Information Security Policy Blog

The latest news and articles relating to information security policies and regulatory compliance.  Bookmark this page or subscribe to our Policy Solutions Newsletter for regular updates.
How to Simplify Vendor Risk Management

Every major cyber security framework and law requires that an organization must manage the cyber risk of third party vendors. In fact, vendor cyber risk management must now be considered “best practice” for [...]

Read More
Information Shield Supports New NIST-HIPAA Guidelines

In February, the National Institute of Standards (NIST) released the updated version of agency guidance for implementing the HIPAA Security and Privacy Rule. NIST SP 800-66r2, Implementing the Health Insurance Portability and Accountability [...]

Read More
Information Shield Supports New Cyber Guidance for Water and Wastewater Systems Sector

The Cyber Security Infrastructure and Assurance Agency (CISA) recently posted an updated alert on how water utilities can protect from cyber attacks. The Alert – called Securing Water Systems – is based on [...]

Read More
Simplify Compliance with NYS-DFS Cyber Law

The New York Department of Financial Services (NYS-DFS) recently updated the model cyber security law (23 NYCRR 500) that requires financial institutions to build, update and validate a robust cyber security program. In [...]

Read More
Security Policies, Standards and Procedures: What’s the Difference?

One of the key challenges to developing effective information security policies is agreeing on a proper nomenclature.   Even before writing the first line of a security policy, many organizations get dragged into lengthy [...]

Read More
Simplify Compliance with EPA Cyber Security Requirements

Understand the key cyber security requirements of the new EPA Cyber Rule for water and see how to effectively build and maintain and written information security program to maintain compliance. What are the [...]

Read More
3 Ways to Validate your Cyber Security Program

If you are handling sensitive data in your business, sooner or later you will be asked to “validate” your cyber security program. This can happen for several reasons. A large customer or prospect [...]

Read More
New Certification Validates Cyber Security Program Readiness

The Information Shield Cyber Certification enables any business to effectively demonstrate cyber security readiness to third parties Information Shield today announced the release of the Information Shield Cyber Certification ™. This new program dramatically simplifies [...]

Read More
8 Rules for Passing Cyber Vendor Assessments

We often speak to businesses struggling to pass a cyber security assessment from one of their key clients. The business has received a huge spreadsheet with 100+ cyber security questions, many of which [...]

Read More
Simplify Compliance with NADA FTC Safeguards Rule

Understand the key requirements of the FTC Safeguards Rule as it applies auto-dealerships and see how to effectively build and maintain and written information security program to maintain compliance. What are the NADA [...]

Read More
Compliance with NIS 2 Directive Cyber Security

NIS2 Directive What is the NIS 2 Directive? The NIS 2 Cyber Directive is move by the EU to set a new standard for cyber security across the member states. The EU Parliament [...]

Read More
Simplify NAIC Data Security Law Compliance

What is the NAIC Data Security Model Law? The National Association of Insurance Commissioners (NAIC) Data Security Model Law (Model Law) requires insurers and other entities licensed by state insurance departments to develop, [...]

Read More
Key Elements of Information Security Policies

What is an information security policy? An Information Security Policy is a formal document that defines controls within your information security program. An information security policy is a high-level business rule that must [...]

Read More
Simplify Compliance with FTC Safeguards Rule

Understand the key requirements of the FTC Safeguards Rule and how to effectively build and maintain and written information security program to maintain compliance. What is the FTC Safeguards Rule? The Federal Trade [...]

Read More
The ISO 27002:2022 Update – What Happened?

In March 2022 the International Standards Institute (ISO) made an official update to the cyber security standard ISO/IEC 27002. The last update was in 2013, so nine years have passed. This is significant [...]

Read More
The IRS Data Security Plan: FAQ

Any IRS provider can develop a Data Security Plan using a quality Template.

Read More
Information Shield Enables SEC Cyber Compliance

April 13, 2022 – Information Shield today announced support for the new 2022 proposed SEC Cyber Risk requirements. Organizations can address the new security policy and record-keeping requirements in a single integrated solution. [...]

Read More
Comply with new SEC Cybersecurity Risk Rules

In February 2022 the Securities and Exchange Commission (SEC) voted to enhance the cyber security requirements for registered investment advisers (including registered investment companies and investment funds). The proposed SEC cyber risk management [...]

Read More
How to Develop an IRS Data Security Plan

The Internal Revenue Service (IRS) recently added a requirement for all tax preparers to develop a “Data Security Plan” to protect customer data. The IRS responded to growing threats against small businesses that [...]

Read More
Information Shield Enables Department of Labor Cyber Requirements

In April 2021 the United States Department of Labor (DOL) issued its first guidance to help retirement plan sponsors and administrators implement a sound cyber security program.  The Department of Labor estimates that over [...]

Read More