How do we usher in 2017 by improving our situation? Of course one way we could do that is to be in continuous improvement mode instead of thinking about this every year. But YEAR END — NEW YEAR is a good time to make assessments and plans. In making plans we have to keep in … Read more
Ho do we convince people that don’t know enough to make an educated decision? If we trick them into making the right decision is that ok? Cybersecurity is not obvious to the regular person (or the minimal IT educated CxO). What do the three pictures above have in common? Anonymous, local hacker, and criminal hacker … Read more
Cloud Compliance? Do we even need it? Our data is in the cloud … therefore it is safe right? What does it mean to have compliance in a cloud computer? So a cloud computer is a computer managed by “someone else”. Compliance for various standards is all about your data. So we do have … Read more
I hope that there is something in place to understand when a breach occurs, but assuming there was a breach – and you found out. When should you notify? So let’s assume you are in Health Industry and protect the PHI or {Personal health information (PHI), also referred to as protected health information, generally refers … Read more
There is an organization which has a solution to the next steps after you have some compliance set up: OCEG with their pdf “A Maturity Model For Integrated GRC” First page of report: As in title the goal is integrated GRC where the company business goals are intertwined with Compliance, Risk, and Governance. It … Read more
