Use these 5 tips to take your information security policies off the shelf and put them into action. Bad Information Security Policies Information Security Policies are the foundation of your cyber security program. They create the “written rules” that define how controls are implemented and audited. They are typically the first set of “evidence” used […]
Category Archives: Information Security Policies
Understand the key cyber security requirements of the Safe Drinking Water Act (SDWA) and see how to effectively build and maintain and written information security program to maintain compliance. NOTE: When this article was originally published, Cyber Audit were going to be part of the Sanitary Surveys. That requirement was removed. But the Cyber Security […]
Full updates to the Common Policy Library including AI, SBOM and regulatory mappings.
In April 2024 the United States Department of Transportation finalized new requirements for the safe transportation of hazardous materials (Hazmat HM-232). HM-232 requires shippers and transporters of hazardous materials to create a formal, written security plan to prevent equipment or cargo from being used as weapons in terrorist attacks. According to the law, the plan […]
The New York Department of Financial Services (NYS-DFS) recently updated the model cyber security law (23 NYCRR 500) that requires financial institutions to build, update and validate a robust cyber security program. In this article we discuss key requirements and how organizations can simplify the compliance process. What is the NYS-DFS Cyber Security Law? The […]
Understand the key requirements of the FTC Safeguards Rule as it applies auto-dealerships and see how to effectively build and maintain and written information security program to maintain compliance. What are the NADA cyber security requirements? The National Automotive Dealers Association (NADA) proposed a set of cyber security requirements to help protect private customer data […]
What is the NAIC Data Security Model Law? The National Association of Insurance Commissioners (NAIC) Data Security Model Law (Model Law) requires insurers and other entities licensed by state insurance departments to develop, implement, and maintain an information security program that contains key cyber security safeguards and management oversight. The NAIC was law adopted in […]
Understand the key requirements of the FTC Safeguards Rule and how to effectively build and maintain and written information security program to maintain compliance. What is the FTC Safeguards Rule? The Federal Trade Commission (FTC) created the Standards for Safeguarding Customer Information (“FTC Safeguards Rule”) to ensure that businesses maintain a cyber security program to protect private […]
The Internal Revenue Service (IRS) recently added a requirement for all tax preparers to develop a “Data Security Plan” to protect customer data. The IRS responded to growing threats against small businesses that handle sensitive customer information. Tax professionals can be ideal targets since electronic tax data contains lots of personal information that would be […]
In April 2021 the United States Department of Labor (DOL) issued its first guidance to help retirement plan sponsors and administrators implement a sound cyber security program. The Department of Labor estimates that over $9 trillion in assets are held in various retirement plans, making them prime targets for hackers. The Employee Benefits Security Administration (EBSA) […]
- 1
- 2