Security & Risk

23 Aug: GDPR is Here! What is it and How Does it Affect Your Compliance Management Program?

If you’ve been a privacy professional at any point in the last few decades, your head is spinning with the myriad of privacy laws and regulations in the U.S. and abroad. Some examples are the European Data Protection Directive of 1995, the strengthening of that directive in 2012, the French Data Privacy Law of 1978, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) of 2001, and last but not least, the U.S. Gramm-Leach-Bliley Act (GLBA) of 1999.

Group Young Coworkers Making Great Business Decisions.Creative Team Discussion Corporate Work Concept Modern Office.

26 Jul: My Cloud Journey as an Early Adopter

Ever heard the saying, “The Cloud is just someone else’s computer”? This is one of the many arguments I encountered as I became an early adopter in 2010. While it is technically true, it misses the point: the inherent flexibility and benefits of the “Cloud” maximize the chances of differentiating your company from its competitors, especially in financial services.

Information Security Team

05 Jul: InfoSec Can Be Taxing, So Here’s a Taxonomy

Information Security can sometimes feel like death by documentation, like a bunch of red tape just to keep regulators and auditors at bay. Throw in differences in lexicon, and seeing how all the many pieces fit together can be quite difficult.

Getting everyone, practitioner and leadership alike, on the same page when it comes to terminology in the information security space is key. If everyone can speak the same language, a well-understood and well-orchestrated information security governance structure won’t be far off.

Happy man using smartphone at modern coffee shop.

25 May: Privacy and Security: What’s the Difference?

As data collection has increased, so has controversy. Most of this data has been willingly given by us users in the form of our computers, smart phones, and more recently, smart home devices, cars, and even refrigerators. International regulatory eyes have turned their gazes to some of these massive organizations collecting our data.

08 May: [VIDEO] Essential Steps to Strengthening Cybersecurity

Many organizations know they must have the basics: hire a CISO, perform a risk assessment, and find security vendors to fill up the holes. Unfortunately, these are often mere boxes to check. Impact Makers’ former CISO Cathie Brown offers a few simple considerations in each of those steps that will strengthen your cybersecurity posture, like what to look for in a robust risk assessment and a trustworthy security vendor.

managing-risks

24 Apr: Organizational Risk Management Is Not Just About Compliance

Organizational risk management is too often treated as a compliance issue with complex rules that result in a back office tracking of risks that don’t see the light of day.  This presentation contrasts a traditional view of organizational risk management with an alternative view provided in a Harvard Business Review article by Robert S. Kaplan and Anette Mikes.  This categorization of risk allows executives to understand the qualitative distinctions between the types of risks that organizations face.