InfoSec Challenges for CISOs, CTOs and CIOs

This is the final piece of my discussion about these two consumer data protection regulations. This part will continue my recommendations about where to focus your time and efforts.Children’s Online Privacy Protection Almost the same: CCPA prohibits the selling of any data for consumers under the age of 16, but children ages 13-16 can give their consent for data collection and sale. Children under 13 require...

Read More

This is a continuation from our last segment where I went into more detail on the main differences between CCPA and GDPR. Here I will focus on a narrower scope and where your efforts should lie. This will be split into two pieces as there is a lot of information to digest.Governance Significantly different: GDPR requires the organization to name a data privacy officer (DPO) and...

Read More

As a continuation from my previous blog on the differences between GDPR and CCPA I will define some of the differences in more detail, it is also noteworthy that the core legal framework of the CCPA is quite different from GDPR. A fundamental principle of the GDPR is the requirement to have a “legal basis” for all processing of personal data. That is not the...

Read More
GDPR CCPA FS

By passing the California Consumer Privacy Act (CCPA), which goes into effect on January 1, 2020, the Golden State is taking a major step in the protection of consumer data. The new law gives consumers insight into and control of their personal information collected online. This follows a growing number of privacy concerns around corporate access to and sales of personal information with leading tech...

Read More
Next Gen CISO FS

The CISO role has been around for almost 25 yrs. and has steadily evolved over the past decade. CISOs were initially seen as pure technologist, practitioners and implementers of security controls to protect critical assets of an organization. CISOs in the past were buried deep within the organization and less visible. Their level of authority was limited, sometimes unintentionally by the Chief Information Officer (CIO)...

Read More
Mastering Your Security Destiny Through Risk Management

With fast paced technological advancements and highly complex innovations occurring in today`s world, the future is becoming more uncertain. The question for every entity is: Will our information security structures be able to flex and quickly absorb the shocks that may arise?Risk management is a coordinated approach in understanding an organization’s uncertainties. It builds capabilities which assist in organizations’ timely scanning, assessing and mitigating threats...

Read More
Demystifying HIPAA Exceptions

The HIPAA Omnibus Final Rule was published in the Federal Register on January 25, 2013. Since then, however, some rules were further clarified by the U.S. Department of Health and Human Services (HHS). On their website, the HHS provides guidance on the HIPAA Conduit Exception Rule, “The conduit exception applies where the only services provided to a covered entity or business associate customer are for...

Read More
Security Mgt Sys

The technological landscape is drastically changing. So is information security. With the increasing demand for stringent data protection, data breaches now cost small fortunes when an organization is compromised. For instance, the Equifax data breach case resulted in a 20 percent decline in the company`s stock prices and more than 30 class-action lawsuits filed within a month. One data breach is all it takes to...

Read More
Data Center Isle

The expense of implementing and running a high-availability network generally pays for itself. It seems counterintuitive, especially given that organizations typically can’t “spend themselves rich,” but in this case, thoughtful and well-planned spending can result in significant savings. Consider a small business staffed with 100 full-time employees working out of an office building in Anytown, USA. This office has the usual C-suite, human resources, accounting, sales,...

Read More
White Lock Table People

As organizations go through their digital transformation and move to digital platforms, effective cybersecurity measures are critical to protecting assets and the viability of the company. The protection of this digital environment includes infrastructure, applications, data, and control structures. Therefore, effective cybersecurity programs should begin by aligning the cybersecurity strategy with the organization’s business goals. This alignment should include balancing risk with functionality and convenience.These...

Read More