Compliance and Privacy (Part 1)

Building Blocks of a Robust and Safe Organization

While a strong connection with publishers and users of a service or solution is a must, every organization should
also take extensive measures to deal with privacy management, as rapid advancements in technology has brought about new challenges to the protection of personal data. While taking these measures would build a certain robustness in the organization, another important aspect is documenting how to gather, process and store individual data.

New regulations such as the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), ISO 27001 and Payment Card Industry (PCI) Data Security Standard are making the cost of failure far greater and prominent.

Approaches to Enhance Security Compliance with Data Privacy Regulations:

Maintain an Inventory of Software Assets

It is important to identify and expel freeware and unauthorized software used in the organization. By undertaking a full audit and identifying which applications are utilizing personal data and the people using those applications, organizations ensure that information that doesn’t conform to the Data Protection standards is reviewed.

Recognize the Open Source Software (OSS) Used by the Organization

To manage the use of OSS and third-party components, a formal OSS inventory and policy can help.

Track and Respond to Alerts on Software Assets Carefully

It is important to understand the OSS components that have been utilized in the internally developed apps, so that alerts to vulnerabilities can be acted on promptly.

Perform Vulnerability Assessment Often

It goes without saying that monitoring to identify vulnerable software on laptops, desktops, and servers needs to be done regularly. Equally important is identifying the software assets in the organization’s inventory and focusing on the research and alerts for them.

Organize and Remediate Critical Vulnerabilities First

Measures such as implementing vulnerability management workflows and strategies ensure that reports on
remediation processes from end-to-end to guarantee that Service Level Agreements are met. Applying correct
patches reduces the attack surface for cyber-criminals.

These are just some of the approaches, there are many privacy issues that can arise in compliance and different ways to resolve them. Stay tuned for the second part to this topic where I will cover more examples like how to approach IoT systems.