NIS2 Directive What is the NIS 2 Directive? The NIS 2 Cyber Directive is move by the EU to set a new standard for cyber security across the member states. The EU Parliament calls it “A high common level of cybersecurity in the EU.” NIS 2 replaces the original Network and Information Security (NIS) Directive, […]
Category Archives: CyberSecurity Framework
What is the NAIC Data Security Model Law? The National Association of Insurance Commissioners (NAIC) Data Security Model Law (Model Law) requires insurers and other entities licensed by state insurance departments to develop, implement, and maintain an information security program that contains key cyber security safeguards and management oversight. The NAIC was law adopted in […]
First Enforcement Action Signals a Need for Cyber Review In March 2017, the New York State Department of Financial Services passed their cyber law - Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (NYS-DFS 500). The law imposed formal cyber security requirements for covered insurance entities and their vendors. This law was groundbreaking at [...]
Many of our Information Shield customers are asking how to address “Shadow IT” within their information security policy programs. In this article we will identify the common risks with unapproved IT devices and services and how to address them in your governance and security policy framework. What is “Shadow IT”? In short, “shadow IT’ is […]
In February 2014, NIST released version 1.0 of the Framework for Improving Critical Infrastructure Cyber-security. The frameworks is intended to be a "voluntary" set of standards that can help small and medium sized businesses develop an information security program. (Part of the problem, of course, is that we don't need another framework - but a [...]