Tag Archives: security policy compliance

Comply with new SEC Cybersecurity Risk Rules

In May 2024 the U.S. Securities and Exchange Commission (SEC) adopted amendments to its Regulation S-P, adding to the cyber security requirements for registered investment advisers (including registered investment companies and investment funds. The final SEC cyber risk management rules require advisers and funds to adopt and implement a program with written cybersecurity policies and […]

InformationShield – NetDiligence Alliance Aids Cyber Insurance

Houston, Texas – Information Shield and NetDiligence announced a strategic alliance to enhance information security options within the cyber insurance industry.  NetDiligence®  operates the ERiskHUB(TM), a platform that provides loss-mitigation and breach response solutions to dozens of leading cyber insurance providers and brokers.   As part of the alliance, Information Shield’s new platform – ComplianceShield – […]

Information Shield addresses SEC Information Security Requirements

Houston, Texas – Information Shield today announced that their latest information security product – ComplianceShield – can be used by clients to save time and money addressing security requirements from the Securities and Exchange Commission (SEC.) Since the SEC originally established requirements for protecting sensitive financial information, it has increased focus on the cyber security […]

Why Your Organization Needs To Customize Policy Templates

Please Don’t Do This A number of years ago I was asked to come in and do an information security risk assessment at a major company. Of course gathering and reading copies of relevant documentation is part of the background work necessary to orient myself to the client’s current information security situation. With this particular […]

When & Why To Publicly Reveal Internal Security Policies

Never Say Never: In the absence of further information, written information security policies are by default generally considered information that is "for internal use only" or "restricted." There are many good reasons to refuse to release information security policies to outsiders. But the trend these days is towards greater transparency, greater accountability, and a more [...]

Effective Security Policy Management – Part 7

Part 7. A Written Exception Process It may be impossible for every part of the organization to follow all of the information security policies at all times. This is especially true if policies are developed by the legal or information security department without input from business units. Rather than assuming there will be no exceptions […]

PCI Policy Compliance Using Information Security Policies

Many organizations are building or updating written information security policies in response to the newly updated Payment Card Industry Data Security Standard (PCI-DSS). In this paper we describe how Information Shield security policy products can be used to save time and money building security policies that address the PCI-DSS requirements. PCI-DSS Policy Compliance Using Information [...]

Regulatory Requirements for Information Security Policies

Some organizations still receive little management support or funding for a sound information security policy program. Within the last several years, however, numerous federal, state and international regulations have been passed that require the protection of information. Many organizations are now enhancing their information security policies in response to legal and regulatory requirements. In some […]

Required Acknowledgement of Security Policy Changes

Legal precedents are beginning to dictate a new standard for the notification of policy changes to your customers and employees. In the “old days” organizations would post changes to information security policies on the corporate intranet, and perhaps even notify employees that these changes occurred via email or some other means. However, in legal actions […]

COBIT or ISO17799?

Many organizations just getting started with information security policies ask us the question: Should we use ISO 17799 (now ISO 27002) or COBIT? The answer, of course, is that it depends on what you are trying to accomplish. In fact, they are not mutually exclusive, but can be used together. The basic difference between COBIT […]