Security Policy and Data Privacy Research and Whitepapers

We are pleased to offer the following papers for complimentary download. If you would like to be notified when new research is available, please sign up for our Policy Solutions Newsletter. All files are Adobe PDF or HTML and open in a separate window.

Regulatory Compliance

Information Security Policy Development and Management

  • Security Policies to Address the Insider Threat (NEW)
    In this paper we will break down the various attributes of the insider threat, and suggest sample information security policies that can help reduce the likelihood of current and former employees causing harm to the organization.
  • The Total Cost of Information Security Policy Management (NEW)
    In this paper we develop a cost model for estimating the Total Cost of Policy Management (TCPM). This paper is designed to help organizations estimate the true costs of ongoing policy management and build a business case for the purchase of the PolicyShield Security Policy Subscription Service.
  • Enabling Business with Information Security and Privacy Policies (NEW)
    With a dramatic increase in legislation and consumer awareness of identity theft, businesses are finding that security and privacy policies are becoming an essential business tool. In some highly regulated market, it is difficult to do business at all without a sound set of policies. In this overview we discuss various ways that effective, written information security and data privacy policies can actually help increase sales and enable business with key partners.
  • The Business Need for Updated Information Security Policies (NEW)
    In order to effectively reduce risk and maintain a proper governance structure, organizations must periodically update written security policies as part of an ongoing management process. In this overview we discuss the business requirements for updating security policies, some of the organizational challenges faced by organizations trying to implement policy updates, and some time-saving solutions for addressing these challenges.
  • The ROI of Pre-written Policies(NEW)
    This whitepaper discusses the steps in the policy development process and builds a simple ROI model for analyzing “build versus buy” when developing information security policies.
  • Seven Elements of an Effective Information Security Policy Management Program (NEW)
    In this paper we review key characteristics of an effective policy management program. These characteristics are culled from leading practices, security and privacy frameworks, and incidents involving information security policies. Organizations can use this quick checklist to evaluate the maturity of their existing security policy management programs.
  • Security Policy Controls for Home-based Employee Access
    Over 85 percent of internet attacks are now against the home-based internet user. In this paper we review security policy controls to help reduce the risk of employees accessing corporate resources from home-based computers.
  • 5 Steps to Documented User Compliance
    In this paper we present five key steps for providing audit documentation that all employees and contractors have read and understood the information security policies that apply to them.
  • Information Security Policy Concerns for Laptops and Portable Devices
    Discusses recent data breaches and some of the basic security policy controls required for the protection of customer data on portable devices.
  • Policy Controls for Building Secure Applications
    More attacks are targeting the application layer, making the need for secure applications more critical than ever. This article examines security policy controls for secure application development.
  • The New ISO 17799:2005 – Security Policy Implications For Business
    This whitepaper by David Lineman highlights the major changes introduced in the new information security standard and how these changes may impact an organization’s information security management system.
  • Building and Deploying Effective Policies
    This whitepaper discusses 10 steps that organizations can take to make their security policies more effective and more enforceable. Includes references to international security standards and regulatory requirements for policy and awareness.

Security Awareness and Training

  • Regulatory Requirements for Security Awareness and Training
    Many organizations are developing a security awareness program in response to legal or regulatory requirements. This table provides a partial list of the numerous federal, state and international regulations and security frameworks that include security awareness and training as part of the data protection requirements.

Privacy and Data Protection