In January the Department of Health and Human Services (HHS) released the much-awaited final updates to the HIPAA Security, Privacy and Enforcement Rules. These updates, known as the “Omnibus Rule” were required by the HITECH Act and have been in proposal form since 2010. The new law incorporates some major changes in the HIPAA security […]
Developing A Governing Policy & Subsidiary Policies A Maturing Field: As the discipline of information security becomes more sophisticated, codified, standardized, and mature, it is not surprising that the old-fashioned approach to information security policy writing is no longer appropriate. We are talking here about the “one-size-fits-all” information security policy that is supposed to apply […]
This article will explore five serious problems preventing information security policies from being implemented, even though these policies may have been written with the best of intentions. Cutting across all five of these causative factors is a theme involving a lack of understanding about the nature of policies. All too often policies are written in […]
Never Say Never: In the absence of further information, written information security policies are by default generally considered information that is “for internal use only” or “restricted.” There are many good reasons to refuse to release information security policies to outsiders. But the trend these days is towards greater transparency, greater accountability, and a more […]
We recently posted a video on how to create a draft information security policy in minutes using templates from Information Security Policies Made Easy. While our libraries contain thousands of individual policy statements, we also provide sample policy documents that you can customize. How to Create a Security Policy in 5 Minutes (or less)
With a dramatic increase in legislation and consumer awareness of identity theft, businesses are finding that security and privacy policies are becoming an essential business tool. In some highly regulated market, it is difficult to do business at all without a sound set of policies. In this overview we discuss various ways that effective, written […]
The US Supreme Court has overturned a lower-court ruling and concluded that management has a right to review employee text messages on company-issued devices. If used as a precedent, this case may have far-reaching consequences for employee expectations of privacy in workplace communications. However, the ruling should also serve as a wake-up call for organizations […]
The Information Security Policy Weblog is published by Information Shield. We provide this weblog (aka blog) to share and discuss various ideas that relate to the protection of both corporate and personal information through information security policies. We hope this will provide a forum to discuss real-world issues involving the practice of protecting information. We […]