Recently I read a print article written by a prominant privacy officer at a well-known company who has been writing a lot of articles about privacy over the past couple of years. She is successful and usually has some good advice, but what worried me about the latest article I read, and some of her other articles, is that she specifies that certain issues are handled by IT and/or the information security officer, so privacy officers do not need to worry about them or even know much, if anything at all, about them. The topics she’s mentioned have been encryption, outsourcing IT functions, and information security policies, just to name a few.
Successful information protection efforts require privacy and information security strategies to be complementary and integrated throughout all of the enterprise, within every business process stage and at every level within the organization.
Christopher Grillo and I created a workshop,”Handling Complex and Difficult Privacy and Information Security Issues” that we will be giving at the upcoming Computer Security Institute NetSec conference in June at Scottsdale, Arizona.
Within our workshop we discuss over 15 topics/issues that *BOTH* information security and privacy must address in harmony and partnership. We provide insight into Privacy and Information Security practitioners’ roles and responsibilities within the organization and offer not only guidance and discussion for how to effectively work together, but we have also spent literally hundreds of hours creating tools to help support information security and privacy that we provide to workshop attendees. Businesses are now successfully using these tools to make their information seccurity and privacy efforts more efficient and effective.
I am happy to be able to offer a $100 savings to you for the workshop; just enter the code PRN07 when you register.
If you already have an integrated, highly successful information security and privacy program in place, that is great!! I know it takes a lot of effort to have a successful program. You likely have spent a great amount of figurative blood, sweat and tears in making your program effective and successful.
If you are able, please join us! I love talking with information assurance folks about the issues involved with information security, privacy and compliance, and I would enjoy sharing these many tools and ideas with you to help you with your responsibilities.
We are also happy to give this workshop through other organizations and directly to corporations and other entities that are dealing with these problems, so if you want more informaiton about how to get this onsite at your company, please send me a note.
Tags: awareness and training, conference discount, corporate governance, CSI, grillo, Information Security, IT compliance, policies and procedures, privacy