Dovetail Software (hr.dovetailsoftware.com) sponsors this informative and important webinar hosting experts Grant D. Petersen (ogletree.com/) and Estella Cohen (trustarc.com/) who shared information with HR practitioners and Organizations that need to be GDPR compliant by May 25, 2018.
Here's the link to view the recording: http://hr.dovetailsoftware.com/dsadmin/2018/01/31/hr-gdpr-preparing-2018-compliance/
Toreon adding privacy by design in secure application development oss18 v20...Sebastien Deleersnyder
The General Data Protection Regulation (GDPR) has arrived!
One monumental change is the introduction of Privacy by Design. In this keynote we will focus on the Privacy by Design (PbD) implications for developers.
Two cornerstones for a successful implementation of PbD will be pitched: 1) the integration of GDPR in a Secure Development Lifecycle approach 2) threat modeling and GDPR risk patterns
Social Business =Cloud + Big Data + Social Media + Mobile ComputingWilliam Tanenbaum
Cloud Computing is an inflection point, and is the technology that enable Big Data and predictive analytics. In combination with Big Data, Social Media and Mobile Computing, it constitutes how mainstream business use Cloud
Oracle ACE Director Dan Morgan and Performance Tuning Corporation (PTC) Chief Strategy Officer Mark Swanholm present data security and the choices ahead for your organization. For more information about Performance Tuning Corporation, visit our website www.perftuning.com .
What is discussed in this presentation?
Security breaches and data theft have made big news headlines in recent months, from Target, to Home Depot and most recently Sony and Chick-Fil-A. Data is one of the most valuable assets in your business and organizations like yours need to be confident they are prepared for future security threats or risk loss of trust from customers and, possibly, unrecoverable financial losses.
But how do you approach security in your environment?
How confident are you that your data is secure?
And what are the objectives and right level of investment needed for the regulatory environment that exists today?
What about tomorrow – will the Security Wars leave your company devastated?
Oracle ACE Director Dan Morgan, an internationally recognized expert in database technology and former University of Washington lecturer, and Mark Swanholm, PTC’s Chief Strategy Officer and 22 year IT Veteran, address the issue of data security from the standpoint of what it is, how to approach it, and what is actually required to avoid being the next victim of hackers.
This Performance Tuning Corporation presentation is focusing on strategy, management, planning, and budgeting, and provides you and your management team the information they need to plan make the best possible decision with respect to an investment to secure your data.
Everything you Need to Know about The Data Protection Officer Role HackerOne
Data privacy and security expert, Debra Farber, presents on the emerging role of the Data Protection Officer (DPO). When the EU's General Data Protection Regulation (GDPR) becomes enforceable on May 25, 2018, companies around the world who process the personal data of EU residents will be required by law to appoint an independent DPO who has specific responsibilities and data protection knowledge.
Dovetail Software (hr.dovetailsoftware.com) sponsors this informative and important webinar hosting experts Grant D. Petersen (ogletree.com/) and Estella Cohen (trustarc.com/) who shared information with HR practitioners and Organizations that need to be GDPR compliant by May 25, 2018.
Here's the link to view the recording: http://hr.dovetailsoftware.com/dsadmin/2018/01/31/hr-gdpr-preparing-2018-compliance/
Toreon adding privacy by design in secure application development oss18 v20...Sebastien Deleersnyder
The General Data Protection Regulation (GDPR) has arrived!
One monumental change is the introduction of Privacy by Design. In this keynote we will focus on the Privacy by Design (PbD) implications for developers.
Two cornerstones for a successful implementation of PbD will be pitched: 1) the integration of GDPR in a Secure Development Lifecycle approach 2) threat modeling and GDPR risk patterns
Social Business =Cloud + Big Data + Social Media + Mobile ComputingWilliam Tanenbaum
Cloud Computing is an inflection point, and is the technology that enable Big Data and predictive analytics. In combination with Big Data, Social Media and Mobile Computing, it constitutes how mainstream business use Cloud
Oracle ACE Director Dan Morgan and Performance Tuning Corporation (PTC) Chief Strategy Officer Mark Swanholm present data security and the choices ahead for your organization. For more information about Performance Tuning Corporation, visit our website www.perftuning.com .
What is discussed in this presentation?
Security breaches and data theft have made big news headlines in recent months, from Target, to Home Depot and most recently Sony and Chick-Fil-A. Data is one of the most valuable assets in your business and organizations like yours need to be confident they are prepared for future security threats or risk loss of trust from customers and, possibly, unrecoverable financial losses.
But how do you approach security in your environment?
How confident are you that your data is secure?
And what are the objectives and right level of investment needed for the regulatory environment that exists today?
What about tomorrow – will the Security Wars leave your company devastated?
Oracle ACE Director Dan Morgan, an internationally recognized expert in database technology and former University of Washington lecturer, and Mark Swanholm, PTC’s Chief Strategy Officer and 22 year IT Veteran, address the issue of data security from the standpoint of what it is, how to approach it, and what is actually required to avoid being the next victim of hackers.
This Performance Tuning Corporation presentation is focusing on strategy, management, planning, and budgeting, and provides you and your management team the information they need to plan make the best possible decision with respect to an investment to secure your data.
Everything you Need to Know about The Data Protection Officer Role HackerOne
Data privacy and security expert, Debra Farber, presents on the emerging role of the Data Protection Officer (DPO). When the EU's General Data Protection Regulation (GDPR) becomes enforceable on May 25, 2018, companies around the world who process the personal data of EU residents will be required by law to appoint an independent DPO who has specific responsibilities and data protection knowledge.
This material was presented at Orang Siber Indonesia regular webinar.
Content:
> Understanding privacy management
> Global privacy news
> Understanding privacy regulations and frameworks
> Data Privacy Program Management practices
GDPR From the Trenches - Real-world examples of how companies are approaching...Ardoq
As GDPR enforcement approaches, companies around the world are making changes to their internal processes and systems to ensure they are compliant by May 2018. For many, getting started can be a daunting task, especially at larger organizations.
There’s no one-size-fits-all strategy for GDPR compliance, but there are some steps that every business should take:
1. Document the data and processes that power your organization
2. Assess the realistic compliance risks that you need to protect against
3. Keep your documentation up-to-date to demonstrate continuous compliance.
In this slide deck, you’ll read about a real-world example of a company that has started their compliance project and how they structured it.
A recording of this webinar is available for free here: http://bit.ly/2hMsQmu
Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...Ardoq
How do you build and sustain organisational resilience?
Beyond the cyber threats, data breaches, risks and compliance, where are the opportunities for digital transformation and innovation in a post GDPR world?
More info:
https://content.ardoq.com/ardoq-events-join_us
Event created together with Sympatico Consulting:
https://www.sympaticoconsulting.co.uk/
This webinar illustrates:
- An overview of what business continuity management (BCM) is
- Why organisations choose to deploy a formalised BCM programme (and why others don’t)
- The difference between business continuity planning and BCMS
- An introduction to ISO 22301, the international standard for BCM
- Considerations for implementing a BCMS
- How to get approval for your implementation project
A recording of the webinar can be found here: https://www.youtube.com/watch?v=zU0782vbYPc&t=23s
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
Presented on PHPID Online Learning 35.
Komunitas PHP Indonesia
Title: Enabling Data Governance - The Journey through Data Trust, Ethics, and Quality
Eryk B. Pratama
Global IT & Cybersecurity Advisor
GDPR challenges for the healthcare sector and the practical steps to complianceIT Governance Ltd
This webinar covers:
- An overview of the General Data Protection Regulation (GPDR) and the Data Security and Protection (DSP) Toolkit and their impact on the healthcare sector.
-Accountability frameworks that support GDPR compliance, and the role of senior management in ensuring compliance and cyber resilience is a strategic focus.
-Embedding data protection by design and by default, and a holistic approach to achieving a cyber resilient posture.
-The practical steps that healthcare organisations need to take when looking at GDPR compliance.
-The role of a robust staff awareness programme in supporting a culture of cyber resilience and compliance.
A recording of the webinar can be found here: https://www.youtube.com/watch?v=xFEkkkwAdl4
With the new General Data Protection Regulation (GDPR) set to launch in May of 2018, many are wondering how it will change the way they do business. In this presentation, we explore how to ensure compliance of the new regulation.
Want more on GDPR compliance? Join us for this FREE virtual event: http://info.aiim.org/data-privacy-data-protection-gdpr
Post US Election Privacy Updates & ImplicationsTrustArc
The United States election on November 3rd will impact the future use of personal information for organizations doing business with US citizens. From presidential results to state propositions, there will be many privacy ramifications, and how we move forward to embrace the new changes is a topic that will bring many perspectives.
Join us as we discuss the implications of the US election, including California’s Proposition 24 which would expand the provisions of the CCPA and what the next administration’s role will be in helping shape the new framework for EU-US data transfers.
-Privacy issues that were included or arose in the 2020 election
-Implications of election outcomes on privacy laws or priorities
-What to watch for in 2021
The Data protection law reform is coming with the General Data Protection Regulation (GDPR) taking effect from 25 May 2018. You should start preparing now for changes that GDPR will require to your current policies and procedures. This presentation is an overview of what it is about.
Impact of GDPR on Third Party and M&A SecurityEQS Group
GDPR impact has been dissected and examined to death - however, M&A activities, as well as third-party security posture, can be greatly affected as well, and this aspect has not been very often pursued. This session hopes to be useful for that.
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
This webinar covers:
-The definitions of ‘data controller’ and ‘data processor’ under the GDPR.
-The responsibilities and obligations of controllers and processors.
-The data breach reporting responsibilities of controllers and processors.
-The liability of, and penalties that may be imposed on, data processors and controllers.
-The appointment of joint controllers and subcontracting processors
The webinar can be found here https://www.youtube.com/watch?v=cyUPGGD3iVg&t=8s
Presentation to Cyprus Computer Society Records Management event by Christoforos Christoforou, Risk and Strategic Planning Manager at Fileminders http://www.fileminders.com.cy/
Agenda:
1. Introduction to the General Data Protection Regulation (GDPR )
2.Data protection: Why all the fuss?
3. How does GDPR affect your business?
Eversheds SHINE Webinars - Multi jurisdictional compliance 23rd October 2014Eversheds Sutherland
New regulation is produced faster than most in house teams can keep up with it, businesses are expanding into new markets exposing them to novel and often extensive compliance obligations. How do you identify compliance obligations, then manage and monitor compliance effectively? What tools and systems can you deploy to avoid time consuming and reputation damaging breaches. This session will share case studies and examples of systems, approaches, policies, communication methods and tools used in practice to ensure cost effective risk management.
n this webinar, GDPR expert, Richard Hogg, answers the following questions:
What will the GDPR mean for my organization?
Where do I start on the journey to compliance?
What tools and technology are available to help?
Attendees: Operations, Finance, Compliance, Governance, IT
https://www.integro.com/recorded-webinar/nov-17-2016-gdpr
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Brian Miller, Solicitor
In a more detailed look at data protection, Vicki Bowles takes a look at the new draft EU Data Protection Regulation, disclosure and BYOD (Bring Your Own Device).
Brian Miller then covers ISO certification, how to check whether your vendor’s systems are secure, how US Safe Harbor worked in practice, how it will do so with the new Privacy Shield and the various certification/accreditation systems for cloud computing vendors.
This material was presented at Orang Siber Indonesia regular webinar.
Content:
> Understanding privacy management
> Global privacy news
> Understanding privacy regulations and frameworks
> Data Privacy Program Management practices
GDPR From the Trenches - Real-world examples of how companies are approaching...Ardoq
As GDPR enforcement approaches, companies around the world are making changes to their internal processes and systems to ensure they are compliant by May 2018. For many, getting started can be a daunting task, especially at larger organizations.
There’s no one-size-fits-all strategy for GDPR compliance, but there are some steps that every business should take:
1. Document the data and processes that power your organization
2. Assess the realistic compliance risks that you need to protect against
3. Keep your documentation up-to-date to demonstrate continuous compliance.
In this slide deck, you’ll read about a real-world example of a company that has started their compliance project and how they structured it.
A recording of this webinar is available for free here: http://bit.ly/2hMsQmu
Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...Ardoq
How do you build and sustain organisational resilience?
Beyond the cyber threats, data breaches, risks and compliance, where are the opportunities for digital transformation and innovation in a post GDPR world?
More info:
https://content.ardoq.com/ardoq-events-join_us
Event created together with Sympatico Consulting:
https://www.sympaticoconsulting.co.uk/
This webinar illustrates:
- An overview of what business continuity management (BCM) is
- Why organisations choose to deploy a formalised BCM programme (and why others don’t)
- The difference between business continuity planning and BCMS
- An introduction to ISO 22301, the international standard for BCM
- Considerations for implementing a BCMS
- How to get approval for your implementation project
A recording of the webinar can be found here: https://www.youtube.com/watch?v=zU0782vbYPc&t=23s
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
Presented on PHPID Online Learning 35.
Komunitas PHP Indonesia
Title: Enabling Data Governance - The Journey through Data Trust, Ethics, and Quality
Eryk B. Pratama
Global IT & Cybersecurity Advisor
GDPR challenges for the healthcare sector and the practical steps to complianceIT Governance Ltd
This webinar covers:
- An overview of the General Data Protection Regulation (GPDR) and the Data Security and Protection (DSP) Toolkit and their impact on the healthcare sector.
-Accountability frameworks that support GDPR compliance, and the role of senior management in ensuring compliance and cyber resilience is a strategic focus.
-Embedding data protection by design and by default, and a holistic approach to achieving a cyber resilient posture.
-The practical steps that healthcare organisations need to take when looking at GDPR compliance.
-The role of a robust staff awareness programme in supporting a culture of cyber resilience and compliance.
A recording of the webinar can be found here: https://www.youtube.com/watch?v=xFEkkkwAdl4
With the new General Data Protection Regulation (GDPR) set to launch in May of 2018, many are wondering how it will change the way they do business. In this presentation, we explore how to ensure compliance of the new regulation.
Want more on GDPR compliance? Join us for this FREE virtual event: http://info.aiim.org/data-privacy-data-protection-gdpr
Post US Election Privacy Updates & ImplicationsTrustArc
The United States election on November 3rd will impact the future use of personal information for organizations doing business with US citizens. From presidential results to state propositions, there will be many privacy ramifications, and how we move forward to embrace the new changes is a topic that will bring many perspectives.
Join us as we discuss the implications of the US election, including California’s Proposition 24 which would expand the provisions of the CCPA and what the next administration’s role will be in helping shape the new framework for EU-US data transfers.
-Privacy issues that were included or arose in the 2020 election
-Implications of election outcomes on privacy laws or priorities
-What to watch for in 2021
The Data protection law reform is coming with the General Data Protection Regulation (GDPR) taking effect from 25 May 2018. You should start preparing now for changes that GDPR will require to your current policies and procedures. This presentation is an overview of what it is about.
Impact of GDPR on Third Party and M&A SecurityEQS Group
GDPR impact has been dissected and examined to death - however, M&A activities, as well as third-party security posture, can be greatly affected as well, and this aspect has not been very often pursued. This session hopes to be useful for that.
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
This webinar covers:
-The definitions of ‘data controller’ and ‘data processor’ under the GDPR.
-The responsibilities and obligations of controllers and processors.
-The data breach reporting responsibilities of controllers and processors.
-The liability of, and penalties that may be imposed on, data processors and controllers.
-The appointment of joint controllers and subcontracting processors
The webinar can be found here https://www.youtube.com/watch?v=cyUPGGD3iVg&t=8s
Presentation to Cyprus Computer Society Records Management event by Christoforos Christoforou, Risk and Strategic Planning Manager at Fileminders http://www.fileminders.com.cy/
Agenda:
1. Introduction to the General Data Protection Regulation (GDPR )
2.Data protection: Why all the fuss?
3. How does GDPR affect your business?
Eversheds SHINE Webinars - Multi jurisdictional compliance 23rd October 2014Eversheds Sutherland
New regulation is produced faster than most in house teams can keep up with it, businesses are expanding into new markets exposing them to novel and often extensive compliance obligations. How do you identify compliance obligations, then manage and monitor compliance effectively? What tools and systems can you deploy to avoid time consuming and reputation damaging breaches. This session will share case studies and examples of systems, approaches, policies, communication methods and tools used in practice to ensure cost effective risk management.
n this webinar, GDPR expert, Richard Hogg, answers the following questions:
What will the GDPR mean for my organization?
Where do I start on the journey to compliance?
What tools and technology are available to help?
Attendees: Operations, Finance, Compliance, Governance, IT
https://www.integro.com/recorded-webinar/nov-17-2016-gdpr
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Brian Miller, Solicitor
In a more detailed look at data protection, Vicki Bowles takes a look at the new draft EU Data Protection Regulation, disclosure and BYOD (Bring Your Own Device).
Brian Miller then covers ISO certification, how to check whether your vendor’s systems are secure, how US Safe Harbor worked in practice, how it will do so with the new Privacy Shield and the various certification/accreditation systems for cloud computing vendors.
When GDPR becomes law in a few months, it will be the most wide-ranging and stringent data protection initiative in history. To prepare for this sea change, most organizations have streamlined and detailed their information security policies; however, many are unaware that immature application security programs arguably pose the biggest threat of a data breach. This oft-forgotten piece of data protection puts organizations at risk of GDPR fines.
Attend this joint webinar with Security Innovation and Smarttech247 to learn practical tips on incorporating application security best practices into an InfoSec program to achieve GDPR compliance.
Topics include:
* Summary of GDPR key concepts
* Security of data processing in software and the CIA triad
* The people and process problem of GDPR: Governance
* Using Data Protection by Design for secure design and business logic
* Assessments to verify the security of processing
Presenters:
Roman Garber, Security Innovation
Edward Skraba, Smarttech247
This Webinar featuring guests from the EU Commission, the French data regulator CNIL, DLA Piper and IBM provided an overview of the new EU data protection and privacy perspective from the perspective of the regulation author, regulator, legal advisor and technology providers.
GDPR and EA Commissioning a web site part 2 - Legal EnvironmentAllen Woods
Second of 8 slide decks aimed at small to medium enterprises on factors to consider when commissioning a web site. This slide deck focusing on a changing legal environment brought about because of legislation like the EU GDPR
The General Data Protection Regulation (GDPR) will be enforced from 25 May 2018 and is set to change data protection law as we know it, but what do you need to do now to plan a commercially sound approach to GDPR compliance?
This is an opportunity to grasp a clear understanding of the risks and costs associated with managing your data effectively and ensuring your employees understand their obligations.
The conference will contextualise the changing regulatory landscape, considering the business impact of the GDPR and DPA (2018) and how it is changing policy and process in practice.
When GDPR came into force in May it significantly raised the bar of obligation and accountability, ensuring that all organisations who handle personal data adhere to strict regulations around privacy, security and consent. 6 months on from implementation, the conference will consider how data protection procedure has moved on, with insight from frontline practitioners reflecting on how practices within their organisation have changed.
The event will also provide an update from the regulator; exploring regulatory action policy, decision making for fines and penalties, and clarifying some of the most prominent areas of misconception and non-compliance.
Core conference topics include:
• Key legal issues and obligations
• Data security and encryption
• Privacy Impact Assessments
• Databases, data mapping and classification
• Privacy by design
• Practical strategy implementation
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
By embracing the importance of GDPR and leveraging ISO/IEC 27701, you can enhance your data protection practices, achieve compliance, and minimize the risk of penalties.
Amongst others, the webinar covers:
Importance of Data Protection
Understanding Data Collection and Challenges
Introduction to GDPR
Key Principles of GDPR
Who does GDPR Apply to and Its Global Implications
Introduction to ISO/IEC 27701
Implementing ISO/IEC 27701
Privacy by Design
Dealing with IT on a Daily Basis
Building Awareness and Training
Audit, Data Discovery, and Risk Assessments
Presenters:
Mike Boutwell
Mike Boutwell is a Senior Information Security Specialist with over 15 years of experience in security and 10 years of risk management experience, primarily focused on financial services. He excels in collaborating with CISOs and other executive leadership to build and implement security frameworks aligned with business objectives and developing enterprise-wide security requirements. Mike has a strong track record of securing assets worth over $1 quadrillion and delivering $100M+ projects.
Mike is a certified CISSP, CISA, CGEIT, ISO 27001 Senior Lead Implementer, ISO 27001 Senior Lead Auditor, ISO 38500 Senior Lead IT Governance Manager, ISO 27032 Senior Lead Cyber Security Manager, and Certified Non-Executive Director.
Lisa Goldsmith
Lisa Goldsmith is the founder of LJ Digital and Data Consultancy. Lisa has over 23 years’ experience of supporting leadership teams in membership, charity, and wider not-for-profit organisations to simplify their IT and digital strategy that allows them to sleep soundly at night, knowing their systems and processes are fit for purpose, GDPR compliant, secure and that they deliver value to staff, members, and stakeholders.
Prior to starting her own consultancy, Lisa gained extensive experience working for membership organisations and has knowledge and expertise at all levels of operations from working within careers and qualifications teams, as Membership Manager, as Head of Digital & IT for delivering large-scale digital, IT and GDPR compliance projects and serving on several Senior Leadership Teams. Lisa is also currently a Trustee of the BCLA and Groundwork East.
Date: June 27, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/lfJrSLaGDtc
Website: https://bit.ly/437GOnG
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...PECB
Key Data Privacy Roles Explained: Data Protection Officer, Information Security Manager, and Information Security Auditor
In this session, we will go through the roles and responsibilities of the main actors responsible for protecting data in an organization: the Data Protection Officer, Information Security Manager, and Information Security Auditor.
The webinar will cover:
• What are the roles and responsibilities of the main actors responsible for protecting data in an organization?
• How can an organization find out if they are required to designate a DPO role or not?
• Can the roles of a DPO and Information Security Manager be covered by the same individual?
• What organizations are required to do to have the DPO perform its role and responsivities independently?
Presenter:
Our first presenter for this webinar is Peter Geelen, director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Our second presenter is Stefan Mathuvis, owner & senior consultant at Quality Management & Auditing BV, Zonhoven, Belgium. With over 20 years of experience, Stefan built strong experience in quality management systems, Information Security management systems, GDPR, data privacy & data protection. Stefan is accredited ISO/IEC 27001 Lead Auditor and operates as a third party auditor for DQS Belgium. Dividing his time between consultancy, training & third party auditing on an international scale, Stefan remains in touch with the issues of today allowing him to assist clients in their needs for Information Security and Data Privacy.
Recorded webinar: https://www.youtube.com/watch?v=Y0hnv1laxAw&feature=youtu.be
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...AIIM International
Learn actionable steps to provide a high-level plan for implementing a privacy program in conjunction with your existing organizational RIM/IG program(s).
Want to follow along with the webinar replay? Download it here for FREE: https://info.aiim.org/data-privacy-for-the-im-practitioner-practical-advice-for-preparedness-and-prevention
Compliance is an essential part of HR, but it is always the bare minimum and should be assessed and analyzed as part of an overall culture strategy. Issuing a policy that says "We don't discriminate" is not the same as a comprehensive inclusion and diversity program.
Following the rules and filing reports are just part of creating a work environment where compliance happens on the way to larger goals for learning, performance, and wellness. But since HR never has to make the business case for compliance, it can be a persuasive approach to larger culture initiatives.
In this presentation, we survey compliance issues, who they affect, and why it's essential to see compliance as a culture issue.
You will learn:
- What compliance issues create risk for the organization.
- What compliance issues create risk for employees.
- Why people are the most important aspect of all compliance issues.
- When compliance problems are symptoms instead of causes.
- How to approach different compliance issues using tech, training, coaching and data.
- How to make compliance an effective part of a comprehensive approach to work culture and strategy.
The original webinar featured Mike Bollinger, Vice President-Thought Leadership and Advisory Services, Cornerstone OnDemand and Heather Bussing, Employment Attorney and Principal Analyst at HRExaminer.
In 2018, the introduction of GDPR mandated that all organizations operating within the borders of the European Union must be responsible stewards of the data that they collect and ensure all data business activities are conducted in a safe manner.
To guarantee compliance, GDPR requires all organizations to fill out and readily have available completed Privacy Impact Assessments (PIA) and Data Protection Impact Assessments (DPIA) to clearly identify and mitigate risk associated with a product, service, business process, or other organizational change.
Filling out DPIAs incorrectly can leave you open to risk and TrustArc’s experts will show you how to make them bulletproof.
Tune in to learn:
- What is a PIA versus DPIA and why are they important?
- The 3 best practices for DPIA
- How privacy software can save you resources in achieving PIA/DPIA compliance
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QAQAFest
This talk will give you a quick overview of the General Data Protection Regulation (GDPR), that goes into law in Europe starting May 25, 2018. Additionally the talk will primarily focus on the parts that are especially important for people working with testing & quality assurance. Organisations outside EU will also be heavily affected by this, as european organisations will require "GDPR compliance" from service providers, no matter their location.
Get Ready for Syncsort's New Best-of-Breed Security SolutionPrecisely
Since Syncsort's acquisition of security products from Cilasoft, Enforcive, Townsend Security and Trader's - we've been working hard to blend best-of-breed technology and create a powerful, integrated solution. We're happy to announce that the wait is almost over!
In just a few short weeks, Syncsort will announce the first release of this new security solution. We want partners like you on-board with all the latest information on how this great new product will meet your customers' needs to:
• Identify security vulnerabilities
• Pass audits for industry, state or governmental security regulations
• Detect and report on compliance deviations and security incidents
• Lock down access to systems and databases
• Ensure the privacy of sensitive data - both at rest and in motion
Similar to Assessing the impact of security services (20)
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
3. Why assess DP impact?
Legal requirement?
•GDPR Art.35 Data Protection Impact Assessment
(DPIA)
•“if likely to result in a high risk to the rights and
freedoms of natural persons”
4. Why assess DP impact?
Legal requirement?
•GDPR Art.35 Data Protection Impact Assessment
(DPIA)
•“if likely to result in a high risk to the rights and
freedoms of natural persons”
Regulator recommendation?
•ICO Legitimate Interests Assessment (LIA)
•“if relying on legitimate interests”
5. 5
But mostly…
To reassure us, members, customers and
users that we’re creating privacy/security
benefits, not risks!
6. Factors likely to require DPIA (Art29WP/EDPB)
Match 2 or more => Usually need DPIA
•Evaluation or scoring
•Automated decision-making
•Systematic monitoring
•Sensitive (or highly-personal) data
•Data processed on large scale
•Matching/combining datasets
•Vulnerable data subjects
•Innovative use or new technological/organisational solutions
•Processing prevents data subject exercising right/using service/contract
8. Jisc security services…
Security operations centre (SOC)
•Large scale
•Applies to all Janet traffic
•Passive monitoring
•Mostly by machine
•Some automation (e.g. DDoS)
=> DPIA
9. Jisc security services…
Security operations centre (SOC)
•Large scale
•Applies to all Janet traffic
•Passive monitoring
•Mostly by machine
•Some automation (e.g. DDoS)
=> DPIA
Penetration testing service
•Small scale
•Commissioned by organisation
• Limited scope: systems and people
•Active attacks/social engineering
=> LIA
12. DPIA process
NOT based on ICO guide – it hadn’t been published
•So derive from GDPR text and CNIL (very) detailed approach
•Structured interviews: service managers/operators/DPO + follow-up Q&A
12
13. DPIA process
NOT based on ICO guide – it hadn’t been published
•So derive from GDPR text and CNIL (very) detailed approach
•Structured interviews: service managers/operators/DPO + follow-up Q&A
•User consultation
•Annual consultation recently completed, don’t really want another
13
14. DPIA process
NOT based on ICO guide – it hadn’t been published
•So derive from GDPR text and CNIL (very) detailed approach
•Structured interviews: service managers/operators/DPO + follow-up Q&A
•User consultation
•Annual consultation recently completed, don’t really want another
•ICO (now) suggests cyclic DPIA process
• Consultation apparently before own risk/mitigation assessment?
• Surely more efficient to ask users for issues you didn’t spot?
14
15. DPIA process
NOT based on ICO guide – it hadn’t been published
•So derive from GDPR text and CNIL (very) detailed approach
•Structured interviews: service managers/operators/DPO + follow-up Q&A
•User consultation
•Annual consultation recently completed, don’t really want another
•ICO (now) suggests cyclic DPIA process
• Consultation apparently before own risk/mitigation assessment?
• Surely more efficient to ask users for issues you didn’t spot?
•So use 1st round DPIA report for 2nd round consultation (~18 months)
15
18. DPIA data gathering/reporting
Based on GDPR structure
•Description of operations and purpose
•Controllers, processors, recipients, purpose/legal basis…
•What data, how, where, how long…
18
19. DPIA data gathering/reporting
Based on GDPR structure
•Description of operations and purpose
•Controllers, processors, recipients, purpose/legal basis…
•What data, how, where, how long…
•Assessment of necessity and proportionality
•Individual rights/principles fit here too
19
20. DPIA data gathering/reporting
Based on GDPR structure
•Description of operations and purpose
•Controllers, processors, recipients, purpose/legal basis…
•What data, how, where, how long…
•Assessment of necessity and proportionality
•Individual rights/principles fit here too
•Assessment of risks to rights and freedoms (see later)
•Measures to address risks, and demonstrate compliance (see later)
20
21. DPIA data gathering/reporting
Based on GDPR structure
•Description of operations and purpose
•Controllers, processors, recipients, purpose/legal basis…
•What data, how, where, how long…
•Assessment of necessity and proportionality
•Individual rights/principles fit here too
•Assessment of risks to rights and freedoms (see later)
•Measures to address risks, and demonstrate compliance (see later)
•Conclusions
•Are risks mitigated? Recommendations
21
24. DPIA risk management
Assess impact
•Think data and processing
•Effect of breach/misuse
•On confidentiality/integrity/availability
•Ignoring (for now) cause
24
25. DPIA risk management
Assess impact
•Think data and processing
•Effect of breach/misuse
•On confidentiality/integrity/availability
•Ignoring (for now) cause
•What harm results?
•Personal, financial, …
•Rights and freedoms
•Impact: high/medium/low
25
26. DPIA risk management
Assess impact
•Think data and processing
•Effect of breach/misuse
•On confidentiality/integrity/availability
•Ignoring (for now) cause
•What harm results?
•Personal, financial, …
•Rights and freedoms
•Impact: high/medium/low
26
Manage likelihood
•Think causes
•Internal (accident/malicious)
• External (accident/malicious)
• Environment (accident)
27. DPIA risk management
Assess impact
•Think processing and data
•Effect of breach/misuse
•On confidentiality/integrity/availability
•Ignoring (for now) cause
•What harm results?
•Personal, financial, …
•Rights and freedoms
•Impact: high/medium/low
27
Manage likelihood
•Think causes
•Internal (accident/malicious)
• External (accident/malicious)
• Environment (accident)
•Think mitigations
• Most of which reduce likelihood
• Some reduce impact too
•How to monitor/maintain compliance?
28. DPIA conclusions
•All risks mitigated to (well) below high
•Automated processing itself a significant mitigation
•Some new opportunities for controls/monitoring
• See https://ji.sc/SOC-DPIA
28
31. LIA process
Based on ICO light-touch risk assessment…
•Structured interviews with service managers/operators + follow-up Q&A
31
32. LIA process
Based on ICO light-touch risk assessment…
•Structured interviews with service managers/operators + follow-up Q&A
•What is legitimate interest? [Site improving security of key DP processes]
•Who benefits? How? How much? Ethical/Legal Issues?
32
33. LIA process
Based on ICO light-touch risk assessment…
•Structured interviews with service managers/operators + follow-up Q&A
•What is legitimate interest? [Site improving security of key DP processes]
•Who benefits? How? How much? Ethical/Legal Issues?
•Necessity: any less intrusive way to do it? [No]
33
34. LIA process
Based on ICO light-touch risk assessment…
•Structured interviews with service managers/operators + follow-up Q&A
•What is legitimate interest? [Site improving security of key DP processes]
•Who benefits? How? How much? Ethical/Legal Issues?
•Necessity: any less intrusive way to do it? [No]
•Balance benefits vs harms
•What is relationship with individuals? What is possible impact?
•Will you explain it? Will they object/feel intrusion?
•What safeguards can you provide? Can they opt-out?
34
38. LIA conclusions
•Technical pentests have strong safeguards/minimisation
•Social engineering can cause harm to a few individuals
•Targets are in positions of authority/responsibility; significant risks to others
•Organisations must support/explain what was done and why
•And provide guidance, training, etc. so they don’t fall for a real attack
38
39. LIA conclusions
•Technical pentests have strong safeguards/minimisation
•Social engineering can cause harm to a few individuals
•Targets are in positions of authority/responsibility; significant risks to others
•Organisations must support/explain what was done and why
•And provide guidance, training, etc. so they don’t fall for a real attack
•Organisations must fix vulnerabilities, otherwise no benefit to justify risk!
• See https://ji.sc/PENTEST-LIA
39
41. Get in
touch…
Except where otherwise noted,
this work is licensed under CC-BY
Andrew Cormack
chief regulatory adviser
Andrew.Cormack@jisc.ac.uk
Editor's Notes
UK ICO adds Risk of Physical Harm, Tracking, Invisible Processing; deletes large scale, automated decision-making, arguably systematic monitoring (which may be a superset of “tracking”); interestingly the EDPB pushes back against such modifications… Maybe it *is* harmonising?