The settlement requires Twitter to take a number of steps to secure users' private information, including maintenance of a "comprehensive information security program" to be independently audited biannually.
Until August 2014, Venmo didn't have a written information security program, the FTC noted, and until March 2015, it didn't inform users when their password or email had been changed or when a new device was added.
Nor did it have a written information security program until that date.
Coverage includes a review of the core information assurance requirements, the value of information, organizing an information security program, and information security infrastructure and architecture.
The company also must establish and maintain a comprehensive information security program, which will be assessed by a third party every other year for 10 years.
Gramm-Leach-Bliley Act (GLBA) (Federal regulation): It requires institutions that offer financial products or services to consumers to develop, implement, and maintain a comprehensive information security program that protects the confidentiality and integrity of customer records [29].
Drafting an information security program that is modular, flexible, and focused on risk mitigation and common-sense security will go a long way toward tackling the ever-evolving compliance landscape.
The implications of our analyses lead us to emphasize (1) the importance for organizations to plan a comprehensive information security program, and (2) the shared social responsibility required to combat social engineering malware.
This chapter discusses the impact that regulations have had on vulnerability assessment and pen testing, as well as several was of drafting an information security program to meet an ever-changing business environment.
This chapter discusses the impact that regulatory agencies have had on vulnerability assessment and pen testing, as well as how to draft an information security program to meet an ever-changing business environment.
