First Enforcement Action Signals a Need for Cyber Review In March 2017, the New York State Department of Financial Services passed their cyber law - Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (NYS-DFS 500). The law imposed formal cyber security requirements for covered insurance entities and their vendors. This law was groundbreaking at [...]
Tag Archives: security policies
Security Quality Control: There is much to recommend about the ISO 9000 quality control approach as it is applies to the discipline of information security. In fact the ISO 27001 standard, entitled Information Security Management System (ISMS), in large measure reflects that same methodology. In other words, ISO 27001 suggests a continuous improvement approach to [...]
Why I Love Information Security Policies Being a vendor of information security policy content is somewhat strange. Many times during the week we talk to folks who need to write security policies for their company. The story is often the same: They are staring at the long list of requirements (say from the ISO 27002 [...]
Part 3. Defined Management Structure To help keep information security policies readable and manageable, it is important to keep the information “level” consistent among the various document types. In other words, it is not advisable to mix policies, procedures, standards and guidelines into your policy documents. An effective approach is to create a policy governance […]
Social Networking sites present some unique challenges for organizations that must attract and keep young workers. Is the use of social networking sites at work a necessary perk or an unacceptable risk to corporate information? Some argue that organizations must allow access to social networking and other Web 2.0 sites to help attract a more […]