Security Policy Research and Whitepapers
Information Shield provides research on Information Security Policy and Governance, Risk and Compliance (GRC). Our mission is to help organizations streamline the development, documentation, tracking and validation of a robust cyber security program. For more information, check out the Security Policy Blog.
- Information Security Policy: The Complete Guide
Complete Guide to Information Security Policy: Success in policy development and deployment In today’s digital age, data breaches, cyberattacks, and privacy violations are not just risks—they’re daily headlines. That’s why having a well-structured information security policy isn’t optional anymore; it’s absolutely critical. Whether you’re running a multinational corporation or a small business, […] - Top Information Security Policies to Protect Your Business in 2025
Introduction to Information Security Policies In today’s digital world, data is one of the most valuable assets a business can have. But with that value comes responsibility—and risk. Information security policies are formal business rules that help organizations manage and protect data from unauthorized access, misuse, or theft. These policies set clear […] - Ultimate Guide to Cyber Risk Assessment: Tips & Tools (2025)
Cyber risk assessment isn’t just for large enterprises. Small and medium businesses, non-profits, and even schools benefit from assessing their cyber vulnerabilities. A robust cyber risk assessment can mean the difference between preventing an attack and suffering a devastating data breach. - 5 Steps to Simplify DORA Compliance
Streamline Compliance with the Digital Operational Resilience Act (DORA). Save thousands building and documenting a cyber program. - 3 Ways to Validate your Cyber Security Program
If you are handling sensitive data in your business, sooner or later you will be asked to “validate” your cyber security program. This can happen for several reasons. A large customer or prospect may need to assess the cyber risk of your organization. You may try to purchase Cyber Breach Insurance. Or […] - Information Security Policies: Address Regulatory Requirements
Management often struggles to justify the expense of developing and maintaining written information security policies. In the following table we show various regulatory frameworks that explicitly or implicitly require written information security policies. Security Policies: Requirements Regulatory Map Regulation/Framework Industry/Region Policy Requirement Payment Card Industry Data Security Standard PCI-DSS Credit Card Processing […] - Simplify Compliance with NYS-DFS Cyber Law
The New York Department of Financial Services (NYS-DFS) recently updated the model cyber security law (23 NYCRR 500) that requires financial institutions to build, update and validate a robust cyber security program. In this article we discuss key requirements and how organizations can simplify the compliance process. What is the NYS-DFS Cyber […]