Written Information Security and Privacy Program (WISPP)

CyberCecurity LLC's new Written Information Security and Privacy Program (WISPP) helps companies build and manage cybersecurity and privacy programs that are aligned with the NIST Cybersecurity Framework (CSF) and the NIST Privacy Framework (PF)

NOTE: The following was included as part of a press release distributed on February 5, 2020 via EIN Newswire. See the full press release HERE.

Historically, in order to be complete, cybersecurity programs needed to contain what was referred to as a Written Information Security Program or WISP document as part of the program.

The NIST Cybersecurity Framework (CSF) category ID-GV establishes the requirement for the WISP, which the overarching document used to help management and IT teams to understand and implement cybersecurity in the organization. It was the primary governance document related to the cybersecurity program. The WISP informs management about the policies, procedures, and processes to manage the organization's regulatory, legal, risk, environmental, and operational requirements.

CyberCecurity, LLC, a national, full-service cybersecurity and privacy company headquartered in Denver, CO announces the upgrade of its WISP (Written Information Security Program) document into the WISPP (Written Information Security and Privacy Program) document.

Asked why CyberCecurity, LLC is upgrading to a WISPP at this time, CyberCecurity Managing Partner Ray Hutchins responded, "The release of the NIST Privacy Framework makes it official...cybersecurity and privacy are joined at the hip. Both U.S. standards are about protecting data. Since all our risk assessments now include both cybersecurity and privacy, it is only natural to upgrade our WISPs to include privacy...therefore the Written Information Security and Privacy Program. We figure all professional organizations will follow suite shortly."

CyberCecurity, LLC partner Mitch Tanenbaum added, "It should be noted that the International Standards Organization (ISO) refers to this document as an Information Security Management System (ISMS) and various Department of Defense agencies refer to it as a Security System Program (SSP). While these and other organizations may use somewhat different nomenclature to refer to this document, they all have the same purpose. We can expect the ISO and DoD to upgrade their terminology to include privacy as well."

While CyberCecurity, LLC is a full-service cybersecurity and privacy firm, it has always placed a particular emphasis on strategic cybersecurity and privacy governance issues.

Tanenbaum says, "Cybersecurity and privacy have always been business issues more than IT issues. Until management correctly understands and commits to dealing with cybersecurity and privacy risks as business issues, nothing of value will occur at the operational level. But once management gets the picture and commits, then our new WISPP document becomes a critical governance tool."

CyberCecurity, LLC's WISSP is typically part of a larger package of cybersecurity and privacy governance documents which include various programs, policies, and procedures. All these documents are fully aligned with the NIST CSF and the NIST PF in order to create a coherent and coordinated program.

For more information, please contact us.