Call Us: 888 641 0500
15
SEP
2016

Shadow IT – Security Policy Pillars

Many of our Information Shield customers are asking how to address “Shadow IT” within their information security policy programs.    In this article we will identify the common risks with unapproved IT devices and services and how to address them in your governance...
11
JUN
2016

Information Security Policy Lessons from Recent SEC Actions

Many financial services firms are currently building programs to comply with the information security requirements of the Securities and Exchange Commission (SEC). In this article we discuss some key information security policy and compliance lessons that organizations can learn...
11
FEB
2014

How to Structure Information Security Policies

We talk to customers every day about  security policies.   One of the most common questions we receive is this:  How should we structure our information security policies?  When we dig deeper, we usually find that this is a really a two-part question regarding policy structure....
28
JAN
2013

New Guidance Requires Social Media Security Policies

In January 2013, the Federal Financial Institutions Examination Council (FFIEC) posted a set of proposed guidelines for financial institutions to maintain compliance in the world of social media.   The document entitled “Social Media: Consumer Compliance Risk Manageme...
03
DEC
2012

The Six Pillars of Personnel Security Policy

The insider threat is often discussed among the top information security risks facing organizations.  In fact, for the first time in seven years of doing the study, the 2012 Ponemon Data Loss survey listed internal mistakes by insiders is the number one cause of data breaches. ...
01
DEC
2012

Most SMBs have no Information Security Policies

87% of Business in 2012 survey have no Acceptable Use Policies Phishing attacks are now among the top security risks for organizations. Yet, according to a recent survey of small and medium-sized businesses (SMB), a full Eighty-seven (87%) percent do not have a formal written...
11
JUL
2011

Security Policies to implement the DSD Top 35

In July 2011, The Australian Defence Signals Directorate (DSD) published an updated list of their Top 35 Mitigation Strategies. This list was based on the analysis of real-world events within the government agencies, and is designed to identify the top set of controls that would...
20
JAN
2011

Who should read information security policies?

Security policies are generalized requirements that must be written down and communicated to certain groups of people inside, and in some cases, outside the organization.   For example, a more general Internet Acceptable Use Policy covering the acceptable use of electronic mail...
27
OCT
2010

Social Media Security Policies Lagging Adoption

In August of 2010, the social network IT Toolbox released their latest study on the use of mobile and social media technologies in the enterprise. The survey included over 2200 IT professionals from 109 different countries. One of the areas of the survey included questions about...
08
JUL
2010

Implied Security Policies Create Added Risk

The US Supreme Court has overturned a lower-court ruling and concluded that management has a right to review employee text messages on company-issued devices. If used as a precedent, this case may have far-reaching consequences for employee expectations of privacy in workplace...
12