Coordinating Privacy and Infosecurity for Effective Data Protection
An effective data protection framework doesn’t just consist of a legal compliance strategy and a set of security controls. Pulling all of the disparate pieces together is a continued challenge for privacy professionals and infosecurity professionals and compels better coordination between both. This Webinar will set a foundation in existing U.S. and European data security laws and regulations, identify security configuration standards that are consistent with this foundation and then describe a security governance framework that makes it all operational. Also discussed will be how a successfully deployed identity and access management (IAM) solution can help ensure consumer trust in an organization’s data protection policies and practices.
An expert analysis of the key U.S. and European privacy laws and regulations which impose specific security requirements on companies that handle personal information. This section will the explore legal definitions of, and considerations for, “reasonable security” as well as identify legally-mandated security controls, incident response requirements and enforcement actions for security breaches as these exist today.
A foundational layer of security that supports higher level security objectives such as data protection, privacy, role-based access, and identity management is available via a powerful array of technical security controls embedded in the software that operates the systems and devices currently used for managing information. This segment will identify widely used technical control configuration benchmarks based on expert consensus that are available for building a security foundation.
This presentation will describe information security governance as the foundation for protecting business data and ensuring the privacy of personal information held by the business. The presentation will describe: • Characteristics of effective security governance • A implementation framework for security governance, data protection, and privacy • An approach for prioritizing security governance investment decisions using business-based criteria
