Search
 
Best Practices

The Risk in Adopting Templated Data Protection Policies

The New Y orkDepartment of Financial Services fined a crypto company $1.2 million for not conducting proper information security risk assessments and for using templated policies, without customizing them to fit the company.

By F. Paul Greene | May 26, 2023 at 01:00 PM
Stock illustration: Cyber criminal

In a matter of seconds, generative artificial intelligence (AI) can draft a reasonably passable information security policy for an organization. The policy will look much like the thousands of publicly available policies found on the Internet. It will likely contain the generally accepted elements of a mature information security program: risk assessment, a categorical listing of primary security controls, a section on incident response, and further sections on employee obligations and training.

The policy will likely also contain a placeholder, such as “[Company Name],” where the organization should, at minimum, customize the policy to reflect that it has been evaluated, approved, and adopted by organization. There is risk in such ease of access to prefabricated policies, however.

Even before the Google transformer paper was published in 2017, giving rise to the recent explosion in large-language-model AI solutions, data protection policies were widely available on the Internet and just as widely cribbed by organizations looking for a good example from which to start, or in certain cases, end.

Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.

Your access to unlimited Treasury & Risk content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Critical Treasury & Risk information including in-depth analysis of treasury and finance best practices, case studies with corporate innovators, informative newsletters, educational webcasts and videos, and resources from industry leaders.
  • Exclusive discounts on ALM and Treasury & Risk events.
  • Access to other award-winning ALM websites including PropertyCasualty360.com and Law.com.

Already have an account?

NOT FOR REPRINT

© 2023 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

 

Recommended Stories

Preparing for FedNow Instant Payments

Preparing for FedNow Instant Payments

T&R Staff |

Part 2 of 2: Now that FedNow is live, what should companies be doing to prepare to send and/or receive payments via the service?

Treasury & Risk

Join Treasury & Risk

Don’t miss crucial treasury and finance news along with in-depth analysis and insights you need to make informed treasury decisions. Join Treasury & Risk now!

  • Free unlimited access to Treasury & Risk including case studies with corporate innovators, informative newsletters, educational webcasts, and resources from industry leaders.
  • Exclusive discounts on ALM and Treasury & Risk events.
  • Access to other award-winning ALM publications including PropertyCasualty360.com and Law.com.

Already have an account? Sign In Now
Join Treasury & Risk

Copyright © 2023 ALM Global, LLC. All Rights Reserved.