Information Security Policy Blog
The latest news and articles relating to information security policies and regulatory compliance. Bookmark this page or subscribe to our Policy Solutions Newsletter for regular updates.Information Shield Adds New Vendor Cyber Risk Management Features
On February 22nd we introduced new features to streamline Vendor Cyber Risk Assessment and Management. These features are now integrated within ComplianceShield Enterprise. We are pleased to introduce these new innovations to our [...]
Read MoreHow to Simplify Vendor Risk Management
Every major cyber security framework and law requires that an organization must manage the cyber risk of third party vendors. In fact, vendor cyber risk management must now be considered “best practice” for [...]
Read MoreInformation Shield Supports New NIST-HIPAA Guidelines
In February, the National Institute of Standards (NIST) released the updated version of agency guidance for implementing the HIPAA Security and Privacy Rule. NIST SP 800-66r2, Implementing the Health Insurance Portability and Accountability [...]
Read MoreInformation Shield Supports New Cyber Guidance for Water and Wastewater Systems Sector
The Cyber Security Infrastructure and Assurance Agency (CISA) recently posted an updated alert on how water utilities can protect from cyber attacks. The Alert – called Securing Water Systems – is based on [...]
Read MoreSimplify Compliance with NYS-DFS Cyber Law
The New York Department of Financial Services (NYS-DFS) recently updated the model cyber security law (23 NYCRR 500) that requires financial institutions to build, update and validate a robust cyber security program. In [...]
Read MoreSecurity Policies, Standards and Procedures: What’s the Difference?
One of the key challenges to developing effective information security policies is agreeing on a proper nomenclature. Even before writing the first line of a security policy, many organizations get dragged into lengthy [...]
Read MoreSimplify Compliance with EPA Cyber Security Requirements
Understand the key cyber security requirements of the new EPA Cyber Rule for water and see how to effectively build and maintain and written information security program to maintain compliance. What are the [...]
Read More3 Ways to Validate your Cyber Security Program
If you are handling sensitive data in your business, sooner or later you will be asked to “validate” your cyber security program. This can happen for several reasons. A large customer or prospect [...]
Read MoreNew Certification Validates Cyber Security Program Readiness
The Information Shield Cyber Certification enables any business to effectively demonstrate cyber security readiness to third parties Information Shield today announced the release of the Information Shield Cyber Certification ™. This new program dramatically simplifies [...]
Read More8 Rules for Passing Cyber Vendor Assessments
We often speak to businesses struggling to pass a cyber security assessment from one of their key clients. The business has received a huge spreadsheet with 100+ cyber security questions, many of which [...]
Read MoreSimplify Compliance with NADA FTC Safeguards Rule
Understand the key requirements of the FTC Safeguards Rule as it applies auto-dealerships and see how to effectively build and maintain and written information security program to maintain compliance. What are the NADA [...]
Read MoreCompliance with NIS 2 Directive Cyber Security
NIS2 Directive What is the NIS 2 Directive? The NIS 2 Cyber Directive is move by the EU to set a new standard for cyber security across the member states. The EU Parliament [...]
Read MoreSimplify NAIC Data Security Law Compliance
What is the NAIC Data Security Model Law? The National Association of Insurance Commissioners (NAIC) Data Security Model Law (Model Law) requires insurers and other entities licensed by state insurance departments to develop, [...]
Read MoreKey Elements of Information Security Policies
What is an information security policy? An Information Security Policy is a formal document that defines controls within your information security program. An information security policy is a high-level business rule that must [...]
Read MoreSimplify Compliance with FTC Safeguards Rule
Understand the key requirements of the FTC Safeguards Rule and how to effectively build and maintain and written information security program to maintain compliance. What is the FTC Safeguards Rule? The Federal Trade [...]
Read MoreThe ISO 27002:2022 Update – What Happened?
In March 2022 the International Standards Institute (ISO) made an official update to the cyber security standard ISO/IEC 27002. The last update was in 2013, so nine years have passed. This is significant [...]
Read MoreThe IRS Data Security Plan: FAQ
Any IRS provider can develop a Data Security Plan using a quality Template.
Read MoreInformation Shield Enables SEC Cyber Compliance
April 13, 2022 – Information Shield today announced support for the new 2022 proposed SEC Cyber Risk requirements. Organizations can address the new security policy and record-keeping requirements in a single integrated solution. [...]
Read MoreComply with new SEC Cybersecurity Risk Rules
In February 2022 the Securities and Exchange Commission (SEC) voted to enhance the cyber security requirements for registered investment advisers (including registered investment companies and investment funds). The proposed SEC cyber risk management [...]
Read MoreHow to Develop an IRS Data Security Plan
The Internal Revenue Service (IRS) recently added a requirement for all tax preparers to develop a “Data Security Plan” to protect customer data. The IRS responded to growing threats against small businesses that [...]
Read More