What Are Your Privacy KPIs?

Identifying and maintaining measures of success in privacy programs. The publication of ISO 27701 is an exciting development for all companies looking to enhance and potentially certify their privacy programs.  As companies race to digest and implement the new standard, many questions arise around how to address some of its particular requirements.  One such area[…]

Cloud Companies Can Conquer GDPR with ISO 27018 Certification

Cloud Companies Can Conquer GDPR with ISO 27018 Certification. Almost a year into a post-GDPR world, the question for many cloud service providers is still, “How do I evidence GDPR compliance?”  With no meaningful certification in sight, the time is now for cloud service providers to be proactive in showing how they protect customer data in accordance with GDPR.

Developing & Implementing a Data Classification Policy

Properly classifying and labeling information assets is fundamental to a successful information security program, yet many organizations fail to implement one. Without proper asset classification, the organization exposes itself to additional risk of data breaches, accidental loss/release of sensitive information, losses in efficiency or additional costs associated with securing data that may not require it[…]

Tracking Data Breaches & Staying Informed

The Identity Theft Resource Center (ITRC) is a nonprofit organization that focuses on educating consumers, corporations, government agencies and other organizations on best practices related to fraud and identity theft detection, reduction and mitigation. Additionally, the organization does an excellent job of indexing and documenting data breaches as well! ITRC’s 2015 year-end report indexed 781[…]

I am an OPM Data Breach Victim- Next Steps

Nearly six months after the fact, I received a letter from the Office of Personnel Management notifying me that my information had officially been lost in the June 2015 breach. To add insult to injury, I was never actually a federal government employee. A few years ago, I consulted on a few enterprise systems migrations[…]

Privacy: Do Customers Deserve an Independent Audit Report?

Electronics are becoming a commodity – there’s not much profit from selling cell phones or laptops anymore (unless you’re apple). So most companies are moving away from investing in hardware as their core business and shifting towards services. Services come in many shapes and sizes, but usually include consulting services, applications, or analyzing and selling customer data. Customer[…]

Deploying a HIPAA Compliant Encryption Policy

HIPAA, or the Health Insurance Portability and Accountability Act, presents a fairly robust set of standards and rules that any organization within the United States handing PHI (Personal Health Information) are compelled by law to address. On the surface, many of HIPAA’s rules appear strait forward, but as I quickly learned while performing a recent[…]

Items of Interest Week of 7/20/2015

Here are some quick reads  for the week of July 13, 2015. If you have interesting links of your own share them in the comments. Hacked: Drones could be the malware delivery system of the future Threat Post: Car hacking gets the attention of Detroit and Washington Krebs on Security: Online Cheating Site Ashley Madison Hacked Business Insider:[…]

Items of Interest Week of 7/13/2015

Here are some quick reads  for the week of July 13, 2015. If you have interesting links of your own share them in the comments. MIT: “CSAIL report: Giving government special access to data poses major security risks” Georgia Tech: “GT Professor testifies before U.S. senators about the balance of privacy & public safety.” Al[…]

Data in Transit- Bridging the Gap between Data Owners and Custodians

Ensuring both the integrity and confidentiality of data as it traverses an organization’s internal network and beyond can be complex, especially when attempting to bridge the gap between the Data Owner and Data Custodian, who typically view the organization from very different angles. This presents the IT auditor with a great opportunity to act as[…]