Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Good Privacy Move by the U.S. Treasury Department | Main | Don't Underestimate Motivation for Hacking or Cybercrime »

Effectively Partnering Information Security and Privacy For Business Success

The number of information security and privacy incidents are not on the decline; quite to the contrary.  As the amount of data and information continues to grow exponentially, as the flavors of information technologies continue to be cooked up and become quickly ladled into the business environment, as computers and data bytes become more mobile, and as the ethereal world gets more intimate as systems continue to become interconnected, more incidents will occur, more data protection laws will emerge, and more ways to compromise data and systems will continue to appear. 

Establishing effective privacy and information security strategies has moved to the top of the list for companies maintaining customer and employee information. However, there are often gaps in communication and coordination between privacy and information security activities, creating risks for incidents, duplication of effort, contradictory privacy and security initiatives, along with contractual and regulatory noncompliance.

Successful efforts require privacy and information security strategies to be complementary and integrated throughout all of the enterprise, within every business process stage and at every level within the organization.  There must be documented processes for addressing information security and privacy throughout the entire applications and systems development lifecycle.  There must be coordinated and mutually supportive information security and privacy awareness and training efforts.  Corporate policies, and website policies, must establish clear requirements for personnel to follow to safeguard information, in addition to complying with applicable laws and regulations.  There must be processes to ensure the security of information entrusted to third parties.  A corporate information security and privacy framework must be built, using the concepts from such already established and globally supported frameworks as COBIT, ITIL, ISO27001 (BS7799), and the OECD privacy principles, to address these, and other, major information security and privacy issues that will turn out to be your company's security and privacy Achilles' heel if you don't.

I had the opportunity to work with Christopher Grillo to create a workshop,"Effectively Partnering InfoSec and Privacy For Business Success" that provides insight into Privacy and Information Security practitioners' roles and responsibilities within the organization and offers not only guidance and discussion for how to effectively work together, but we have also spent literally hundreds of hours creating tools to help support information security and privacy that we provide to workshop attendees.  Businesses are now successfully using these tools to make their information seccurity and privacy efforts more efficient and effective. 

Within our workshop, through presentation, discussion, and case-studies, attendees will obtain a better understanding of the challenges faced by both information security and privacy, and be able to create a workable framework for integrating efforts. Participants take away tools for building an effective Privacy and Information Security framework, a roadmap for creating synergy between the groups, and many tools and methodologies to start using right away to result in positive business impact. 

If you take our workshop along with the CSI conference in November, you will save $200 on the regular workshop cost.  I was happy to recently learn that CSI is allowing us to give a discount code for our workshop through my blog; if you only want to attend our workshop, then you can save $100 by using the code PR133 when you register. 

If you already have an integrated, highly successful information security and privacy program in place, that is great!!  I know it takes a lot of effort to have a successful program.  You likely have spent a great amount of figurative blood, sweat and tears in making your program effective and successful. 

I also know there are so many new and evolving challenges that even the most dedicated and hard-working information security and privacy professionals can benefit from new ideas, interactions with others, and effective tools and resources.  If you want to improve your information security and privacy programs, or need help establishing them, I hope you're able to join us.  After all the hard work we put into creating this workshop, I am happy to know that the people who have attended have told Christopher and I that they found it very valuable, and that they were very pleasantly surprised by the large amount of tools and reference material we provided to the workshop attendees.

Technorati Tags






 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on September 6, 2006 8:53 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/178

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.