-
Key scoping factors when pursuing ISO 27001 certification
Jimmy Dilz, Senior Consultant, ISO Assurance, Coalfire
Service providers that seek the most recognized implementation of an information security baseline and governance structure should consider the ISO/IEC 27001:2013 (“ISO 27001”) standard. The information security management system (ISMS) prescribed by this widely adopted publication engages personnel at every level of an organization to ensure information security-focused processes and controls are implemented, maintained, and continuously improving. Rather than focusing solely on the establishment of information security controls, the ISMS challenges service providers to first consider risks and then develop processes that enable an effective control environment.
Read more
-
P2PE v3.0 – Why organizations should prepare now
Andrey Sazonov, Senior Consultant, Application Validation, Coalfire
The Payment Card Industry Security Standards Council (PCI SSC) published version 3.0 of the Point-To-Point Encryption (P2PE) standard back in December 2019. The new version simplifies and adds flexibility to the process for component and solution providers to validate their P2PE products for cardholder data protection efforts and will ultimately result in more PCI P2PE solutions available in the market. Organizations should prepare now for moving to the new standard.
Read more
-
So Long, Privacy Shield
Paul Sonntag, Director, GDPR and Privacy
In what’s rapidly becoming the splashiest news to hit the privacy space in years, the Court of Justice of the EU (CJEU), the highest court in the European Union, invalidated the U.S. Privacy Shield, a legal instrument that made it possible for organizations operating in the United States to transfer EU personal data to the U.S.. To add to the impact, the CJEU provided no grace period for this change, meaning that the 5,000+ organizations currently enrolled in the Privacy Shield program are effectively out of compliance as of the decision’s publication on July 16.
Read more
-
So much compliance to do…so little time (and people!)
,
Read more
[CMSAbstractTransformation.DataBind]: Object reference not set to an instance of an object.-
State privacy laws: 2020 highs and lows
Elizabeth Crooks, Consultant, Privacy, Coalfire
2020 is shaping up to be another interesting year for data privacy, especially given that public health agencies, private companies, and states are now working feverishly to create contact tracing apps and programs while still preserving privacy. Being thoughtful and accountable about data privacy is more important than ever, as some states have made very public mistakes in the rush to roll things out.
Read more