|
|
|
|
|
Management Tools
These tools will help your company manage the security and privacy of non-public information,
business partners, and compliance. I've created and used these tools to help my clients, and
I am confident that they will help your organization too.
The Privacy Professor's Privacy Breach Impact Calculator
Privacy breaches are costing businesses increasingly large amounts of money; many times more than
what the safeguards would have cost to prevent them. How much could a privacy breach cost your
business? Most organizations are not aware of the many factors that can contribute to the financial impact
of a data privacy breach. In 2002 I created the original Privacy Breach Impact Calculator. I included it in
my Privacy Management Toolkit in 2005. I've since updated the calculator and now provide it as a stand-alone tool
that provides 40 variable items that contribute to the financial impact of a privacy breach. This has been used by
many organizations to effectively raise awareness of the business executives for the potential impact of a breach.
The cost (less than the average cost of one hour of consulting time for most consultants): $200. Contact me
for more information.
|
|
|
|
|
|
|
Privacy Management Toolkit
The Privacy Management Toolkit, Version 1.0 is a complete resource for managing customer
and employee data privacy while maintaining compliance with international data protection
laws. The Privacy Management Toolkit addresses all of the critical components of a privacy
management program for less than the cost of one day of outside consulting advice. The
Privacy Management Toolkit has everything you need to save money while building a privacy
governance program based on the international O.E.C.D. Privacy Principles upon which most
data protection laws throughout the world are based.
For more information see http://www.informationshield.com/privacy_main.html or get in touch
with me
|
|
|
|
|
|
|
Vendor Security Assessment Kit
These are tools I developed and that I use for the assessments I am contracted to perform. I have used
them for over 150 vendor and business partner security program reviews, and they have worked
exceptionally well for me.
Here is some additional information about my Vendor Security Assessment Kit:
|
|
|
|
|
|
|
-
The vendor questionnaire is an Excel spreadsheet.
-
The beginning section collects information about the vendor (name of company, contact info, website,
size of company, etc.), along with identifying the specific types
personally identifiable information (PII)
from your organization
that the vendor
accesses/handles/stores/etc.
-
There is a worksheet for the information security section and a worksheet for the privacy section.
-
There are a total of 136 questions following the vendor information collection beginning section. The
questions use the international frameworks of ISO 27002 and the
OECD privacy principles, which
the government
oversight agencies view as best practices and encourage organizations to follow.
-
The 136 questions are within 16 well-defined topics. I have found this helps the vendor to answer
the questions; often they will assign the different topics to different people
to expedite getting the
questionnaire completed, as well as to ensure that those most knowledgeable
about the topic are the ones answering the questions.
-
I also include a template to create the vendor security review results report within the kit.
The format is a Word document which includes directions for how to complete
it.
-
I also include the following within the Vendor Security Assessment Kit:
-
A set of 21 sample security and privacy clause issues to include within vendor
contracts
-
A set of 15 sample vendor security and privacy management policies
|
|
|
|
For more information, contact me
|
|
|
