Tag Archives: information security policy

security policy development, Writing Security Policies

Key Elements of Information Security Policies

Posted on by David Lineman

What is an information security policy? An Information Security Policy is a formal document that defines controls within your information security program. An information security policy is a high-level business rule that must be followed by the organization. Example Policy: All Company X user accounts must be approves by a member of the information technology […]

Continue reading
FTC Safeguard Compliance, Information Security Policies

Simplify Compliance with FTC Safeguards Rule

Posted on by David Lineman

Understand the key requirements of the FTC Safeguards Rule and how to effectively build and maintain and written information security program to maintain compliance. What is the FTC Safeguards Rule? The Federal Trade Commission (FTC) created the Standards for Safeguarding Customer Information (“FTC Safeguards Rule”) to ensure that businesses maintain a cyber security program to protect private […]

Continue reading
HIPAA-HiTECH Compliance, third-party security policies

Security Policies Key to HIPAA BA Compliance

Posted on by David Lineman

In January the Department of Health and Human Services (HHS) released the much-awaited final updates to the HIPAA Security, Privacy and Enforcement Rules. These updates, known as the “Omnibus Rule” were required by the HITECH Act and have been in proposal form since 2010.  The new law incorporates some major changes in the HIPAA security […]

Continue reading
employee security policy, Security Policy Whitepapers, Threat Management

Security Policies to Address Internal Threat

Posted on by David Lineman
We hear reports of new data breaches almost daily. While most of them are fairly complex stories, they most always begin at some point with a human "insider" making a mistake. In fact, 2011 could be considered the “Year of the Insider.” From the RSA hack and Sony Playstation breach, to the Epsilon e-mail breach [...]
Continue reading
Information Security Policies, security policy development

The Information Security Policy Hierarchy

Posted on by Charles Cresson Wood

Developing A Governing Policy & Subsidiary Policies A Maturing Field: As the discipline of information security becomes more sophisticated, codified, standardized, and mature, it is not surprising that the old-fashioned approach to information security policy writing is no longer appropriate. We are talking here about the “one-size-fits-all” information security policy that is supposed to apply […]

Continue reading
Information Security Policy, PCI-DSS

Five Reasons Why Security Policies Don’t Get Implemented

Posted on by Charles Cresson Wood

This article will explore five serious problems preventing information security policies from being implemented, even though these policies may have been written with the best of intentions. Cutting across all five of these causative factors is a theme involving a lack of understanding about the nature of policies. All too often policies are written in […]

Continue reading
Policy Related Incidents

Security Policy Lessons from SCADA Attacks

Posted on by David Lineman
Reports from the last few months have generated another wake-up call for those concerned with the security of the nation’s critical infrastructure. In addition to audit reports of widespread vulnerabilities among agencies managing the infrastructure, the first malicious software was discovered “in the wild” that specifically targets the SCADA system employed to manage these networks. [...]
Continue reading
Writing Security Policies

When & Why To Publicly Reveal Internal Security Policies

Posted on by Charles Cresson Wood
Never Say Never: In the absence of further information, written information security policies are by default generally considered information that is "for internal use only" or "restricted." There are many good reasons to refuse to release information security policies to outsiders. But the trend these days is towards greater transparency, greater accountability, and a more [...]
Continue reading
security policy development

Quickly Developing Draft Security Policies

Posted on by David Lineman

We recently posted a video on how to create a draft information security policy in minutes using templates from Information Security Policies Made Easy. While our libraries contain thousands of individual policy statements, we also provide sample policy documents that you can customize. How to Create a Security Policy in 5 Minutes (or less)

Continue reading
Security Policy Whitepapers

Enabling Business with Information Security and Privacy Policies

Posted on by David Lineman

With a dramatic increase in legislation and consumer awareness of identity theft, businesses are finding that security and privacy policies are becoming an essential business tool. In some highly regulated market, it is difficult to do business at all without a sound set of policies. In this overview we discuss various ways that effective, written […]

Continue reading