Citadel Information Group

You are here: Home / Overview: From the Boardroom to the Firewall / Information Security Policies and Standards

Information Security Policies and Standards

Citadel’s Information Security Management Policies and Standards:

  • Leadership: Establish management’s commitment to securing critical information assets
  • Set the Bar: Establish uniform organizational standards for securing critical information assets
  • Management Playbook: Serve as a playbook for managing information security
  • IT Security Management: Provide explicit standards for use by IT personnel in securely configuring and maintaining the IT Infrastructure
  • Protection Baseline: Provide an information security baseline for establishing adequate privacy protection and protection of intellectual property, trade secrets and other proprietary firm information
  • Cultural Adaptation: Support the all-important objective of creating an information security aware and adaptive culture

Citadel’s Information Security Policies are also designed to meet emerging information security frameworks, laws, regulations and contractual requirements for information security policies, including:

  • The NIST Cybersecurity Framework
  • ISO-27001, 27002
  • Payment Card Industry Data Security Standard requiring the protection of card information
  • Federal laws, such as HIPAA HITECH and Gramm-Leach-Bliley which require the protection of personal health and financial information
  • NIST 800-171 and DFARS
  • Center for Internet Security (CIS-20)
  • FTC Safe Harbor
  • New York State Cybersecurity Requirements for Financial Services Companies
  • California Civil Code 1798.81.5
  • GDPR
  • California CCPA
  • Other Compliance Requirements

Citadel’s Information Security Policies and Standards — Deliverables

  1. A perpetual use, non-exclusive license to Citadel’s Information Security Management Policies and Standards, branded with your name and logo.
  2. A 2-hour workshop introducing our policies and standards to your senior management and IT teams
  3. An Action Item To-Do List, documenting things to do to comply with policies and standards
  4. A concise Information Security Guidelines for distribution to staff

 

[1] Beyond Information Security Awareness Training: It’s Time to Change the Culture, Information Security Management Handbook, Sixth Edition, edited by Hal Tipton and Micki Krause, Auerbach,  2006.

[2] See An Emerging Information Security Minimum Standard of Due Care, Robert Braun, Esq., Stan Stahl, Ph.D, Handbook of Information Security, Auerbach, 2004. An update was published in the Privacy and Data Security Law Journal, March 2006.

Get in touch

323 428 0441
info@citadel-information.com

 Citadel Information Group

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.