Tag Archives: security policies

CyberSecurity Framework, Regulatory Compliance

Remember NYS-DFS? First Enforcement Action

Posted on by David Lineman

First Enforcement Action Signals a Need for Cyber Review In March 2017, the New York State Department of Financial Services passed their cyber law – Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (NYS-DFS 500).   The law imposed formal cyber security requirements for covered insurance entities and their vendors.  This law was groundbreaking at […]

Continue reading
ISO 27002 Compliance, security policy development

Using Security Policies As Catalysts For Internal Change

Posted on by Charles Cresson Wood
Security Quality Control: There is much to recommend about the ISO 9000 quality control approach as it is applies to the discipline of information security. In fact the ISO 27001 standard, entitled Information Security Management System (ISMS), in large measure reflects that same methodology. In other words, ISO 27001 suggests a continuous improvement approach to [...]
Continue reading
Information Security Policy

Confessions of a Security Policy Geek

Posted on by David Lineman
Why I Love Information Security Policies Being a vendor of information security policy content is somewhat strange. Many times during the week we talk to folks who need to write security policies for their company. The story is often the same: They are staring at the long list of requirements (say from the ISO 27002 [...]
Continue reading
Information Security Policy

Effective Security Policy Management – Part 3

Posted on by David Lineman

Part 3. Defined Management Structure To help keep information security policies readable and manageable, it is important to keep the information “level” consistent among the various document types. In other words, it is not advisable to mix policies, procedures, standards and guidelines into your policy documents. An effective approach is to create a policy governance […]

Continue reading
Information Security Policies

Security Policy on Social Networking Sites

Posted on by David Lineman

Social Networking sites present some unique challenges for organizations that must attract and keep young workers. Is the use of social networking sites at work a necessary perk or an unacceptable risk to corporate information? Some argue that organizations must allow access to social networking and other Web 2.0 sites to help attract a more […]

Continue reading