Call Us: 888 641 0500
05
MAY
2017

Information Shield Simplifies NY DFS Cyber Law Compliance

New “IT Security Made Easy” platform automates key compliance requirements of new DFS cyber data protection law May 4, 2017 – Information Shield – a leading provider of IT security compliance software – announced support for the new NYS Department of Financial...
21
MAY
2014

Distributing Information Security Policies

To be effective, information security policies need to be read and understood by every member of the organization. This seemingly simple requirement is now becoming a standard practice to reduce risk, comply with regulations and demonstrate due-diligence.  Why is this control so...
25
MAR
2014

The ROI of Pre-Written Information Security Policies

Often it is difficult to justify security policy development to management.   In many cases, this is due to a lack of understanding on just how detailed and complex policy writing can be.  “Just go find a template on the internet.”   For those of you who have tried...
08
MAY
2013

Information Security Policies According to NIST

Five Best Practices from NIST 800-53 In April 2013, NIST made the final updates to their complete catalog of information security requirements, Special Publication 800-53 Revision 4 – Security and Privacy Controls for Federal Information Systems and Organizations.  The...
11
JAN
2011

Five Reasons Why Security Policies Don’t Get Implemented

This article will explore five serious problems preventing information security policies from being implemented, even though these policies may have been written with the best of intentions. Cutting across all five of these causative factors is a theme involving a lack of...
23
NOV
2010

Using Security Policies As Catalysts For Internal Change

Security Quality Control: There is much to recommend about the ISO 9000 quality control approach as it is applies to the discipline of information security. In fact the ISO 27001 standard, entitled Information Security Management System (ISMS), in large measure reflects that same...
10
SEP
2010

When & Why To Publicly Reveal Internal Security Policies

Never Say Never: In the absence of further information, written information security policies are by default generally considered information that is “for internal use only” or “restricted.” There are many good reasons to refuse to release information...
26
JUN
2010

The Total Cost of Information Security Policy Management

In this paper we develop a cost model for estimating the Total Cost of Policy Management (TCPM). This paper is designed to help organizations estimate the true costs of ongoing policy management by understanding the details of each phase of security policy management. The Total...
26
MAY
2010

Regulatory Requirements for Establishing Information Security Roles and Responsibilities

There are many security and privacy regulations that are very specific about the proper assignment of security responsibilities. Yet in many organizations, the information security effort is not managed with the same precision as other disciplines. There are a variety of reasons...
26
APR
2010

The ROI of Pre-written Security Policies

Security Policy University is blog devoted to IT or information security professionals responsible for writing, publishing, maintaining and enforcing information security and data privacy policies. The blog has posts from a variety of experts in the field of information security...
12