Tag

Houston, Texas – Information Shield today announced that their latest information security product – ComplianceShield – can be used by clients to save time and money addressing security requirements from the Securities and Exchange Commission (SEC.) Since the...

Assessing the risk of third-party vendors has been a growing problem for compliance management.  Because of the growing number of data breaches related to third-parties, regulators have been focusing on the inherent risks of outsourcing.   Within the financial services industry,...

The Privacy Rights Clearinghouse recently released their review of what they call the most significant data breaches of 2011. Even if you have read about each of these incidents before, they are worth reading again in summary form.  What is perhaps most striking is how the most...

Security policies are generalized requirements that must be written down and communicated to certain groups of people inside, and in some cases, outside the organization.   For example, a more general Internet Acceptable Use Policy covering the acceptable use of electronic mail...

Never Say Never: In the absence of further information, written information security policies are by default generally considered information that is “for internal use only” or “restricted.” There are many good reasons to refuse to release information...

In July 2007, several contractors of Los Alamos National Laboratory were fined a total of $3.3 million for failing to adequately protect data as required in their contracts. The Department of Energy (DOE) initiated formal enforcement actions against specific current and former...