p InfoSec Challenges for CISOs, CTOs and CIOs - BizzSecure

InfoSec Challenges for CISOs, CTOs and CIOs

GRC Tools and Its Importance

Wondering how you can mitigate risks, improve organizational efficiency, and implement a common governance policy across your organization? The answer is simple; GRC. Governance, Risk management, and Compliance (GRC) is a core framework that any organization must follow to manage its business operations including IT operations that are subject to compliance regulations. Every business or organization needs a GRC strategy. Consider GRC as the glue that...

Read More

This is a continuation from my previous post. I had left off with organizing and remediating critical vulnerabilities. Now I will go over some more, specific examples related to compliance and privacy. Expel Local Administrator Rights from Employee Devices If any employee has local administrator rights on their device, they can be deceived into downloading applications from malicious websites or opening malicious email attachments. Enforce corporate policies...

Read More

Building Blocks of a Robust and Safe Organization While a strong connection with publishers and users of a service or solution is a must, every organization should also take extensive measures to deal with privacy management, as rapid advancements in technology has brought about new challenges to the protection of personal data. While taking these measures would build a certain robustness in the organization, another important aspect...

Read More

Introduction For those who run a business, customer service, satisfaction and increasing profits are most important. One of the last things on their mind is meeting the requirements set by the government when it comes to Information Security regulations. However, ignoring these regulations can be an expensive mistake resulting in fines ranging into the millions of dollars. Here is where compliance management comes into play. It...

Read More

With the rapid proliferation of information regulations such as GDPR, PCI DSS, HIPAA, GLBA, FISMA, SOX, and SSAE16, information security compliance has never been more crucial. The task of complying and proving compliance is becoming daunting as requirements are changing while many organizations’ expertise and financial base remains static. At the same time, the cost of not complying is now unbearable leaving CISOs and security...

Read More

The financial sector is one of the most critical cyber infrastructures of the United States according to the Dept. of Homeland security, and therefore a multi-prong approach should be employed to secure critical resources within the financial services industry. Developing and implementing an effective cybersecurity strategy is critical to meeting business objectives since cybersecurity has become a boardroom agenda and needs to be approached as...

Read More

This is the final piece of my discussion about these two consumer data protection regulations. This part will continue my recommendations about where to focus your time and efforts. Children’s Online Privacy Protection Almost the same: CCPA prohibits the selling of any data for consumers under the age of 16, but children ages 13-16 can give their consent for data collection and sale. Children under 13 require...

Read More

This is a continuation from our last segment where I went into more detail on the main differences between CCPA and GDPR. Here I will focus on a narrower scope and where your efforts should lie. This will be split into two pieces as there is a lot of information to digest. Governance Significantly different: GDPR requires the organization to name a data privacy officer (DPO) and...

Read More

As a continuation from my previous blog on the differences between GDPR and CCPA I will define some of the differences in more detail, it is also noteworthy that the core legal framework of the CCPA is quite different from GDPR. A fundamental principle of the GDPR is the requirement to have a “legal basis” for all processing of personal data. That is not the...

Read More
GDPR CCPA FS

By passing the California Consumer Privacy Act (CCPA), which goes into effect on January 1, 2020, the Golden State is taking a major step in the protection of consumer data. The new law gives consumers insight into and control of their personal information collected online. This follows a growing number of privacy concerns around corporate access to and sales of personal information with leading tech...

Read More