Information Shield program enables any organization to validate cybersecurity practices
HOUSTON, January 10, 2019 – Information Shield today announced the release of the Information Shield™ Cyber Certification. This new program dramatically reduces the time and cost of validating cybersecurity readiness to management and third parties across the information supply chain.
“Cyber regulations and vendor due-diligence are requiring hundreds of thousands of businesses to suddenly validate their cybersecurity programs,” said David Lineman, President of Information Shield. “However, current methods such as a SOC II or ISO 27001 certification are too costly and complex for many businesses. In addition, the results from these reports are not easily shared across the supply chain. The Information Shield(TM) Cyber Certification is a streamlined approach that uses a common set of vetted information security controls that can be validated by qualified information security auditors, and then shared seamlessly with customers, partners and regulators”.
“The market needs a more scalable option for businesses, especially SMEs, to validate their cybersecurity programs,” commented Mark Greisiger, president of NetDiligence®. “This is a common challenge in the cyber risk insurance industry for our carrier partners and their policyholders and we are pleased to support this effort by having our vice president Dave Chatfield serve as an information security auditor for Cyber Certification.”
Supporting a “Standard of Due Care” for Cybersecurity
The Information Shield Cyber Certification can provide a standard way for one organization to demonstrate the adoption of defensible cybersecurity principles. New privacy regulations such as the California Consumer Privacy Act (CCPA) and General Data Protection Regulation (GDPR) require that the organization adopt “leading practices” to secure private data, but provide no specific guidance on how this can be achieved.
The key to the Cyber Certification is the Information Shield “Common Control Library (CCL)” – a library of standard practices that is culled from international data security and privacy frameworks. The CCL covers 15 essential information security and data privacy domains, each mapped to a variety of standards such as ISO 27002, NIST 800-53, CSF, CMMC, HIPAA and many others. The CCL enables an organization to skip the painful step of translating these sometimes vague and overlapping requirements into a single list of program elements that can be implemented in the real world. Along with the CCL, the Cyber Risk Score™ can be used to score and measure progress.
Reducing Costs and Increasing Efficiency
“We have improved the validation process in two key ways,” said Lineman. “First, we have established a list of common information security controls and audit protocols that represent a defensible program. No longer do companies need to guess what to put in their program. Second, we have streamlined the validation process by leveraging a network of information security auditors who are familiar with these common controls. Together these innovations reduce time and effort while producing more repeatable results.”
The Compliance Ecosystem
One goal of the Cyber Certification is to enable any business to gain access to the cybersecurity talent typically available to only large enterprises. As part of the Certification Program, Information Shield is building a network of qualified information security auditors. Unlike an SSAE 18 report, which requires a CPA firm, the Cyber Certification brings together the many hundreds of information security consulting and audit firms around the world to customers that need their services.
“We don’t see why a CPA firm is required to validate information security controls” said David Lineman. “There are hundreds of firms that are capable of providing technical and business audits at costs manageable by small businesses.” Organizations seeking certification can be matched with a vetted assessment firm that is appropriate for their business. This process improves cost and efficiency, and opens up opportunities for smaller auditing firms that are left out of the current SOC II business.
Cybersecurity Advisory Board
The Information Shield Cyber Certification is reviewed by a team of qualified information security and data privacy professionals with many years of real-world audit experience. The Advisory Board is made up of key leaders in the area of information security, risk management, data privacy, incident response and cyber insurance.
Affordable Compliance Automation
Managing Supplier Information Security Risk
The Information Shield Cyber Certification can dramatically reduce the costs of managing third-party risk. Rather than creating ad-hoc security assessments and manually managing the assessment process, organizations can leverage the Cyber Certification to validate third-party vendors.
“We see some organizations wasting thousands of hours on manual cyber assessment methods”, said David Lineman, “Vendors spend months trying to parse out confusing spreadsheets. Adopting a more consistent approach will produce better results more quickly, freeing up resources so organizations can get back to their core business.”
A free trial of ComplianceShield is available by registering at the Information Shield website.