Privacy by Design: Building Customer Trust
Paul Sonntag, Director, GDPR and Privacy
Historically, the question of privacy has been the domain of the legal community. This makes perfect sense, because privacy has its roots almost exclusively in laws and regulations. The EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and similar regulations that are cropping up with increasing frequency around the world create a thorny regulatory environment, and figuring out how this network of laws applies to their respective organizations is a task best suited to the legal profession.
RSA 2018 recap: GDPR, Increasing Visibility and Transparency of Cloud Security
Andrew Barratt, Managing Director, Europe
RSA 2018 is in the books! The event welcomed 42,000 attendees to San Francisco, including cybersecurity professionals, vendors, media, and analysts. The themes of visibility and transparency repeatedly came up in discussions and presentations as organizations grapple with ever-increasing data flows across multiple technology platforms and cloud ecosystems. Another big topic of interest was the European Union’s upcoming General Data Protection Regulation (GDPR) and how it will affect organizations and their data.
The HITRUST CSF Version 9.1 Release – How It Could Apply to Your Organization
Michael T. Williams, Senior Consultant, Coalfire
If you’re familiar with the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF), then you’re likely aware that HITRUST revises the CSF requirements twice annually to account for new regulations, technologies, and business models affecting the security of Protected Health Information (PHI). This enables the HITRUST CSF to evolve in step with the changing cyber risk landscape. HITRUST CSF version 9 is currently in effect, but HITRUST will release version 9.1 later this month.
Look Out! Risk Is on the Move, According to IoT Thought Leaders from Across the Globe
Deborah McLain, Director, Heathcare & Life Sciences, Coalfire
The IoT Security Summit 2017 in New York City in late October and the Security of Things World USA 2017 in San Diego last month were both packed with thought leaders from all parts of the IoT ecosystem – device manufacturers, telecom carriers, cloud providers, and early-adopter end users from vertical industries. They came, they saw, and they tried to conquer the many security challenges faced by organizations when implementing IoT initiatives . . . but came away with many unanswered questions.