Tag

In January the Department of Health and Human Services (HHS) released the much-awaited final updates to the HIPAA Security, Privacy and Enforcement Rules. These updates, known as the “Omnibus Rule” were required by the HITECH Act and have been in proposal form since...

We hear reports of new data breaches almost daily. While most of them are fairly complex stories, they most always begin at some point with a human “insider” making a mistake. In fact, 2011 could be considered the “Year of the Insider.” From the RSA hack and Sony...

Developing A Governing Policy & Subsidiary Policies A Maturing Field: As the discipline of information security becomes more sophisticated, codified, standardized, and mature, it is not surprising that the old-fashioned approach to information security policy writing is no...

This article will explore five serious problems preventing information security policies from being implemented, even though these policies may have been written with the best of intentions. Cutting across all five of these causative factors is a theme involving a lack of...

Reports from the last few months have generated another wake-up call for those concerned with the security of the nation’s critical infrastructure. In addition to audit reports of widespread vulnerabilities among agencies managing the infrastructure, the first malicious software...

Never Say Never: In the absence of further information, written information security policies are by default generally considered information that is “for internal use only” or “restricted.” There are many good reasons to refuse to release information...

We recently posted a video on how to create a draft information security policy in minutes using templates from Information Security Policies Made Easy. While our libraries contain thousands of individual policy statements, we also provide sample policy documents that you can...

With a dramatic increase in legislation and consumer awareness of identity theft, businesses are finding that security and privacy policies are becoming an essential business tool. In some highly regulated market, it is difficult to do business at all without a sound set of...

The US Supreme Court has overturned a lower-court ruling and concluded that management has a right to review employee text messages on company-issued devices. If used as a precedent, this case may have far-reaching consequences for employee expectations of privacy in workplace...

The Information Security Policy Weblog is published by Information Shield. We provide this weblog (aka blog) to share and discuss various ideas that relate to the protection of both corporate and personal information through information security policies. We hope this will...