Tag Archives: acceptable use policy

Shadow IT – Security Policy Pillars

Many of our Information Shield customers are asking how to address “Shadow IT” within their information security policy programs.    In this article we will identify the common risks with unapproved IT devices and services and how to address them in your governance and security policy framework. What is “Shadow IT”? In short, “shadow IT’ is […]

Information Security Policy Lessons from Recent SEC Actions

Many financial services firms are currently building programs to comply with the information security requirements of the Securities and Exchange Commission (SEC). In this article we discuss some key information security policy and compliance lessons that organizations can learn and adopt for their own programs.   In 2016 the SEC has increased its focus on cyber […]

How to Structure Information Security Policies

We talk to customers every day about  security policies.   One of the most common questions we receive is this:  How should we structure our information security policies?  When we dig deeper, we usually find that this is a really a two-part question regarding policy structure. First, how should we name and organize our documents. Second, […]

New Guidance Requires Social Media Security Policies

In January 2013, the Federal Financial Institutions Examination Council (FFIEC) posted a set of proposed guidelines for financial institutions to maintain compliance in the world of social media.   The document entitled “Social Media: Consumer Compliance Risk Management Guidance,” includes a number of specific recommendations for financial institutions that must protect customer information.  The FFIEC security […]

The Six Pillars of Personnel Security Policy

The insider threat is often discussed among the top information security risks facing organizations.  In fact, for the first time in seven years of doing the study, the 2012 Ponemon Data Loss survey listed internal mistakes by insiders is the number one cause of data breaches.  What is an insider threat? This term is loosely […]

Most SMBs have no Information Security Policies

87% of Business in 2012 survey have no Acceptable Use Policies Phishing attacks are now among the top security risks for organizations. Yet, according to a recent survey of small and medium-sized businesses (SMB), a full Eighty-seven (87%) percent do not have a formal written Internet security policy for employees. These findings are from a […]

Security Policies to implement the DSD Top 35

In July 2011, The Australian Defence Signals Directorate (DSD) published an updated list of their Top 35 Mitigation Strategies. This list was based on the analysis of real-world events within the government agencies, and is designed to identify the top set of controls that would have the most impact on reducing actual incidents. The list […]

Who should read information security policies?

Security policies are generalized requirements that must be written down and communicated to certain groups of people inside, and in some cases, outside the organization.   For example, a more general Internet Acceptable Use Policy covering the acceptable use of electronic mail would need to be read by every person with access to electronic mail.  A […]

Social Media Security Policies Lagging Adoption

In August of 2010, the social network IT Toolbox released their latest study on the use of mobile and social media technologies in the enterprise. The survey included over 2200 IT professionals from 109 different countries. One of the areas of the survey included questions about corporate guidance and security policies. While Social media use […]

Implied Security Policies Create Added Risk

The US Supreme Court has overturned a lower-court ruling and concluded that management has a right to review employee text messages on company-issued devices. If used as a precedent, this case may have far-reaching consequences for employee expectations of privacy in workplace communications. However, the ruling should also serve as a wake-up call for organizations […]