SlideShare ist ein Scribd-Unternehmen logo

Data Protection: An Approach to Privacy

Als PPTX, PDF herunterladen
Symptai Consulting Limited
Symptai Consulting Limited

This document outlines key aspects of establishing an effective privacy program. It discusses defining a privacy mission and strategy, establishing a governance team, developing a framework aligned to policies and standards, and defining performance metrics. It also covers the privacy operational lifecycle, including assessing privacy using maturity models, protecting data through its lifecycle via data lifecycle management and privacy by design, sustaining privacy through compliance monitoring and audits, and responding to incidents and requests. The presenter provides this overview to help organizations effectively address privacy through all stages from assessment to response.

Daten & Analysen
1 von 21
DATA PROTECTION Andrew Nooks An Approach To Privacy
Symptai • Symptai Consulting Limited is an independent IS Audit, Security & Business Assurance firm founded in 1998. • We are an industry leader in technology consulting services for assurance, security, business processes, and compliance with numerous success stories and excellent client retention rates.
Symptai Consulting Ltd Director eGov Jamaica Member, Board of Directors Andrew A. Nooks Certs: CISA, CISSP, CISSP-ISSAP, CIPM, CSSLP, CISM, CRISC, PCIP, ISO27001, ITSM Interests: Volleyball Swimming Aikido
Disclaimer • This presentation is based on research collated from the Internet leveraging articles from the International Association of Privacy Professionals (IAPP), an organization of which I am a member, and its contributors. • I have also leveraged my own experience being as an IS practitioner for over twenty-five (25) years of which thirteen (13) of which has been dedicated to Information Security and related controls to include privacy, as well as and the knowledge and experience from the Symptai team.
Definition of Privacy Privacy The right to be left alone, or freedom from interference or intrusion. Information privacy The right to have some control over how your personal information is collected and used. Impact How organization protect data in its various states: At rest, in-transit and in use.
Why is Privacy Important? Due to advancement in technological innovation, information privacy is becoming more complex by the minute as more data is being collected and exchanged. As the technology gets more sophisticated so do the uses of data. This leaves organizations facing an incredibly complex risk matrix for ensuring that personal information is protected.
In the News (Source https://www.scmagazine.com) Source: https://iapp.org/news
Business Risk • Health • Banking • Insurance • Telecoms Inherent High Risk • GDPR and other Data Protection Legislations • PCI DSS • HIPAA Legal & Compliance
Primary Components of a Privacy Program Privacy Program Governance Privacy Operational Life-Cycle Management
Privacy Program Governance • Vision and Mission • Develop a strategy • Team structure and composition Strategy Management
Privacy Program Governance • Vision and Mission • Develop a strategy • Team structure and composition Strategy Management • Frameworks • Policies Procedures Standards and guidelines Framework
Privacy Program Governance • Vision and Mission • Develop a strategy • Team structure and composition Strategy Management • Frameworks • Policies Procedures Standards and guidelinesFramework • Metrics and measurements (identify, Define, Select, Collect, Analyze) Performance
Business Case • Organizational Privacy Office Guidance • Define Privacy • Laws and Regulations • Technical Controls • External Privacy Organizations • Industry Frameworks • Privacy information Technology • Education and Awareness • Program Assurance
Privacy Operational Lifecycle Assess Protect Sustain Respond
Assess • AICPA/CICA Privacy Maturity Model • GAPP • Privacy by Design Assessment Models • Data • Systems • Processes Assess Business Privacy Operational Lifecycle Assess Protect Sustain Respond
• Need for DLM • DLM Principles Data Lifecycle Management • Standards and Frameworks Information Security Practices • Proactive, Default Settings • Embedded, End2End Protection • Transparency, Respect for Users Privacy by Design • Privacy Impact Assessments • Risk Assessments Analyze and Assess Privacy Operational Lifecycle Assess Protect Sustain Respond Protect
• Compliance with Privacy Policy • Monitor regulations and legislation • Compliance and Risk • Environment Monitor • Align Privacy operations • Compliance with Policies and Standards • Access Modification Disclosure • Communication of Findings Audit • Awareness • Flexibility • Catalog and maintain documents • Train Communicate Sustain Privacy Operational Lifecycle Assess Protect Sustain Respond
• Handling, Access • Redress, Correction • Integrity Information Request • Preventing Harm • Accountability • Monitoring Legal Compliance • Roles and Responsibility • Integration in BCP • Detection Incident Planning • Pre-notification • Response Plan, Plan Execution • Reporting, Evaluation Incident Handling Respond Privacy Operational Lifecycle Assess Protect Sustain Respond
In Summary 1. Define the privacy mission statement 2. Develop a strategy 3. Define team structure 4. Develop a framework – aligned to organization 5. Develop and communicate policies, procedures, standards and guidelines 6. Define performance metrics 7. Assess the based on governance model 8. Protect – DLM, Info Sec embedding privacy in the organization 9. Conduct RA and PIA 10. Monitor, audit and communicate 11. Respond to request 12. Accountability 13. Incident management
Additional Reading • IAPP.org • APEC.org • ICO.gov.uk • Priv.gc.ca • OECD.org
Questions? Andrew Nooks Symptai Consulting Limited Email: info@symptai.com

Empfohlen

ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
PECB
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
PECB
 
GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?
Patrick Soenen
 
GDPR RACI.pdf
GDPR RACI.pdfGDPR RACI.pdf
GDPR RACI.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
Ãsħâr Ãâlâm
 
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdfAll about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
PECB
 
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
PECB
 

Empfohlen

ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
PECB
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
PECB
 
GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?
Patrick Soenen
 
GDPR RACI.pdf
GDPR RACI.pdfGDPR RACI.pdf
GDPR RACI.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
Ãsħâr Ãâlâm
 
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdfAll about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
PECB
 
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
PECB
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
PECB
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
Eryk Budi Pratama
 
SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and You
Schellman & Company
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation Guide
NA Putra
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...
Hernan Huwyler, MBA CPA
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to know
PECB
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
PECB
 
Aujas Cyber Security
Aujas Cyber SecurityAujas Cyber Security
Aujas Cyber Security
VivianMarcello3
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Eryk Budi Pratama
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
PECB
 
DLP Executive Overview
DLP Executive OverviewDLP Executive Overview
DLP Executive Overview
Kim Jensen
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
IT Governance Ltd
 
IT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation SlidesIT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation Slides
SlideTeam
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guide
mfmurat
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
Julia Urbina-Pineda
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program Implementation
Eryk Budi Pratama
 
CISM sertifikacija
CISM sertifikacijaCISM sertifikacija
CISM sertifikacija
BKA (Baltijos kompiuteriu akademija)
 
CISA sertifikacija
CISA sertifikacijaCISA sertifikacija
CISA sertifikacija
BKA (Baltijos kompiuteriu akademija)
 

Weitere ähnliche Inhalte

Was ist angesagt?

GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
PECB
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to know
PECB
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
PECB
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
PECB
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
IT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation SlidesIT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation Slides
SlideTeam
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guide
mfmurat
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 

Was ist angesagt? (20)

GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
 
SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and You
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation Guide
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to know
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
 
Aujas Cyber Security
Aujas Cyber SecurityAujas Cyber Security
Aujas Cyber Security
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
DLP Executive Overview
DLP Executive OverviewDLP Executive Overview
DLP Executive Overview
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
IT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation SlidesIT Security PowerPoint Presentation Slides
IT Security PowerPoint Presentation Slides
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guide
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program Implementation
 

Ähnlich wie Data Protection: An Approach to Privacy

Professional Designations IT Assurance
Professional Designations IT AssuranceProfessional Designations IT Assurance
Professional Designations IT Assurance
a3virani
 
Navigate LLC Overview
Navigate LLC OverviewNavigate LLC Overview
Navigate LLC Overview
Sarah Carroll
 
Asis 2013 april updates
Asis 2013 april updatesAsis 2013 april updates
Asis 2013 april updates
Peggy OConnor
 
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
ssuserde23af
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014
Paul Simidi
 

Ähnlich wie Data Protection: An Approach to Privacy (20)

CISM sertifikacija
CISM sertifikacijaCISM sertifikacija
CISM sertifikacija
 
CISA sertifikacija
CISA sertifikacijaCISA sertifikacija
CISA sertifikacija
 
Privacy frameworks 101
Privacy frameworks 101Privacy frameworks 101
Privacy frameworks 101
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
 
isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.ppt
 
Ttss consulting(1)
Ttss consulting(1)Ttss consulting(1)
Ttss consulting(1)
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
5548 isaca for-students
5548 isaca for-students5548 isaca for-students
5548 isaca for-students
 
Professional Designations IT Assurance
Professional Designations IT AssuranceProfessional Designations IT Assurance
Professional Designations IT Assurance
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 
Navigate LLC Overview
Navigate LLC OverviewNavigate LLC Overview
Navigate LLC Overview
 
Dont let governance risk and compliance be a roll of the dice | ESPC22
Dont let governance risk and compliance be a roll of the dice | ESPC22 Dont let governance risk and compliance be a roll of the dice | ESPC22
Dont let governance risk and compliance be a roll of the dice | ESPC22
 
ACSPL PROFILE - FEB 2021.pptx
ACSPL PROFILE - FEB 2021.pptxACSPL PROFILE - FEB 2021.pptx
ACSPL PROFILE - FEB 2021.pptx
 
Asis 2013 april updates
Asis 2013 april updatesAsis 2013 april updates
Asis 2013 april updates
 
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
 
CNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security ProgramsCNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security Programs
 
CNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security ProgramsCNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security Programs
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014
 
Belgina ism-v3 3
Belgina ism-v3 3Belgina ism-v3 3
Belgina ism-v3 3
 

Mehr von Symptai Consulting Limited

Mehr von Symptai Consulting Limited (19)

Embracing the Risk and Opportunity of AI & Cloud.pptx
Embracing the Risk and Opportunity of AI & Cloud.pptxEmbracing the Risk and Opportunity of AI & Cloud.pptx
Embracing the Risk and Opportunity of AI & Cloud.pptx
 
Migrating to the Cloud - From Preparation to Operation copy.pdf
Migrating to the Cloud - From Preparation to Operation copy.pdfMigrating to the Cloud - From Preparation to Operation copy.pdf
Migrating to the Cloud - From Preparation to Operation copy.pdf
 
Integrated Security for Software Development and Advanced Penetration Testing...
Integrated Security for Software Development and Advanced Penetration Testing...Integrated Security for Software Development and Advanced Penetration Testing...
Integrated Security for Software Development and Advanced Penetration Testing...
 
Strengthening Caribbean Business against Cyber Attacks May 18.pdf
Strengthening Caribbean Business against Cyber Attacks May 18.pdfStrengthening Caribbean Business against Cyber Attacks May 18.pdf
Strengthening Caribbean Business against Cyber Attacks May 18.pdf
 
Keeping security relevant amid digital transformation
Keeping security relevant amid digital transformationKeeping security relevant amid digital transformation
Keeping security relevant amid digital transformation
 
Realizing the benefits of Digital Transformation
Realizing the benefits of Digital TransformationRealizing the benefits of Digital Transformation
Realizing the benefits of Digital Transformation
 
Securing Devices at Home
Securing Devices at HomeSecuring Devices at Home
Securing Devices at Home
 
Preparing your Business for the Data Protection Bill
Preparing your Business for the Data Protection BillPreparing your Business for the Data Protection Bill
Preparing your Business for the Data Protection Bill
 
Why cost optimization is the way of the future
Why cost optimization is the way of the futureWhy cost optimization is the way of the future
Why cost optimization is the way of the future
 
Best practices for PCI compliance
Best practices for PCI compliance Best practices for PCI compliance
Best practices for PCI compliance
 
The role of Technology: Battling Financial Crime
The role of Technology: Battling Financial CrimeThe role of Technology: Battling Financial Crime
The role of Technology: Battling Financial Crime
 
Data Analytics: Improving Business
Data Analytics: Improving BusinessData Analytics: Improving Business
Data Analytics: Improving Business
 
IT Audit - Evolve and Stay in the Game
IT Audit - Evolve and Stay in the GameIT Audit - Evolve and Stay in the Game
IT Audit - Evolve and Stay in the Game
 
Balancing Privacy and Digitization
Balancing Privacy and DigitizationBalancing Privacy and Digitization
Balancing Privacy and Digitization
 
Misconceptions of Business Continuity Planning
Misconceptions of Business Continuity PlanningMisconceptions of Business Continuity Planning
Misconceptions of Business Continuity Planning
 
Cyber-Attack and Security: Putting the Audit Committee on High Alert
Cyber-Attack and Security: Putting the Audit Committee on High AlertCyber-Attack and Security: Putting the Audit Committee on High Alert
Cyber-Attack and Security: Putting the Audit Committee on High Alert
 
Data mining: How it can Help Boost Effectiveness
Data mining: How it can Help Boost EffectivenessData mining: How it can Help Boost Effectiveness
Data mining: How it can Help Boost Effectiveness
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?
 
Governance: a tool for growth
Governance: a tool for growthGovernance: a tool for growth
Governance: a tool for growth
 

Kürzlich hochgeladen

Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
amitlee9823
 
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
SUHANI PANDEY
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and Milvus
Timothy Spann
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
AroojKhan71
 
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
amitlee9823
 
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceBDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
Delhi Call girls
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Delhi Call girls
 
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
amitlee9823
 
Predicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science ProjectPredicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science Project
Boston Institute of Analytics
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
amitlee9823
 
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
amitlee9823
 
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
amitlee9823
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdf
MarinCaroMartnezBerg
 

Kürzlich hochgeladen (20)

Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and Milvus
 
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfAccredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
 
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptx
 
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceBDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Research
 
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signals
 
Predicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science ProjectPredicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science Project
 
Edukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxEdukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFx
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
 
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
 
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
 
ALSO dropshipping via API with DroFx.pptx
ALSO dropshipping via API with DroFx.pptxALSO dropshipping via API with DroFx.pptx
ALSO dropshipping via API with DroFx.pptx
 
Mature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxMature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptx
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdf
 

Data Protection: An Approach to Privacy

  • 1. DATA PROTECTION Andrew Nooks An Approach To Privacy
  • 2. Symptai • Symptai Consulting Limited is an independent IS Audit, Security & Business Assurance firm founded in 1998. • We are an industry leader in technology consulting services for assurance, security, business processes, and compliance with numerous success stories and excellent client retention rates.
  • 3. Symptai Consulting Ltd Director eGov Jamaica Member, Board of Directors Andrew A. Nooks Certs: CISA, CISSP, CISSP-ISSAP, CIPM, CSSLP, CISM, CRISC, PCIP, ISO27001, ITSM Interests: Volleyball Swimming Aikido
  • 4. Disclaimer • This presentation is based on research collated from the Internet leveraging articles from the International Association of Privacy Professionals (IAPP), an organization of which I am a member, and its contributors. • I have also leveraged my own experience being as an IS practitioner for over twenty-five (25) years of which thirteen (13) of which has been dedicated to Information Security and related controls to include privacy, as well as and the knowledge and experience from the Symptai team.
  • 5. Definition of Privacy Privacy The right to be left alone, or freedom from interference or intrusion. Information privacy The right to have some control over how your personal information is collected and used. Impact How organization protect data in its various states: At rest, in-transit and in use.
  • 6. Why is Privacy Important? Due to advancement in technological innovation, information privacy is becoming more complex by the minute as more data is being collected and exchanged. As the technology gets more sophisticated so do the uses of data. This leaves organizations facing an incredibly complex risk matrix for ensuring that personal information is protected.
  • 7. In the News (Source https://www.scmagazine.com) Source: https://iapp.org/news
  • 8. Business Risk • Health • Banking • Insurance • Telecoms Inherent High Risk • GDPR and other Data Protection Legislations • PCI DSS • HIPAA Legal & Compliance
  • 9. Primary Components of a Privacy Program Privacy Program Governance Privacy Operational Life-Cycle Management
  • 10. Privacy Program Governance • Vision and Mission • Develop a strategy • Team structure and composition Strategy Management
  • 11. Privacy Program Governance • Vision and Mission • Develop a strategy • Team structure and composition Strategy Management • Frameworks • Policies Procedures Standards and guidelines Framework
  • 12. Privacy Program Governance • Vision and Mission • Develop a strategy • Team structure and composition Strategy Management • Frameworks • Policies Procedures Standards and guidelinesFramework • Metrics and measurements (identify, Define, Select, Collect, Analyze) Performance
  • 13. Business Case • Organizational Privacy Office Guidance • Define Privacy • Laws and Regulations • Technical Controls • External Privacy Organizations • Industry Frameworks • Privacy information Technology • Education and Awareness • Program Assurance
  • 15. Assess • AICPA/CICA Privacy Maturity Model • GAPP • Privacy by Design Assessment Models • Data • Systems • Processes Assess Business Privacy Operational Lifecycle Assess Protect Sustain Respond
  • 16. • Need for DLM • DLM Principles Data Lifecycle Management • Standards and Frameworks Information Security Practices • Proactive, Default Settings • Embedded, End2End Protection • Transparency, Respect for Users Privacy by Design • Privacy Impact Assessments • Risk Assessments Analyze and Assess Privacy Operational Lifecycle Assess Protect Sustain Respond Protect
  • 17. • Compliance with Privacy Policy • Monitor regulations and legislation • Compliance and Risk • Environment Monitor • Align Privacy operations • Compliance with Policies and Standards • Access Modification Disclosure • Communication of Findings Audit • Awareness • Flexibility • Catalog and maintain documents • Train Communicate Sustain Privacy Operational Lifecycle Assess Protect Sustain Respond
  • 18. • Handling, Access • Redress, Correction • Integrity Information Request • Preventing Harm • Accountability • Monitoring Legal Compliance • Roles and Responsibility • Integration in BCP • Detection Incident Planning • Pre-notification • Response Plan, Plan Execution • Reporting, Evaluation Incident Handling Respond Privacy Operational Lifecycle Assess Protect Sustain Respond
  • 19. In Summary 1. Define the privacy mission statement 2. Develop a strategy 3. Define team structure 4. Develop a framework – aligned to organization 5. Develop and communicate policies, procedures, standards and guidelines 6. Define performance metrics 7. Assess the based on governance model 8. Protect – DLM, Info Sec embedding privacy in the organization 9. Conduct RA and PIA 10. Monitor, audit and communicate 11. Respond to request 12. Accountability 13. Incident management
  • 20. Additional Reading • IAPP.org • APEC.org • ICO.gov.uk • Priv.gc.ca • OECD.org
  • 21. Questions? Andrew Nooks Symptai Consulting Limited Email: info@symptai.com

Hinweis der Redaktion

  1. Welcome everyone Thank you for joining us today
  2. Privacy Framework: An implementation Roadmap that provides a structure or checklists to guide the privacy professional through privacy management and prompts them for details to determine all privacy-relevant decisions of the organization Strategy Management Vision and Mission (statements, scope, compliance, legal) - Develop a strategy (Stakeholders –CISO, CRO, GLC, CIO, HRM, CMO), Key Functions, Interfacing, Data Governance Strategy (Collection, Authorized use, access, Security Destruction), Privacy Workshop Team structure (Governance Model – Centralized, Decentrlized, Hybrid, Org Model – CPO, privacy manager, Professional Competency – CIPM, CIPP, CIPT)
  3. Privacy Framework: An implementation Roadmap that provides a structure or checklists to guide the privacy professional through privacy management and prompts them for details to determine all privacy-relevant decisions of the organization. Managing risk Framework Assist in risk management Minimize incidents of data loss Protect reputation and market value Aids in Compliance to lawas regulation and standards Frameworks (privacy by Design, Privacy Maturity Model) APEC Privacy Framework – Enable regional data transfers C2B, B2B, B2G Guidance from UK Information Commissioner’s Office Canadian Personal Information and Electronic Documents Act PIPEDA Australian Privacy Principles Organization for Economic Co-operation amd Development Privacy Guidelines Framework questions Are risks defined identified and is there a business case Who has responsibility Are gaps in privacy management understood Is privacy management being monitored Are employees trained Are best practices for data inventory, risk assessments and privacy impact assessments Is there an incident response plan Is there a communication policy on privacy-related matters and are materials updated Policies Procedures Standards and guidelines (Business Case, Gap Analysis, Review Process and Monitoring, Communicate to stakeholders
  4. Performance Measurable, meaningful, unambiguous, specific
  5. Externalprovacy – Data Commissioner’s office Privacy enhancing technologied Industry frameworks such as AICPA – Generally Accepted Privacy Principles -- collection use
  6. Assess – measure Protect – Improve Sustain – evaluate Support – respond
  7. PMM – Levels adhoc repeatable, defined, managed, optimized PbD – Assess org objectives and goals – Dr Ann Cavoukian Support for these areas Internal Audit and Risk Management Informaiton Technology – Business Continuity/DRP InformationSecurity – Response and Breach Notification Legal and Contracts – Compliance, Mergers, Acquisitions, divestitures Processors and thirdparty vendors Human Resourcesmarketting and business development Gobernment relations and public policy Finance/business contrls
  8. DLM Principles Alignment with enterprise objectives Minimalism Simplify processes Provide adequate infrastructure Information Security Authenticity of subjects records Retrievability Distribution Controls Auditability Consistency of policies Enforcement