This document outlines key aspects of establishing an effective privacy program. It discusses defining a privacy mission and strategy, establishing a governance team, developing a framework aligned to policies and standards, and defining performance metrics. It also covers the privacy operational lifecycle, including assessing privacy using maturity models, protecting data through its lifecycle via data lifecycle management and privacy by design, sustaining privacy through compliance monitoring and audits, and responding to incidents and requests. The presenter provides this overview to help organizations effectively address privacy through all stages from assessment to response.
Privacy-ready Data Protection Program ImplementationEryk Budi Pratama
Presented at CDEF 16th Meetup at 18 August 2022.
Title:
Privacy-ready Data Protection Program Implementation
Topics:
- Why data protection is important
- Data Privacy Program Domain
- Operationalize Data Privacy Program
- Privacy-aligned Information Security Framework
- Roadmap to Protect Personal Data
- Privacy Management Technology
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowPECB
Just a few days ago NIST published a complete refresh of the SP800-53, which provides a catalog of security measure to protect an organization against a variety of risks and threats.
How might NIST guidance fit in an information security management system like ISO/IEC 27001 and its privacy extension ISO/IEC 27701?
In this session, we will make a quick walk-through the standards and best practices, compare them, and find out how they map and differ from one another.
The webinar will cover:
• A quick recap of the topics covered in ISO27001/ISO27701
• Discovering the NIST guidelines for Information & cyber Security (SP800-SP1800)
• Main differences and mappings between NIST guidance and ISO27001
• About the latest publication (sep/2020) on NIST SP800-53 (Security and Privacy Controls for Information Systems and Organizations)
• Implementing information & cyber-security best practices
Date: October 14, 2020
YouTube presentation: https://youtu.be/zfsxSaaErqg
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
In this session, we will go through ISO/IEC 27701 and ISO/IEC 27001 key practical implementation steps and how they can help you to be compliant with the GDPR.
Our presenters, Peter Geelen and Stefan Mathuvis, will guide you through the implementer tasks with practical hints and tips and show you how an auditor will look at your implementation, searching for evidence and compliance.
In addition, we will match the ISO/IEC 27(7)01 requirements to complete the GDPR obligations as far as possible.
Starting from executive management to privacy policies, handling notifications, setting up awareness programs, controlling user access requests, over vendor management to incident management (data breaches) and continuous updates.
The webinar will cover:
• Quick recap on general ISO components and approach
• Implementing ISO/IEC 27001 with the ISO/IEC 27701 extension for GDPR compliance
• Do's and don’ts for implementation and audit
• The importance of evidence in the audit
• Managing audit expectations and the never ending audit cycle
Recorded webinar: https://youtu.be/HL-VUiCj4Ew
As a follow-up on the previous session (4th of December), we run through the GDPR part of the ISO/IEC 27701 standard which has been published in August 2019.
We'll take it from another angle and use the ISO/IEC 27701 as a guide to complete the checklist for the GDPR implementation.
Also, with the help of the (new) PECB ISO/IEC 27701 lead auditor course, we'll have an auditor's look at the ISO certification and compliance. It's important to see how it works, to make sure your GDPR implementation can withstand the increasing demand for maturity from customers, subjects and data protection authorities that start to exercise their rights.
The ISO27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
- The GDRP view of the ISO/IEC 27701
- Mapping the GDPR to-do and the ISO/IEC 27701 to-do list.
- The ISO/IEC 27701 auditor mindset
- Compliance AND/OR/XOR solid data protection?
- Status of GDPR certification
Date: December 04, 2019
Recorded Webinar: https://www.youtube.com/watch?v=P80So3ryvJ8&feature=youtu.be
HITRUST CSF is a standard built upon other standards and authoritative sources relevant to the information security & privacy industry. The HITRUST CSF:
- Harmonizes existing controls and requirements from standards, regulations, business and third-party requirements.
- Incorporates both compliance and risk management principles
- Defines a process to effectively and efficiently evaluate compliance and security risk
How can the ISO 27701 help to design, implement, operate and improve a privac...Hernan Huwyler, MBA CPA
- Applications, tools and software for the implementation and documentation of the new ISO 27701 for GDPR and DPA compliance
- Key control objectives, requirement based on the ISO 2700 on information security
- How to prepare for an independent certification
Privacy-ready Data Protection Program ImplementationEryk Budi Pratama
Presented at CDEF 16th Meetup at 18 August 2022.
Title:
Privacy-ready Data Protection Program Implementation
Topics:
- Why data protection is important
- Data Privacy Program Domain
- Operationalize Data Privacy Program
- Privacy-aligned Information Security Framework
- Roadmap to Protect Personal Data
- Privacy Management Technology
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowPECB
Just a few days ago NIST published a complete refresh of the SP800-53, which provides a catalog of security measure to protect an organization against a variety of risks and threats.
How might NIST guidance fit in an information security management system like ISO/IEC 27001 and its privacy extension ISO/IEC 27701?
In this session, we will make a quick walk-through the standards and best practices, compare them, and find out how they map and differ from one another.
The webinar will cover:
• A quick recap of the topics covered in ISO27001/ISO27701
• Discovering the NIST guidelines for Information & cyber Security (SP800-SP1800)
• Main differences and mappings between NIST guidance and ISO27001
• About the latest publication (sep/2020) on NIST SP800-53 (Security and Privacy Controls for Information Systems and Organizations)
• Implementing information & cyber-security best practices
Date: October 14, 2020
YouTube presentation: https://youtu.be/zfsxSaaErqg
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
In this session, we will go through ISO/IEC 27701 and ISO/IEC 27001 key practical implementation steps and how they can help you to be compliant with the GDPR.
Our presenters, Peter Geelen and Stefan Mathuvis, will guide you through the implementer tasks with practical hints and tips and show you how an auditor will look at your implementation, searching for evidence and compliance.
In addition, we will match the ISO/IEC 27(7)01 requirements to complete the GDPR obligations as far as possible.
Starting from executive management to privacy policies, handling notifications, setting up awareness programs, controlling user access requests, over vendor management to incident management (data breaches) and continuous updates.
The webinar will cover:
• Quick recap on general ISO components and approach
• Implementing ISO/IEC 27001 with the ISO/IEC 27701 extension for GDPR compliance
• Do's and don’ts for implementation and audit
• The importance of evidence in the audit
• Managing audit expectations and the never ending audit cycle
Recorded webinar: https://youtu.be/HL-VUiCj4Ew
As a follow-up on the previous session (4th of December), we run through the GDPR part of the ISO/IEC 27701 standard which has been published in August 2019.
We'll take it from another angle and use the ISO/IEC 27701 as a guide to complete the checklist for the GDPR implementation.
Also, with the help of the (new) PECB ISO/IEC 27701 lead auditor course, we'll have an auditor's look at the ISO certification and compliance. It's important to see how it works, to make sure your GDPR implementation can withstand the increasing demand for maturity from customers, subjects and data protection authorities that start to exercise their rights.
The ISO27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
- The GDRP view of the ISO/IEC 27701
- Mapping the GDPR to-do and the ISO/IEC 27701 to-do list.
- The ISO/IEC 27701 auditor mindset
- Compliance AND/OR/XOR solid data protection?
- Status of GDPR certification
Date: December 04, 2019
Recorded Webinar: https://www.youtube.com/watch?v=P80So3ryvJ8&feature=youtu.be
HITRUST CSF is a standard built upon other standards and authoritative sources relevant to the information security & privacy industry. The HITRUST CSF:
- Harmonizes existing controls and requirements from standards, regulations, business and third-party requirements.
- Incorporates both compliance and risk management principles
- Defines a process to effectively and efficiently evaluate compliance and security risk
How can the ISO 27701 help to design, implement, operate and improve a privac...Hernan Huwyler, MBA CPA
- Applications, tools and software for the implementation and documentation of the new ISO 27701 for GDPR and DPA compliance
- Key control objectives, requirement based on the ISO 2700 on information security
- How to prepare for an independent certification
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
Just created a slideshare presentation giving a basic introduction to ISO27001 and its Scope, Implementation & Application. You can see more slideshows on http://www.slideshare.net/ImranahmedIT or visit my website: http://imran-ahmed.co.uk
ISO27001 standard was revised and a new version was published in 2013. ISO27001 is also becoming more common Information Security standard among service providers. This presentation focuses on the recent changes in 2013 version and also the process for implementing and getting certified for ISO27001.
Following are the key objectives of this presentation:
Provide an introduction to ISO27001 and changes in 2013 version
Discuss the implementation approach for an Information Security Management System (ISMS) framework
Familiarize the audience with some common challenges in implementation
General Data Protection Regulation (GDPR) and ISO 27001Owako Rodah
The General Data Protection Regulation (GDPR) came into effect on May 25th 2018 and organisations and data subjects alike are mostly in the dark about what it means and how it affects them This is a summary of the regulation and how businesses can leverage the implementation of international standards such as ISO 27001 to meet the requirements of the regulation.
Here is a brief description of cybersecurity audit and the best practices for it. To know more about cybersecurity audit and information security management, click here: https://www.eccouncil.org/information-security-management/
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB
The webinar covers:
• An overview of Cybersecurity
• Explaining of Cybersecurity Relationship with other types of security
• Guidance for addressing common Cybersecurity issues.
• Convincing stakeholders to collaborate on resolving Cybersecurity issues.
Presenter:
This webinar was presented by PECB Partner and Trainer Mr. Fabrice DePaepe, who is Managing Director at Nitroxis Sprl and has more than 15 years of experience in IT and Information Security.
Link of the recorded session published on YouTube: https://youtu.be/fQUSQEoLsYc
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701PECB
Based on online data, GDPR fines increased by 40% in 2020, compared to the previous years since the law came into force, and they are expected to increase even more in the upcoming years.
In this light, organizations are facing challenges when it comes to compliance with the increased number of data privacy laws and regulations worldwide.
The webinar covers
• ISO/IEC 27701 standard and its requirements
• GDPR requirements and principles mapped against ISO/IEC 27701
• An overview of CCPA requirements
• Upcoming US privacy laws
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/QGqJsh4kedM
Website link: https://pecb.com/
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
Due to an increase in the collection of consumer data, high-profile data breaches have become common.
Currently, there are 128 countries all over the world that have already put in place regulations to secure the protection of data and privacy.
The webinar covers:
Data protection, a global development
Introduction to the GDPR, ePrivacy & ISO/IEC 27701
GDPR & ISO/IEC 27701mapping
ePrivacy & ISO/IEC 27701 mapping
Recorded Webinar: https://youtu.be/oVhIoHAGGwk
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
70% of employees have access to data they should not…and that’s going to be a problem when GDPR takes affect in May 2018.
A strong data governance program ensures that you have the policies, standards, and controls in place to protect data effectively and access it for decision making. Data governance may become one of the most important functions of your data integration architecture when it comes to data agility.
Watch this on-demand webinar describing practical steps to data governance:
- Map personal data elements to data fields across systems using metadata
- Create workflows for data stewardship and manage end user computing
- Establish a data lake with native data quality for consent processing
- Track and manage data with audit trails and data lineage
In this article I will provide an Overview of A new Information Security Management System
Standard ISO/IEC 27001:2013 , The new standard just Published from a few Days Earlier .
ISO/IEC 27001:2013 Provides requirements for Establishing, Implementing, Maintaining
and Continually Improving an Information Security Management System.
ISO/IEC 27001:2013 gives Organization a Perfect Information Security management framework for implementing
and maintaining security.
In this Article, I tried to shed some light on new standard and its Mandatory Requirements, Optional Requirements ,
Structure , Benefits , Certification Process and Estimated time for Implementation and Certification.
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Eryk Budi Pratama
Sosialisasi UU Pelindungan Data Pribadi untuk sektor kesehatan.
Webinar Serial TIK I-2022
Diselenggarakan oleh:
*INDOHCF - KREKI - IODTI - FORKOMTIKNAS - Z-COURSE*
TOPIK:
*Implikasi UU PDP (Perlindungan Data Pribadi) Terhadap Tata Kelola Data di Sektor Kesehatan*
Rancangan Undang - Undang (RUU) Perlindungan Data Pribadi (PDP) telah resmi disahkan menjadi Undang-Undang (UU) dalam Rapat Paripurna DPR RI pada tanggal 20 Sept 2022. Sambil menunggu peraturan pelaksanaannya, maka perlu lebih mencermati isi regulasi tsb dan mendiskusikan bagaimana implikasinya bagi sektor kesehatan baik Faskes, BPJS, Masyarakat dan stakeholder kesehatan lainnya
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
Presented on PHPID Online Learning 35.
Komunitas PHP Indonesia
Title: Enabling Data Governance - The Journey through Data Trust, Ethics, and Quality
Eryk B. Pratama
Global IT & Cybersecurity Advisor
BKA renginio "Kaip tapti lyderiais IT valdymo, saugos ir audito srityje?" pranešimas apie CISM (Certified Information Security Manager) sertifikaciją. Renginys vyko balandžio 18 d., 2013.
BKA renginio "Kaip tapti lyderiais IT valdymo, saugos ir audito srityje?" pranešimas apie CISA (Certified Information Systems Auditor) sertifikaciją. Renginys vyko balandžio 18 d., 2013.
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
Just created a slideshare presentation giving a basic introduction to ISO27001 and its Scope, Implementation & Application. You can see more slideshows on http://www.slideshare.net/ImranahmedIT or visit my website: http://imran-ahmed.co.uk
ISO27001 standard was revised and a new version was published in 2013. ISO27001 is also becoming more common Information Security standard among service providers. This presentation focuses on the recent changes in 2013 version and also the process for implementing and getting certified for ISO27001.
Following are the key objectives of this presentation:
Provide an introduction to ISO27001 and changes in 2013 version
Discuss the implementation approach for an Information Security Management System (ISMS) framework
Familiarize the audience with some common challenges in implementation
General Data Protection Regulation (GDPR) and ISO 27001Owako Rodah
The General Data Protection Regulation (GDPR) came into effect on May 25th 2018 and organisations and data subjects alike are mostly in the dark about what it means and how it affects them This is a summary of the regulation and how businesses can leverage the implementation of international standards such as ISO 27001 to meet the requirements of the regulation.
Here is a brief description of cybersecurity audit and the best practices for it. To know more about cybersecurity audit and information security management, click here: https://www.eccouncil.org/information-security-management/
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB
The webinar covers:
• An overview of Cybersecurity
• Explaining of Cybersecurity Relationship with other types of security
• Guidance for addressing common Cybersecurity issues.
• Convincing stakeholders to collaborate on resolving Cybersecurity issues.
Presenter:
This webinar was presented by PECB Partner and Trainer Mr. Fabrice DePaepe, who is Managing Director at Nitroxis Sprl and has more than 15 years of experience in IT and Information Security.
Link of the recorded session published on YouTube: https://youtu.be/fQUSQEoLsYc
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701PECB
Based on online data, GDPR fines increased by 40% in 2020, compared to the previous years since the law came into force, and they are expected to increase even more in the upcoming years.
In this light, organizations are facing challenges when it comes to compliance with the increased number of data privacy laws and regulations worldwide.
The webinar covers
• ISO/IEC 27701 standard and its requirements
• GDPR requirements and principles mapped against ISO/IEC 27701
• An overview of CCPA requirements
• Upcoming US privacy laws
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/QGqJsh4kedM
Website link: https://pecb.com/
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
Due to an increase in the collection of consumer data, high-profile data breaches have become common.
Currently, there are 128 countries all over the world that have already put in place regulations to secure the protection of data and privacy.
The webinar covers:
Data protection, a global development
Introduction to the GDPR, ePrivacy & ISO/IEC 27701
GDPR & ISO/IEC 27701mapping
ePrivacy & ISO/IEC 27701 mapping
Recorded Webinar: https://youtu.be/oVhIoHAGGwk
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
70% of employees have access to data they should not…and that’s going to be a problem when GDPR takes affect in May 2018.
A strong data governance program ensures that you have the policies, standards, and controls in place to protect data effectively and access it for decision making. Data governance may become one of the most important functions of your data integration architecture when it comes to data agility.
Watch this on-demand webinar describing practical steps to data governance:
- Map personal data elements to data fields across systems using metadata
- Create workflows for data stewardship and manage end user computing
- Establish a data lake with native data quality for consent processing
- Track and manage data with audit trails and data lineage
In this article I will provide an Overview of A new Information Security Management System
Standard ISO/IEC 27001:2013 , The new standard just Published from a few Days Earlier .
ISO/IEC 27001:2013 Provides requirements for Establishing, Implementing, Maintaining
and Continually Improving an Information Security Management System.
ISO/IEC 27001:2013 gives Organization a Perfect Information Security management framework for implementing
and maintaining security.
In this Article, I tried to shed some light on new standard and its Mandatory Requirements, Optional Requirements ,
Structure , Benefits , Certification Process and Estimated time for Implementation and Certification.
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Eryk Budi Pratama
Sosialisasi UU Pelindungan Data Pribadi untuk sektor kesehatan.
Webinar Serial TIK I-2022
Diselenggarakan oleh:
*INDOHCF - KREKI - IODTI - FORKOMTIKNAS - Z-COURSE*
TOPIK:
*Implikasi UU PDP (Perlindungan Data Pribadi) Terhadap Tata Kelola Data di Sektor Kesehatan*
Rancangan Undang - Undang (RUU) Perlindungan Data Pribadi (PDP) telah resmi disahkan menjadi Undang-Undang (UU) dalam Rapat Paripurna DPR RI pada tanggal 20 Sept 2022. Sambil menunggu peraturan pelaksanaannya, maka perlu lebih mencermati isi regulasi tsb dan mendiskusikan bagaimana implikasinya bagi sektor kesehatan baik Faskes, BPJS, Masyarakat dan stakeholder kesehatan lainnya
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
Presented on PHPID Online Learning 35.
Komunitas PHP Indonesia
Title: Enabling Data Governance - The Journey through Data Trust, Ethics, and Quality
Eryk B. Pratama
Global IT & Cybersecurity Advisor
BKA renginio "Kaip tapti lyderiais IT valdymo, saugos ir audito srityje?" pranešimas apie CISM (Certified Information Security Manager) sertifikaciją. Renginys vyko balandžio 18 d., 2013.
BKA renginio "Kaip tapti lyderiais IT valdymo, saugos ir audito srityje?" pranešimas apie CISA (Certified Information Systems Auditor) sertifikaciją. Renginys vyko balandžio 18 d., 2013.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.IGN MANTRA
ISO 27001:2013 Awareness, Seminar & Workshop Indonesia Honeynet Project IHP, Badan Siber dan Sandi Negara BSSN, Universitas Syiah Kuala Unsyiah, 23-24 Oktober 2018
Building an effective Information Security RoadmapElliott Franklin
As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the
pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week
on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This
presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy
in for multiple enterprise wide security projects.
Dont let governance risk and compliance be a roll of the dice | ESPC22 Nikki Chapple
1 December 2022| In-person: Copenhagen, Denmark
Don’t let Microsoft 365 Governance and Compliance be a roll of the dice.
No matter the size of your business, data protection and compliance is critical.
1. Data is exploding
2. Data regulations are increasing around the world
3. Everyone is at risk of a data breach
Yet data security and compliance can feel overwhelming.
Let me show you how the Microsoft 365 Governance, Risk, and Compliance maturity model can help you reduce risk and improve compliance effectiveness by building a strategy for protecting and managing sensitive and business-critical data.
The CISA is a globally reputed certification for security professionals who audit, monitor, and assess organizations’ information systems and business operations. The certification showcases the candidate’s auditing experience, knowledge, and skills to evaluate vulnerabilities, report on compliance, and institute controls within the enterprise.
Register Here: https://www.infosectrain.com/courses/cisa-certification-training/
On-demand recording link:https://info.trustarc.com/WB-2019-06-19-GDPR-Compliance-Convince-Customers-Partners-Board.html?utm_source=slideshare
Many companies have invested significant time and resources trying to design and implement GDPR compliance programs. Internally, they may have generated hundreds or thousands of pages of project plans, policies, processes and reports – including records of processing, DPIA reports and much more. But how can you demonstrate to internal stakeholders, clients and partners that you have a comprehensive program and that your processes and products are GDPR-compliant?
This webinar will provide these key takeaways:
-The current state of an official GDPR certification and codes of conduct
-Case studies of how companies are demonstrating compliance
-The benefits of an external third party GDPR validation
Similar to Data Protection: An Approach to Privacy (20)
As companies integrate these tools into their operations, it is essential to understand the potential risks.
By embracing these risks and implementing effective risk management strategies, organizations can leverage the full potential of these technologies while maintaining a safe and secure operating environment.
IT organizations are looking to cloud automation for its opportunities for their infrastructures and are finding a solution to the madness. Cloud management services allow for predictability and adaptability — both valuable properties of infrastructure agility. Cloud computing shoulders some of the burden for IT professionals in offering scalability and adjustability, all while being cost effective. In doing so, cloud services have the capabilities for you to fight planned obsolescence.
Integrated Security for Software Development and Advanced Penetration Testing...Symptai Consulting Limited
Security by design is an approach to software development that seeks to make systems as free of vulnerabilities and attacks as possible through such measures as continuous testing, authentication safeguards and adherence to best programming practices.
Many business leaders in the Caribbean believe that cyber-attacks are not imminent and do not pose a direct threat to their business. On the contrary, many Caribbean companies are exposed to malicious exploitation as testing has revealed their vulnerabilities. This webinar is an opportunity for business leaders to engage the experts as they discuss the cyber threats within the region and their implications.
With the right kind of cyber protection, Caribbean business leaders can empower their businesses on digital platforms and allow for safe spaces for their employees, customers, and stakeholders.
The rate at which technology is changing has caused a tremendous amount of Transformation trends across all industries. The same technological advancements that make Digital Transformation possible is also creating an ever-growing cyber-attack surface. With ever-connected devices and more people working remotely means more sophisticated ways for attackers to exploit systems and networks.
Without setting the right goals and following the right steps Digital Transformation can turn out to be nothing more than digitizing without accomplishing much.
While the COVID-19 pandemic has impacted the way the majority of us work and live our lives, cyber attackers have not taken a break. The pandemic has fuelled cyber-attacks as the attention may have shifted to the healthcare sector. Equipped with the correct monitoring tools, organizations may have noticed a dramatic increase in the number of cyber-attacks directed at its resources and staff. Not only are our organizations being targeted, but cybercriminals are targeting and attacking us as individuals.
COVID-19 has made remote work the norm in certain industries and this may remain in place even after we get over the pandemic.
The Data Protection Bill has been passed into law this bill will change the way we are required to handle personally identifiable data of all Jamaican citizens.
Symptai Consulting Ltd. is the only certified training partners of the IAPP - International Association of Privacy Professionals in the English speaking Caribbean. Our team of trained professionals can meet all your privacy needs and help you transition to a state of compliance.
The current climate has affected Industries all across the world. Join our team as we discuss the differences between cost-cutting and cost optimization and why we should be looking to make decisions for long term growth even in a time of crisis. Topics include:
What is cost optimization and how does that differ from cost-cutting?
What are good costs and bad costs?
Which costs should you cut first?
Identify compliance deficiencies and provide recommendations to achieve and verify compliance based on the 12 PCI DSS requirements and security assessment procedures in order to avoid broad regulatory actions.
Living in an era of collusion, fraud, and money laundering has put most organizations on high alert and forced regulatory institutions to tighten their belts. This, in turn, has shifted the conversations that we are having with industry leaders who are looking to strengthen their anti-money laundering (AML) and counter financial terrorism (CFT) programs in order to maintain their critical international business relationships, as those intermediaries seek to de-risk.
Data Analytics is the process of extracting meaning from raw data using computer software. This process transforms organizes and models data to extract meaningful conclusions and identify patterns.
With increased focus on cyber-security and consequently efforts by enterprises to ensure resilience against cyber-attacks and data breaches, it is critical that IS audit techniques evolve to ensure its continued importance and effectiveness as an independent assessor of an organisation’s control environment.
With the latest news of privacy violations on popular social media platforms and the new regulations coming from the European Union (EU) – The General Data Protection Regulations (GDPR), how companies use data and the laws protecting consumers is in the forefront of many person’s minds.
Everyone is important in Security. Empower your team.
Plan, Execute, Report, Follow-up, Close and Repeat.
Frequency of Cyber-Attacks
21,239 Incidents targeted Public Services
239 Were breaches
58 Incidents per day
"Data Mining is a term that has been described many different ways, whether it be Big Data, Data Science, Data Analytics or even Business Intelligence. Technology has reached a point today where almost anyone can not only start data mining on our own but find some way for it to benefit ourselves and our companies." Rory Barrett
Can you tell if your computer has been compromised?
Cyber Security is a practice which intends to protect computers, networks, programs and data from unintended or unauthorized access, change or destruction
More than 50% of the world's population is actively connected to the internet.
Cyber Security is becoming a fundamental requirement for every business organization worldwide. We are all susceptible to this new frontier of crime and it is our responsibility to be prepared.
Opendatabay - Open Data Marketplace.pptxOpendatabay
Opendatabay.com unlocks the power of data for everyone. Open Data Marketplace fosters a collaborative hub for data enthusiasts to explore, share, and contribute to a vast collection of datasets.
First ever open hub for data enthusiasts to collaborate and innovate. A platform to explore, share, and contribute to a vast collection of datasets. Through robust quality control and innovative technologies like blockchain verification, opendatabay ensures the authenticity and reliability of datasets, empowering users to make data-driven decisions with confidence. Leverage cutting-edge AI technologies to enhance the data exploration, analysis, and discovery experience.
From intelligent search and recommendations to automated data productisation and quotation, Opendatabay AI-driven features streamline the data workflow. Finding the data you need shouldn't be a complex. Opendatabay simplifies the data acquisition process with an intuitive interface and robust search tools. Effortlessly explore, discover, and access the data you need, allowing you to focus on extracting valuable insights. Opendatabay breaks new ground with a dedicated, AI-generated, synthetic datasets.
Leverage these privacy-preserving datasets for training and testing AI models without compromising sensitive information. Opendatabay prioritizes transparency by providing detailed metadata, provenance information, and usage guidelines for each dataset, ensuring users have a comprehensive understanding of the data they're working with. By leveraging a powerful combination of distributed ledger technology and rigorous third-party audits Opendatabay ensures the authenticity and reliability of every dataset. Security is at the core of Opendatabay. Marketplace implements stringent security measures, including encryption, access controls, and regular vulnerability assessments, to safeguard your data and protect your privacy.
Explore our comprehensive data analysis project presentation on predicting product ad campaign performance. Learn how data-driven insights can optimize your marketing strategies and enhance campaign effectiveness. Perfect for professionals and students looking to understand the power of data analysis in advertising. for more details visit: https://bostoninstituteofanalytics.org/data-science-and-artificial-intelligence/
Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...pchutichetpong
M Capital Group (“MCG”) expects to see demand and the changing evolution of supply, facilitated through institutional investment rotation out of offices and into work from home (“WFH”), while the ever-expanding need for data storage as global internet usage expands, with experts predicting 5.3 billion users by 2023. These market factors will be underpinned by technological changes, such as progressing cloud services and edge sites, allowing the industry to see strong expected annual growth of 13% over the next 4 years.
Whilst competitive headwinds remain, represented through the recent second bankruptcy filing of Sungard, which blames “COVID-19 and other macroeconomic trends including delayed customer spending decisions, insourcing and reductions in IT spending, energy inflation and reduction in demand for certain services”, the industry has seen key adjustments, where MCG believes that engineering cost management and technological innovation will be paramount to success.
MCG reports that the more favorable market conditions expected over the next few years, helped by the winding down of pandemic restrictions and a hybrid working environment will be driving market momentum forward. The continuous injection of capital by alternative investment firms, as well as the growing infrastructural investment from cloud service providers and social media companies, whose revenues are expected to grow over 3.6x larger by value in 2026, will likely help propel center provision and innovation. These factors paint a promising picture for the industry players that offset rising input costs and adapt to new technologies.
According to M Capital Group: “Specifically, the long-term cost-saving opportunities available from the rise of remote managing will likely aid value growth for the industry. Through margin optimization and further availability of capital for reinvestment, strong players will maintain their competitive foothold, while weaker players exit the market to balance supply and demand.”
As Europe's leading economic powerhouse and the fourth-largest hashtag#economy globally, Germany stands at the forefront of innovation and industrial might. Renowned for its precision engineering and high-tech sectors, Germany's economic structure is heavily supported by a robust service industry, accounting for approximately 68% of its GDP. This economic clout and strategic geopolitical stance position Germany as a focal point in the global cyber threat landscape.
In the face of escalating global tensions, particularly those emanating from geopolitical disputes with nations like hashtag#Russia and hashtag#China, hashtag#Germany has witnessed a significant uptick in targeted cyber operations. Our analysis indicates a marked increase in hashtag#cyberattack sophistication aimed at critical infrastructure and key industrial sectors. These attacks range from ransomware campaigns to hashtag#AdvancedPersistentThreats (hashtag#APTs), threatening national security and business integrity.
🔑 Key findings include:
🔍 Increased frequency and complexity of cyber threats.
🔍 Escalation of state-sponsored and criminally motivated cyber operations.
🔍 Active dark web exchanges of malicious tools and tactics.
Our comprehensive report delves into these challenges, using a blend of open-source and proprietary data collection techniques. By monitoring activity on critical networks and analyzing attack patterns, our team provides a detailed overview of the threats facing German entities.
This report aims to equip stakeholders across public and private sectors with the knowledge to enhance their defensive strategies, reduce exposure to cyber risks, and reinforce Germany's resilience against cyber threats.
2. Symptai
• Symptai Consulting Limited is an independent IS Audit, Security &
Business Assurance firm founded in 1998.
• We are an industry leader in technology consulting services for
assurance, security, business processes, and compliance with
numerous success stories and excellent client retention rates.
3. Symptai Consulting Ltd
Director
eGov Jamaica
Member, Board of Directors
Andrew A. Nooks
Certs:
CISA, CISSP, CISSP-ISSAP, CIPM, CSSLP, CISM,
CRISC, PCIP, ISO27001, ITSM
Interests: Volleyball Swimming Aikido
4. Disclaimer
• This presentation is based on research collated from the Internet
leveraging articles from the International Association of Privacy
Professionals (IAPP), an organization of which I am a member, and its
contributors.
• I have also leveraged my own experience being as an IS practitioner
for over twenty-five (25) years of which thirteen (13) of which has
been dedicated to Information Security and related controls to
include privacy, as well as and the knowledge and experience from
the Symptai team.
5. Definition of Privacy
Privacy
The right to be left
alone, or freedom
from interference or
intrusion.
Information
privacy
The right to have
some control over
how your personal
information is
collected and used.
Impact
How organization
protect data in its
various states: At
rest, in-transit and in
use.
6. Why is Privacy Important?
Due to advancement in technological innovation, information
privacy is becoming more complex by the minute as more data is
being collected and exchanged.
As the technology gets more sophisticated so do the uses of data.
This leaves organizations facing an incredibly complex
risk matrix for ensuring that personal information
is protected.
7. In the News (Source https://www.scmagazine.com)
Source: https://iapp.org/news
8. Business Risk
• Health
• Banking
• Insurance
• Telecoms
Inherent High Risk
• GDPR and other Data Protection
Legislations
• PCI DSS
• HIPAA
Legal &
Compliance
9. Primary Components of a Privacy Program
Privacy Program
Governance
Privacy Operational
Life-Cycle Management
10. Privacy Program Governance
• Vision and Mission
• Develop a strategy
• Team structure and composition
Strategy
Management
11. Privacy Program Governance
• Vision and Mission
• Develop a strategy
• Team structure and composition
Strategy
Management
• Frameworks
• Policies Procedures Standards
and guidelines
Framework
12. Privacy Program Governance
• Vision and Mission
• Develop a strategy
• Team structure and composition
Strategy Management
• Frameworks
• Policies Procedures Standards and guidelinesFramework
• Metrics and measurements
(identify, Define, Select,
Collect, Analyze)
Performance
13. Business Case
• Organizational Privacy Office Guidance
• Define Privacy
• Laws and Regulations
• Technical Controls
• External Privacy Organizations
• Industry Frameworks
• Privacy information Technology
• Education and Awareness
• Program Assurance
19. In Summary
1. Define the privacy mission statement
2. Develop a strategy
3. Define team structure
4. Develop a framework – aligned to organization
5. Develop and communicate policies, procedures, standards and guidelines
6. Define performance metrics
7. Assess the based on governance model
8. Protect – DLM, Info Sec embedding privacy in the organization
9. Conduct RA and PIA
10. Monitor, audit and communicate
11. Respond to request
12. Accountability
13. Incident management
Privacy Framework: An implementation Roadmap that provides a structure or checklists to guide the privacy professional through privacy management and prompts them for details to determine all privacy-relevant decisions of the organization
Strategy Management
Vision and Mission
(statements, scope, compliance, legal) -
Develop a strategy
(Stakeholders –CISO, CRO, GLC, CIO, HRM, CMO), Key Functions, Interfacing, Data Governance Strategy (Collection, Authorized use, access, Security Destruction), Privacy Workshop
Team structure
(Governance Model – Centralized, Decentrlized, Hybrid, Org Model – CPO, privacy manager, Professional Competency – CIPM, CIPP, CIPT)
Privacy Framework: An implementation Roadmap that provides a structure or checklists to guide the privacy professional through privacy management and prompts them for details to determine all privacy-relevant decisions of the organization.
Managing risk
Framework
Assist in risk management
Minimize incidents of data loss
Protect reputation and market value
Aids in Compliance to lawas regulation and standards
Frameworks (privacy by Design, Privacy Maturity Model)
APEC Privacy Framework – Enable regional data transfers C2B, B2B, B2G
Guidance from UK Information Commissioner’s Office
Canadian Personal Information and Electronic Documents Act PIPEDA
Australian Privacy Principles
Organization for Economic Co-operation amd Development Privacy Guidelines
Framework questions
Are risks defined identified and is there a business case
Who has responsibility
Are gaps in privacy management understood
Is privacy management being monitored
Are employees trained
Are best practices for data inventory, risk assessments and privacy impact assessments
Is there an incident response plan
Is there a communication policy on privacy-related matters and are materials updated
Policies Procedures Standards and guidelines (Business Case, Gap Analysis, Review Process and Monitoring, Communicate to stakeholders
Performance
Measurable, meaningful, unambiguous, specific
Externalprovacy – Data Commissioner’s office
Privacy enhancing technologied
Industry frameworks such as AICPA – Generally Accepted Privacy Principles -- collection use
PMM – Levels adhoc repeatable, defined, managed, optimized
PbD – Assess org objectives and goals – Dr Ann Cavoukian
Support for these areas
Internal Audit and Risk Management
Informaiton Technology – Business Continuity/DRP
InformationSecurity – Response and Breach Notification
Legal and Contracts – Compliance, Mergers, Acquisitions, divestitures
Processors and thirdparty vendors
Human Resourcesmarketting and business development
Gobernment relations and public policy
Finance/business contrls
DLM Principles
Alignment with enterprise objectives
Minimalism
Simplify processes
Provide adequate infrastructure
Information Security
Authenticity of subjects records
Retrievability
Distribution Controls
Auditability
Consistency of policies
Enforcement