Companies still have a lot of work to do to ensure they are GDPR compliant. However, like any company that is facing a regulatory change that impacts their core processes, there are significant challenges to success. In this blog, Stephen Smith, Patricia Brady, Jeff Francis and Matt Conner explain a few of the key challenges and how to address them.
News of brazen hacking attacks have become commonplace in today’s business environment. As business leaders, how can we understand the cause of these attacks, and how can we protect our company’s most valuable assets? This blog post breaks down the concept of Cybersecurity (also referred to as Information Security) as an introduction for professionals new to this discipline.
In the first part of this series I focused on the best practices of understanding the intent of the assessment, the value that a dedicated project manager will add to the effort, and the importance of selecting the right firm. In the second part I will focus on the best practices of selecting the right framework, preparation of materials, and presentation of materials. These efforts are discussed separately however they are tightly coupled and rely heavily on good communication.
Preparing for an information security assessment is a daunting challenge – especially if previous assessments were not handled well. In most cases, adequate preparation and a mindset geared towards getting an honest assessment of the current state will yield significant benefits for the organization only if sufficient effort is spent on delivery.
Great teams sometimes fail because of a lack of delivery management. This is as true for an information security assessment as it is for a development project. In fact, some may argue that it is truer of an assessment because of the finality and timing of the final report versus the iterative nature of many development projects.