Information Security and Privacy Professionals Must Partner on Over 15 Different Enterprise Issues
Recently I read a print article written by a prominant privacy officer at a well-known company who has been writing a lot of articles about privacy over the past couple of years. She is successful and usually has some good advice, but what worried me about the latest article I read, and some of her other articles, is that she specifies that certain issues are handled by IT and/or the information security officer, so privacy officers do not need to worry about them or even know much, if anything at all, about them. The topics she's mentioned have been encryption, outsourcing IT functions, and information security policies, just to name a few.
Successful information protection efforts require privacy and information security strategies to be complementary and integrated throughout all of the enterprise, within every business process stage and at every level within the organization.
Christopher Grillo and I created a workshop,"Handling Complex and Difficult Privacy and Information Security Issues" that we will be giving at the upcoming Computer Security Institute NetSec conference in June at Scottsdale, Arizona.
Within our workshop we discuss over 15 topics/issues that *BOTH* information security and privacy must address in harmony and partnership. We provide insight into Privacy and Information Security practitioners' roles and responsibilities within the organization and offer not only guidance and discussion for how to effectively work together, but we have also spent literally hundreds of hours creating tools to help support information security and privacy that we provide to workshop attendees. Businesses are now successfully using these tools to make their information seccurity and privacy efforts more efficient and effective.
I am happy to be able to offer a $100 savings to you for the workshop; just enter the code PRN07 when you register.
If you already have an integrated, highly successful information security and privacy program in place, that is great!! I know it takes a lot of effort to have a successful program. You likely have spent a great amount of figurative blood, sweat and tears in making your program effective and successful.
If you are able, please join us! I love talking with information assurance folks about the issues involved with information security, privacy and compliance, and I would enjoy sharing these many tools and ideas with you to help you with your responsibilities.
We are also happy to give this workshop through other organizations and directly to corporations and other entities that are dealing with these problems, so if you want more informaiton about how to get this onsite at your company, please send me a note.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
Comments
Will "Handling Complex and Difficult Privacy and Information Security Issues" be provided via a pod cast at some point?
Posted by: mike nappi | April 25, 2007 11:01 PM
Hi Mike, "Handling Complex and Difficult Privacy and Information Security Issues" is a very full 2-day interactive training session that includes case study analysis, class discussion and many different tools for practitioners to use to help them coordinate and implement their information security and privacy initiatives. The class itself would not work well for a podcast. However, now that you asked about it, I may consider doing a podcast specifically about the overlapping areas sometime...I'm not sure when I would get a chance to do that, though. Probably not until July or later.
Thanks for the question!
Posted by: Rebecca | April 26, 2007 10:44 AM
To me, it seems like privacy and IT should go hand in hand. Shouldn't these departments be working together? Information security should be used to maintain privacy of information. I can't really see how one would exist without the other, in this case.
Posted by: Mila | April 30, 2007 3:22 PM
Thanks for your note, Mila.
Indeed! Privacy and information security must work closely together, but I have seen a complete disconnect in way too many organizations...I believe still an overwhelming majority of businesses.
The organizations in which privacy and information security work closely together have a good handle on safeguarding PII and privacy compliance. They also have happier customers that know their PII is being seriously and securely managed.
Posted by: Rebecca | May 3, 2007 9:11 AM
I think that definitely stems from departments functioning as separate departments, rather than one united team. This is a challenge that many companies are struggling with... especially large firms with hundreds (or thousands) of employees who don't often interact with those outside their immediate work group.
Posted by: Mila | May 7, 2007 4:36 PM