Understand the key requirements of the FTC Safeguards Rule as it applies auto-dealerships and see how to effectively build and maintain and written information security program to maintain compliance. What are the NADA cyber security requirements? The National Automotive Dealers Association (NADA) proposed a set of cyber security requirements to help protect private customer data […]
What is the NAIC Data Security Model Law? The National Association of Insurance Commissioners (NAIC) Data Security Model Law (Model Law) requires insurers and other entities licensed by state insurance departments to develop, implement, and maintain an information security program that contains key cyber security safeguards and management oversight. The NAIC was law adopted in […]
Understand the key requirements of the FTC Safeguards Rule and how to effectively build and maintain and written information security program to maintain compliance. What is the FTC Safeguards Rule? The Federal Trade Commission (FTC) created the Standards for Safeguarding Customer Information (“FTC Safeguards Rule”) to ensure that businesses maintain a cyber security program to protect private […]
The Internal Revenue Service (IRS) recently added a requirement for all tax preparers to develop a “Data Security Plan” to protect customer data. The IRS responded to growing threats against small businesses that handle sensitive customer information. Tax professionals can be ideal targets since electronic tax data contains lots of personal information that would be […]
In April 2021 the United States Department of Labor (DOL) issued its first guidance to help retirement plan sponsors and administrators implement a sound cyber security program. The Department of Labor estimates that over $9 trillion in assets are held in various retirement plans, making them prime targets for hackers. The Employee Benefits Security Administration (EBSA) […]
Attorneys Create New Control Framework The Association of Corporate Counsel (ACC), which represents over 42,000 in-house counsel across 85 countries, recently released a new control model to help organizations interact with outside parties when dealing with sensitive information. This is among the many new business domains areas where vendor risk management has become a key issue. […]
Many financial services firms are currently building programs to comply with the information security requirements of the Securities and Exchange Commission (SEC). In this article we discuss some key information security policy and compliance lessons that organizations can learn and adopt for their own programs. In 2016 the SEC has increased its focus on cyber […]
To be effective, information security policies need to be read and understood by every member of the organization. This seemingly simple requirement is now becoming a standard practice to reduce risk, comply with regulations and demonstrate due-diligence. Why is this control so important and how can it be done in practice? Regulatory Requirements Every regulatory […]
The piercing lens of information security changes focus quite often. In recent weeks the security vulnerability lens is focused on point-of-sale (POS) devices. And there seems to be good reason. The Target breach, perhaps the largest reporting breach in history, seems to be the result of malicious software inserted into these devices via a network hole […]
Five Best Practices from NIST 800-53 In April 2013, NIST made the final updates to their complete catalog of information security requirements, Special Publication 800-53 Revision 4 – Security and Privacy Controls for Federal Information Systems and Organizations. The catalog is BIG – it contains hundreds of information security and data privacy requirements organized into […]