|Projects with Rebecca Herold & Associates, LLC
Since starting her own company, some of Rebecca’s projects have included the following:
- Created new curriculum for the Norwich MSIA Security Auditing class.
- Create all the content and provide the expertise and support for the Compliance Helper online service (http://www.compliancehelper.
- Create privacy standards for NIST to address the privacy risks identified within the U.S. Smart Grid. Perform a privacy impact
assessment (PIA) for NIST to use or Smart Grid development.
- Had led the NIST CSWG Smart Grid Privacy Subgroup since June 2009
- Perform PCI DSS gap analysis and remediation for organizations preparing for PCI DSS audits.
- Creating custom information security, privacy and compliance white papers for organizations to use for internal awareness
communications, as well as vendors to use for their customers.
- Creating a Virtual CPO and Virtual CISO service for small- to medium-sized businesses (SMBs).
- Creating Rebecca’s own branded business partner and vendor information security and privacy program assessment kit.
- Creating Rebecca’s own branded online information security and privacy social engineering online learning modules.
- Creating Rebecca’s own branded information security and privacy online practitioner tool to evaluate privacy breach response
- Creating Rebecca’s own branded interactive information security and privacy awareness poster and activity product proven to be
effective at raising personnel awareness as well as identifying enterprise risks.
- Providing information security and privacy consulting and programs plans to an online health information management company.
- Performing an ISO 27002 and OECD privacy principles gap analysis with all the published policies (across 10 different corporate
departments), updating the existing policies and creating new policies to fill the gaps and address the organization’s unique risks.
- Creating and delivering highly rated and widely recommended online webinars covering information security, privacy and compliance.
- Performing 150+ vendor information security and privacy program reviews for multi-national financial organizations with multi-national
- Creating an Information Protection Assessment Kit security, privacy and regulatory spreadsheet for a large multinational security
- Creating a next-generation, leading edge information security and privacy awareness subscription resources for organizations
throughout the world.
- Performing a customer data privacy impact analysis for a large multinational publishing company.
- Performing a cross border privacy impact analysis for a large multinational services organization.
- Creating an identity verification plan and process for a large multinational financial company.
- Reviewing and providing recommendations for improving the proposed internationally applicable fraud training and awareness
content for a large multi-national online learning solutions vendor.
- Creating a regulatory data dictionary for a multi-national software vendor for them to incorporate into their product, in addition to
documenting the potential locations for where to find the data.
- Creating international privacy training content for a large multi-national online training software vendor.
- Evaluating existing privacy training curriculum and providing guidance and content for new internationally applicable online privacy
training content and curriculum for a training vendor.
- Delivering a two-day executive privacy review to a multinational retail organization
- Creating detailed technology, organizational and operational disaster recovery and business continuity standards
- Performing security reviews for offshore data processing vendors for a multinational healthcare and financial company
- Creating procedures to support information security policies and standards for a 150,000+ employee multinational Fortune 50
- Creating customized information security online training content for a 150,000+ employee multinational Fortune 50 manufacturing
- Creating customized information privacy online training content for a large multinational technology organization
- Creating privacy standards for a multinational technology organization.
- Creating a HIPAA applications security risk analysis methodology for a compliance software company.
- Creating and delivering classroom privacy training for a multinational technology organization.
- Writing The Practical Guide to Compliance and Security Risks book series for NetIQ.
- Creating an online privacy governance resource for Information Shield.