Five Best Practices from NIST 800-53 In April 2013, NIST made the final updates to their complete catalog of information security requirements, Special Publication 800-53 Revision 4 – Security and Privacy Controls for Federal Information Systems and Organizations. The catalog is BIG – it contains hundreds of information security and data privacy requirements organized into […]
Author Archives: David Lineman
New information security policy updates address information exchange and online transaction security. HOUSTON, Texas – April 15, 2013 – Information Shield today announced the latest update of the PolicyShield Information Security Policy Subscription service. The latest release includes includes over fifty new pre-written sample security policies, five addition pre-written sample documents and eleven addition policy-related […]
In January the Department of Health and Human Services (HHS) released the much-awaited final updates to the HIPAA Security, Privacy and Enforcement Rules. These updates, known as the “Omnibus Rule” were required by the HITECH Act and have been in proposal form since 2010. The new law incorporates some major changes in the HIPAA security […]
In January 2013, the Federal Financial Institutions Examination Council (FFIEC) posted a set of proposed guidelines for financial institutions to maintain compliance in the world of social media. The document entitled “Social Media: Consumer Compliance Risk Management Guidance,” includes a number of specific recommendations for financial institutions that must protect customer information. The FFIEC security […]
The insider threat is often discussed among the top information security risks facing organizations. In fact, for the first time in seven years of doing the study, the 2012 Ponemon Data Loss survey listed internal mistakes by insiders is the number one cause of data breaches. What is an insider threat? This term is loosely […]
87% of Business in 2012 survey have no Acceptable Use Policies Phishing attacks are now among the top security risks for organizations. Yet, according to a recent survey of small and medium-sized businesses (SMB), a full Eighty-seven (87%) percent do not have a formal written Internet security policy for employees. These findings are from a […]
Most of the attention focused on information security today surrounds the public data breach. Almost daily we hear a new report about hundreds or thousands of records of personal information being improperly disclosed. In fact, it is the loss of private data that drives most of the regulatory environment designed to enforce security. GLBA, HIPAA [...]
The proper definition and assignment of information security roles and responsibilities has always been a key principle of information security governance. In fact, every major information security and data privacy regulation requires that the organization document roles and responsibilities. Real-World Challenges Despite being such a core governance requirement, in practice many organizations are still behind [...]
Assessing the risk of third-party vendors has been a growing problem for compliance management. Because of the growing number of data breaches related to third-parties, regulators have been focusing on the inherent risks of outsourcing. Within the financial services industry, this has long been accomplished via a SAS70 (now SSAE16) type audit. Within the U.S. [...]
The European Union recently released a set of draft recommendations for a major update to the current privacy framework that underpins Directive 95/46/EC. The changes would introduce a single set of rules on data protection, valid across the EU. The proposed changed give individuals more control over their personal information and would have a significant […]