Data privacy and security expert, Debra Farber, presents on the emerging role of the Data Protection Officer (DPO). When the EU's General Data Protection Regulation (GDPR) becomes enforceable on May 25, 2018, companies around the world who process the personal data of EU residents will be required by law to appoint an independent DPO who has specific responsibilities and data protection knowledge.
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...PECB
Key Data Privacy Roles Explained: Data Protection Officer, Information Security Manager, and Information Security Auditor
In this session, we will go through the roles and responsibilities of the main actors responsible for protecting data in an organization: the Data Protection Officer, Information Security Manager, and Information Security Auditor.
The webinar will cover:
• What are the roles and responsibilities of the main actors responsible for protecting data in an organization?
• How can an organization find out if they are required to designate a DPO role or not?
• Can the roles of a DPO and Information Security Manager be covered by the same individual?
• What organizations are required to do to have the DPO perform its role and responsivities independently?
Presenter:
Our first presenter for this webinar is Peter Geelen, director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Our second presenter is Stefan Mathuvis, owner & senior consultant at Quality Management & Auditing BV, Zonhoven, Belgium. With over 20 years of experience, Stefan built strong experience in quality management systems, Information Security management systems, GDPR, data privacy & data protection. Stefan is accredited ISO/IEC 27001 Lead Auditor and operates as a third party auditor for DQS Belgium. Dividing his time between consultancy, training & third party auditing on an international scale, Stefan remains in touch with the issues of today allowing him to assist clients in their needs for Information Security and Data Privacy.
Recorded webinar: https://www.youtube.com/watch?v=Y0hnv1laxAw&feature=youtu.be
General Data Protection Regulation (GDPR) and ISO 27001Owako Rodah
The General Data Protection Regulation (GDPR) came into effect on May 25th 2018 and organisations and data subjects alike are mostly in the dark about what it means and how it affects them This is a summary of the regulation and how businesses can leverage the implementation of international standards such as ISO 27001 to meet the requirements of the regulation.
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...PECB
Key Data Privacy Roles Explained: Data Protection Officer, Information Security Manager, and Information Security Auditor
In this session, we will go through the roles and responsibilities of the main actors responsible for protecting data in an organization: the Data Protection Officer, Information Security Manager, and Information Security Auditor.
The webinar will cover:
• What are the roles and responsibilities of the main actors responsible for protecting data in an organization?
• How can an organization find out if they are required to designate a DPO role or not?
• Can the roles of a DPO and Information Security Manager be covered by the same individual?
• What organizations are required to do to have the DPO perform its role and responsivities independently?
Presenter:
Our first presenter for this webinar is Peter Geelen, director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Our second presenter is Stefan Mathuvis, owner & senior consultant at Quality Management & Auditing BV, Zonhoven, Belgium. With over 20 years of experience, Stefan built strong experience in quality management systems, Information Security management systems, GDPR, data privacy & data protection. Stefan is accredited ISO/IEC 27001 Lead Auditor and operates as a third party auditor for DQS Belgium. Dividing his time between consultancy, training & third party auditing on an international scale, Stefan remains in touch with the issues of today allowing him to assist clients in their needs for Information Security and Data Privacy.
Recorded webinar: https://www.youtube.com/watch?v=Y0hnv1laxAw&feature=youtu.be
General Data Protection Regulation (GDPR) and ISO 27001Owako Rodah
The General Data Protection Regulation (GDPR) came into effect on May 25th 2018 and organisations and data subjects alike are mostly in the dark about what it means and how it affects them This is a summary of the regulation and how businesses can leverage the implementation of international standards such as ISO 27001 to meet the requirements of the regulation.
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
This webinar covers:
-The definitions of ‘data controller’ and ‘data processor’ under the GDPR.
-The responsibilities and obligations of controllers and processors.
-The data breach reporting responsibilities of controllers and processors.
-The liability of, and penalties that may be imposed on, data processors and controllers.
-The appointment of joint controllers and subcontracting processors
The webinar can be found here https://www.youtube.com/watch?v=cyUPGGD3iVg&t=8s
Data Protection Officer Dashboard | GDPRCorporater
Data Protection Officers (DPOs) have a very critical role to play in today's organizations, especially with the implementation of GDPR. Data Protection Officer dashboards are an essential aid to DPOs to stay on top of GDPR compliance activities, and to implement and monitor GDPR projects.
The presentation gives insight into the essentials of a DPO dashboard.
If you are in the UK and need to check that you will comply with the General Data Protection Regulations when they come into force in May 2018, this checklist might help. Developed for use in my own business it is shared without liability. Please use it wisely to start the process of complying.
For more information on making your processes and your legal documents simple, especially if you are in the UK construction industry, go to http://500words.co.uk/
California Consumer Privacy Act (CCPA): Countdown to ComplianceTinuiti
What is CCPA? The California Consumer Privacy Act increases the transparency of the collection and selling of physical and digital data, while providing California residents with more control over what happens to their personal information that companies collect. CCPA is approaching with a compliance deadline of January 2020. With the countdown to compliance less than 6 months away it’s critical to know how this can potentially impact your business in order to avoid violation fines. Join our webinar as we unpack the key requirements and considerations to keep in mind in order to stay compliant. See how CCPA impacts all advertisers, not just Californians.
With GDPR coming into effect, we can see a lot of changes in the privacy policies of companies doing business online. The presentation is a description of GDPR and its implications in India and worldwide. The main aim of the presentation is to identify the key issues of data privacy and the rights available to the consumer who's data is to be shared.
This Presentation explains what GDPR is and the impact it'll have for Companies who process data of EU Citizens.
This Guide explains the principles of GDPR, Consent, User Rights and also explains how to implement GDPR in your organization.
Originally appeared at
http://backlinkme.net/definitive-guide-for-general-data-protection-regulation-gdpr-compliance/
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
My presentation for SUG Hungary presented on 26.06.2018 with topic Privacy by Design and by Default and General Data Protection Regulation with Sitecore
Risk assessments and applying organisational controls for GDPR complianceIT Governance Ltd
This webinar covers:
-An overview of the General Data Protection Regulation (GDPR) and risk assessments.
-The process for risk management and industry best practice for risk treatment.
-The components of an internal control system and privacy -compliance framework.
-ISO 31000 principles and the risk management process.
You can find the webinar here https://www.youtube.com/watch?v=wInMDee7T78&t=154s
We now have to obey the law and comply with GDPR, ensuring people's data are securely stored, we track who has access to it and if the client requests to review, update or remove their data, we should do so in an automated fashion. But, are you there yet? Chances are, there's still a long way to go.
In this talk I will address some of the challenges we solved in greenfield projects as well in old, legacy applications. We introduced "privacy by design" as just another "by design" mantra we already had build in our workflow and as we worked on the project, we applied it everywhere when we saw user data (personal or not) was processed. This ensured that all data was handled and treated the same way and allowed the business to reorient themselves again to be creative in approaching their customers.
Norfolk Chamber delivered a morning conference based around the European General Data Protection Regulation (GDPR), which will come into force on May 25 2018. Delegates heared from a variety of GDPR expert speakers from legal, marketing, IT and Data Protection perspectives.
“Are we secure?” It’s the most dreaded question that information security and risk management professionals need to answer. Compliance is a useful starting point, but the number of “compliant” organizations who still suffered a data breach is proof positive that compliance simply isn’t enough. That’s where maturity models come into play. In this presentation, I’ll show you how to apply a capability maturity model (CMM) to your identity and access management (IAM) program, using that model to assess where you are today. I’ll also share tools and techniques you can use to accelerate improvements to your program.
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
Fraud continues to proliferate across financial institutions, through multiple lines of business and banking channels. Increasingly sophisticated criminal tactics and the proliferation of organized crime rings make detecting fraud difficult and preventing it nearly impossible. Adding to the complexity is increased globalization and growth through mergers and acquisition, which make it harder to effectively monitor multiple portfolios and business lines. The presentation discussus best practices and ideas around the prevention, investigation, and detection of possible fraudulent activities across multiple industries.
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
According to Technavio's latest market research report, the data security market value will grow by $2.85 Billion during 2021-2025.
To secure their data, organizations can use the CIA triad, a data security model developed to help the data security market and people deal with various IT security parts.
The webinar covers
• Overview Of CIA
• Description of Data Governance vs Information Security vs Privacy
• Relationship of CIA to Data Governance
• Relationship of CIA to Information Security
• Relationship of CIA to Privacy
• How to Implement and Maintain the CIA model (e.g., PDCA, etc.)
Presenters:
Anthony English
Our presenter for this webinar is Anthony English, one of the top cybersecurity professionals in Atlantic Canada with extensive Canadian and International experience in cybersecurity covering risk assessment, management, mitigation, security testing, business continuity, information security management systems, architecture security reviews, project security, security awareness, lectures, presentations and standards-based compliance.
Date: November 17, 2021
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Youtube video: https://youtu.be/eA8uQhdLZpw
Website link: https://pecb.com/
Education law conferences, March 2018, Workshop 1B - The role of the DPOBrowne Jacobson LLP
This workshop explores what being a DPO entails, who can be one, what training is required and the importance of keeping them updated and managing a data breach within the 72 hours allowed.
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
This webinar covers:
-The definitions of ‘data controller’ and ‘data processor’ under the GDPR.
-The responsibilities and obligations of controllers and processors.
-The data breach reporting responsibilities of controllers and processors.
-The liability of, and penalties that may be imposed on, data processors and controllers.
-The appointment of joint controllers and subcontracting processors
The webinar can be found here https://www.youtube.com/watch?v=cyUPGGD3iVg&t=8s
Data Protection Officer Dashboard | GDPRCorporater
Data Protection Officers (DPOs) have a very critical role to play in today's organizations, especially with the implementation of GDPR. Data Protection Officer dashboards are an essential aid to DPOs to stay on top of GDPR compliance activities, and to implement and monitor GDPR projects.
The presentation gives insight into the essentials of a DPO dashboard.
If you are in the UK and need to check that you will comply with the General Data Protection Regulations when they come into force in May 2018, this checklist might help. Developed for use in my own business it is shared without liability. Please use it wisely to start the process of complying.
For more information on making your processes and your legal documents simple, especially if you are in the UK construction industry, go to http://500words.co.uk/
California Consumer Privacy Act (CCPA): Countdown to ComplianceTinuiti
What is CCPA? The California Consumer Privacy Act increases the transparency of the collection and selling of physical and digital data, while providing California residents with more control over what happens to their personal information that companies collect. CCPA is approaching with a compliance deadline of January 2020. With the countdown to compliance less than 6 months away it’s critical to know how this can potentially impact your business in order to avoid violation fines. Join our webinar as we unpack the key requirements and considerations to keep in mind in order to stay compliant. See how CCPA impacts all advertisers, not just Californians.
With GDPR coming into effect, we can see a lot of changes in the privacy policies of companies doing business online. The presentation is a description of GDPR and its implications in India and worldwide. The main aim of the presentation is to identify the key issues of data privacy and the rights available to the consumer who's data is to be shared.
This Presentation explains what GDPR is and the impact it'll have for Companies who process data of EU Citizens.
This Guide explains the principles of GDPR, Consent, User Rights and also explains how to implement GDPR in your organization.
Originally appeared at
http://backlinkme.net/definitive-guide-for-general-data-protection-regulation-gdpr-compliance/
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
My presentation for SUG Hungary presented on 26.06.2018 with topic Privacy by Design and by Default and General Data Protection Regulation with Sitecore
Risk assessments and applying organisational controls for GDPR complianceIT Governance Ltd
This webinar covers:
-An overview of the General Data Protection Regulation (GDPR) and risk assessments.
-The process for risk management and industry best practice for risk treatment.
-The components of an internal control system and privacy -compliance framework.
-ISO 31000 principles and the risk management process.
You can find the webinar here https://www.youtube.com/watch?v=wInMDee7T78&t=154s
We now have to obey the law and comply with GDPR, ensuring people's data are securely stored, we track who has access to it and if the client requests to review, update or remove their data, we should do so in an automated fashion. But, are you there yet? Chances are, there's still a long way to go.
In this talk I will address some of the challenges we solved in greenfield projects as well in old, legacy applications. We introduced "privacy by design" as just another "by design" mantra we already had build in our workflow and as we worked on the project, we applied it everywhere when we saw user data (personal or not) was processed. This ensured that all data was handled and treated the same way and allowed the business to reorient themselves again to be creative in approaching their customers.
Norfolk Chamber delivered a morning conference based around the European General Data Protection Regulation (GDPR), which will come into force on May 25 2018. Delegates heared from a variety of GDPR expert speakers from legal, marketing, IT and Data Protection perspectives.
“Are we secure?” It’s the most dreaded question that information security and risk management professionals need to answer. Compliance is a useful starting point, but the number of “compliant” organizations who still suffered a data breach is proof positive that compliance simply isn’t enough. That’s where maturity models come into play. In this presentation, I’ll show you how to apply a capability maturity model (CMM) to your identity and access management (IAM) program, using that model to assess where you are today. I’ll also share tools and techniques you can use to accelerate improvements to your program.
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
Fraud continues to proliferate across financial institutions, through multiple lines of business and banking channels. Increasingly sophisticated criminal tactics and the proliferation of organized crime rings make detecting fraud difficult and preventing it nearly impossible. Adding to the complexity is increased globalization and growth through mergers and acquisition, which make it harder to effectively monitor multiple portfolios and business lines. The presentation discussus best practices and ideas around the prevention, investigation, and detection of possible fraudulent activities across multiple industries.
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
According to Technavio's latest market research report, the data security market value will grow by $2.85 Billion during 2021-2025.
To secure their data, organizations can use the CIA triad, a data security model developed to help the data security market and people deal with various IT security parts.
The webinar covers
• Overview Of CIA
• Description of Data Governance vs Information Security vs Privacy
• Relationship of CIA to Data Governance
• Relationship of CIA to Information Security
• Relationship of CIA to Privacy
• How to Implement and Maintain the CIA model (e.g., PDCA, etc.)
Presenters:
Anthony English
Our presenter for this webinar is Anthony English, one of the top cybersecurity professionals in Atlantic Canada with extensive Canadian and International experience in cybersecurity covering risk assessment, management, mitigation, security testing, business continuity, information security management systems, architecture security reviews, project security, security awareness, lectures, presentations and standards-based compliance.
Date: November 17, 2021
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Youtube video: https://youtu.be/eA8uQhdLZpw
Website link: https://pecb.com/
Education law conferences, March 2018, Workshop 1B - The role of the DPOBrowne Jacobson LLP
This workshop explores what being a DPO entails, who can be one, what training is required and the importance of keeping them updated and managing a data breach within the 72 hours allowed.
The Tsaaro Academy offers CT DPO Intermediate Certification to privacy enthusiasts who want to be certified to handle GDPR and ePrivacy compliance. Click here to learn more and get started today.
Dovetail Software (hr.dovetailsoftware.com) sponsors this informative and important webinar hosting experts Grant D. Petersen (ogletree.com/) and Estella Cohen (trustarc.com/) who shared information with HR practitioners and Organizations that need to be GDPR compliant by May 25, 2018.
Here's the link to view the recording: http://hr.dovetailsoftware.com/dsadmin/2018/01/31/hr-gdpr-preparing-2018-compliance/
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 6
• The role of the data protection officer (DPO).
• What constitutes personal data.
• Accountability, the privacy compliance framework and a personal information management system (PIMS).
CRMCS GDPR - Why it matters and how to make it EasyPaul McQuillan
CRM has focused on User Adoption and Business Alignment, however technology is rewriting the rules.
This brings new opportunities but also new responsibilities for conduct in the Data Economy – notably the introduction of GDPR.
Paul will illustrate why the ethos behind GDPR will sit at the heart of the new relationship we will have with the customer, and how to realise the opportunity in having a customer-centric approach to our business.
7 Key GDPR Requirements & the Role of Data GovernanceDATUM LLC
GDPR is less than a year away. How is your organization making sure it will avoid penalties, fines and punishments? All organizations need to familiarize themselves with the new GDPR requirements and data subject rights as the first step to preventing fines and penalties. This presentation will look at the key requirements of GDPR and certain “best practices” approaches towards company-wide compliance. This presentation was given by Jonathan Adams, Research Director, at the MDM & Data Governance Summit on October 12, 2017 in New York City.
GDPR - Why it matters and how to make it EasyPaul McQuillan
Looking at the rationale for the new #GDPR Data Regulations, the principles behind the regulation, how this impacts #CRM, and how to make compliance easier.
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 3
• Data protection by design
• Securing personal data
• Reporting data breaches
For more information visit https://www.brightpay.co.uk
The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 with the aim of protecting all EU citizens from privacy and data breaches in an increasingly data driven world.
Employers process large amounts of personal data, not least in relation to their customers and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
In this webinar, we will peel back the legislation to outline clearly:
What is GDPR and why is it being implemented?
Why employers need to take it seriously
How to prepare for GDPR
How we are working to help you
Data protection: Steps Organisations can take to ensure complianceEquiGov Institute
This presentation highlights the major principles and rights enshrined in the General Data Protection Regulations (GDPR) as well as 10 steps organisations (whether large or small) can take to ensure compliance.
Where security and privacy meet partnering tips for CSOs and privacy/complian...Compliancy Group
This webinar will identifying challenges in both the privacy and security offices, explaining the necessities of working together, and identify mutual goals, both within their departments and in the context of the rest of the business. It will include solutions and suggestions for working together and case studies/examples showing common mistakes as well as success stories of privacy and IT offices working together.
Panelists:
Gant Redmon, General Counsel and VP of Business Development, Co3 Systems
For more information visit thesaurus.ie or brightpay.ie
The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 with the aim of protecting all EU citizens from privacy and data breaches in an increasingly data driven world.
Employers process large amounts of personal data, not least in relation to their customers and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
In this webinar, we will peel back the legislation to outline clearly:
What is GDPR and why is it being implemented?
Why employers need to take it seriously
How to prepare for GDPR
How we are working to help you
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
The General Data Protection Regulation is the biggest change to the law on data in years. This webinar features Vicky Brown, Deputy General Counsel at WPP, and Paul King, Head of Data at OgilvyOne discussing what it is, why it matters and what companies are doing.
GDPR: the Steps Event Planners Need to Followetouches
GDPR regulation is taking affect May 25th. While many event planners are nervous for what this means for their events, they don't have to be. This presentation gives an overview of the new regulation and what you need to do to stay compliant.
For more information visit https://www.thesaurus.ie or https://www.brightpay.ie
The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 with the aim of protecting all EU citizens from privacy and data breaches in an increasingly data driven world.
Payroll bureaus process large amounts of personal data, not least in relation to their customers, their customers’ employees, and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
In this CPD accredited webinar, we will peel back the legislation to outline clearly:
What is GDPR and why is it being implemented?
Why employers need to take it seriously
How it will impact payroll bureaus
How to prepare for GDPR
How we are working to help you
On-demand recording link:https://info.trustarc.com/WB-2019-06-19-GDPR-Compliance-Convince-Customers-Partners-Board.html?utm_source=slideshare
Many companies have invested significant time and resources trying to design and implement GDPR compliance programs. Internally, they may have generated hundreds or thousands of pages of project plans, policies, processes and reports – including records of processing, DPIA reports and much more. But how can you demonstrate to internal stakeholders, clients and partners that you have a comprehensive program and that your processes and products are GDPR-compliant?
This webinar will provide these key takeaways:
-The current state of an official GDPR certification and codes of conduct
-Case studies of how companies are demonstrating compliance
-The benefits of an external third party GDPR validation
Ever wonder who runs the biggest, fastest, and most lucrative bug bounty programs on the HackerOne platform? In this list, you’ll see which programs on the HackerOne platform ranked highest on the total amount of bounties awarded to hackers over the life of the program. You’ll also be able to compare and contrast these top programs by other speed, volume, and bounty metrics.
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security ReportHackerOne
Another year, another Hacker-Powered Security Report! We pulled out 100 of the report’s top facts—and then added 18 more, since it’s 2018. See below for a better understanding of how hacker-powered security is disrupting (in a good way) how organizations approach security. More security teams are adding VDPs, more are supplementing their skills and bandwidth with hackers, and more are augmenting their standard pen tests with hacker challenges.
In 2018, the HackerOne community and those using our platform have combined to crush every metric that we track. Organizations awarded more than $11 million in bounties. Hackers submitted more than 78,000 reports. Bounties were awarded to hackers in over 100 countries.
Unfortunately, the only metric that hasn’t changed much is the percentage of Forbes Global 2000 companies without vulnerability disclosure policies.
Read on for all of the facts!
Federal Trade Commission's Start With Security GuideHackerOne
Sound security is no accident. Here's what the FTC learned from more than 50 law enforcement actions related to data security, distilled down into their wonderful guide https://www.ftc.gov/system/files/documents/plain-language/pdf0205-startwithsecurity.pdf.
The Federal Trade Commission’s (FTC) job is to protect consumers. The agency’s Bureau of Consumer Protection works to investigate issues related to many areas, including data security. When they discover unfair, deceptive, or fraudulent business practices, they work with law enforcement to follow-up.
To help businesses better protect their customers’ sensitive data, they published Start With Security: A Guide for Business to surface their lessons learned from settling more than 50 law enforcement actions. The FTC found that most of the cases involved “basic, fundamental security missteps.”
What follows are suggestions from the FTC so, hopefully, you can avoid those same basic, fundamental missteps. We’ve also included the FTC’s real examples of infractions and some helpful resources.
Understanding Information Security Assessment TypesHackerOne
There are many different types of security assessments,
...and they’re not always easy to keep separately in our minds (especially for sales types).”
Enter Daniel Miessler.
Daniel Miessler is a well-known information security professional based in San Francisco. For more than 20 years, he’s been writing about his infosec projects and other interests, as he puts it, “as a means of organizing everything
I have learned and want to learn.”
With organization and education in mind, Daniel wrote a helpful post describing the major types of security assessments and how they’re unique. If you’re one of the “sales types” Daniel mentions above, or just looking to educate yourself on infosec topics, then click ahead.
So here in all its glory is Daniel Miessler’s brief description of the major types of security assessment, along with what differentiates them.
The 2018 Hacker Report: Insights on the hacker mindset, who they are, and the...HackerOne
We are in the age of the hacker. Never before has there been more opportunities to learn, more tools, more welcoming companies and more money up for grabs. At the end of last year, we tapped into our community of ethical hackers to better understand how they like to work, what’s most important to them and what needs to change. The 2018 Hacker Report is the largest survey ever conducted of the ethical hacking community with 1,698 respondents.
The Open Web Application Security Project, is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.
One of those projects, The OWASP Top Ten, provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are.
The OWASP team recently released the 2017 revised and updated version of the ten most critical web application security risks and so we’ve created these flash cards for you, your friends, and your colleagues (especially product and engineering :) to test your knowledge and learn more about these important issues.
Company-wide security awareness is a powerful way to improve the overall security of your organization. So adorn your waiting rooms, cubicles, and snack rooms with these flash cards for easy learning and remembrance.
What companies have paid the most in bug bounties to date
Highest paid bounties and average bounty amount across top programs
How long it takes to respond, pay, and respond to reported vulnerabilities
Top hackers average number of hackers that have reported bugs across each program
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
Recommendations from The United Kingdom's Information Commissioner's Office (ICO) to Prepare for May 2018.
The European General Data Protection Regulation, better known as GDPR, will take effect on May 25, 2018. When it does, every business, organization, or government agency that collects information on European Union (EU) citizens (in other words, just about everyone) will be forced to radically change how it manages customer data and security. If you don’t, the cost of noncompliance is significant: fines can reach up to €20M ($23.5M) or 4 percent of annual sales, whichever is higher.
Why Executives Underinvest In CybersecurityHackerOne
Learn how to get around misguided thinking that leads to executive under investment in cyber security, and secure the resources you need. You'll learn how to:
- Work around CEO and CFO human biases
- Motivate decision makers to invest more in cyber infrastructure
- Replace your CEO’s mental model with new success metrics
- Compare your company’s performance with similar firms to overcome executive overconfidence
Watch the full video recording!
Bug Bounties and The Path to Secure Software by 451 ResearchHackerOne
Scott Crawford, Research Director of Information Security at 451 Research, shares:
Why having a Vulnerability Disclosure Policy is now “table stakes”
The what, how and why of Vulnerability Disclosure Policy documentation
Tangible benefits and tradeoffs of incorporating bug bounties into software development
How bug bounties make for a more secure software development lifecycle
Who is a hacker? What is a bug bounty program? How do you get started with bug bounties? How much should I pay hackers who find bugs in my website and apps?
All these questions and more are answered in our bug bounty basics booklet. Learn more about the market-leading bug bounty platform and how it is the ideal choice for continuous security testing at https://www.hackerone.com/product/bounty
An Invitation to Hack: Wiley Rein and HackerOne Webinar on Vulnerability Disc...HackerOne
The private sector and federal government are increasingly considering the use of vulnerability disclosure programs and bug bounties to improve cybersecurity of connected products, websites and services.
These programs can improve security, but they present legal and practical challenges that companies should consider. In this joint webinar with Wiley Rein, Legal cybersecurity experts Megan Brown and Matthew Gardner cover the following:
A overview of vulnerability disclosure controversies and the current push for vulnerability disclosure programs, including recommendations from the FTC, NIST, NTIA, and federal programs like Hack the Pentagon;
Analyze the legal framework for vulnerability disclosure programs, including the rights companies may give up;
Look at the dangers associated with a poorly implemented program, like failing to dedicate proper resources to it;
Explore pragmatic considerations of working with hackers, including how to establish respect and proper boundaries; and
Discuss real-world examples of successful bug bounty programs.
See the full recording here: https://www.youtube.com/watch?v=-xb87hEt_Ws
How GitLab and HackerOne help organizations innovate faster without compromis...HackerOne
In this webinar, GitLab’s Product Manager, Victor Wu, dives into how GitLab helps you ship secure code, the tools they use, and a few industry best practices they follow to protect data and secrets. Then, GitLab Security Lead, Brian Neel, will explain how they leverage their community using HackerOne to spot and prioritize security issues quickly.
HackerOne Presents in China - COO Ning WangHackerOne
On a recent trip to China, HackerOne COO and CFO Ning Wang gave a presentation at Hack for Security Conference. Thanks to the hosts and awesome welcome from the community!
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...HackerOne
Hackerone Chief Bounty Officer, Adam Bacchus, a fire breathing, mohawk wearing stud presented his "Bug Bounty Reports - How Do They Work?" at Nullcon 2017 in Goa, India for the Bounty Craft tracks. In this presentation you will learn:
- How to know and research your audience
- What are the atomic materials of a good bug report?
- Good, Bad, and Ugly examples of bug reports (taxi driver anyone?)
- What are some helpful resources
- And more!!
All these juicy details will help you level-up your reporting game and get you MORE bounties, invitation to BETTER programs, and INSANE exposure and love from fellow hackers.
Meet the hackers powering the world's best bug bounty programsHackerOne
Not even the strongest or most skilled organizations have the headcount and capacity to avert system vulnerabilities on their own.
There is strength in numbers.
Hackers are that army - and at HackerOne, there's 80,000+ white hat hackers who want to make your software more secure.
Hackers ARE: Problem-solvers, Curious, Technically skilled, Diverse in background and education
Hackers are NOT: Criminals. Using their skills for a malicious purpose
This presentation dives into *who these hackers are and what motivates them. We look at some successful hacker profiles and see what separates the best from the rest.
WINDING UP of COMPANY, Modes of DissolutionKHURRAMWALI
Winding up, also known as liquidation, refers to the legal and financial process of dissolving a company. It involves ceasing operations, selling assets, settling debts, and ultimately removing the company from the official business registry.
Here's a breakdown of the key aspects of winding up:
Reasons for Winding Up:
Insolvency: This is the most common reason, where the company cannot pay its debts. Creditors may initiate a compulsory winding up to recover their dues.
Voluntary Closure: The owners may decide to close the company due to reasons like reaching business goals, facing losses, or merging with another company.
Deadlock: If shareholders or directors cannot agree on how to run the company, a court may order a winding up.
Types of Winding Up:
Voluntary Winding Up: This is initiated by the company's shareholders through a resolution passed by a majority vote. There are two main types:
Members' Voluntary Winding Up: The company is solvent (has enough assets to pay off its debts) and shareholders will receive any remaining assets after debts are settled.
Creditors' Voluntary Winding Up: The company is insolvent and creditors will be prioritized in receiving payment from the sale of assets.
Compulsory Winding Up: This is initiated by a court order, typically at the request of creditors, government agencies, or even by the company itself if it's insolvent.
Process of Winding Up:
Appointment of Liquidator: A qualified professional is appointed to oversee the winding-up process. They are responsible for selling assets, paying off debts, and distributing any remaining funds.
Cease Trading: The company stops its regular business operations.
Notification of Creditors: Creditors are informed about the winding up and invited to submit their claims.
Sale of Assets: The company's assets are sold to generate cash to pay off creditors.
Payment of Debts: Creditors are paid according to a set order of priority, with secured creditors receiving payment before unsecured creditors.
Distribution to Shareholders: If there are any remaining funds after all debts are settled, they are distributed to shareholders according to their ownership stake.
Dissolution: Once all claims are settled and distributions made, the company is officially dissolved and removed from the business register.
Impact of Winding Up:
Employees: Employees will likely lose their jobs during the winding-up process.
Creditors: Creditors may not recover their debts in full, especially if the company is insolvent.
Shareholders: Shareholders may not receive any payout if the company's debts exceed its assets.
Winding up is a complex legal and financial process that can have significant consequences for all parties involved. It's important to seek professional legal and financial advice when considering winding up a company.
ALL EYES ON RAFAH BUT WHY Explain more.pdf46adnanshahzad
All eyes on Rafah: But why?. The Rafah border crossing, a crucial point between Egypt and the Gaza Strip, often finds itself at the center of global attention. As we explore the significance of Rafah, we’ll uncover why all eyes are on Rafah and the complexities surrounding this pivotal region.
INTRODUCTION
What makes Rafah so significant that it captures global attention? The phrase ‘All eyes are on Rafah’ resonates not just with those in the region but with people worldwide who recognize its strategic, humanitarian, and political importance. In this guide, we will delve into the factors that make Rafah a focal point for international interest, examining its historical context, humanitarian challenges, and political dimensions.
A "File Trademark" is a legal term referring to the registration of a unique symbol, logo, or name used to identify and distinguish products or services. This process provides legal protection, granting exclusive rights to the trademark owner, and helps prevent unauthorized use by competitors.
Visit Now: https://www.tumblr.com/trademark-quick/751620857551634432/ensure-legal-protection-file-your-trademark-with?source=share
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptxanvithaav
These slides helps the student of international law to understand what is the nature of international law? and how international law was originated and developed?.
The slides was well structured along with the highlighted points for better understanding .
Military Commissions details LtCol Thomas Jasper as Detailed Defense CounselThomas (Tom) Jasper
Military Commissions Trial Judiciary, Guantanamo Bay, Cuba. Notice of the Chief Defense Counsel's detailing of LtCol Thomas F. Jasper, Jr. USMC, as Detailed Defense Counsel for Abd Al Hadi Al-Iraqi on 6 August 2014 in the case of United States v. Hadi al Iraqi (10026)
Car Accident Injury Do I Have a Case....Knowyourright
Every year, thousands of Minnesotans are injured in car accidents. These injuries can be severe – even life-changing. Under Minnesota law, you can pursue compensation through a personal injury lawsuit.
Responsibilities of the office bearers while registering multi-state cooperat...Finlaw Consultancy Pvt Ltd
Introduction-
The process of register multi-state cooperative society in India is governed by the Multi-State Co-operative Societies Act, 2002. This process requires the office bearers to undertake several crucial responsibilities to ensure compliance with legal and regulatory frameworks. The key office bearers typically include the President, Secretary, and Treasurer, along with other elected members of the managing committee. Their responsibilities encompass administrative, legal, and financial duties essential for the successful registration and operation of the society.
Everything you Need to Know about The Data Protection Officer Role
1. The Data Protection Officer (DPO):
Everything You Need to Know
Debra J. Farber, JD, CISSP-ISSMP, CIPP/US/E/IT/G, CIPM, FIP
U.S. Chief Privacy Officer, CRANIUM
2. Who am I?
• Consultant and non-practicing lawyer;
• 14 years experience operationalizing privacy and security;
• Executive Consultant & CPO at CRANIUM;
• Advisor to BigID;
• IEEE Personal Data Privacy Working Group;
• IAPP CIPT Exam Development Advisory Board;
• Sr. Director, Global Public Policy (Security & Privacy) at Visa;
- Member of the Advancing Cyber Resilience Working Group at
The World Economic Forum (WEF);
• Co-Founder of Women in Security & Privacy (WISP);
• Sr. Privacy Consultant & Product Manager at TrustArc;
• CEO & Principal at Farber Strategies Inc.;
- Executive Faculty at IANS;
- Professional Privacy Faculty Member at the IAPP;
• Director Product & Platform Privacy at Numera;
• Chief Privacy Officer at The Advisory Board Company;
• Managing Consultant (Privacy & Security) at IBM Global Services;
• Sr. Manager, Privacy & Policy at Revolution Health;
• Manager, Online Privacy at American Express
@privacyguru
3. Agenda
• The EU’s GDPR in 60 seconds
• When does an organization need to hire, appoint, or contract with a DPO?
• To whom should the DPO report to remain “independent” & avoid a conflict of
interest?
• Who can serve in the DPO role?
• What are the DPO’s responsibilities?
• Alphabet Soup: CPO vs. DPO vs. CISO
• The war for talent & how companies are staffing the DPO role
• Questions?
3
6. When does an organization need to hire, appoint,
or contract with a DPO?
7. The GDPR states that appointing a DPO is
mandatory to facilitate compliance with
the GDPR in the following 3 specific cases:
• You are a Public Authority or Body, or acting
as one;
• Your core activity consists of processing
personal data “on a large scale,” which
requires “regular & systematic monitoring;”
or
• Your core activity consists of processing “on
“a large scale special categories of data.”
You may still choose to appoint a DPO even when
the GDPR does not require it.
8.
9. 9
What Percentage of Your Software
Vulnerabilities have GDPR Implications?
DOWNLOAD THE FREE E-BOOK
We talked with LocalTapiola, a Finnish financial
services company, about their efforts to prepare for
GDPR and did our own analysis showed that
25% of bugs on HackerOne have GDPR implications
GDPR Article 33 states that data breaches must be disclosed to the organization’s supervisory authority “without
undue delay and, where feasible, not later than 72 hours after having become aware of it.” It’s not uncommon these
days for organizations to require weeks or months to remedy a vulnerability.
Our advice regarding GDPR has always been to find and fix vulnerabilities before they can be exploited. There’s no
disclosure requirement for bugs, only for breaches, and running a bug bounty program is a great way to identify
vulnerabilities before the bad guys do.
10. To whom should the DPO report to remain
“independent” & avoid a conflict of interest?
11. The DPO must be “independent”?
A DPO cannot hold a position within the organization that leads them to determine the “purposes and the
means of the processing” of personal data or that otherwise creates a conflict.
Data controllers or processors should:
• Identify positions which would be incompatible with the DPO function;
• Draw up internal rules to avoid “conflicts of interests;”
• Formally declare via internal & external comms & in policy documentation that the DPO has no conflict of interests with regard to
function as a DPO, as a way of raising awareness of this requirement;
• Include safeguards within the organization’s internal rules and ensure that the publicly-posted DPO job description or the services
contract for an External DPO is sufficiently precise and detailed in order to avoid a conflict of interests.
More likely an independent reporting line: More likely a conflict of interest reporting line:
- Chief Compliance Officer; - Chief Privacy Officer;
- Audit team; - Chief Information Security Officer;
- Report directly to the CEO, COO, Board, etc.; - Chief Information Officer;
- External contractor (i.e., outside consultant or counsel) - Business Line reporting: i.e., Marketing, HR, Product, etc.;
reporting to a C-level officer or the Board; - Reporting up to other business executives who determines the
- Other reporting line without conflicts purpose & means of processing
12. Obligations to support your independent DPO
Your org is ultimately responsible for GDPR compliance & must be able to demonstrate that
compliance, not the DPO.
The Article 29 Working Party called out the following activities as necessary for an org to properly support its DPO:
• Active support of the DPO by senior management – i.e., Board-level, C-level;
• Sufficient time to fulfill their duties;
• Financial, infrastructure and staff resources;
• Official communication of the DPO appointment to all employees;
• Access to stakeholders such as HR, Legal, IT, Security etc.;
• Continuous training; and
• A DPO team depending on the size and structure of the organization;
The DPO’s employer may NOT:
• Instruct the DPO on how to deal with a matter, what result should be achieved, how to investigate a complaint, or whether to
consult the Supervisory Authority (“SA”); or
• Instruct the DPO to take a certain view of an issue related to data protection law or follow a particular legal interpretation.
14. The GDPR does not specify the precise credentials a DPO is
expected to have. However, the WP29 defines certain minimum
requirements regarding the DPO’s expertise & skills:
• Level of Expertise: It is essential that the DPO understand
how to build, implement, & manage data protection
programs. The more complex or high-risk the data
processing activities are, the greater the expertise the
DPO will need.
• Professional Qualities: DPOs need not be lawyers, but
they must have expertise in member state and European
data protection law, including an in-depth knowledge of
the GDPR. DPOs must also have a reasonable
understanding of the organization's technical and
organizational structure and be familiar with information
technologies and data security.
• In the case of a public authority or body, the DPO should
have sound knowledge of its administrative rules &
procedures.
16. •Collect information to identify and analyze processing activities;
•Analyze and check the compliance of processing activities
•Conduct audits to ensure GDPR compliance & address potential issues
Monitor
Compliance
•Inform, advise, & issue recommendation on data handling to the
controller or processor – e.g., based on DPIAs
•Educate company / employees on GDPR obligations & other data
protection requirements; and train data handling staff
Inform &
Advise
•Cooperate with the Supervisory Authorities (“SA”) & make the
organization’s records available on request
•Proactively report issues with data processing, such as data breaches
Coordinate
with the SA
•Serve as single point of contact for data subjects inquiries
•Provide information on data subjects’ rights related to the org’s data
protection practices, withdrawal of consent, the right to be forgotten, &
other rights
Serve as
Privacy
Contact
According to the GDPR, the DPO must perform the following tasks:
17. •Effectively communicate to personnel, the appointment of the DPO and his or her functions;
•Ensure the DPO has significant independence in the performance of his or her role;
•Ensure a direct reporting line “to the highest management level” of the company;
•Involve the DPO at earliest stage possible in all issues relating to privacy & data protection;
•Invite the DPO to participate in senior management meetings to represent privacy & data protection interests.
Effective
Governance
•Provide sufficient time & resources (financial, infrastructure, equipment, training, & staff) necessary for the DPO
to keep up-to-date with data privacy & security developments and to carry out tasks effectively & efficiently.
Resources
& Training
•Provide appropriate access to personal data that the organization processes, including access to the systems;
•Promptly consult the DPO in the event of a personal data breach or security incident;
•The DPO’s opinion must be given due weight. Should the business choose not to follow the advice of the DPO,
the business should document the reasons for such decision.
Appropriate
Access
•DPOs may perform other tasks and duties provided they do not create conflicts of interest (e.g., training the
Board, executives, & employees);
•Job security: the GDPR expressly prevents dismissal or penalty of the data protection officer for performance of
her tasks and places no limitation on the length of this tenure.
Other
Functions
Orgs have GDPR obligations to support the DPO:
18. DPO Job Description (example)
Expertise and Professional Qualities
• Expertise in national & European data protection laws and practices and an in-depth
understanding of the GDPR;
• Years of experience in data protection program management commensurate with
the sensitivity, complexity, & amount of data the employer processes;
• Integrity & high professional ethics;
• Can handle info & business affairs w/ secrecy & confidentially as appropriate;
• Demonstrated leadership & project management experience;
• Ability to communicate effectively with the highest levels of management &
decision-making within the organization;
• Familiarity with privacy and security risk assessment and best practices, privacy
certifications/seals, and information security standards certifications;
• Sound understanding of and familiarity with information technology programming &
infrastructure, and information security practices and audits;
• Ability to communicate effectively with data subjects, data protection authorities, &
other controllers and processors across national boundaries and cultures;
• Adequate self-awareness & confidence to acknowledge knowledge gaps and seek to
fill them from reliable sources;
• Knowledge of the business sector & of the employer’s organization;
• Sufficient understanding of the processing operations carried out, as well as the
information systems, and data security and data protection needs of the employer;
• In the case of a public authority or body, the DPO should also have a sound
knowledge of the administrative rules and procedures of the organization.
DPO Tasks
• Inform, advise, & issue recommendations regarding GDPR compliance;
• Foster a culture of data protection within the org & help to implement essential
elements of the GDPR, such as the principles of data processing, data subjects’
rights, data protection by design & by default, records of processing activities,
security of processing, & notification and communication of data breaches
• Advise the controller/processor regarding:
• Whether or not to carry out a data protection impact assessment (“DPIA”),
• What methodology to follow when carrying out a DPIA,
• Whether to carry out the DPIA in-house or outsource it,
• What safeguards (including technical and organizational measures) to
apply to mitigate any risks to the rights and interests of the data subjects,
• Whether or not the DPIA has been correctly carried out and whether its
conclusions (whether or not to go ahead with the processing and what
safeguards to apply) are in compliance with the GDPR;
• Maintain the record of processing operations under the responsibility of the
controller as one of the tools enabling compliance monitoring, informing and
advising the controller or the processor;
• Document all decisions taken consistent with and contrary to DPO’s advice;
• Offer consultation once a data breach or other incident has occurred.
• Ability to fulfill tasks
• Adequate and regular ongoing training;
• Self-starter and ability to act independently
20. Responsible for setting and implementing
global data handling policies & rules, and
advising the business on the ways and
means of processing
Responsible for putting in place data
protection by design and default;
complete DPIAs where processing of
personal data poses a “high-risk”
Responsible for GDPR documentation: e.g.
records of processing; subject access
requests;
Responsible for implementing processes
into the business that respect the rights of
the data subject (e.g., rights to access,
rectification, portability, erasure, etc.)
Responsible for securing global
corporate infrastructure,
applications, IP, & personal data
Support CPO by answering security
questions
Responsible for implementation of
appropriate technical &
organizational measures to ensure a
level of security appropriate to risk
Responsible for ensuring the security
of the systems and transactions with
respect to the rights of data subjects
Responsible for oversight of EU privacy,
data protection, & security compliance
Advise CPO on when a DPIA is necessary
& the risk-based methodology to use;
review risks identified by DPIA for GDPR
compliance
Advise the CPO & CISO on meeting GDPR
documentation requirements, mitigating
security controls, whether controls have
been accurately carried out
Advise the organization on whether it is
appropriately respecting the rights of
data subjects
* The DPO may benefit from support from a Data Protection Office.
* The DPO may be physically located in another jurisdiction.
21. The war for talent & how companies are staffing
the DPO role
22.
23. Contact Info:
Debra J. Farber
debra.farber@craniumusa.com
@privacyguru @CraniumUSA
https://www.linkedin.com/in/privacyguru
24. HackerOne Response: The VDP SaaS Platform
Benefits of a VDP Platform
Better signal:noise ratio
Decorate reports with industry standards (cvss, cwe, affected asset)
Better data security via encryption
Streamlined workflow and comms process
Easier and more informative reporting
DOWNLOAD THE FREE E-BOOK
Email is not a very good
mechanism for tracking multiple
cases at once. Vendors...should
consider setting up a web-based
case tracking system instead.
CERT CVD Guide, page 58
Section 7.1.1.1 and 7.1.4
GDPR requires companies to maintain “...a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational
measures for ensuring the security of the processing,” which is exactly where bug bounties fit in.
Our specialized product for PSIRT teams, HackerOne Response, has helped orgs like GM, DoD, and Adobe achieve their goals