In today's changing regulatory and investor landscape, Information Security Plans are critical for firms to comply with state laws and industry regulators, including the Securities Exchange Commision (SEC) and Financial Services Authority (FSA). Beyond regulators, investors and clients expect details InfoSec Policies & Procedures that address increasingly sophisticated cybersecurity threats.
We're Pros at Creating Information Security Programs
No two companies are the same, so their security strategies shouldn’t be either. Keeping your company secure means building a comprehensive information security program that aligns with your business’ needs. Our Security Consultants are here to help!
Eze Written Information Cybersecurity Plans
Development, Implementation, Maintenance & Auditing
Eze Castle’s Written Information Security Plan Service (Eze WISP) covers creation, implementation, maintenance and auditing of information security policies and plans. Our team works with clients to outline and document the administrative and technical safeguards in place to ensure confidential data is protected.
We also conduct information security plan audits of existing documentation and information security training for employees.
Sample Technical Cybersecurity Protections
- Assessment of technical safeguards (i.e., penetration testing, email encryption, software patches, vulnerability assessments, firewalls, etc.)
- Evaluation of technical policies/Cybersecurity Tracking Sheet (i.e., strong password policy, access controls, USB policy, hard copy documentation policy, etc.)
- If needed, implementation of additional technical safeguards
Sample Administrative Cybersecurity Safeguards
- Defines confidential data
- How confidential data is protected
- Where confidential data is located (i.e., shared drive, externally hosted, hard copy format, etc.)
- Who has access to confidential data and do they have a business need
- Roles and responsibilities for responding to a data breach or cybersecurity incident
- Internal and external communication procedures for responding to an incident
- Employee responsibilities and training