Use these 5 tips to take your information security policies off the shelf and put them into action. Bad Information Security Policies Information Security Policies are the foundation of your cyber security program. They create the “written rules” that define how controls are implemented and audited. They are typically the first set of “evidence” used […]
Tag Archives: information security policy
FTC Safeguard Compliance, Information Security Policies, Press Releases
Simplify Compliance with EPA Cyber Security Requirements
04
Oct
Oct
Understand the key cyber security requirements of the Safe Drinking Water Act (SDWA) and see how to effectively build and maintain and written information security program to maintain compliance. NOTE: When this article was originally published, Cyber Audit were going to be part of the Sanitary Surveys. That requirement was removed. But the Cyber Security […]
The New York Department of Financial Services (NYS-DFS) recently updated the model cyber security law (23 NYCRR 500) that requires financial institutions to build, update and validate a robust cyber security program. In this article we discuss key requirements and how organizations can simplify the compliance process. What is the NYS-DFS Cyber Security Law? The […]
FTC Safeguard Compliance, Information Security Policies, Press Releases
Simplify Compliance with NADA FTC Safeguards Rule
27
Feb
Feb
Understand the key requirements of the FTC Safeguards Rule as it applies auto-dealerships and see how to effectively build and maintain and written information security program to maintain compliance. What are the NADA cyber security requirements? The National Automotive Dealers Association (NADA) proposed a set of cyber security requirements to help protect private customer data […]
What is an information security policy? An Information Security Policy is a formal document that defines controls within your information security program. An information security policy is a high-level business rule that must be followed by the organization. Example Policy: All Company X user accounts must be approves by a member of the information technology […]
Understand the key requirements of the FTC Safeguards Rule and how to effectively build and maintain and written information security program to maintain compliance. What is the FTC Safeguards Rule? The Federal Trade Commission (FTC) created the Standards for Safeguarding Customer Information (“FTC Safeguards Rule”) to ensure that businesses maintain a cyber security program to protect private […]
In January the Department of Health and Human Services (HHS) released the much-awaited final updates to the HIPAA Security, Privacy and Enforcement Rules. These updates, known as the “Omnibus Rule” were required by the HITECH Act and have been in proposal form since 2010. The new law incorporates some major changes in the HIPAA security […]
We hear reports of new data breaches almost daily. While most of them are fairly complex stories, they most always begin at some point with a human "insider" making a mistake. In fact, 2011 could be considered the “Year of the Insider.” From the RSA hack and Sony Playstation breach, to the Epsilon e-mail breach [...]
Developing A Governing Policy & Subsidiary Policies A Maturing Field: As the discipline of information security becomes more sophisticated, codified, standardized, and mature, it is not surprising that the old-fashioned approach to information security policy writing is no longer appropriate. We are talking here about the “one-size-fits-all” information security policy that is supposed to apply […]
This article will explore five serious problems preventing information security policies from being implemented, even though these policies may have been written with the best of intentions. Cutting across all five of these causative factors is a theme involving a lack of understanding about the nature of policies. All too often policies are written in […]