Dear CISO: All Organizations Need Perpetually-Updated Data Visibility

| | Dear CISO
Network controls have been historically proven to be very capable in limiting access to networks and therefore the data held within them. As our networks have evolved, so have these controls. However, even with these more complex controls, the fact still remains that network criteria have been chosen as the ... Read More

Dear CISO: Who is Responsible for Data Privacy?

| | Dear CISO
In Theory: The legal team/DPO should lead the privacy policy as well as manage direct interaction with data subjects, such as DSAR management. Security should lead the implementation of the privacy policy, including how to create, monitor, and protect the organization’s personal data inventory. In Practice: CISOs have the knowledge, ... Read More

Dear CISO: Partial Inventory is No Inventory at All

| | Dear CISO
GDPR started it and others followed. Unlike with other sensitive data assets that we as CISOs need to manage, it's now quite clear what is expected of us regarding personal data. After analyzing all these expectations (more like requirements) and merging them into practical actions, the only practical solution is ... Read More

Dear CISO: Partial Inventory is No Inventory at All

|
GDPR started it and others followed. Unlike with other sensitive data assets that we as CISOs need to manage, it's now quite clear what is expected of us regarding personal data. After analyzing all these expectations (more like requirements) and merging them into practical actions, the only practical solution is ... Read More
🙂

Dear CISO: Where to Look for Personal Data

| | Dear CISO
Dear CISO, It has come to my attention that recent regulations require us to manage personal data in a very specific way. I trust that the security teams that report to you are now managing sensitive data such as our customer info in a very controlled way, backed up by ... Read More

Dear CISO: Where to Look for Personal Data

| | Uncategorised
Dear CISO, It has come to my attention that recent regulations require us to manage personal data in a very specific way. I trust that the security teams that report to you are now managing sensitive data such as our customer info in a very controlled way, backed up by ... Read More