Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community / Information Security Policies and Standards

Information Security Policies and Standards

Citadel’s Information Security Management Policies and Standards:

  • Leadership: Establish management’s commitment to securing critical information assets
  • Set the Bar: Establish uniform organizational standards for securing critical information assets
  • Management Playbook: Serve as a playbook for managing information security
  • IT Security Management: Provide explicit standards for use by IT personnel in securely configuring and maintaining the IT Infrastructure
  • Protection Baseline: Provide an information security baseline for establishing adequate privacy protection and protection of intellectual property, trade secrets and other proprietary firm information
  • Cultural Adaptation: Support the all-important objective of creating an information security aware and adaptive culture

Citadel’s Information Security Policies are also designed to meet emerging information security frameworks, laws, regulations and contractual requirements for information security policies, including:

  • The NIST Cybersecurity Framework
  • ISO-27001, 27002
  • Payment Card Industry Data Security Standard requiring the protection of card information
  • Federal laws, such as HIPAA HITECH and Gramm-Leach-Bliley which require the protection of personal health and financial information
  • NIST 800-171 and DFARS
  • Center for Internet Security (CIS-20)
  • FTC Safe Harbor
  • New York State Cybersecurity Requirements for Financial Services Companies
  • California Civil Code 1798.81.5
  • GDPR
  • California CCPA
  • Other Compliance Requirements

Citadel’s Information Security Policies and Standards — Deliverables

  1. A perpetual use, non-exclusive license to Citadel’s Information Security Management Policies and Standards, branded with your name and logo.
  2. A 2-hour workshop introducing our policies and standards to your senior management and IT teams
  3. An Action Item To-Do List, documenting things to do to comply with policies and standards
  4. A concise Information Security Guidelines for distribution to staff

Background Information & Additional Resources

SecureTheVillage: Information Security Policies and Standards

 

[1] Beyond Information Security Awareness Training: It’s Time to Change the Culture, Information Security Management Handbook, Sixth Edition, edited by Hal Tipton and Micki Krause, Auerbach,  2006.

[2] See An Emerging Information Security Minimum Standard of Due Care, Robert Braun, Esq., Stan Stahl, Ph.D, Handbook of Information Security, Auerbach, 2004. An update was published in the Privacy and Data Security Law Journal, March 2006.

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox from Secure The Village.

Sign Up

Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community

  • Citadel’s Information Peace of Mind ® Program
  • Assessments and Reviews
  • Information Security Policies and Standards
  • Privacy: Information Inventory / Data Mapping
  • SecureTheHuman
  • Client Success Stories
  • Security Management of the IT Network / Infrastructure
  • Phishing Defense Training
  • Incident Response / Business Continuity
  • CCPA and Defendable Security Procedures and Practices
  • Litigation Support
  • Secure Application Development — Learn By Doing
  • Keynotes

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy