Information Security Policy University

The latest news and articles relating to information security policies and regulatory compliance. 

Top Information Security Policies to Protect Your Business in 2025

Introduction to Information Security Policies In today’s digital world, data is one of the most valuable assets a business can have. But with that value comes responsibility—and risk. Information security policies are formal [...]

Read More
26
Jun
Cyber Risk Assessment
Ultimate Guide to Cyber Risk Assessment: Tips & Tools (2025)

Learn how to streamline a REAL cyber risk assessment

Read More
21
May
Are you doing a real Cyber Security Risk Assessment?

A Cyber Risk Assessment is required in most cyber security frameworks and regulations. Is your firm doing a real cyber risk assessment, or are you doing a scan or audit and calling it [...]

Read More
30
Apr
Streamline DORA Compliance
5 Steps to Simplify DORA Compliance

Streamline Compliance with the Digital Operational Resilience Act (DORA). Save thousands building and documenting a cyber program.

Read More
04
Feb
Streamline DORA Compliance

Streamline Compliance with the Digital Operational Resilience Act (DORA). Save thousands building and documenting a cyber program.

Read More
22
Jan
Information Shield Certification
3 Ways to Validate your Cyber Security Program

If you are handling sensitive data in your business, sooner or later you will be asked to “validate” your cyber security program. This can happen for several reasons. A large customer or prospect [...]

Read More
26
Dec
5 Elements of Effective Information Security Policies

Use these 5 rules to take your information security policies off the shelf and put them into action. Information Security Policies – The Foundation Information Security Policies are the foundation of your cyber [...]

Read More
25
Oct
SEC Privacy S-P
Security Policies for Regulation S-P: GLBA Data Privacy

In 2024 the SEC formally adopted updates to “Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information.” The rules apply to financial institutions that collect and manage nonpublic personal information about [...]

Read More
09
Oct
EPA Water Cyber Security
Simplify Compliance with EPA Cyber Security Requirements

Understand the key cyber security requirements of the Safe Drinking Water Act (SDWA) and see how to effectively build and maintain and written information security program to maintain compliance. NOTE: Originally, a Cyber [...]

Read More
04
Oct
Healthcare Cyber Resilience: Third Party Cyber Risk Management

As the result of several recent cyber attacks on the healthcare supply chain, the American Hospital Association (AHA) and Health Information Sharing and Analysis Center (H-ISAC) issued a joint warning for healthcare organizations [...]

Read More
13
Aug
Policy Library Updates
Security Policy Updates for ComplianceShield

Full updates to the Common Policy Library including AI, SBOM and regulatory mappings.

Read More
01
Aug
What is required in a Security Plan for HAZMAT HM 232?

In April 2024 the United States Department of Transportation finalized new requirements for the safe transportation of hazardous materials (Hazmat HM-232). HM-232 requires shippers and transporters of hazardous materials to create a formal, [...]

Read More
24
Apr
Automate Vendor Risk Management
Information Shield Adds New Vendor Cyber Risk Management Features

On February 22nd we introduced new features to streamline Vendor Cyber Risk Assessment and Management. These features are now integrated within ComplianceShield Enterprise. We are pleased to introduce these new innovations to our [...]

Read More
15
Mar
Automate Vendor Risk Management
How to Simplify Vendor Risk Management

Every major cyber security framework and law requires that an organization must manage the cyber risk of third party vendors. In fact, vendor cyber risk management must now be considered “best practice” for [...]

Read More
26
Feb
Information Shield Supports New NIST-HIPAA Guidelines

In February, the National Institute of Standards (NIST) released the updated version of agency guidance for implementing the HIPAA Security and Privacy Rule. NIST SP 800-66r2, Implementing the Health Insurance Portability and Accountability [...]

Read More
15
Feb
EPA Water Cyber Security
Information Shield Supports New Cyber Guidance for Water and Wastewater Systems Sector

Information Shield supports new Cyber Requirements for EPA FBI recommendations. Securing Water Systems.

Read More
09
Feb
Risk Assessment Process
Sample IT Risk Management Policy

What is an IT Risk Management Policy? An IT or Information Technology Risk Management Policy is a key part of any Cyber Governance Framework. IT Risk Management is the process of identifying, rating, [...]

Read More
01
Jan
Simplify Compliance with NYS-DFS Cyber Law

The New York Department of Financial Services (NYS-DFS) recently updated the model cyber security law (23 NYCRR 500) that requires financial institutions to build, update and validate a robust cyber security program. In [...]

Read More
06
Dec