Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

GDPR and Security Culture: Measuring effectiveness

793 views

Published on

Article 32 in GDPR states that organisations need to demonstrate the effectiveness of technical and organisational measures (controls) implemented to protect PII. This presentation show how the CLTRe Toolkit provide the solution to this requirement.

Published in: Business
  • Check the source ⇒ www.WritePaper.info ⇐ This site is really helped me out gave me relief from headaches. Good luck!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • If you going to start a essay then you have to make a great study on your essay topic. InHelpWriting.net my academical essay. I had taken a online essay writing service to complete my essay. Because they can write a best essay as our specifications. I kept the service link in the source. HelpWriting.net Good luck!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Slide 8: Get your demo at https://get.clt.re or talk to us!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Slide 7: In the beginning I promised to give a working tip on how to prepare for the GDPR. With GDPR, the stakes of a security breach involving Personal Identifiable Information (PII) are quickly becoming overwhelming. I mean, just take a look around you - almost 200 people in this room alone, and although the food is good, non of us are here for the food. Preparing for the GDPR is a game of reducing risk. The moving from vanity metrics to deep insights. The acceptance of a changed compliance regime. No longer will ticking a box be enough. Moving forward, you will need to tick the boxes AND demonstrate the effectiveness of your controls. Not only do something, but show the result of what you have done. We heard AIG talk about how cyber insurance can help you reduce the risk should the worst happen. We also heard that documenting your security culture matters to them. You probably should get an insurance, and if you do so, they will expect your documentation to be in place. We also heard Bull & Co explain the requirements of the GDPR, the fact that measuring effectiveness is not an option, but a requirement. What can I say. We have to tool you need. Talk to my team to get a demo!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Slide 6: Now that we have had a crash-course in measuring culture, let us take a brief look at the CLTRe Toolkit, the yardstick of culture. This tool was created in close cooperation with Dr. Gregor Petric and myself to enable fast, effective and accurate way of measuring security culture. It is research driven, basing it’s methods and analytics on a long scientific tradition. We could not build a tool like this without social sciences. Besides science, we had another requirement when we set out to build this. It had to have business value. For our customers, for our partners, and to ourselves. Business value is created in a number of ways. For our customers, for example, some of the values of the CLTRe Toolkit are: Low cost per employee, both in investment and the stress level Detailed insights into the organisation - from individual, through teams and departments all the way to the top A security culture score that can be compared to others - telling you if the 57% is good, bad or ok Most importantly, the value we create is the ability to both document and demonstrate the effectiveness of your organisational and technical measures. In other words, the CLTRe Toolkit enables our customers to tick a few more boxes on compliance with the upcoming GDPR. Take the guesswork out of the equation, start measuring culture today!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

GDPR and Security Culture: Measuring effectiveness

  1. 1. EFFECTIVENESS GDPR ARTICLE 32
  2. 2. BACKGROUND KAI ROER, CEO AND CO-FOUNDER OF CLTRE ▸ Ron Knode Service Award, National Cybersecurity Institute (DC) Fellow ▸ 20+ industry exp. 40+countries, 4 books, awards +++ ▸ Creator of The Security Culture Framework and the global Security Culture Community ▸ Focus area: Soft-skills with Psychology, Sociology and Social Behaviour ▸ https://roer.com - @kairoer
  3. 3. A CHALLENGE? MEASURING CULTURE
  4. 4. VANITY METRICS ▸ Looks nice - says little (new) ▸ Checkbox compliance ▸ No information about culture ▸ Not useful for meaningful discussion ▸ Not helpful for improvements ▸ Says nothing about effectiveness (as required by Article 32) THE CLTRE TOOLKIT
  5. 5. THE CHALLENGE OF MEASURING CULTURE LEARNING ABOUT CULTURE STARTS WITH PEOPLE ▸ Psychological measures ▸ Self-assessments ▸ Experiments ▸ Sociological measures ▸ Analysing communication ▸ Social Anthropological measures ▸ Observation and comparison
  6. 6. MEASURING WHAT MATTERS ▸ Full compliance focus ▸ Use for strategic and tactical advancements ▸ Measures the effectiveness of your programme ▸ Measure real security behaviours and change (avoiding vanity metrics) ▸ As required by GDPR Article 32 THE CLTRE TOOLKIT
  7. 7. BETTER INSIGHTS REDUCE RISK ▸ EU to issue fines on negligence ▸ Insurance to expect documentation ▸ Litigation to require documentation effectiveness of measures ▸ Reduce risk by measuring what matters - today! THE CLTRE TOOLKIT

×