Category Archives: Information Security Compliance

Cybersecurity compliance articles

Leadership Role in Information Security

Leadership Role in Information Security Leadership role in an organization is to enact the values they say are important. Employees often pay more attention to what their supervisors say and do rather than directives learned in training, or from awareness aides like posters and flyers. The first thing  leadership can do to promote security in an organization is… Read More »

Locard’s Exchange Principle and the Daubert Test

Locard’s Exchange Principle and the Daubert Test Locard’s Exchange Principle is based on the precept that when people interact within an environment, they always leave traces of their activities. This is the basic principle of forensic science. In the digital and physical world, Locard’s Exchange Principle applies in that if people attempt to steal, remove, add, alter, or… Read More »

Information Security Policies, Standards, Procedures

Policies, Standards, Procedures – Information Security Governance Documents Information Security Governance documents consist of Policies, Standards, and Procedures. Policies are top-level governance documents that inform the organization of executive management’s information security direction and goals. Standards are just below policies and define the activities and actions as baselines needed to meet policy goals. Procedures are the lowest level… Read More »

Online Terms of Service Agreements in Contract Law

The Importance of Online Terms of Service Agreements in Contract Law Online Terms of Service agreements (TOS) found in contracts must have the following elements to be considered legal and enforceable: Parties to the contract must have the legal ability to enter a contract known as contractual capacity.  A contract can only be used for transactions that are… Read More »

Safe Harbor and State of Texas Breach Notification Laws

The Concept of Safe Harbor The concept of “Safe Harbor” refers to specific actions, example; encryption of private data, that an individual or an organization can take to show a good-faith effort in complying with the law. This good-faith effort provides a person or organization “Safe Harbor” against prosecution under the law (Grama, 2015, pg.253). The State of… Read More »

Section 409 of the Sarbanes-Oxley Act (SOX)

Section 409 of the Sarbanes-Oxley Act (SOX) Section 409 of the Sarbanes-Oxley Act (SOX) states that organizations that are subject to SOX are required to disclose to the public, on an urgent basis, information on material changes in their financial condition or operations. The disclosures must to be presented in terms that are easy to understand and supported… Read More »

Health Information Privacy Complaint Consent

Health Information Privacy Complaint According to the Health Information Privacy Complaint Form OMB No. 0990-0269, Complaint Consent Form, The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has the authority to collect and receive material and information about a complainant, including personnel and medical records may be relevant to an investigation of a person’s… Read More »