Category Archives: Regulatory Compliance

New IRS Cyber Security Plan Template simplifies compliance

The IRS now requires that every tax preparer that files electronic returns must have a Cyber Security Plan in place.  For months our customers have asked us to provide a quality solution that (1) Addresses key IRS Cyber Security requirements and (2) is affordable for a small office.   Today we announced the release of our […]

Remember NYS-DFS? First Enforcement Action

First Enforcement Action Signals a Need for Cyber Review In March 2017, the New York State Department of Financial Services passed their cyber law – Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (NYS-DFS 500).   The law imposed formal cyber security requirements for covered insurance entities and their vendors.  This law was groundbreaking at […]

New Cybersecurity Certification Validates Program Maturity

Information Shield program enables any organization to validate cybersecurity practices HOUSTON, January 10, 2020 – Information Shield today announced the release of the Information Shield™ Cyber Certification.   This new program dramatically reduces the time and cost of validating cybersecurity readiness to management and third parties across the information supply chain. “Cyber regulations and vendor due-diligence […]

Simplify Compliance with new ACC Security Controls

Attorneys Create New Control Framework The Association of Corporate Counsel (ACC), which represents over 42,000 in-house counsel across 85 countries, recently released a new control model to help organizations interact with outside parties when dealing with sensitive information.  This is among the many new business domains areas where vendor risk management has become a key issue. […]

Information Security Policy Lessons from Recent SEC Actions

Many financial services firms are currently building programs to comply with the information security requirements of the Securities and Exchange Commission (SEC). In this article we discuss some key information security policy and compliance lessons that organizations can learn and adopt for their own programs.   In 2016 the SEC has increased its focus on cyber […]

Aren’t information security policies only for large organizations?

Regardless of an organization’s size, industry, geographical location, or the extent to which it uses computers; information security is an important matter that should be addressed by explicit policies. Some experts say that the lack of a well-defined corporate information security policy is the single biggest problem with most security efforts. Major data protection laws […]

Required Acknowledgement of Security Policy Changes

Legal precedents are beginning to dictate a new standard for the notification of policy changes to your customers and employees. In the “old days” organizations would post changes to information security policies on the corporate intranet, and perhaps even notify employees that these changes occurred via email or some other means. However, in legal actions […]

Policy Controls for Building Secure Applications

A number of recent surveys indicate that an increasing number of attacks are targeting applications, rather than operating systems. Hackers have discovered that applications are patched far less frequently than operating systems and web servers. For example, the recent release of the SANS Top 20 vulnerabilities of 2005 points to a number of problems related […]