Category Archives: CyberSecurity Framework

Remember NYS-DFS? First Enforcement Action

First Enforcement Action Signals a Need for Cyber Review In March 2017, the New York State Department of Financial Services passed their cyber law – Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (NYS-DFS 500).   The law imposed formal cyber security requirements for covered insurance entities and their vendors.  This law was groundbreaking at […]

Shadow IT – Security Policy Pillars

Many of our Information Shield customers are asking how to address “Shadow IT” within their information security policy programs.    In this article we will identify the common risks with unapproved IT devices and services and how to address them in your governance and security policy framework. What is “Shadow IT”? In short, “shadow IT’ is […]

New Security Policy Map for US CyberSecurity Framework

In February 2014, NIST released version 1.0 of the Framework for Improving Critical Infrastructure Cyber-security.   The frameworks is intended to be a “voluntary” set of standards that can help small and medium sized businesses develop an information security program.   (Part of the problem, of course, is that we don’t need another framework – but a […]