) today announced the latest update of the PolicyShield Information Security Policy Subscription service....
31
JAN
2012

New PolicyShield Update Addresses Third Party Management

New PolicyShield Update Addresses Third Party Management New information security policy updates address key elements of operational security HOUSTON, Texas – Janurary 31, 2012 – Information Shield (www.informationshied.com) today announced the latest update of the...
27
DEC
2011

Password Policies Still Important in 2011

The Privacy Rights Clearinghouse recently released their review of what they call the most significant data breaches of 2011. Even if you have read about each of these incidents before, they are worth reading again in summary form.  What is perhaps most striking is how the most...
22
NOV
2011

Policy Points: Used Equipment Sold with Sensitive Data

In September 2011 a security researcher purchased some used network equipment for about $30 USD from  Ebay.    Once the equipment was delivered, the researcher found that it used to belong to the UK National Air Traffic Services (NATS) and that loads of sensitive data was still...
02
AUG
2011

The Shared Password Strikes Again!

One of the most intriguing cyber-security stories ever is the recent hack and public smearing of information security from HB Gary by hacker group Anonymous. The incident relates to the WikiLeaks scandal, and the ongoing fear that major corporations might be the next victims of...
19
JUL
2011

Security Policies to Address Internal Threat

We hear reports of new data breaches almost daily. While most of them are fairly complex stories, they most always begin at some point with a human “insider” making a mistake. In fact, 2011 could be considered the “Year of the Insider.” From the RSA hack and Sony...
11
JUL
2011

Security Policies to implement the DSD Top 35

In July 2011, The Australian Defence Signals Directorate (DSD) published an updated list of their Top 35 Mitigation Strategies. This list was based on the analysis of real-world events within the government agencies, and is designed to identify the top set of controls that would...