Category Archives: Information Security Policies

Simplify Compliance with NYS-DFS Cyber Law

The New York Department of Financial Services (NYS-DFS) recently updated the model cyber security law (23 NYCRR 500) that requires financial institutions to build, update and validate a robust cyber security program. In this article we discuss key requirements and how organizations can simplify the compliance process. What is the NYS-DFS Cyber Security Law? The […]

Simplify Compliance with EPA Cyber Security Requirements

Understand the key cyber security requirements of the new EPA Cyber Rule for water and see how to effectively build and maintain and written information security program to maintain compliance. What are the EPA water cyber security requirements? The U.S. Environmental Protection Agency (EPA) created a new memorandum in March 2023 to require public water […]

Simplify Compliance with NADA FTC Safeguards Rule

Understand the key requirements of the FTC Safeguards Rule as it applies auto-dealerships and see how to effectively build and maintain and written information security program to maintain compliance. What are the NADA cyber security requirements? The National Automotive Dealers Association (NADA) proposed a set of cyber security requirements to help protect private customer data […]

Simplify NAIC Data Security Law Compliance

What is the NAIC Data Security Model Law? The National Association of Insurance Commissioners (NAIC) Data Security Model Law (Model Law) requires insurers and other entities licensed by state insurance departments to develop, implement, and maintain an information security program that contains key cyber security safeguards and management oversight. The NAIC was law adopted in […]

Simplify Compliance with FTC Safeguards Rule

Understand the key requirements of the FTC Safeguards Rule and how to effectively build and maintain and written information security program to maintain compliance. What is the FTC Safeguards Rule? The Federal Trade Commission (FTC) created the Standards for Safeguarding Customer Information (“FTC Safeguards Rule”) to ensure that businesses maintain a cyber security program to protect private […]

How to Develop an IRS Data Security Plan

The Internal Revenue Service (IRS) recently added a requirement for all tax preparers to develop a “Data Security Plan” to protect customer data. The IRS responded to growing threats against small businesses that handle sensitive customer information. Tax professionals can be ideal targets since electronic tax data contains lots of personal information that would be […]

Information Shield Enables Department of Labor Cyber Requirements

In April 2021 the United States Department of Labor (DOL) issued its first guidance to help retirement plan sponsors and administrators implement a sound cyber security program.  The Department of Labor estimates that over $9 trillion in assets are held in various retirement plans, making them prime targets for hackers.    The Employee Benefits Security Administration (EBSA) […]

Simplify Compliance with new ACC Security Controls

Attorneys Create New Control Framework The Association of Corporate Counsel (ACC), which represents over 42,000 in-house counsel across 85 countries, recently released a new control model to help organizations interact with outside parties when dealing with sensitive information.  This is among the many new business domains areas where vendor risk management has become a key issue. […]

Information Security Policy Lessons from Recent SEC Actions

Many financial services firms are currently building programs to comply with the information security requirements of the Securities and Exchange Commission (SEC). In this article we discuss some key information security policy and compliance lessons that organizations can learn and adopt for their own programs.   In 2016 the SEC has increased its focus on cyber […]

Distributing Information Security Policies

To be effective, information security policies need to be read and understood by every member of the organization. This seemingly simple requirement is now becoming a standard practice to reduce risk, comply with regulations and demonstrate due-diligence.  Why is this control so important and how can it be done in practice? Regulatory Requirements Every regulatory […]