Information Security Policy University

The latest news and articles relating to information security policies and regulatory compliance. 

Ultimate Guide to Cyber Risk Assessment: Tips & Tools (2025)
May 21, 2025

Introduction to Cyber Risk Assessment In our hyper-connected world, businesses face countless digital threats every day. Whether it’s phishing emails, malware, or ransomware attacks, no organization is immune. That’s why cyber risk assessment [...]

Read More
Are you doing a real Cyber Security Risk Assessment?

A Cyber Risk Assessment is required in most cyber security frameworks and regulations. Is your firm doing a real cyber risk assessment, or are you doing a scan or audit and calling it [...]

Read More
30
Apr
Streamline DORA Compliance
5 Steps to Simplify DORA Compliance

Streamline Compliance with the Digital Operational Resilience Act (DORA). Save thousands building and documenting a cyber program.

Read More
04
Feb
Streamline DORA Compliance

Streamline Compliance with the Digital Operational Resilience Act (DORA). Save thousands building and documenting a cyber program.

Read More
22
Jan
Information Shield Certification
3 Ways to Validate your Cyber Security Program

If you are handling sensitive data in your business, sooner or later you will be asked to “validate” your cyber security program. This can happen for several reasons. A large customer or prospect [...]

Read More
26
Dec
5 Elements of Effective Information Security Policies

Use these 5 rules to take your information security policies off the shelf and put them into action. Information Security Policies – The Foundation Information Security Policies are the foundation of your cyber [...]

Read More
25
Oct
SEC Privacy S-P
Security Policies for Regulation S-P: GLBA Data Privacy

In 2024 the SEC formally adopted updates to “Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information.” The rules apply to financial institutions that collect and manage nonpublic personal information about [...]

Read More
09
Oct
EPA Water Cyber Security
Simplify Compliance with EPA Cyber Security Requirements

Understand the key cyber security requirements of the Safe Drinking Water Act (SDWA) and see how to effectively build and maintain and written information security program to maintain compliance. NOTE: When this article [...]

Read More
04
Oct
Healthcare Cyber Resilience: Third Party Cyber Risk Management

As the result of several recent cyber attacks on the healthcare supply chain, the American Hospital Association (AHA) and Health Information Sharing and Analysis Center (H-ISAC) issued a joint warning for healthcare organizations [...]

Read More
13
Aug
Policy Library Updates
Security Policy Updates for ComplianceShield

Full updates to the Common Policy Library including AI, SBOM and regulatory mappings.

Read More
01
Aug
What is required in a Security Plan for HAZMAT HM 232?

In April 2024 the United States Department of Transportation finalized new requirements for the safe transportation of hazardous materials (Hazmat HM-232). HM-232 requires shippers and transporters of hazardous materials to create a formal, [...]

Read More
24
Apr
Automate Vendor Risk Management
Information Shield Adds New Vendor Cyber Risk Management Features

On February 22nd we introduced new features to streamline Vendor Cyber Risk Assessment and Management. These features are now integrated within ComplianceShield Enterprise. We are pleased to introduce these new innovations to our [...]

Read More
15
Mar
Automate Vendor Risk Management
How to Simplify Vendor Risk Management

Every major cyber security framework and law requires that an organization must manage the cyber risk of third party vendors. In fact, vendor cyber risk management must now be considered “best practice” for [...]

Read More
26
Feb
Information Shield Supports New NIST-HIPAA Guidelines

In February, the National Institute of Standards (NIST) released the updated version of agency guidance for implementing the HIPAA Security and Privacy Rule. NIST SP 800-66r2, Implementing the Health Insurance Portability and Accountability [...]

Read More
15
Feb
EPA Water Cyber Security
Information Shield Supports New Cyber Guidance for Water and Wastewater Systems Sector

Information Shield supports new Cyber Requirements for EPA FBI recommendations. Securing Water Systems.

Read More
09
Feb
Sample IT Risk Management Policy
January 1, 2024

What is an IT Risk Management Policy? An IT Risk Management Policy is a key part of any Cyber Governance Framework. IT Risk Management is the process of identifying, rating, and mitigating cyber [...]

Read More
Simplify Compliance with NYS-DFS Cyber Law
December 6, 2023

The New York Department of Financial Services (NYS-DFS) recently updated the model cyber security law (23 NYCRR 500) that requires financial institutions to build, update and validate a robust cyber security program. In [...]

Read More
Security Policies, Standards and Procedures: What’s the Difference?
October 27, 2023

One of the key challenges to developing effective information security policies is agreeing on a proper nomenclature.   Even before writing the first line of a security policy, many organizations get dragged into lengthy [...]

Read More