ALL THINGS INFOSEC RSS

The government's approach to GLBA enforcement, places the burden of possessing current, adequate information security documentation as well as an effective Information Security (INFOSEC) program, on the business owner, and allows the FTC flexibility in determining whether you, the business owner, have met due diligence standards or not.  This is a critical fact to remember, and we strongly believe you should research these topics further in order to be well informed regarding your responsibilities.  (You likely don't want to be at the mercy of a government auditor who was recently notified, concerning a large data breach found within your business...

Learn of your coverage requirements first:  For example, is your business required to develop an active, well-managed security program, supported by testing activities, monitoring procedures, program documentation etc, in order to receive coverage?  Do you want to pay premiums for cyber insurance, and then be denied compensation much later during a data breach, for not having developed an adequate security program?  How many people do you know have been denied insurance coverage during emergency situations when they have faithfully paid their premiums?  Bottom line:  Ask questions.  Obtain sound advice before you buy, to ensure you are meeting coverage requirements.  BONUS...

One main challenge for small businesses implementing a security program is this:  Software companies create standard operating systems for all; often requiring specialized skills to effectively manage tools and system features.  Additionally, configuring and managing security controls for an operating system alone is more than a full time job in and of itself.  Large companies employ teams of highly skilled employees to support these efforts, and yet, you as a small business owner are also required to configure protection mechanisms that are similarly effective in reducing risks.Because the small business is utilizing similar types of operating system (and software products)...

You may be unaware of some key facts regarding Data Security Plan (DSP) requirements, the government's approach, and the level of effort actually required to effectively manage an information security program. DSPs are mature documents that have been in use as a security tool for government program environments for over 20 years.  (FYI, the information security industry, which has its' own mature framework in place, is similar to the taxation and banking industries.)  Different mature frameworks exist as security tools for a variety of programs where the government can easily decipher between credible documentation, and sham efforts. Bottom line:  Efforts...

Are you aware of your legal responsibility to report data breaches?  If not, now is the time to become acquainted that is BEFORE a data breach occurs.  Love your business enough to learn of your responsibilities ahead of time.  Focus on facing worries with courage and diligence and eventually your will master them.  See the below link for more information: Security Breach Laws  We're here to help. Protect your business, protect your clients. 2020 ©. DataSecurityPlan.Com.  All Rights Reserved.