Due to an increase in the collection of consumer data, high-profile data breaches have become common.
Currently, there are 128 countries all over the world that have already put in place regulations to secure the protection of data and privacy.
The webinar covers:
Data protection, a global development
Introduction to the GDPR, ePrivacy & ISO/IEC 27701
GDPR & ISO/IEC 27701mapping
ePrivacy & ISO/IEC 27701 mapping
Recorded Webinar: https://youtu.be/oVhIoHAGGwk
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
ISO/IEC 27001 is the main standard that aims to enhance an organization’s information security.
Amongst others, the webinar covers:
• ISO/IEC 27001 & ISO/IEC 27002, catching up with history
• Quick recap on the ISO/IEC 27002:2022
• From ISO/IEC 27002 to the ISO/IEC 27001 updates
• Some considerations & consequences of the update
• What's up next with ISO/IEC 27001, in practice?
Presenters:
Peter Geelen
Peter Geelen is the director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Stefan Mathuvis
Stefan Mathuvis, is owner & senior consultant at Quality Management & Auditing BV, Zonhoven, Belgium. With over 20 years of experience, Stefan built strong experience in quality management systems, Information Security management systems, GDPR, data privacy & data protection. Stefan is accredited ISO/IEC 27001 Lead Auditor and operates as a third party auditor for DQS Belgium. Dividing his time between consultancy, training & third party auditing on an international scale, Stefan remains in touch with the issues of today allowing him to assist clients in their needs for Information Security and Data Privacy.
Date: November 9, 2022
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/isoiec-270022022--information-security-cybersecurity-and-privacy-protection
https://pecb.com/article/isoiec-27001---what-are-the-main-changes-in-2022
https://pecb.com/article/investing-in-information-security-awareness
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701PECB
Based on online data, GDPR fines increased by 40% in 2020, compared to the previous years since the law came into force, and they are expected to increase even more in the upcoming years.
In this light, organizations are facing challenges when it comes to compliance with the increased number of data privacy laws and regulations worldwide.
The webinar covers
• ISO/IEC 27701 standard and its requirements
• GDPR requirements and principles mapped against ISO/IEC 27701
• An overview of CCPA requirements
• Upcoming US privacy laws
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/QGqJsh4kedM
Website link: https://pecb.com/
How can the ISO 27701 help to design, implement, operate and improve a privac...Hernan Huwyler, MBA CPA
- Applications, tools and software for the implementation and documentation of the new ISO 27701 for GDPR and DPA compliance
- Key control objectives, requirement based on the ISO 2700 on information security
- How to prepare for an independent certification
As a follow-up on the previous session (4th of December), we run through the GDPR part of the ISO/IEC 27701 standard which has been published in August 2019.
We'll take it from another angle and use the ISO/IEC 27701 as a guide to complete the checklist for the GDPR implementation.
Also, with the help of the (new) PECB ISO/IEC 27701 lead auditor course, we'll have an auditor's look at the ISO certification and compliance. It's important to see how it works, to make sure your GDPR implementation can withstand the increasing demand for maturity from customers, subjects and data protection authorities that start to exercise their rights.
The ISO27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
- The GDRP view of the ISO/IEC 27701
- Mapping the GDPR to-do and the ISO/IEC 27701 to-do list.
- The ISO/IEC 27701 auditor mindset
- Compliance AND/OR/XOR solid data protection?
- Status of GDPR certification
Date: December 04, 2019
Recorded Webinar: https://www.youtube.com/watch?v=P80So3ryvJ8&feature=youtu.be
ISO 27701 is important for privacy compliance because it provides a comprehensive framework for organizations to manage the privacy of personal data. The standard covers all aspects of privacy management, from data collection and processing to security and compliance.
ISO 27701 is aligned with the General Data Protection Regulation (GDPR), which is the most comprehensive privacy law in the world. The standard also supports compliance with other privacy laws, such as the California Consumer Privacy Act (CCPA) and the Brazilian General Data Protection Law (LGPD).
By implementing ISO 27701, organizations can demonstrate to their customers, employees, and regulators that they are committed to protecting personal data. The standard can also help organizations to reduce their risk of data breaches and other privacy incidents.
Here are some of the benefits of implementing ISO 27701:
Demonstrate compliance with privacy laws and regulations
Reduce the risk of data breaches and other privacy incidents
Improve customer trust and confidence
Enhance the organization's reputation
Gain a competitive advantage
If your organization handles personal data, then ISO 27701 is an important standard to consider. The standard can help you to protect personal data, comply with privacy laws, and improve your organization's overall privacy posture.
Here are some of the specific requirements of ISO 27701:
Establish a privacy management policy
Conduct a privacy risk assessment
Implement technical and organizational measures to protect personal data
Implement procedures for managing data breaches
Provide individuals with access to their personal data
Respond to data subject requests
Monitor and improve the privacy management system
Just created a slideshare presentation giving a basic introduction to ISO27001 and its Scope, Implementation & Application. You can see more slideshows on http://www.slideshare.net/ImranahmedIT or visit my website: http://imran-ahmed.co.uk
The security of information systems and business-critical information needs constant managing to ensure your operational continuity and data protection. ISO 27001 Information Security Management Systems certification allows you to stand out from the competition through strong information security measurement.
In this article I will provide an Overview of A new Information Security Management System
Standard ISO/IEC 27001:2013 , The new standard just Published from a few Days Earlier .
ISO/IEC 27001:2013 Provides requirements for Establishing, Implementing, Maintaining
and Continually Improving an Information Security Management System.
ISO/IEC 27001:2013 gives Organization a Perfect Information Security management framework for implementing
and maintaining security.
In this Article, I tried to shed some light on new standard and its Mandatory Requirements, Optional Requirements ,
Structure , Benefits , Certification Process and Estimated time for Implementation and Certification.
ISO/IEC 27001 is the main standard that aims to enhance an organization’s information security.
Amongst others, the webinar covers:
• ISO/IEC 27001 & ISO/IEC 27002, catching up with history
• Quick recap on the ISO/IEC 27002:2022
• From ISO/IEC 27002 to the ISO/IEC 27001 updates
• Some considerations & consequences of the update
• What's up next with ISO/IEC 27001, in practice?
Presenters:
Peter Geelen
Peter Geelen is the director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Stefan Mathuvis
Stefan Mathuvis, is owner & senior consultant at Quality Management & Auditing BV, Zonhoven, Belgium. With over 20 years of experience, Stefan built strong experience in quality management systems, Information Security management systems, GDPR, data privacy & data protection. Stefan is accredited ISO/IEC 27001 Lead Auditor and operates as a third party auditor for DQS Belgium. Dividing his time between consultancy, training & third party auditing on an international scale, Stefan remains in touch with the issues of today allowing him to assist clients in their needs for Information Security and Data Privacy.
Date: November 9, 2022
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/isoiec-270022022--information-security-cybersecurity-and-privacy-protection
https://pecb.com/article/isoiec-27001---what-are-the-main-changes-in-2022
https://pecb.com/article/investing-in-information-security-awareness
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701PECB
Based on online data, GDPR fines increased by 40% in 2020, compared to the previous years since the law came into force, and they are expected to increase even more in the upcoming years.
In this light, organizations are facing challenges when it comes to compliance with the increased number of data privacy laws and regulations worldwide.
The webinar covers
• ISO/IEC 27701 standard and its requirements
• GDPR requirements and principles mapped against ISO/IEC 27701
• An overview of CCPA requirements
• Upcoming US privacy laws
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/QGqJsh4kedM
Website link: https://pecb.com/
How can the ISO 27701 help to design, implement, operate and improve a privac...Hernan Huwyler, MBA CPA
- Applications, tools and software for the implementation and documentation of the new ISO 27701 for GDPR and DPA compliance
- Key control objectives, requirement based on the ISO 2700 on information security
- How to prepare for an independent certification
As a follow-up on the previous session (4th of December), we run through the GDPR part of the ISO/IEC 27701 standard which has been published in August 2019.
We'll take it from another angle and use the ISO/IEC 27701 as a guide to complete the checklist for the GDPR implementation.
Also, with the help of the (new) PECB ISO/IEC 27701 lead auditor course, we'll have an auditor's look at the ISO certification and compliance. It's important to see how it works, to make sure your GDPR implementation can withstand the increasing demand for maturity from customers, subjects and data protection authorities that start to exercise their rights.
The ISO27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
- The GDRP view of the ISO/IEC 27701
- Mapping the GDPR to-do and the ISO/IEC 27701 to-do list.
- The ISO/IEC 27701 auditor mindset
- Compliance AND/OR/XOR solid data protection?
- Status of GDPR certification
Date: December 04, 2019
Recorded Webinar: https://www.youtube.com/watch?v=P80So3ryvJ8&feature=youtu.be
ISO 27701 is important for privacy compliance because it provides a comprehensive framework for organizations to manage the privacy of personal data. The standard covers all aspects of privacy management, from data collection and processing to security and compliance.
ISO 27701 is aligned with the General Data Protection Regulation (GDPR), which is the most comprehensive privacy law in the world. The standard also supports compliance with other privacy laws, such as the California Consumer Privacy Act (CCPA) and the Brazilian General Data Protection Law (LGPD).
By implementing ISO 27701, organizations can demonstrate to their customers, employees, and regulators that they are committed to protecting personal data. The standard can also help organizations to reduce their risk of data breaches and other privacy incidents.
Here are some of the benefits of implementing ISO 27701:
Demonstrate compliance with privacy laws and regulations
Reduce the risk of data breaches and other privacy incidents
Improve customer trust and confidence
Enhance the organization's reputation
Gain a competitive advantage
If your organization handles personal data, then ISO 27701 is an important standard to consider. The standard can help you to protect personal data, comply with privacy laws, and improve your organization's overall privacy posture.
Here are some of the specific requirements of ISO 27701:
Establish a privacy management policy
Conduct a privacy risk assessment
Implement technical and organizational measures to protect personal data
Implement procedures for managing data breaches
Provide individuals with access to their personal data
Respond to data subject requests
Monitor and improve the privacy management system
Just created a slideshare presentation giving a basic introduction to ISO27001 and its Scope, Implementation & Application. You can see more slideshows on http://www.slideshare.net/ImranahmedIT or visit my website: http://imran-ahmed.co.uk
The security of information systems and business-critical information needs constant managing to ensure your operational continuity and data protection. ISO 27001 Information Security Management Systems certification allows you to stand out from the competition through strong information security measurement.
In this article I will provide an Overview of A new Information Security Management System
Standard ISO/IEC 27001:2013 , The new standard just Published from a few Days Earlier .
ISO/IEC 27001:2013 Provides requirements for Establishing, Implementing, Maintaining
and Continually Improving an Information Security Management System.
ISO/IEC 27001:2013 gives Organization a Perfect Information Security management framework for implementing
and maintaining security.
In this Article, I tried to shed some light on new standard and its Mandatory Requirements, Optional Requirements ,
Structure , Benefits , Certification Process and Estimated time for Implementation and Certification.
The document discusses ISO 27001, ISO 27701, and information security management systems (ISMS). It provides an introduction and overview of the standards, including what is covered in ISO 27001. ISO 27701 is described as a privacy extension for ISO 27001. The certification process with ControlCase and KUMA is summarized in 3 steps: readiness assessment, ISO Stage 1 audit, and ISO Stage 2 audit. Common challenges around ISO 27001/27701 certification are listed. Benefits of partnering with ControlCase/Kuma are presented, including their expertise and delivering value beyond compliance.
Iso iec 27001 foundation training course by interpromMart Rovers
What is involved with the ISO/IEC 27001 Foundation certification training course? Learn about the course curriculum, target audience, duration, formats, exam, fees and much more.
This document provides information about an ISO 27001 awareness training course held by K2A Training Academy. The one-day course aims to help participants understand how to safeguard organizational data and information from both external and internal threats. It covers topics such as information security background, risks and controls, and the ISO 27001 certification process. Breaks are scheduled during the day for tea and lunch. Attendees are not permitted to smoke or use their mobile devices during the sessions.
The document summarizes updates to ISO 27001:2022. Key points include:
- The structure and grouping of controls in ISO 27002 have been updated, with controls now organized under four main domains and reduced in number from 114 to 93.
- New controls have been introduced related to threat intelligence, information security for cloud services, and ICT readiness for business continuity.
- The mandatory clauses of ISO 27001 remain unchanged, while some controls from ISO 27002 have been merged or reorganized under the new domain structure.
This document provides a checklist of 42 documents needed for ISO 27001:2013 certification. It lists each document name, the relevant ISO 27001 clauses, and whether the document is mandatory. Key mandatory documents include the information security policy, risk assessment and treatment documents, statement of applicability, and procedures for internal auditing, management review, corrective action, and incident management. The order of creating documents is defined by the risk treatment plan.
This document is a presentation on information security and business continuity. It covers topics such as ISO 27001 on information security, risk management, laws relating to information security in Qatar, and examples of product recalls due to incidents. The presentation provides an overview of ISO 27001, including its structure following the PDCA model and the roles of internal and external interested parties. It also discusses why information needs protection due to threats and vulnerabilities, and the principles of information security management systems.
ISO 27001 is an information security standard that specifies requirements for an information security management system (ISMS). It contains 11 domains that describe 133 controls/countermeasures to manage vulnerabilities and threats to information. An organization implements an ISMS based on the Plan-Do-Check-Act cycle to establish, operate, monitor, maintain, and improve their information security system over time.
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
In this session, we have looked into the ISO/IEC 27701 standard that has been published in August 2019. This standard glues together the ISO/IEC 27001, ISO/IEC 27002, ISO 29100 and their sub-standards with the GDPR.
For certification and compliance, it's important to understand these standards and regulations, as the GDPR and other legislation have heated the discussion about certification. The ISO/IEC 27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
• Walkthrough of the ISO/IEC 27701
• Links with ISO/IEC 2700x series standards, ISO 29100 series...
• ISO/IEC 2700x and GDPR mapping
• Audit & certification
Presenter:
Our presenter for this webinar, Peter Geelen is director and managing consultant at CyberMinute and Owner of Quest For Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms.
Peter is an accredited Lead Auditor for ISO/IEC 27001/ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified Sr. Lead Cybersecurity Manager, ISO/IEC 27001 Master, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, CDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Date: December 04, 2019
The recorded webinar: https://www.youtube.com/watch?v=ilw4UmMSlU4&feature=emb_logo
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Google +: https://plus.google.com/+PECBGroup
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
Information Security Management System ISO/IEC 27001:2005ControlCase
The document provides an overview of the ISO/IEC 27001 standard for information security management systems. It defines what ISO 27001 is, its history and development over time. It outlines the key parts of ISO 27001 including establishing an ISMS framework, conducting risk assessments, implementing controls, and monitoring/reviewing the system. The document explains benefits of ISO 27001 certification include improving security, ensuring regulatory compliance, and gaining external validation of security practices. It provides examples of specific controls defined in Annex A of the standard related to security policies, asset management, access control, and more.
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
After the last 2020 Global Leading voices webinar, comparing ISO27001 with CCPA and NYC Shield Act, we're taking a look at the next level of information and cybersecurity management.
How can you assess your security management? The CMMI model (using the 1 to 5 grading) is a well-known system. Early 2020 the US DOD launched the CMMC, Cybersecurity Maturity Model Certification which matches the same levels for cybersecurity. This session we'll discuss the maturity evaluation principles for information security, cybersecurity and application security and how you can use it in practice.
The webinar covers:
- What's the CMMI?
- What's the CMMC?
- Maturity in security governance (ISMS, cyber, application)
- Security maturity vs audit cycles
Recorded Webinar: https://youtu.be/9BpETh_nAOw
This document provides an overview of an upcoming ISO27001 training course on Information Security Management Systems (ISMS). It discusses the objectives of the course, which are to learn about ISO 27001 requirements for ISMS, understand the significance of information security, and acquire awareness of underlying risks. The document outlines the key topics that will be covered, including information security background, ISMS benefits, requirements and risks. It also provides details on the recent updates to ISO 27001 in 2022, such as additional requirements for objectives, planning, operations and the introduction of new controls.
This document provides an overview of ISO 27001, which is an international standard for information security management systems (ISMS). It discusses why information security is important for businesses, as information is a valuable asset. ISO 27001 provides a framework to establish, implement, maintain and improve an ISMS. The standard contains 11 control areas, 39 control objectives and 134 controls to help organizations manage information security risks. Implementing ISO 27001 can provide benefits like increased profits, more reliable systems, cost savings, and compliance with legal requirements.
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
In this session, we will go through ISO/IEC 27701 and ISO/IEC 27001 key practical implementation steps and how they can help you to be compliant with the GDPR.
Our presenters, Peter Geelen and Stefan Mathuvis, will guide you through the implementer tasks with practical hints and tips and show you how an auditor will look at your implementation, searching for evidence and compliance.
In addition, we will match the ISO/IEC 27(7)01 requirements to complete the GDPR obligations as far as possible.
Starting from executive management to privacy policies, handling notifications, setting up awareness programs, controlling user access requests, over vendor management to incident management (data breaches) and continuous updates.
The webinar will cover:
• Quick recap on general ISO components and approach
• Implementing ISO/IEC 27001 with the ISO/IEC 27701 extension for GDPR compliance
• Do's and don’ts for implementation and audit
• The importance of evidence in the audit
• Managing audit expectations and the never ending audit cycle
Recorded webinar: https://youtu.be/HL-VUiCj4Ew
The document discusses an Information Security Management System (ISMS) and its key components. It describes ISMS as a structured methodology to evaluate, implement, maintain and manage information security controls to protect an organization's information assets. The main elements of an ISMS include:
- Defining the scope, conducting a risk assessment, and preparing a statement of applicability and risk treatment plan.
- Implementing security controls and an implementation program based on the risk treatment plan.
- Monitoring the system through compliance reviews, corrective actions, and continual improvement to ensure security objectives are met.
- Undergoing pre-certification assessment and certification audits to obtain independent verification that the ISMS is compliant with ISO 27
ISO 27001 Training | ISMS Awareness Traininghimalya sharma
ISMS Awareness Taining on ISO 27001 done by Industry Experts,customized for you & connected with relevance to your Industry, products,services & Processes
This document provides an agenda and overview for implementing an Information Security Management System (ISMS) using an ISMS Implementation Toolkit. It discusses what an ISMS toolkit is and important considerations when using one. It then lists the top 5 ISMS toolkits and provides details on the author's own toolkit. Finally, it outlines a 20+1 step process for implementing an ISMS using the toolkit, with each step briefly described.
The document provides an overview of GDPR and information security issues. It highlights key topics such as appropriate security, data protection by design and by default, security of processing, personal data breaches, and the differences between DPO and CISO roles. The document contains recommendations for technical and organizational security measures organizations should implement to comply with GDPR principles and ensure an appropriate level of data security. These include implementing privacy by design principles, conducting risk assessments, access management, encryption, backups, and incident response processes.
This document provides an introduction to several cybersecurity standards and regulations, including ISO 27001, FFIEC, and GDPR. It describes the purpose and key aspects of each, such as ISO 27001 focusing on establishing an information security management system, FFIEC assessing cybersecurity maturity, and GDPR strengthening data protection for EU individuals. The document also gives an overview of Mauritius' new data protection act aligned with GDPR and provides some free resources for further information.
General Data Protection Regulation (GDPR) Karina Matos
This document summarizes Microsoft's approach to privacy and data protection. It discusses Microsoft's privacy principles of transparency, security, compliance and privacy. It outlines Microsoft's privacy governance structure and investments in cybersecurity. It also discusses Microsoft's efforts to comply with privacy regulations like GDPR and respect for data subject rights and privacy by design.
The document discusses ISO 27001, ISO 27701, and information security management systems (ISMS). It provides an introduction and overview of the standards, including what is covered in ISO 27001. ISO 27701 is described as a privacy extension for ISO 27001. The certification process with ControlCase and KUMA is summarized in 3 steps: readiness assessment, ISO Stage 1 audit, and ISO Stage 2 audit. Common challenges around ISO 27001/27701 certification are listed. Benefits of partnering with ControlCase/Kuma are presented, including their expertise and delivering value beyond compliance.
Iso iec 27001 foundation training course by interpromMart Rovers
What is involved with the ISO/IEC 27001 Foundation certification training course? Learn about the course curriculum, target audience, duration, formats, exam, fees and much more.
This document provides information about an ISO 27001 awareness training course held by K2A Training Academy. The one-day course aims to help participants understand how to safeguard organizational data and information from both external and internal threats. It covers topics such as information security background, risks and controls, and the ISO 27001 certification process. Breaks are scheduled during the day for tea and lunch. Attendees are not permitted to smoke or use their mobile devices during the sessions.
The document summarizes updates to ISO 27001:2022. Key points include:
- The structure and grouping of controls in ISO 27002 have been updated, with controls now organized under four main domains and reduced in number from 114 to 93.
- New controls have been introduced related to threat intelligence, information security for cloud services, and ICT readiness for business continuity.
- The mandatory clauses of ISO 27001 remain unchanged, while some controls from ISO 27002 have been merged or reorganized under the new domain structure.
This document provides a checklist of 42 documents needed for ISO 27001:2013 certification. It lists each document name, the relevant ISO 27001 clauses, and whether the document is mandatory. Key mandatory documents include the information security policy, risk assessment and treatment documents, statement of applicability, and procedures for internal auditing, management review, corrective action, and incident management. The order of creating documents is defined by the risk treatment plan.
This document is a presentation on information security and business continuity. It covers topics such as ISO 27001 on information security, risk management, laws relating to information security in Qatar, and examples of product recalls due to incidents. The presentation provides an overview of ISO 27001, including its structure following the PDCA model and the roles of internal and external interested parties. It also discusses why information needs protection due to threats and vulnerabilities, and the principles of information security management systems.
ISO 27001 is an information security standard that specifies requirements for an information security management system (ISMS). It contains 11 domains that describe 133 controls/countermeasures to manage vulnerabilities and threats to information. An organization implements an ISMS based on the Plan-Do-Check-Act cycle to establish, operate, monitor, maintain, and improve their information security system over time.
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
In this session, we have looked into the ISO/IEC 27701 standard that has been published in August 2019. This standard glues together the ISO/IEC 27001, ISO/IEC 27002, ISO 29100 and their sub-standards with the GDPR.
For certification and compliance, it's important to understand these standards and regulations, as the GDPR and other legislation have heated the discussion about certification. The ISO/IEC 27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
• Walkthrough of the ISO/IEC 27701
• Links with ISO/IEC 2700x series standards, ISO 29100 series...
• ISO/IEC 2700x and GDPR mapping
• Audit & certification
Presenter:
Our presenter for this webinar, Peter Geelen is director and managing consultant at CyberMinute and Owner of Quest For Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms.
Peter is an accredited Lead Auditor for ISO/IEC 27001/ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified Sr. Lead Cybersecurity Manager, ISO/IEC 27001 Master, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, CDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Date: December 04, 2019
The recorded webinar: https://www.youtube.com/watch?v=ilw4UmMSlU4&feature=emb_logo
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Google +: https://plus.google.com/+PECBGroup
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
Information Security Management System ISO/IEC 27001:2005ControlCase
The document provides an overview of the ISO/IEC 27001 standard for information security management systems. It defines what ISO 27001 is, its history and development over time. It outlines the key parts of ISO 27001 including establishing an ISMS framework, conducting risk assessments, implementing controls, and monitoring/reviewing the system. The document explains benefits of ISO 27001 certification include improving security, ensuring regulatory compliance, and gaining external validation of security practices. It provides examples of specific controls defined in Annex A of the standard related to security policies, asset management, access control, and more.
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
After the last 2020 Global Leading voices webinar, comparing ISO27001 with CCPA and NYC Shield Act, we're taking a look at the next level of information and cybersecurity management.
How can you assess your security management? The CMMI model (using the 1 to 5 grading) is a well-known system. Early 2020 the US DOD launched the CMMC, Cybersecurity Maturity Model Certification which matches the same levels for cybersecurity. This session we'll discuss the maturity evaluation principles for information security, cybersecurity and application security and how you can use it in practice.
The webinar covers:
- What's the CMMI?
- What's the CMMC?
- Maturity in security governance (ISMS, cyber, application)
- Security maturity vs audit cycles
Recorded Webinar: https://youtu.be/9BpETh_nAOw
This document provides an overview of an upcoming ISO27001 training course on Information Security Management Systems (ISMS). It discusses the objectives of the course, which are to learn about ISO 27001 requirements for ISMS, understand the significance of information security, and acquire awareness of underlying risks. The document outlines the key topics that will be covered, including information security background, ISMS benefits, requirements and risks. It also provides details on the recent updates to ISO 27001 in 2022, such as additional requirements for objectives, planning, operations and the introduction of new controls.
This document provides an overview of ISO 27001, which is an international standard for information security management systems (ISMS). It discusses why information security is important for businesses, as information is a valuable asset. ISO 27001 provides a framework to establish, implement, maintain and improve an ISMS. The standard contains 11 control areas, 39 control objectives and 134 controls to help organizations manage information security risks. Implementing ISO 27001 can provide benefits like increased profits, more reliable systems, cost savings, and compliance with legal requirements.
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
In this session, we will go through ISO/IEC 27701 and ISO/IEC 27001 key practical implementation steps and how they can help you to be compliant with the GDPR.
Our presenters, Peter Geelen and Stefan Mathuvis, will guide you through the implementer tasks with practical hints and tips and show you how an auditor will look at your implementation, searching for evidence and compliance.
In addition, we will match the ISO/IEC 27(7)01 requirements to complete the GDPR obligations as far as possible.
Starting from executive management to privacy policies, handling notifications, setting up awareness programs, controlling user access requests, over vendor management to incident management (data breaches) and continuous updates.
The webinar will cover:
• Quick recap on general ISO components and approach
• Implementing ISO/IEC 27001 with the ISO/IEC 27701 extension for GDPR compliance
• Do's and don’ts for implementation and audit
• The importance of evidence in the audit
• Managing audit expectations and the never ending audit cycle
Recorded webinar: https://youtu.be/HL-VUiCj4Ew
The document discusses an Information Security Management System (ISMS) and its key components. It describes ISMS as a structured methodology to evaluate, implement, maintain and manage information security controls to protect an organization's information assets. The main elements of an ISMS include:
- Defining the scope, conducting a risk assessment, and preparing a statement of applicability and risk treatment plan.
- Implementing security controls and an implementation program based on the risk treatment plan.
- Monitoring the system through compliance reviews, corrective actions, and continual improvement to ensure security objectives are met.
- Undergoing pre-certification assessment and certification audits to obtain independent verification that the ISMS is compliant with ISO 27
ISO 27001 Training | ISMS Awareness Traininghimalya sharma
ISMS Awareness Taining on ISO 27001 done by Industry Experts,customized for you & connected with relevance to your Industry, products,services & Processes
This document provides an agenda and overview for implementing an Information Security Management System (ISMS) using an ISMS Implementation Toolkit. It discusses what an ISMS toolkit is and important considerations when using one. It then lists the top 5 ISMS toolkits and provides details on the author's own toolkit. Finally, it outlines a 20+1 step process for implementing an ISMS using the toolkit, with each step briefly described.
The document provides an overview of GDPR and information security issues. It highlights key topics such as appropriate security, data protection by design and by default, security of processing, personal data breaches, and the differences between DPO and CISO roles. The document contains recommendations for technical and organizational security measures organizations should implement to comply with GDPR principles and ensure an appropriate level of data security. These include implementing privacy by design principles, conducting risk assessments, access management, encryption, backups, and incident response processes.
This document provides an introduction to several cybersecurity standards and regulations, including ISO 27001, FFIEC, and GDPR. It describes the purpose and key aspects of each, such as ISO 27001 focusing on establishing an information security management system, FFIEC assessing cybersecurity maturity, and GDPR strengthening data protection for EU individuals. The document also gives an overview of Mauritius' new data protection act aligned with GDPR and provides some free resources for further information.
General Data Protection Regulation (GDPR) Karina Matos
This document summarizes Microsoft's approach to privacy and data protection. It discusses Microsoft's privacy principles of transparency, security, compliance and privacy. It outlines Microsoft's privacy governance structure and investments in cybersecurity. It also discusses Microsoft's efforts to comply with privacy regulations like GDPR and respect for data subject rights and privacy by design.
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
Cybersecurity is an ongoing journey. The regular update and improvement of security measures is essential to stay ahead of evolving threats.
Amongst others, the webinar covers:
• Benefits of Compliance
• Digital Transformation: Why
• ISO/IEC 27001 and ISO/IEC 27032
• ISO/IEC 27001: Information Security Management System (ISMS)
• ISO/IEC 27032: Cybersecurity Framework
Presenters:
Douglas Brush
Douglas Brush is a federally court-appointed Special Master, and Court Appointed Neutral expert in high-profile litigation matters involving privacy, security, and eDiscovery.
He is an information security executive with over 30 years of entrepreneurship and professional technology experience. He is a globally recognized expert in cybersecurity, incident response, digital forensics, and information governance. In addition to serving as a CISO and leading enterprise security assessments, he has conducted hundreds of investigations involving hacking, data breaches, trade secret theft, employee malfeasance, and various other legal and compliance issues.
He is the founder and host of Cyber Security Interviews, a popular information security podcast.
Douglas is also committed to raising awareness about mental health, self-care, neurodiversity, diversity, equity, and inclusion, in the information security industry.
Malcolm Xavier
Malcolm Xavier has been working in the Digital Industry for over 18 Years now. He has worked with Global Clients in South Africa, United States and United Kingdom. He has achieved Many Professional Certifications Like CISSP, Google Cloud Practitioner, TOGAF, Azure Cloud, ITIL v3 etc.
His core competencies include IT strategy, cybersecurity, IT infrastructure management, data center migration and consolidation, data protection and compliance, risk management and governance, and IS program development and management.
Carole Njoya
Founder in 2018 of Alcees, a Paris-based management consulting fabric specialized in cybersecurity, data privacy governance and digital trust, Carole Njoya provides independent, tailored and expert advisory to companies doing business in European markets and serving both B2B and B2C customers. With more than 100 cybersecurity projects delivered, she assists entities in preparing, implementing and maintaining the right best practices under the ISO 27001 compliance framework and GDPR article 25 obligation (Privacy by design) for their vendors. Carole Njoya featured in the « Women Know Cybersecurity » 2019 Twitter list edited by Cybercrime Magazine. Carole Njoya is committed in science and engineering since pre-teen period.
Date: September 27, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
YouTube video: https://youtu.be/U7tyzUrh8aI
The Virtual Security Officer Platform automates common security tasks like defining security plans, implementing controls, and demonstrating compliance to simplify passing audits and staying secure. It uses a world-class GRC platform and leverages over 300 combined years of security expertise. FixNix++ offers advisory, strategy, compliance, and technology services to help enterprises streamline their security programs and gain customer trust.
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
In today's digital age, cybersecurity is more critical than ever. Hence, it is crucial to stay informed and prepared.
Amongst others, the webinar covers:
• ISO/IEC 27032:2023 and ISO/IEC 27701 and their key components
• The standard’s alignment
• Emerging Cybersecurity Threats
• What is new to the ISO/IEC 27032:2023
Presenters:
Madhu Maganti
Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes.
Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting.
Jeffrey Crump
Mr. Jeffrey Crump is the Principal Consultant at Arizona-based Cyber Security Training and Consulting LLC and a graduate of the Certified NIS 2 Directive Lead Implementer course. He is a Certified CMMC Assessor, Certified CMMC Professional, and Instructor. Mr. Crump is also the author of Cyber Crisis Management Planning: How to reduce cyber risk and increase organizational resilience. His book has been expanded into a triad of certification courses on cyber crisis planning, exercises, and leadership.
Date: October 25, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/a21uasr8aLs
Cyber resolution ban-ana comparing to ana-nas.pdftoncik
This document provides an agenda for a presentation on cybersecurity standards ISO 27032 and 27701. It includes an introduction, recent cyber attack events, overviews of ISO 27032 and 27701, how they align with each other and ISO 27001, emerging cyber threats, and time for questions. Biographies of the two presenters are also included, with experience in cybersecurity risk assessments, compliance programs, and managing ISO assessments.
GDPR concerns the protection and free movement of personal data. It aims to give control to individuals over their personal data and simplify the regulatory environment for international business. Key aspects of GDPR include obtaining consent, privacy by design, breach notification, and fines for non-compliance. To prepare, organizations should identify personal data, assess risks, implement security measures, appoint a data protection officer, and develop a data protection policy statement. GDPR compliance requires changes to an organization's IT governance, security practices, and risk management processes.
This webinar discussed data protection by design and the Multi-cert approach to compliance. It defined data protection by design as an approach that considers data protection requirements at the design phase and throughout the lifecycle of any system. The Multi-cert approach recognizes that many organizations must comply with multiple certifications and regulations, and integrating these helps provide comprehensive data protection. Common challenges with the Multi-cert approach include redundant efforts and cost inefficiencies. ControlCase's One Audit solution aims to help organizations assess once and comply to many certifications by automating evidence collection and integrating compliance activities.
The document provides an overview and introduction to ISO/IEC 27001:2013, which is the leading international standard for Information Security Management Systems (ISMS). It establishes requirements for establishing, implementing, maintaining and improving an ISMS to ensure the confidentiality, integrity and availability of information. The standard helps organizations comply with information security laws and regulations. It provides a framework but not technical details for the ISMS. The presentation then continues by covering topics like the benefits of ISO 27001, its requirements and controls.
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?PECB
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
Because of the ongoing increase in consumer data collection, breaches have also been increasing.
In this regards the information security, data privacy, and cybersecurity standards provide some guidelines and requirements on how to better manage and deal with such breaches.
Amongst others, the webinar covers:
• ISO 27032:2012 – A Framework for Cybersecurity Risks
• ISO/IEC 27000-series, Standards, 27001 vs 27002
• ISO 27002:2022 and 27001:2022 Updates
Presenters:
Danny Manimbo
Danny Manimbo is a Principal with Schellman, based in Denver, Colorado. As a member of Schellman’s West Coast/Mountain region management team, Danny is primarily responsible for co-leading Schellman's ISO practice and the development and oversight of Schellman's SOC practice line, as well as specialty practices such as HIPAA. Danny has been with Schellman for nine years and has over 11 years of experience in providing data security audit and compliance services.
Erik Tomasi
Erik Tomasi is the Managing Partner at EMTsec, a security consulting firm based in Miami and New York. He leads the firm’s consulting division and manages client relationships across several industry sectors. Mr. Tomasi is considered an expert in information security, risk management, and technology management.
Sawyer Miller
Sawyer is a Senior Manager who oversees the ISO practice for risk3sixty, an Atlanta-based Security, Privacy, and Compliance firm helping clients implement business-first information security and compliance programs.
Date: June 22, 2022
Tags: ISO, ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27032, Data protection, Data Privacy, Cybersecurity, Information Security
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/isoiec-270022022--information-security-cybersecurity-and-privacy-protection
https://pecb.com/whitepaper/no-iso-27001-certified-companies-among-largest-data-breaches-2014-2015
https://pecb.com/whitepaper/isoiec-270022013-information-technology---security-techniques-code-of-practice-for-information-security-controls
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/fE3DqISAfQY
This Webinar featuring guests from the EU Commission, the French data regulator CNIL, DLA Piper and IBM provided an overview of the new EU data protection and privacy perspective from the perspective of the regulation author, regulator, legal advisor and technology providers.
GDPR and ISO 27001 - how to be compliantIlesh Dattani
This document discusses how implementing the ISO 27001 standard for information security management can help organizations comply with the EU General Data Protection Regulation (GDPR). ISO 27001 provides a framework to identify and protect personal data, conduct risk assessments, manage incidents, control assets and supplier relationships, and incorporate security practices into system development. Following ISO 27001 helps cover many of the technical and organizational compliance requirements of GDPR in a consistent manner. The document outlines specific controls and processes within ISO 27001 that align with and support compliance with GDPR.
The document introduces the International Standard ISO 27001 for information security management systems. It discusses the evolution of the standard from earlier versions like BS 7799. ISO 27001 provides requirements and guidance for establishing, implementing, maintaining and improving an information security management system. The standard aims to safeguard the confidentiality, integrity and availability of information by implementing 133 controls across 11 control areas. Benefits of certification include fulfilling contractual requirements, reducing risks, increasing confidence with customers and demonstrating commitment to information security.
The document introduces the International Standard ISO 27001 for information security management systems. It discusses the evolution of the standard from earlier versions like BS 7799. ISO 27001 provides requirements and guidance for establishing, implementing, maintaining and improving an information security management system. The standard aims to safeguard the confidentiality, integrity and availability of information by implementing 133 controls across 11 control areas. Certification to ISO 27001 demonstrates an organization's commitment to information security and can help fulfill contractual requirements, reduce risks, increase confidence and provide a competitive advantage.
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
This webinar illustrates:
- An overview of the GDPR
- How an ISO 27001-aligned ISMS can support GDPR compliance
- The top risks that result in data breaches
- The benefits of implementing an ISMS
- The technical and organisational requirements to achieve GDPR compliance
- How to improve your overall information security in line with the GDPR’s requirements
A recording of the webinar can be found here: https://www.youtube.com/watch?v=s7XQwBQ6JMg
Maintaining Data Privacy with Ashish KirtikarControlCase
This document discusses maintaining data privacy and compliance using a multi-certification approach through ControlCase. It begins with introducing Ashish Kirtikar, President of ControlCase UK. The agenda then covers data protection by design, the multi-certification approach to data protection, common challenges with multi-certification, and how ControlCase provides "One Audit" to assess for and comply with multiple certifications through automation. ControlCase aims to dramatically reduce the time, cost and burden of continuous compliance.
The integrated compliance framework consists of three levels that together provide controls and governance for IT regulatory compliance. Level 1 is the COSO Enterprise Risk Management framework. Level 2 is the CobiT framework, which provides IT controls related to COSO. Level 3 includes standards specific to subject matters, such as ISO 17799, ITIL, PMBOK, and systems development lifecycles, that address controls in CobiT. Adopting this multi-level framework using industry standards and best practices takes a risk-based approach to compliance.
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
As we approach the new year, the importance of a robust cybersecurity strategy cannot be overstated. Learning on the effective measures to be taken and tools needed to navigate the evolving cybersecurity landscape successfully is essential.
Amongst others, the webinar covers:
• ISO/IEC 27001 and ISO/IEC 27035 and their key components
• Key Components of a Resilient Cybersecurity Strategy
• Best practices for building a resilient cybersecurity strategy in 2024
Presenters:
Rinske Geerlings
Rinske is an internationally known consultant, speaker and certified Business Continuity, Information Security & Risk Management trainer.
She was awarded Alumnus of the Year 2012 of Delft University, Australian Business Woman of the Year 2010-13 by BPW, Risk Consultant of the Year 2017 (RMIA/Australasia) and Outstanding Security Consultant 2019 Finalist (OSPAs)
Rinske has consulted to the Department of Prime Minister & Cabinet, 15 Central Banks, APEC, BBC, Shell, Fuji Xerox, NIB Health Funds, ASIC, Departments of Defense, Immigration, Health, Industry, Education, Foreign Affairs and 100s of other public and private organizations across 5 continents.
She has been changing the way organizations ‘plan for the unexpected’. Her facilitation skills enable organizations to achieve their own results and simplify their processes. She applies a fresh, energetic, fun, practical, easy-to-apply, innovative approach to BCM, Security, and Risk.
Her 'alter ego' includes being a lead singer in SophieG Music and contributing to the global charity playing for Change, which provides music education to children in disadvantaged regions.
Loris Mansiamina
A Senior GRC Professional consultant for Small, Medium and large companies. Over 10 years, Loris has been assisting clients in both public and private sectors about various matters relating to Gouvernance, Risk Management and Compliance (GRC), Digital transformation, cyber security program management, ISO 27k & ISO 20k implementation, COBIT & ITIL implementation, etc.
Date: December 19, 2023
Tags: ISO, ISO/IEC 27001, ISO/IEC 27035, Cybersecurity, Information Security
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
ISO/IEC 27035 Information Security Incident Management - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/yT8gxRZD_4c
The document discusses IT policies, standards, and technical directives. It provides an overview of several frameworks for IT standards including COBIT, ISACA, ISO, ITIL, NIST, PMBOK, and TOGAF. It also summarizes the key objectives within the COBIT framework for planning and organizing, acquiring and implementing, delivering and supporting, and monitoring and evaluating IT processes. Finally, it provides details on Fidelity's process for managing over 500 technical directives across many categories.
Similar to ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map? (20)
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...PECB
Denis is a dynamic and results-driven Chief Information Officer (CIO) with a distinguished career spanning information systems analysis and technical project management. With a proven track record of spearheading the design and delivery of cutting-edge Information Management solutions, he has consistently elevated business operations, streamlined reporting functions, and maximized process efficiency.
Certified as an ISO/IEC 27001: Information Security Management Systems (ISMS) Lead Implementer, Data Protection Officer, and Cyber Risks Analyst, Denis brings a heightened focus on data security, privacy, and cyber resilience to every endeavor.
His expertise extends across a diverse spectrum of reporting, database, and web development applications, underpinned by an exceptional grasp of data storage and virtualization technologies. His proficiency in application testing, database administration, and data cleansing ensures seamless execution of complex projects.
What sets Denis apart is his comprehensive understanding of Business and Systems Analysis technologies, honed through involvement in all phases of the Software Development Lifecycle (SDLC). From meticulous requirements gathering to precise analysis, innovative design, rigorous development, thorough testing, and successful implementation, he has consistently delivered exceptional results.
Throughout his career, he has taken on multifaceted roles, from leading technical project management teams to owning solutions that drive operational excellence. His conscientious and proactive approach is unwavering, whether he is working independently or collaboratively within a team. His ability to connect with colleagues on a personal level underscores his commitment to fostering a harmonious and productive workplace environment.
Date: May 29, 2024
Tags: Information Security, ISO/IEC 27001, ISO/IEC 42001, Artificial Intelligence, GDPR
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
General Data Protection Regulation (GDPR) - Training Courses - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
The global implications of DORA and NIS 2 Directive are significant, extending beyond the European Union.
Amongst others, the webinar covers:
• DORA and its Implications
• Nis 2 Directive and its Implications
• How to leverage directive and regulation as a marketing tool and competitive advantage
• How to use new compliance framework to request additional budget
Presenters:
Christophe Mazzola - Senior Cyber Governance Consultant
Armed with endless Excel files, a meme catalog worthy of the best X'os (formerly twittos), and a risk register to make your favorite risk manager jealous, I swapped my computer scientist cape a few years ago for that of a (cyber) threat hunter with the honorary title of CISO.
Ah, and I am also a quadruple senior certified ISO27001/2/5, Pas mal non ? C'est francais.
Malcolm Xavier
Malcolm Xavier has been working in the Digital Industry for over 18 Years now. He has worked with Global Clients in South Africa, United States and United Kingdom. He has achieved Many Professional Certifications Like CISSP, Google Cloud Practitioner, TOGAF, Azure Cloud, ITIL v3 etc.
His core competencies include IT strategy, cybersecurity, IT infrastructure management, data center migration and consolidation, data protection and compliance, risk management and governance, and IS program development and management.
Date: April 25, 2024
Tags: Information Security, Digital Operational Resilience Act (DORA)
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: Digital Operational Resilience Act (DORA) - EN | PECB
NIS 2 Directive - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityPECB
In an era where digital transformation is inevitable, the landscape of cybersecurity is constantly evolving.
Amongst others, the webinar covers:
• DORA and its Implications
• ISO/IEC 27005: Risk Management in Information Security
• Leveraging Artificial Intelligence for Enhanced Cybersecurity
Presenters:
Geoffrey L. Taylor - Director of Cybersecurity
Geoffrey Taylor brings a wealth of experience from multiple roles within various industries throughout his career. As a Certified ISO 27001 Implementer and Auditor, as well as certified ISO 27005, CISM and CRISC, he brings a unique perspective on cybersecurity strategy, risk management and the implementation of an Information Security Management System, having helped multiple organizations in aligning their strategy based on their threat landscape.
Martin Tully - Senior Cyber Governance Consultant
Martin is a Senior Consultant at CRMG with over twenty years of experience, and has previously been employed at two of the ‘Big Four’ professional services firms. Martin has worked across most industry sectors in the development of the best practice guidance and risk analysis methodologies. Martin is also accomplished at: leading the implementation of an ISMS; delivering a number of information risk assessments; reviewing information security policies; assessing security requirements across the supply chain; and updating a complete framework of supporting standards. Prior to the ISF, Martin’s roles have included delivering operational risk reporting, running research projects and benchmarking information security investments for major clients. Martin holds a Bachelors degree from Royal Holloway University of London.
Date: March 27, 2024
Tags: ISO, ISO/IEC 27005, ISO/IEC 42001, Artificial Intelligence, Information Security, Digital Operational Resilience Act (DORA)
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27005 Information Security Risk Management - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/ffX-Xbw7XUk
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
In today’s rapidly evolving world, where Artificial Intelligence (AI) not only drives innovation but also presents unique challenges and opportunities, staying ahead means being informed.
Amongst others, the webinar covers:
• ISO/IEC 27001 and ISO/IEC 42001 and their key components
• Latest trends in AI Governance
• Ethical AI practices
• Benefits of Certification
Presenters:
Jeffrey Bankard - Cybersecurity & AI Leader, AI Management Systems: ISO/IEC 42001
Jeffrey provides executive leadership for AI product creation through the product incubation unit (PIU). Ensures the timely delivery of AI consulting engagements through cross-functional teams comprised of senior information and network security leaders to establish strategic goals for improving the security architecture and risk posture for clients. Consults with business leaders to define key performance indicators and service levels. Fosters employee development through mentoring and coaching. Decides how to achieve results within the organization’s strategic plans, policies, and guidelines. Develops new products and secures those products through current AI security guidelines (ISO 42001).
Adrian Resag - Experienced in Risk and Control - ISO/IEC 27001 and ISO/IEC 42001
Adrian believes a stimulating career can span many disciplines and that leading organizations value versatile professionals. He has enjoyed managing teams spanning the globe by working in world-leading organizations as Chief Audit Executive, Head of Risk Management, Information Systems Auditor, Head of Internal Control, as a consultant, a statutory auditor and an accountant. To allow such a diverse career, his approach has been to pursue certifications in many fields (making him one of the most qualified and certified in some of them). He has written books and created professional certifications in audit & assurance and compliance & ethics, and teaches in subjects from information security to risk management. With a passion for education, Adrian founded an educational institution and has taught tens of thousands of students and professionals online, in companies, universities and in governmental organizations.
Date: February 28, 2024
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/DujXaxBhhRk
The importance of a robust cybersecurity strategy cannot be overstated. Learning on the effective measures to be taken and tools needed to navigate the evolving cybersecurity landscape successfully is essential.
Amongst others, the webinar covers:
• ISO/IEC 27002 and ISO/IEC 27032 and their key components
• Key Components of a Resilient Cybersecurity Strategy
• CMMC Frameworks
Presenters:
Dr. Oz Erdem
Governance, Risk and Compliance (GRC) consultant, trainer, auditor, and speaker
Dr. Erdem has over 25 years of experience in information security, trade compliance, data privacy, and risk management. He took leadership roles in governance and compliance at various Fortune 100-500 companies and SMBs, including Siemens Corporation, Siemens Industry, Linqs, Texas Instruments, Rtrust, ICEsoft Technologies, NATO C3A, and BILGEM. In addition, successfully managed software development (i.e., embedded, cloud, and SaaS) and digital product projects involving information security, mobile networks, and IoT networks. Further, Dr. Erdem led several non-profit organizations, such as National Association of District Export Councils (NADEC), Government Contractors Council (GovConCouncil), and Central-North Florida District Export Council as the Chairman of the Board.
Peter Geelen
Peter Geelen is the director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
George Usi - CEO of Omnistruct
An internet pioneer and award-winning leader in internet governance with over 25 years of experience, George Usi knows that getting hacked is not a matter of ‘if’ but, ‘when’ and the fiscal and reputational effects that has on a business, the executives, and the board. George is the Co-Founder of Omnistruct, a cyber risk company. Omnistruct protects and expands revenue creation, reputation, and customer retention through cyber risk transference, governance, and compliance. We ensure that security and privacy programs work.
Date: January 24, 2024
YouTube Video: https://youtu.be/9i5p5WFExT4
Website: https://bit.ly/3SjovIP
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
In today's rapidly evolving digital landscape, the integration of artificial intelligence (AI) in business processes is becoming increasingly essential. Hence, it is crucial to stay informed and prepared.
Amongst others, the webinar covers:
• ISO/IEC 27005 and ISO/IEC 27001 and their key components
• The standard’s alignment
• Identifying AI risks and vulnerabilities
• Implementing effective risk management strategies
Presenters:
Sabrina Feddal
With more than 16 years of background in operational security, telco as engineer and project manager for major international companies. I have founded Probe I.T in 2016 to provide my customers (both national and international) with GRC services. Winner of the 2020 award, the CEFCYS – Main French Women in cybersecurity association - jury's favorite, she remains committed on a daily basis to maintaining diversity and gender diversity in her teams.
Passionate about Law, History & Cybersecurity. She has several professional certifications acquired over the course of her career: Prince2, CISSP, Lead Implementer ISO27001, Risk Manager, University degree in Cybercrime and Digital Investigation.
Her values: excellence, discretion, professionalism.
Mike Boutwell
Mike Boutwell is a Senior Information Security Specialist with over 15 years of experience in security and 10 years of risk management experience, primarily focused on financial services. He excels in collaborating with CISOs and other executive leadership to build and implement security frameworks aligned with business objectives and developing enterprise-wide security requirements. Mike has a strong track record of securing assets worth over $1 quadrillion and delivering $100M+ projects.
Mike is a certified CISSP, CISA, CGEIT, ISO 27001 Senior Lead Implementer, ISO 27001 Senior Lead Auditor, ISO 38500 Senior Lead IT Governance Manager, ISO 27032 Senior Lead Cyber Security Manager, and Certified Non-Executive Director.
Date: November 22, 2023
Tags: ISO, ISO/IEC 27001, ISO/IEC 27005, Cybersecurity, Information Security
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
ISO/IEC 27005 Information Security Risk Management - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/TtnY1vzHzns
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
The management of AI systems is a shared responsibility. By implementing the ISO 31000 Framework and complying with emerging regulations like the EU ACT, we can jointly create a more reliable, secure, and trustworthy AI ecosystem.
Amongst others, the webinar covers:
• Understanding AI and the regulatory landscape
• AI and the threat landscape
• A risk driven approach to AI assurance - based on ISO 31000 principles
• Stress testing to evaluate risk exposure
Presenters:
Chris Jefferson
Chris is the Co-Founder and CTO at Advai. As the Co-Founder of Advai, Chris is working on the application of defensive techniques to help protect AI and Machine Learning applications from being exploited. This involves work in DevOps and MLOps to create robust and consistent products that support multiple platforms, such as cloud, local, and edge.
Nick Frost
Nick Frost is Co-founder and Lead Consultant at CRMG. Nick’s career in cyber security spanning nearly 20 years. Most recently Nick has held leadership roles at PwC as Group Head of Information Risk and at the Information Security Forum (ISF) as Principal Consultant. In particular Nick was Group Head of Information Risk for PwC designing and implementing best practice solutions that made good business sense that prioritized key risks to the organisation and helped minimize disruption to ongoing operations. Whilst at the ISF Nick led their information risk projects and delivered many of the consultancy engagements to help organisations implement leading thinking in information risk management.
Nicks combined experience as a cyber risk researcher and practitioner designing and implementing risk based solutions places him as a leading cyber risk expert. Prior to cyber security and after graduating from UCNW and Oxford Brookes Nick was a geophysicist in the Oil and Gas Industry.
Date: August 24, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-31000
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/MXnHC6AvjXc
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
Generative AI offers great opportunities for innovation in various industries. Hence, by adopting ISO/IEC 27032, you can enhance your cybersecurity resilience and efficiently address the risks associated with generative AI.
Amongst others, the webinar covers:
• AI & Privacy
• Generative AI, Models & Cybersecurity
• AI & ISO/IEC 27032
Presenters:
Christian Grafenauer
Anonymization expert, privacy engineer, data protection officer, LegalTech researcher (GDPR, Blockchain, AI) Christian Grafenauer is an accomplished privacy engineer, anonymization expert, and computer science specialist, currently serving as the project lead for anonymity assessments at techgdpr. With an extensive background as a senior architect in Blockchain for IBM and years of research in the field since 2013, Christian co-founded privacy by Blockchain design to explore the potential of Blockchain technology in revolutionizing privacy and internet infrastructure. As a dedicated advocate for integrating legal and computer science disciplines, Christian’s expertise in anonymization and GDPR compliance enables innovative AI applications, ensuring a seamless fusion of technology and governance, particularly in the realm of smart contracts. In his role at techgdpr, he supports technical compliance, Blockchain, and AI initiatives, along with anonymity assessments. Christian also represents consumer interests as a member of the national Blockchain and DTL standardization committee at din (German standardization institute) in ISO/TC 307.
Akin Johnson
Akin J. Johnson is a renowned Cybersecurity Expert, known for his expertise in protecting digital systems from potential threats. With over a decade of experience in the field, Akin has developed a deep understanding of the ever-evolving cyber landscape.
Akin is an advocate for cybersecurity awareness and frequently shares his knowledge through speaking engagements, workshops, and publications. He firmly believes in the importance of educating individuals and organizations on the best practices for safeguarding their digital assets.
Lucas Falivene
Lucas is a highly experienced cybersecurity professional with a solid base in business, information systems, information security, and cybersecurity policy-making. A former Fulbright scholar with a Master of Science degree in Information Security Policy and Management at Carnegie Mellon University (Highest distinction) and a Master's degree in Information Security at the University of Buenos Aires (Class rank 1st). Lucas has participated in several trainings conducted by the FBI, INTERPOL, OAS, and SEI/CERT as well as in the development of 4 cyber ISO national standards.
Date: July 26, 2023
YouTube Link: https://youtu.be/QPDcROniUcc
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
By embracing the importance of GDPR and leveraging ISO/IEC 27701, you can enhance your data protection practices, achieve compliance, and minimize the risk of penalties.
Amongst others, the webinar covers:
Importance of Data Protection
Understanding Data Collection and Challenges
Introduction to GDPR
Key Principles of GDPR
Who does GDPR Apply to and Its Global Implications
Introduction to ISO/IEC 27701
Implementing ISO/IEC 27701
Privacy by Design
Dealing with IT on a Daily Basis
Building Awareness and Training
Audit, Data Discovery, and Risk Assessments
Presenters:
Mike Boutwell
Mike Boutwell is a Senior Information Security Specialist with over 15 years of experience in security and 10 years of risk management experience, primarily focused on financial services. He excels in collaborating with CISOs and other executive leadership to build and implement security frameworks aligned with business objectives and developing enterprise-wide security requirements. Mike has a strong track record of securing assets worth over $1 quadrillion and delivering $100M+ projects.
Mike is a certified CISSP, CISA, CGEIT, ISO 27001 Senior Lead Implementer, ISO 27001 Senior Lead Auditor, ISO 38500 Senior Lead IT Governance Manager, ISO 27032 Senior Lead Cyber Security Manager, and Certified Non-Executive Director.
Lisa Goldsmith
Lisa Goldsmith is the founder of LJ Digital and Data Consultancy. Lisa has over 23 years’ experience of supporting leadership teams in membership, charity, and wider not-for-profit organisations to simplify their IT and digital strategy that allows them to sleep soundly at night, knowing their systems and processes are fit for purpose, GDPR compliant, secure and that they deliver value to staff, members, and stakeholders.
Prior to starting her own consultancy, Lisa gained extensive experience working for membership organisations and has knowledge and expertise at all levels of operations from working within careers and qualifications teams, as Membership Manager, as Head of Digital & IT for delivering large-scale digital, IT and GDPR compliance projects and serving on several Senior Leadership Teams. Lisa is also currently a Trustee of the BCLA and Groundwork East.
Date: June 27, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/lfJrSLaGDtc
Website: https://bit.ly/437GOnG
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
The EU has implemented a range of regulations aimed at strengthening its cybersecurity posture. In this context, the ISO/IEC 27001 standard offers a comprehensive framework for managing and safeguarding sensitive information, such as personal data.
Amongst others, the webinar covers:
• Quick recap on the ISO/IEC 27001:2013 & 2022
• ISO/IEC 27001 vs legislation
• The EU Cyber Legislation landscape
• Some considerations and consequences
• How to stay on top of the ever changing context
Presenters:
Peter Geelen
Peter Geelen is the director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Jean-Luc Peters
Jean-Luc Peters brings 25 years of IT technology, information and cybersecurity expertise to boards, executives, and employees. Since the younger age he has held management positions in the private and government sector. He is currently the Head of the Cyber Emergency Response team for the National Cybersecurity Authority in Belgium. In addition to this, he is also a trainer, coach and trusted advisor focusing on enhancing cyber resilience.
Jean-Luc has helped in the technical implementation of the NIS 1 (Network and Information Security) Directive transposition in Belgium, defining the Baseline Security Guidelines governmental ISMS framework and many other projects. He holds several certifications, including ISO/IEC 27001 Lead Implementer, ISO/IEC 27005 Auditor, CISSP, GISP, Prince 2 Practitioner, ITIL etc.
Date: May 31, 2023
Tags: ISO, ISO/IEC 27001, Information Security, Cybersecurity
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/rsjwwF5zlK8
This document provides information about an informative student session hosted by PECB University and their academic partner Kaizen Training & Management Consultants Limited (KTMC) on May 18, 2023. It introduces Mustafë Bislimi of PECB University and Jacob A. McLean of KTMC. PECB University offers Executive MBA programs in cybersecurity, business continuity management, and governance, risk and compliance. Blocks 1 and 4 are offered by PECB University, while blocks 2 and 3 are offered by KTMC. The session discusses cybersecurity management and KTMC's partnership, training, and consulting services. Studying with KTMC provides advantages of cost, convenience, and expertise.
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
To protect your organization from cyber attacks, you need to implement a robust information security management system (ISMS) and business continuity management system (BCMS) based on international standards, such as ISO/IEC 27001 and ISO 22301.
Amongst others, the webinar covers:
• Why we need a cyber response plan to protect business operations
• Introduction to ISO/IEC 27001 and ISO 22301
• What do we need for a cyber security response plan?
• How do we develop a cyber security response plan?
Presenters:
Nick Frost
Nick Frost is Co-founder and Lead Consultant at CRMG.
Nick’s career in cyber security spanning nearly 20 years. Most recently Nick has held leadership roles at PwC as Group Head of Information Risk and at the Information Security Forum (ISF) as Principal Consultant.
In particular Nick was Group Head of Information Risk for PwC designing and implementing best practice solutions that made good business sense, that prioritise key risks to the organisation and helped minimise disruption to ongoing operations. Whilst at the ISF Nick led their information risk projects and delivered many of the consultancy engagements to help organisations implement leading thinking in information risk management.
Nicks combined experience as a cyber risk researcher and practitioner designing and implementing risk based solutions places him as a leading cyber risk expert. Prior to cyber security and after graduating from UCNW and Oxford Brookes Nick was a geophysicst in the Oil and Gas Industry.
Simon Lacey
Simon is a resourceful, creative Information & Cyber Security professional with a proven track record of instigating change, disrupting the status quo, influencing stakeholders and developing ‘big picture’ vision across business populations. Multiple industry experience; excels in building stakeholder engagement & consensus; and suporting organisations to make sustainable change.
Simon also has considerable experience of risk management, education and awareness, strategy development and consulting to senior management and is a confident and engaging public speaker.
Simon has previously worked within the NHS, Bank of England and BUPA, before setting out as an independent consultan forming Oliver Lacey Limited, supporting clients in multiple business sectors.
When not working, Simon loves to run – currently training for the Berlin Marathon, a Director of Aylesbury United Football Club, records vlogs and is an experienced standup comic.
Date: April 26, 2023
Find out more about ISO training and certification services
Training: https://bit.ly/3AyoyYF
https://bit.ly/3LbBVTx
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/i4qx5mjEqio
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
Integrating ISO/IEC 27001 and ISO 31000 can help organizations align their information security and risk management efforts with their overall business objectives, leading to more effective risk management and better decision-making.
Amongst others, the webinar covers:
• Aligning the ISMS process with ISO/IEC 27001
• Using ISO 31000 within the ISMS
• Aligning the RM process with ISO 31000
• How/where does ISO/IEC 27001 fit?
Presenters:
Nick Riemsdijk
As a highly experienced and multi-skilled leader in Information and Physical Security, Nick is known as a collaborative, focused, driven and highly analytical individual with a broad portfolio of successes in client engagements. His expertise spans devising, implementing, managing and delivering information security, physical security, organizational resilience and facilities management solutions for organizations. He is certified as a Certified Information Security Manager (CISM), Certified Protection Professional (CPP), in Project Management (Prince2), ISO 22301 (Business Continuity), ISO 27001 (Information Security), and ISO 31000 (Risk Management).
Rinske Geerlings
Rinske is an internationally known consultant, speaker and certified Business Continuity, Information Security & Risk Management trainer.
She was awarded Alumnus of the Year 2012 of Delft University, Australian Business Woman of the Year 2010-13 by BPW, Risk Consultant of the Year 2017 (RMIA/Australasia) and Outstanding Security Consultant 2019 Finalist (OSPAs)
Rinske has consulted to the Department of Prime Minister & Cabinet, 15 Central Banks, APEC, BBC, Shell, Fuji Xerox, NIB Health Funds, ASIC, Departments of Defense, Immigration, Health, Industry, Education, Foreign Affairs and 100s of other public and private organizations across 5 continents.
She has been changing the way organizations ‘plan for the unexpected’. Her facilitation skills enable organizations to achieve their own results and simplify their processes. She applies a fresh, energetic, fun, practical, easy-to-apply, innovative approach to BCM, Security, and Risk.
Her 'alter ego' includes being a lead singer in SophieG Music and contributing to the global charity playing for Change, which provides music education to children in disadvantaged regions.
Date: March 23, 2023
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-31000
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/Xj0U2mbpZUs
Student Information Session University CREST ADVISORY AFRICA PECB
This document provides information about an informative student session on March 9, 2023 for PECB University's Executive MBA programs. PECB University offers Executive MBA degrees in cybersecurity, business continuity management, and governance, risk and compliance. The session will discuss simulations that place students in realistic business scenarios, as well as core courses in strategic management and leadership. Crest Advisory Africa is introduced as the academic partner that will deliver specialization and elective courses using various modes including on-site, online and self-study, and provide opportunities for South African students. Contact information is provided for representatives from PECB University and Crest Advisory Africa.
IT Governance and Information Security – How do they map?PECB
Effective IT Governance requires proper Information Security practices to ensure that the organization's data is secure. On the other hand, Information Security policies and procedures must be aligned with the organization's overall IT Governance framework to ensure that security measures do not negatively impact business operations.
Amongst others, the webinar covers:
▪ Bring Governance and InfoSec Together
▪ Answering WIIFM
▪ Business Terms
Presenters:
Dr. Edward Marchewka
Dr. Edward Marchewka is a seasoned executive that has come up through the ranks in the IT vertical, expanding into information security, quality management, and strategic planning.
Edward founded and serves as the Principal for 3LC Solutions, enabling YOU to Tell a Better Story in business, with our vCIO, vCISO, quality, and strategy consulting services, through metrics and relating risk to the business with our CHICAGO Metrics® SaaS solution.
He has also held several roles leading information technology, most recently with Gift of Hope Organ and Tissue Donor Network, leading the Information and Technology Services department as the Director of IT, Data, and Security Services. Prior to Gift of Hope, he ran information security for Chicago Public Schools.
Edward has earned a Doctorate of Business Administration from California Southern University and Masters’ degrees in Business Administration and Mathematics from Northern Illinois University. He earned Bachelors’ degrees in Liberal Studies and Nuclear Engineering Technologies from Thomas Edison State College, N.J. Edward maintains several active IT, security, and professional certifications from (ISC)2, ASQ, ITIL, PCI, PMI, ISACA, Microsoft, and CompTIA. He has held legacy IT certifications from Cisco and HP, and a designation from the National Security Agency.
Date: February 22, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-38500
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/2bSbAdL5Idg
This document provides information about an information session held by PECB University and their academic partner EGYBYTE. PECB University offers Executive MBA programs in Cybersecurity, Business Continuity Management, and Governance, Risk and Compliance. The programs consist of 48 credits delivered through a blended model of distance learning and classroom sessions. EGYBYTE will provide support through Arabic-speaking subject matter experts, various delivery models like online and on-site training, and access to specialization and elective courses. The document outlines the program structures and lists available electives. It also discusses PECB University's accreditations and status as an active institution in the District of Columbia.
Student Information Session University Digital Encode.pptxPECB
oin us as our Director for Business Mustafe Bislimi teams up with Dr. Obadare Peter Adewale, our academic partner Digital Encode Limited, to provide valuable information about our programs, admissions process and specialization and elective courses.
Discover the opportunities available to you as a student at PECB University and get a firsthand look at what makes us a top choice for education.
Whether you're a prospective student or simply curious about PECB University, don't miss this informative session! Subscribe to our channel and stay tuned for more videos.
For inquiries regarding admission process contact us: university.studentaffairs@pecb.com
-EMBA in Cybersecurity: https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHJQUUpjMmY2NmcyeURhTzE5VlRSNjg2Y1hwd3xBQ3Jtc0tuLTZqdmZyWkc2VVNQV21YRTlKZUQ2SEtUenNXbzYyb1ZianV5cldDYTViWjZ1eVhCNWtxWHI3VTNwRS1BOE4wTERkZ3BtcndwM0sxdVoydWZYSXBkV2hYd2lwU0NLSTk5WERWMlhtVk1Ud2tuWTRjTQ&q=https%3A%2F%2Fpecb.university%2Fprograms%2Fmba-programs%2Fcybersecurity&v=3YJbbr708pk
-EMBA in Business Continuity Management: https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3JQTGVhd1VfeG1weWNzUzRrMmg2bk0tc3kxUXxBQ3Jtc0tsOVF5VG82TkhRU3R5TVRWWmdhMzBrSTU2eW9wby1OYWN4VTg5bkJBY0lhTmNsOFhETzB5cVp0WU8zbTQwTlZkdk9Dby1fSXdhWmRpZFFPUmk3NS1QOGpMOVBlaDFhVVpwa2JZMkxKNGRnTnppMm93SQ&q=https%3A%2F%2Fpecb.university%2Fprograms%2Fmba-programs%2Fbusiness-continuity-management&v=3YJbbr708pk
-EMBA in Governance, Risk, and Compliance: https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbUplMGtjOFRWbzdGWERmdTR2QjdSbTBuQUxCd3xBQ3Jtc0tsNVdOU1p6UERWM3ZySE55V2FlWlJ1aFlzUU85VEt0aVRoR0hyTjNHbUNVYVMyb0lzTkZycUtJRzNxazlDWGRqTHZQMWJPZEYwbG1xWjVJN1JNOW1QUjJBZDY3NkU5LVl0b2xxOFpkZW1ZX2F3QmF5cw&q=https%3A%2F%2Fpecb.university%2Fprograms%2Fmba-programs%2Fgovernance-risk-compliance&v=3YJbbr708pk
Being aware of the trends that are expected to shape the digital landscape is an important step in ensuring the security of your data and online assets.
Amongst others, the webinar covers:
• Top Cyber Trends for 2023
• Cyber Insurance
• Prioritization of Cyber Risk
Presenters:
Colleen Lennox
Colleen Lennox is the Founder of Cyber Job Central, a newly formed job board dedicated to Cybersecurity job openings. Colleen has 25+ years in Technical Recruiting and loves to help other find their next great job!
Madhu Maganti
Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes.
Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting.
Date: January 25, 2023
Tags: ISO, ISO/IEC 27032, Cybersecurity Management
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
https://pecb.com/article/cybersecurity-risk-assessment
https://pecb.com/article/a-deeper-understanding-of-cybersecurity
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/BAAl_PI9uRc
ISO 28000:2022 – Reduce risks and improve the security management systemPECB
Several organizations are experiencing increased volatility in their security environment.
A proper security management system can contribute to business resilience and to its credibility, hence, organizations should continually conduct security risk assessments in order to be able to better manage their security.
Amongst others, the webinar covers:
• What is ISO 28000:2022
• Why is it important and changes
• How it operates
• Benefits to implement this standard
Presenters:
Patrick Ben
As a cybersecurity analyst, Patrick is highly skilled in identifying and mitigating security threats to computer systems and networks. With a strong background in computer science and a passion for staying up-to-date on the latest security trends, he is able to analyze and evaluate security risks and develop effective strategies to protect against them. I have experience working with a variety of security tools and technologies, including firewall configurations, intrusion detection systems, and network security protocols. Patrick is also proficient in coding languages such as Python and Java, which allows him to analyze and understand complex security systems at a deeper level.
Overall, Patrick’s goal is to use his expertise and experience to help organizations and individuals protect their systems and data from security threats. He is excited to continue learning and growing in the field of cybersecurity and to make a positive impact in the world of information security.
Date: December 14, 2022
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/isoiec-270022022--information-security-cybersecurity-and-privacy-protection
https://pecb.com/article/isoiec-27001---what-are-the-main-changes-in-2022
https://pecb.com/article/investing-in-information-security-awareness
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Webinar: https://youtu.be/G2Ru7jiSRmE
ISO/IEC 27005:2022 provides guidance in assisting you and your organization to perform information security risk management activities.
Amongst others, the webinar covers:
• Changes to the ISO/IEC 27005:2022 standard
• Changes to the ISO/IEC 27005:2022 standard
• Why a new ISO/IEC 27005-standard?
Presenters:
Anders Linde
Anders Linde, founder of CISO27, holds more than 12 years of information security consulting and training experience. Anders is particularly interested in resolving the challenges arising from the consolidation and adaptation of international best practices in different organizational settings. Anders is a PECB certified trainer and member of SC27, contributing to the international development of the ISO/IEC 27000 series.
Tony Chebli
Tony is a cybersecurity practice leader and certified instructor. He was appointed as a CISO “information security head” for Group Credit Libanais for the past 13 years.
Tony engineered a security program derived from ISO 27001 and PCI-DSS which helped the Bank comply with Central Bank of Lebanon and Banking Control Commission circulars and satisfy the external and internal IT auditors’ requirements.
He was featured as a keynote speaker at several conferences and contributed to developing security awareness in the Middle East.
Tony was hosted as a speaker for ISC2 Secure Summit in Dubai (November 2017), and the PCI council in Dubai (April 2016), he conducted as well road shows about ISO 27001 in KSA, Dubai, Jordan & Lebanon.
Tony received for three consecutive years the “CISO 100 information security executive” award from the Middle East Security Awards (MESA) in Dubai.
Date: November 16, 2022
Tags: ISO, ISO/IEC 27005, Information Security Risk Management
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005
https://pecb.com/article/data-protection-risk-management
https://pecb.com/article/investing-in-information-security-awareness
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
The simplified electron and muon model, Oscillating Spacetime: The Foundation...RitikBhardwaj56
Discover the Simplified Electron and Muon Model: A New Wave-Based Approach to Understanding Particles delves into a groundbreaking theory that presents electrons and muons as rotating soliton waves within oscillating spacetime. Geared towards students, researchers, and science buffs, this book breaks down complex ideas into simple explanations. It covers topics such as electron waves, temporal dynamics, and the implications of this model on particle physics. With clear illustrations and easy-to-follow explanations, readers will gain a new outlook on the universe's fundamental nature.
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
How to Fix the Import Error in the Odoo 17Celine George
An import error occurs when a program fails to import a module or library, disrupting its execution. In languages like Python, this issue arises when the specified module cannot be found or accessed, hindering the program's functionality. Resolving import errors is crucial for maintaining smooth software operation and uninterrupted development processes.
Assessment and Planning in Educational technology.pptxKavitha Krishnan
In an education system, it is understood that assessment is only for the students, but on the other hand, the Assessment of teachers is also an important aspect of the education system that ensures teachers are providing high-quality instruction to students. The assessment process can be used to provide feedback and support for professional development, to inform decisions about teacher retention or promotion, or to evaluate teacher effectiveness for accountability purposes.
This presentation was provided by Steph Pollock of The American Psychological Association’s Journals Program, and Damita Snow, of The American Society of Civil Engineers (ASCE), for the initial session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session One: 'Setting Expectations: a DEIA Primer,' was held June 6, 2024.
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
Physiology and chemistry of skin and pigmentation, hairs, scalp, lips and nail, Cleansing cream, Lotions, Face powders, Face packs, Lipsticks, Bath products, soaps and baby product,
Preparation and standardization of the following : Tonic, Bleaches, Dentifrices and Mouth washes & Tooth Pastes, Cosmetics for Nails.
Thinking of getting a dog? Be aware that breeds like Pit Bulls, Rottweilers, and German Shepherds can be loyal and dangerous. Proper training and socialization are crucial to preventing aggressive behaviors. Ensure safety by understanding their needs and always supervising interactions. Stay safe, and enjoy your furry friends!
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
1.
2. Agenda
GDPR, ePrivacy & ISO/IEC27701: How do they map?
Data protection, a global development
Your speakers
Introduction to the GDPR, ePrivacy & ISO/IEC27701
GDPR & ISO/IEC27701mapping
ePrivacy & ISO/IEC27701 mapping
Q&A Session
4. , Zen GRC, ISO Manager, ISO–Metrics, Lok path,
Certifications:
- Information Security Management
System (ISO 27001:2013)
- Cloud Security Alliance (CSA STAR)
- Privacy Information Management
System (ISO 27701:2019)
- Certified Data Protection Officer
(GDPR)
- PII on Cloud (ISO 27018)
- Technical Reviewer of IT certifications
for DQS
- Information Technology Management
System (ISO 20000-1:2018)
- Certified Project Management
Professional (PMP)
- Quality Management System (ISO
9001:2015)
- ITIL Certified from EXIN
- CMMC Registered Practitioner
- NIST Certified by BSI
- Governance, Risk & Compliance (GRC)
Professional
- Experienced in reviewing multiple GRC tools
like: Archer, ServiceNow, Zen GRC, ISO Manager,
ISO–Metrics, Lok path, MYRA
- Implemented GRC solutions for several clients
- Implemented Risk Management using NIST 800
Framework
- Performed GDPR/ CCPA Assessment
Lead Auditor of ISO 27001, ISO 20000-1, CSA
STAR, ISO 27018 & ISO 27701:2019 Standards
- Certified Instructor of ISO 27001, ISO 20000-1,
CDPO (GDPR) & ISO 27701:2019 Standards
- Performed around 800 Governance, Risk &
Compliance audit for Fortune 100 Companies
including Microsoft, Accenture, Oracle, SAP,
Capgemini
- Provided consulting services to Implement
Information Security Management Systems
- Performed Data Privacy Impact Assessment
(DPIA) and created Data Model / Process Model
to identify the impacted PII.
A PECB Partner Company
Neelov@1stprivacy.com
https://pmgame.net
+001-469-258-8565
Offerings:
PECB Accredited Certification: ISO 9K/ 20K/ 27K, ISO 27701
PECB Accredited Training: ISO 9K/ 20K/ 27K , CDPO
Consulting: ISO Certification Preparation Incl. ISO 27701,
ISO 27018
Other Information Security Framework
GDPR/CCPA/GLBA/ SSPA Assessment
CSA Solution Provider
NIST/ FedRAMP
SOC 1/2/3 (SSAE 18)
PCI DSS
CMMC
SEI/ CMM Assessment
PenTest, NOC/SOC
PM Game
Data Privacy Tool
https://1stprivacy.com
Neelov Kar
5. David Parish MSc CMI dip
Expertise and skills:
Data Privacy and Data Security ,
Harm reduction Enterprise Risk Management ISO 31000 advocate,
Governance, Risk, Compliance,
ISO ITIL Cyber Essentials
Legal Regulatory strategy development and delivery,
Expérience :
30 + International National Senior UK Détective , Organised Crime Money Laundering Intelligence
10 Years Private secutor specialising in Threat Risk and Harm reduction ,Insurance Health and Legal services.,
Top 50 UK Law firm GDPR AML ISO 270001 and BCP implementation and strategfy
NHS childrens hospital Covid security and privacy Information Governance recovery stratefies.
National Insurance Implementation counter fraud and intelligence capability
Support and DPO as a service Voluntary secutor Charities.
Director and Associate expert for bespoke Confidentiel solutions privacy and security.,
Subject Matter Expert at European Police College CEPOL, Organised Crime and Strategic Intelligence
Technical specialist GDPRACADEMY.org
Speaker: Various forums on line or in person.
Degrees & Certifications :
MSc(s), Security and risk management
CMI Management and Leadership
ISO/IEC 22001 /27701 Lead Implementer and auditor,
ISO 22301 Business Continuity Implementation
Maestricht University Data Protection Officer (DPO),
IBITQ GDPR Practitioner and Implementer.
Money Laundering / Serious and Organised Crime Multiple Qualifications.
Specialist Intelligence expert and Criminal Intelligence Analyst ( IALEIA)
PMP, PRINCE2,Six Sigma Lean thinking.
Practical realistic
6. Vincent Bureau
www.DPOsolutions.co.
Data Protection Officer as a Service
Expertise and skills
Personal data & privacy protection,
Information security & cybersecurity,
Governance, Risk, Compliance,
Laws & Treaties, North America, European Union, Caribbean, Africa,
Experience
15+ Risk, Regulatory & Compliance. 25+ IT & telecom,
Europe, Canada, Africa, USA,
Expert for NRC, National Research Council Canada, Expert for IN-SEC-M, cybersecurity cluster,
Trainer: ÉTS Montreal, Réseau Action TI Québec,
Speaker: PMI, ISACA, PECB, Printemps numérique de Montréal, Semaine numérique Nantes
France,
Software & telecom, public and government services, media and entertainment, education,
manufacturing, banking and insurance, retail, travel and hospitality,
Degrees & Certifications
MSc(s), Public Law, Risk & Project Management, Telecommunications, Marketing,
ISO/IEC 27701 Lead Implementer,
CIPP/E - Certified Information Privacy Professional Europe - IAPP,
CDPSE - Certified Data Privacy Solutions Engineer - ISACA,
OneTrust Certified Privacy Professional,
PMP, PRINCE2, MoP, Managing Benefits.
14. ISO 27701 Mapping to GDPR – Major Areas
Data Protection Officer
• ISO 27701: Cl. 6.3
• Appoint person responsible for
developing, maintaining and monitoring
privacy program. Responsibilities:
be independent reporting directly to
management
be involved in the management of all issues
be expert in data protection legislations
act as contact point for supervisory
authorities
inform top management obligations w.r.t. the
processing of PII
provide advice in respect of privacy impact
assessment
GDPR Article 37 -39
A data protection officer must be formally
identified monitoring large-scale processing
of sensitive personal information.
to inform and advise the controller or the
processor and the employees who carry out
processing of their obligations
to monitor compliance with this Regulation in
relation to the protection of personal data,
including awareness-raising
to provide advice where requested as regards
the data protection impact assessment
to cooperate with the supervisory authority;
to act as the contact point for the supervisory
authority
15. ISO 27701 Mapping to GDPR – Major Areas
Privacy Impact Assessment
• ISO 27701: Cl. 7.2.5 Privacy Impact
Assessment (PIA)
The organization should asses the need for and
implement where appropriate, a privacy impact
assessment whenever new processing of PII or
changes to existing processing of PII is planed.
• This includes: Types of PII Processed, where PII
is stored, and where it can be transferred
• DFD and Data Map can be helpful
GDPR Article 35: Data Protection Impact Assessment
(DPIA)
Where The Company implements new technologies
which will or could result in a high risk to the rights and
freedoms of individuals, the Company has to carry out
a PIA.
This will contain:
Systematic description of processing
Risk assessment
Controller shall carry out a review
16. ISO 27701 Mapping to GDPR – Major Areas Privacy by
Design & Default
• ISO 27701: Cl. 6.11.2.1 & 7.4
• Cl 6.11.2.1: Secure Development Policy
PII Protection/ privacy principles
(ISO 29100)/ PII Protection
Checkpoint / By default minimize
processing of PII
• Cl. 7.4: Privacy by Design/ Default
Limit collection (disabling option by
default)
Limit Processing (Disable
disclosure, storage and access)
Accuracy and quality
PII Minimization
De-identification/ deletion after
processing
Temp Files/ Retention/ Disposal/
transmission
GDPR Article 25
At the time of the determination of the
means for processing and at the time of the
processing itself, implement appropriate
technical and organisational measures, such
as pseudonymisation and data minimisation
The controller shall implement appropriate
technical and organizational measures for
ensuring that, by default, only personal data
which are necessary for each specific
purpose of the processing are processed
the amount of personal data
collected,
the extent of their processing,
the period of their storage
and their accessibility
FYI: Executive Order 14028 of US President, May 17 2021 - Zero Trust Architecture
17. ISO 27701 Mapping to GDPR – Major Areas
Breach Notification
• ISO 27701: Cl. 6.13.1.5
Record should be maintained for regulatory and
forensic purpose:
- Description, time period, consequences, Reporter,
to whom reported, steps taken to resolve, loss/
disclosure or alteration of PII
- In some jurisdiction, applicable legislation and/or
regulations - notify appropriate regulatory
authorities
GDPR Article 33 & 34
Does the company have procedures in place to
enable it to report a breach to the regulator within 72
hours of becoming aware of it?
The breach must be investigated and details
provided to the regulator about the nature of the
breach, likely consequences and mitigations being
taken to address it.
This investigation may require assistance from
processors, so operational processes should factor
this in.
Controller shall provide:
- Responsibilities of Controller and Processor
- Contact details of DPO
- DPIA
18. ISO 27701 Mapping to GDPR – Major Areas
Lawful Basis
• ISO 27701: Cl. 7.2.2
• The organization should determine,
document and comply with the relevant
lawful basis for the processing of PII for
the identified purpose. Legal basis:
Consent from PII Principals
Performance of a contract
Compliance with legal obligation
Protection of vital interest of PII
Principals
Public interest
Legitimate interest of the PII controller
GDPR Article 6
Data subject has given consent
Performance of a contract
Processing required for legal
obligation
Processing required to protect the vital
interest of Data Subject
Processing required for public interest
Processing required for legitimate
interest of controller
19. ISO 27701 Mapping to GDPR – Major Areas
International Transfer
• ISO 27701: Cl. 7.5.2 PII Transfer
The organization should specify and document
the countries and international organizations to
which PII can be possibly transferred
GDPR Chapter V, Article 44- 48
(a) A country which ensures adequacy level of
protection
(b) Transfers subject to appropriate safeguards
(c) If it is within the Company group, are Binding
Corporate Rules in place?
(d) Standard contractual clauses as approved by
the European Commission
Other possibilities:
(a) With the consent of the data subject.
(b) The transfer is necessary to carry out a contract
with the data subject
(c) The transfer is in the public interest
(d) The transfer is necessary to establish, exercise
or defend legal rights
(e) The transfer is necessary to protect the vital
interests of a person where the data subject is
physically or legally incapable of giving
consent.
COMMISSION IMPLEMENTING DECISION (EU) 2021/914
of 4 June 2021
on standard contractual clauses for the transfer of personal data to third
countries pursuant to Regulation (EU) 2016/679 of the European
Parliament and of the Council
20. ISO 27701 Mapping to GDPR – Major Areas
Policies & Procedures
• ISO 27701:
Secure Development Policy (Privacy by
Design/ Privacy by Default)
Secure System Engineering Principles
(Privacy by Design/ Privacy by Default)
Data Retention Policy (PII)
PII Compliance Policy
Guidelines for PII Sharing, transfer and
disclosure
DPIA Procedure
Consent Procedure
Security Incident Response Procedure (PII
breach)
GDPR
General Data Protection Policy
Data Subject Access Rights
Procedure
Data Retention Policy
Data Breach Escalation and
Checklist
Employee Privacy Policy and
Notice
Processing customer data policy
Guidance on privacy notices
22. Some Interesting Concept
Anonymization vs Pseudonymization
Data Controller vs Data Processor
Data Subject Access Request (DSAR)
“Don’t Sell My Information” on the website – Requirement of CCPA
Backup Policy for PII
Erasing Temp Files
Shall not re-issue deactivated or expired user IDs
Supervisory Authority of Member Countries
ISO 27701/GDPR
23. What is the relationship
between Privacy and Electronic
Communications Regulations
(PECR) and the GDPR?
24. • PECR sits alongside Data privacy legislation including the GDPR, and provides
specific rules in relation to privacy and electronic communications.
• Direct Marketing is invariably and consistently where companies fail to take a
joined up approach in recognising that :-
• Privacy Legislation and Marketing should COMPLEMENT rather than
COMPETE,
• You may comply with PECR but fail to comply with privacy and vice versa.
What is the relationship between Privacy and Electronic
Communications Regulations (PECR) and the GDPR?
INTERLINKED
25. • The key difference is that the GDPR relates to the processing of personal
data,
• PECR relate specifically to electronic marketing and has specific rules on:
marketing calls, emails, texts and faxes. cookies.
• PECR comes first but you MUST adhere to the GDPR and other global
Privacy requirements when processing personal data .
• The rules for B2B is different to B2C and this is where the majority of the
conflict and enforcement activity by regulators occurs.
What is the relationship between Privacy and Electronic
Communications Regulations (PECR) and the GDPR?
DIFFERENCE
26. Electronic Communications What are they ( Silence)
• PECR do not define ‘electronic
communications’.
• The rules apply in different ways using
specific concepts and definitions.
• The marketing rules apply to specified types
of marketing messages, and some other
rules apply to service
providers or communications providers.
• The basic concept of an electronic
communication underpins the regulations,
Put simply, electronic communications mean
any information sent between particular parties
over a phone line or internet connection.
This includes phone calls, faxes, text messages,
video messages, emails and internet
messaging.
It does not include generally available
information such as the content of web pages
or broadcast programming.
27. • Key requirements in relation to marketing are:
• Ensuring there is a law
• Lawful basis for both direct marketing and using analytical cookies; Having an
appropriate opt-out;
• the Unsubscribe.
• Having an appropriate privacy notice.
• The preferences
Similarities the GDPR and the PECR
29. All processing of personal data must:
• Be carried out according to specific principles (the “HOW”)
• (Art. 5.1)
• Be documented (Art. 5.2)
• And
• Have one or more lawful grounds (the “WHY”)
• (Arts.6 & 9)
… the foundations of the data protection regime
Lawful Processing
31. Article 6 (1 ) (a) Consent V Article 6(1) (f) Legitimate Interest
June 2021 UK Regulator
We have fined Papa John’s (GB) Limited £10,000 for
sending nuisance texts and emails to customers.
Papa John’s relied on the ‘soft opt in’ exemption for
marketing consent.
However, we found that customers who had placed a
telephone order were not provided with
a privacy notice at point of contact
nor given the option to opt out.
The ‘soft opt in’ exemption allows organisations to send
electronic marketing messages to customers whose
details have been obtained for similar services.
However, you: ✅ Must give customers a clear chance to
opt out – both when you first collect their details, and in
every message you send.
❌Must not use the soft opt in for prospective customers
or new contacts (eg from bought-in lists).
❌Must not use the soft opt in for non-commercial
promotions (eg charity fundraising or political
campaigning).
Consent
8(2) of the Data Protection, Privacy and Electronic
Communications (Amendments etc.) (EU Exit)
Regulations 2019 clarifies that, for PECR:
"‘consent' by a user or subscriber corresponds to the
data subject’s consent in the GDPR (as defined in
section 3(10) of the Data Protection Act 2018)."
Recital 32 of the GDPR also specifically bans pre-
ticked boxes – silence or inactivity does not
constitute consent.
Why it happens?
32. The Silence of Regulation
Consent
What does ‘consent’ mean?
PECR requires that users or subscribers consent to
cookies being placed or used on their device. There
is no definition of consent given in PECR or in the
ePrivacy Directive; instead, the GDPR definition of
consent applies. This is in Article 4(11) of the GDPR
and states:
"‘consent’ of the data subject means any freely
given, specific, informed and unambiguous
indication of the data subject's wishes by which he
or she, by a statement or by a clear affirmative
action, signifies agreement to the processing of
personal data relating to him or her."
PECR
Regulation 8(2) of the Data Protection, Privacy
and Electronic Communications (Amendments
etc.) (EU Exit) Regulations 2019 clarifies that,
for PECR:
"‘consent' by a user or subscriber corresponds
to the data subject’s consent in the GDPR (as
defined in section 3(10) of the Data Protection
Act 2018)."
Recital 32 of the GDPR also specifically bans
pre-ticked boxes – silence or inactivity does
not constitute consent.
33. Silence Again
• What does ‘clear and comprehensive information’ mean?
• PECR does not define what ‘clear and comprehensive information’ means. However,
Article 5(3) of the ePrivacy Directive says that clear and comprehensive information
should be provided ‘in accordance with’ data protection law.
• This relates to the GDPR’s transparency requirements and the right to be informed. It
means that when you set cookies you must provide the same kind of information to
users and subscribers as you would do when processing their personal data (and, in
some cases, your use of cookies will involve the processing of personal data
anyway).
34. 1. The Privacy and Electronic Communications Regulations (PECR) give people specific
privacy rights in relation to electronic communications. There are specific rules on:
1. marketing calls, emails, texts and faxes;
2. cookies (and similar technologies);
3. keeping communications services secure; and
4. customer privacy as regards traffic and location data, itemised billing, line identification,
and directory listings.
4. The ‘soft opt -in’ exemption provided by Regulation 22(3) PECR means that
organisations can send marketing messages by text and e-mail to individuals whose
details have been obtained in the course or negotiation of a sale and in respect of
similar products and services. The organisation must also give the person a simple
opportunity to refuse or opt out of the marketing, both when first collecting the details
and in every message after that.
5. The ICO has the power under PECR to impose a monetary penalty on a data controller
of up to £500,000.
The Areas the Regulators Look At
35. We Now Have Three Considerations
PECR
For network and service providers, the
GDPR does not apply where the PECR
already provide rules. In practice, this
means providers need comply only with the
PECR’s requirements relating to:
• Security and security breaches;
• Traffic data;
• Location data;
• Itemised billing; and
• Line identification services.
NIS ( a brief mention )
While PECR says you don’t have to comply
with some areas of privacy.
You then have to consider
Some service providers, such as Internet
service providers, might, however, be obliged
to comply with the NIS Regulations (Network
and Information Systems Regulations
2018) as well, so should check their
compliance obligations carefully.
36. Incorrect Reconfirmation the Confusion goes on and on
In Practice
If you are not sure you meet all conditions for the soft opt-
in, obtain consent before sending any marketing
communications
consent is always better than the soft opt-in in terms of
transparency and accountability.
In either case, individuals must be able to easily opt out at
any time, and must be informed of that right.
You must also clearly state, that their data will be used for
marketing purposes before you start sending any direct
marketing.
Key compliance points Marketing for commercial
purposes?
Market by email and/or text only? Existing commercial
relationship? (the person has purchased, or is in the
process of purchasing, a product/service) Soft opt-in
Consent
The mistakes and COVID
“CRM integrations with leading providers, we empower
firms to leverage data to create personalised experiences.
It also ensures that all data maps back to the CRM in real-
time, keeping valuable source data fresh and accurate.”
Cleansing or reaffirming consent.
Bought in lists or scraped from Linkedin or other social
media platforms.
The COVID updates from companies
Did you know these companies had your data in the first
place ?????
38. The We Use Cookies Accept or select Preferences > What do
you do?
What are they
• Generally there are two types of
cookies
1. That makes the Web page you are
visiting work . Technical Cookies.
2. The one that helps the marketing
and all associated data privacy
issues of concern.
• It should be transparent and easily
understood .
Why does it matter
• Smart phones are the must have item.
• All the apps webpages on your phone are
collecting cookies.
• The cookies that are valuable are the ones you
don’t know about .
• The Non Technical or Analytical.
• The preferences options are not in plain
language and are technical.
• The retention periods are often set by the
software NOT the Business
39. An Example of the Requirement v the Reality
ICO Guidance Website
You must make users aware of the
cookies being placed on their
devices
No description of what
cookies are being placed.
Your methods of providing this
information, and the capability for
users to refuse, are to be as user-
friendly as possible.
No mechanism to allow
users to refuse.
40. • The information has to cover:
• These requirements also apply to
cookies set by any third parties
whose technologies your online
service incorporates –
• This would include cookies, pixels
and web beacons, JavaScript and
any other means of storing or
accessing information on the
device including those from other
services such as online
advertising networks or social
media platforms.
ICO Guidance Website
The cookies you
intend to use.
Brief
description but
no depth.
The purposes for
which you intend
to use them.
The
description
does cover
this.
41. Pre GDPR Law firm
web site
• Currently have 9 session cookies that are
applied to the homepage.
• The cookies highlighted in Red are “non-
technical” cookies.
• The issue is, unless the cookie is an integral
function that needs to be installed for the
website to work, consent/transparency is
required.
• There are 14 stored cookies applied.
• Those in red are “non-technical” cookies which
require consent/affirmation
• The other issue highlighted is that the cookie
we apply to use our website “cookiepolicy”
• RETENTION date set at 9,999 days (27 years).
42. Schrems and NOYB Privacy Advocates
• Most sites 'do not comply'
• To combat this, the group has created an automated system, which it says can find
violations and auto-generate a complaint under GDPR.
• It claims "most banners do not comply with the requirements of the GDPR".
• Fines can be up to €20m (£17.5m) or 4% of a company's global revenue, whichever is
higher.
• Of the 500 pages in its first batch of complaints, 81% had no "reject" option on the
first page, but rather hidden in a sub-page, it said. Another 73% used "deceptive
colours and contrasts" to lead users into clicking "accept", and 90% provided no easy
way to withdraw consent, it said.
• Google fined £91m over ad-tracking cookies
• Tech Tent: The end of ad tracking?
• Noyb says it is first issuing draft complaints to 10,000 of the most-visited websites
across Europe, along with instructions on how to change settings.
43. Website Evidence Collector
The tool collects evidence of personal data processing, such as cookies, or requests to
third parties. The collection parameters are configured ahead of the inspection and
then collection is carried out automatically. The collected evidence, structured in a
human- and machine-readable format (YAML and HTML), allows website controllers,
data protection officers and end users to understand better which information is
transferred and stored during a visit of a website, i.e. the consecutive loading of a
number of web pages without giving consent or logging in.
https://edps.europa.eu/edps-inspection-software_en
Website Checkers
44. Privacy v PECR
How to check or assist there are some tools for web page
compliance
45. My thoughts:
Together Everyone Achieves More
( TEAM) In reducing The harm
ESSENTIALS THE ISO PRINCIPLES
• Leadership
• Ownership
• Understanding
• Assisted implementation
• Training
• Information sharing
• Keep It simple .
• You cannot succeed by yourself.
Recital 91: The processing of personal data should not be considered to be on a large scale if the processing concerns personal data from patients or clients by an individual physician, other health care professional or lawyer. In such cases, a data protection impact assessment should not be mandatory.
A group of undertakings, or a group of enterprises engaged in a joint economic activity, should be able to make use of approved binding corporate rules for its international transfers from the Union to organisations within the same group of undertakings, or group of enterprises engaged in a joint economic activity, provided that such corporate rules include all essential principles and enforceable rights to ensure appropriate safeguards for transfers or categories of transfers of personal data.