Security Policy and Data Privacy Research and Whitepapers
We are pleased to offer the following papers for complimentary download. If you would like to be notified when new research is available, please sign up for our Policy Solutions Newsletter. All files are Adobe PDF or HTML and open in a separate window.
- Security Policy Compliance with the MA State Identify Theft Law (Updated)
Any organization that collects sensitive information from MA state residents must have a documented security program, including written information security and data privacy policies. See how to save money and get a jump-start on compliance with this step-by-step whitepaper on complying with the regulation.
- The Importance of Documenting Information Security Roles and Responsibilities (Updated)
This whitepaper by Charles Cresson Wood, CISSP, CISM, CISA discusses critical reasons why organizations must define and document information security roles and responsibilities including the various regulatory requirements and tips for gaining management support.
- PCI Policy Compliance Using Information Security Policies (NEW)
Many organizations are building or updating written information security policies in response to the newly updated Payment Card Industry Data Security Standard (PCI-DSS). In this paper we describe how Information Shield security policy products can be used to save time and money building security policies that address the PCI-DSS requirements.
- Policy Solution Table for Payment Card Industry (PCI) Data Security Standard (NEW)
For organizations that must develop information security policies for PCI DDS, this table demonstrates how the information security policy requirements of the Payment Card Industry Data Security Standard can be addressed by Information Shield products including Information Security Policies Made Easy, Version 10 and Information Security Roles and Responsibilities Made Easy, Version 2.0.
- Security Policy Considerations for the Junk FAX Prevention Act
New FCC rules for the Junk Fax Prevention Act of 2005 have changed the way organizations must handle outbound customer communications via FAX technology. In this article we look at the main provisions of the recent ruling and suggest some audits of your information security policies that may help reduce the risk of violating the new FAX requirements.
- Information Security Policies and ISO 27001 certification
The new whitepaper discusses the importance of information security policies within an information security management system, including the benefits of using Information Shield publications in obtaining certification against the new standard.
- FACTA – Policy Implications for Business
A summary of the recent data protection provisions of FACTA and their implications for organizational information security and privacy policies.
- A Brief History of Regulatory Time
A summary of major information security regulations and their importance to recent trends in compliance.
- Security Policies to Address the Insider Threat (NEW)
In this paper we will break down the various attributes of the insider threat, and suggest sample information security policies that can help reduce the likelihood of current and former employees causing harm to the organization.
- The Total Cost of Information Security Policy Management (NEW)
In this paper we develop a cost model for estimating the Total Cost of Policy Management (TCPM). This paper is designed to help organizations estimate the true costs of ongoing policy management and build a business case for the purchase of the PolicyShield Security Policy Subscription Service.
- Enabling Business with Information Security and Privacy Policies (NEW)
With a dramatic increase in legislation and consumer awareness of identity theft, businesses are finding that security and privacy policies are becoming an essential business tool. In some highly regulated market, it is difficult to do business at all without a sound set of policies. In this overview we discuss various ways that effective, written information security and data privacy policies can actually help increase sales and enable business with key partners.
- The Business Need for Updated Information Security Policies (NEW)
In order to effectively reduce risk and maintain a proper governance structure, organizations must periodically update written security policies as part of an ongoing management process. In this overview we discuss the business requirements for updating security policies, some of the organizational challenges faced by organizations trying to implement policy updates, and some time-saving solutions for addressing these challenges.
- Information Disposal Incidents and Policy Checkup (NEW)
Quicker that you can say “dumpster diving” – your organization’s sensitive information can be exposed. To help you consider the variety of potential controls for information destruction, we decided to review some real-world incidents and consider the security policy implications.
- Information Security Policies Address Top Federal Information Risks
This report illustrates how our library of information security policies addresses each of the top ten risks to sensitive information identified by the Identity Theft Task Force.
- The ROI of Pre-written Policies(NEW)
This whitepaper discusses the steps in the policy development process and builds a simple ROI model for analyzing “build versus buy” when developing information security policies.
- Seven Elements of an Effective Information Security Policy Management Program (NEW)
In this paper we review key characteristics of an effective policy management program. These characteristics are culled from leading practices, security and privacy frameworks, and incidents involving information security policies. Organizations can use this quick checklist to evaluate the maturity of their existing security policy management programs.
- Security Policy Controls for Home-based Employee Access
Over 85 percent of internet attacks are now against the home-based internet user. In this paper we review security policy controls to help reduce the risk of employees accessing corporate resources from home-based computers.
- Information Security Policy and Responsibility
In this paper we discuss important information security policy lessons from recent high-profile data breaches and the resulting public response of the effected organizations.
- 5 Steps to Documented User Compliance
In this paper we present five key steps for providing audit documentation that all employees and contractors have read and understood the information security policies that apply to them.
- Information Security Policy Concerns for Laptops and Portable Devices
Discusses recent data breaches and some of the basic security policy controls required for the protection of customer data on portable devices.
- Policy Controls for Building Secure Applications
More attacks are targeting the application layer, making the need for secure applications more critical than ever. This article examines security policy controls for secure application development.
- The New ISO 17799:2005 – Security Policy Implications For Business
This whitepaper by David Lineman highlights the major changes introduced in the new information security standard and how these changes may impact an organization’s information security management system.
- Building and Deploying Effective Policies
This whitepaper discusses 10 steps that organizations can take to make their security policies more effective and more enforceable. Includes references to international security standards and regulatory requirements for policy and awareness.
- Information Security Policy Issues for Incident Disclosure and Notification
With the passing of new state regulations requiring customer notification in the event of a data privacy breach, organizations must make sure their information security policies properly address notification requirement. In this paper we discuss the security policy aspects on incident response and public disclosure.
- Regulatory Requirements for Security Awareness and Training
Many organizations are developing a security awareness program in response to legal or regulatory requirements. This table provides a partial list of the numerous federal, state and international regulations and security frameworks that include security awareness and training as part of the data protection requirements.
- The USA PATRIOT ACT – Considerations for Business.
A guide for companies to evaluate the privacy implications of the USA PATRIOT Act, including recent rulings on certain provisions of the Act. (This article also published in the November 2004 CSI Alert newsletter
- Does California Privacy Law SB168 Apply To Your Organization?
A guide for companies to evaluate the privacy implications of California SB168, including a discussion of using Social Security Numbers.
- EU Data Protection Directive of 1995
An FAQ on international privacy regulations with a focus on the EU Data Protection Directive.