WHAT IS A DATA SECURITY PLAN (DSP)?

A DSP is one of several key documents within an INFOSEC program that legislative acts, such as the GLBA require your office to develop and maintain as part of an active, robust, INFOSEC program.

Why are the FTC and IRS in particular placing emphasis on developing an INFOSEC program? It is clear that enforcement of the GLBA is increasing due to the number of data breaches affecting merchants and consumers. Bottom line, the government has decided to highlight the importance of complying with the GLBA at this time, and is starting to make examples out of companies who fail to comply.

What does this mean for you? Simply put, you are responsible for the following:

Establishing an effective INFOSEC program that reasonably protects clients data
Developing security documentation within your INFOSEC program that accurately reflects the security posture of your environment and shows how you are operating your business (Your INFOSEC program is subject to audit.)
Implementing administrative, procedural, and technical security controls (as a minimum) required in order to reasonably comply with FTC data protection requirements given the size and complexity of your business operations.
Testing and Monitoring effectiveness of controls established within your INFOSEC program to minimize risk
Periodic self-audit and remediation activities for effective INFOSEC program management

Keep in mind that no safe harbors currently exist for compliance, but in viewing our, "HOW TO ACHIEVE REASONABLE COMPLIANCE", article you can closely align with the same standards currently in use by the government for their INFOSEC programs. (This diligent approach logically affords your business foundational leverage from which to mount a reasonable defense.)

In short, developing a DSP is a first, important step you can take to improve your security posture.

Protect your business, protect your clients.
We are the leverage you need.
We're here to help.