CCPA – The California Consumer Privacy Act

More detail on site: Steps to CCPA Compliance roadmap

Everything You Need To Know About CCPA 2018



Subscribe to DISC InfoSec blog by Email

Leave a Comment

ISO/IEC 27701 2019 Standard and Toolkit

ISO/IEC 27701 is the international standard that serves as an extension to an ISO 27001/ ISO 27002 #ISMS (information security management system). It provides guidelines for implementing, maintaining, and continually improving a #PIMS (privacy information management system).

Develop a privacy information management system as an extension to your ISO 27001-conformant ISMS with ISO/IEC 27701. Supports GDPR compliance.

SECURITY TECHNIQUES — EXTENSION TO ISO/IEC 27001 AND ISO/IEC 27002 FOR PRIVACY INFORMATION MANAGEMENT SYSTEM #PIMS

Key features:

* The Standard includes mapping to the GDPR, ISO/IEC 29100, ISO/IEC 27018, and ISO/IEC 29151
* Integrates with other management system standards, including the information security standard, ISO/IEC 27001
* Provides PIMS-specific guidance for ISO/IEC 27002
* Specifies requirements and provides guidance for establishing, implementing, maintaining, and continually improving a PIMS
* Supports compliance with the GDPR and DPA 2018
* Provides guidance for data controllers and processors responsible for processing personal data


ISO 27701 Gap Analysis Tool


Achieve full compliance with ISO 27701:2019
The ISO 27701 Gap Analysis Tool has been created to help organizations identify whether they are meeting the requirements of the Standard and where they are falling short. Note that this tool assumes that you have a complete and functioning ISO 27001:2013 ISMS (information security management system).

It helps organizations prioritise work areas in order to expand an existing ISMS to take account of privacy. It also gives organizations direction, helping project managers identify where to start.


What does the tool do?

  • Contains a set of sample audit questions
  • Lists all ISO 27701:2019 requirements, identifying where documentation is mandatory for compliance
  • Provides a clear, colour-coded report on the state of compliance
  • The executive summary displays the results of compliance in a clear table so that you can report on your results and measure the closure of gaps.

  • The tool is designed to work in any Microsoft environment. It does not need to be installed like software, and it does not depend on complex databases; it relies on human involvement.



    ISO 27701 The New Privacy Extension for ISO 27001


    Quick Guide to ISO/IEC 27701 – The Newest Privacy Information Standard


    General Data Protection Regulation (GDPR) | The California Consumer Privacy Act (CCPA)

    Subscribe to DISC InfoSec blog by Email

    Leave a Comment

    What the New NIST Privacy Framework Means to You

    Big news is coming when NIST takes the wraps off a new privacy framework. Thanks to the General Data Privacy Regulation (GDPR) of the European Union, which took full effect in May 2018, privacy is at center stage worldwide. Penalties are being meted out for violations, and organizations of all kinds need to understand and comply with the law. In addition, the California Consumer Privacy Act (CCPA) was enacted in June 2018, with many other states working on similar bills.

    Source: What the New NIST Privacy Framework Means to You

    Developing the NIST Privacy Framework – Part 1


    Developing the NIST Privacy Framework – Part 2


    Developing the NIST Privacy Framework – Part 3


    NIST Privacy Framework: An Enterprise Risk Management Tool


    Leave a Comment

    Data Loss Prevention: Protect Yourself, Your Family, and Your Business

     

     

    photo courtesy of Unsplash

    By Jasmine Dyoco

    Another day, another data breach. Lately, it seems like we can’t go more than a few days without hearing about another cyber attack. Data breaches have recently occurred at health insurance providers like Anthem, banks like Capital One, and even the Equifax credit bureau. If there’s anything these recent hacks have shown us, it’s that no industry is safe.
    Social Security numbers, credit cards, and passwords are just some of the types of compromised data. Given the number of recent attacks, Bloomberg reports that some cybersecurity professionals now make millions of dollars per year.
    Massive amounts of information have been stolen. According to The Week, “virtually everyone in the U.S. has been affected by a data breach in some way — even those who never go online.” If you’re worried a hacker might have your data, here’s how you can protect yourself and your family:

     

    Malware and Viruses

    Malware and computer viruses are common ways that scammers get sensitive information. Contrary to popular belief, Macs (and smartphones and tablets) can get viruses. Whether you use Mac, Windows, Linux, or an iPad, protecting your computer against viruses also protects your information.

    According to Secure Data Recovery, proactive actions can help keep hackers and viruses from accessing your data. Use strong passwords that are hard to guess. A sentence or phrase is stronger than a single word, for example. You should also install a firewall and antivirus software. Save backups of your files to a device like an external hard drive. Alternatively, you could also save data to the cloud using Google Drive or similar.

     

    Security and Compliance

    Cyber threats are continually evolving. By having an information security (InfoSec) plan in place, you can protect data from falling into the wrong hands. InfoSec helps organizations maintain confidentiality while complying with industry regulations.  DISC help the organization to succeed in infosec and Privacy program by building and assessing Information Security Management System (ISMS) and Privacy Information Management System (PIMS) based on various standards and regulations.

    For instance, Deura Information Security Consulting (DISC) can perform a risk assessment to identify the security risks. Based on those gaps, they’ll help you create a “safe, secure, and resilient cyber environment.” Additionally, they’ll help your organization comply with regional cyber laws. Those laws include Europe’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA).

     

    Protect Your Teens 

    Nobody is safe from online attacks. Unfortunately, that includes children and teenagers. Some scams specifically target teens and young adults. One example is phishing, which tricks teens into revealing their social media passwords. Teens are also susceptible to phishing scams that include “urgent” subject lines. These scams often trick people into clicking a link to avoid missing a once-in-a-lifetime opportunity.

    To protect your children, the InfoSec Institute advises telling them to keep their login information private and to never click on social media links via email. Teach them red flags, like email scams claiming they’ve won money or website URLs that have misspellings or extra letters. Your whole family can learn what to look for by practicing with a phishing simulator.

     

    Credit Freezes and Monitoring

    Many people believe cybercriminals only steal money. The reality is that many of them are interested in stealing data, identities, or intellectual property. In the event that you do experience data loss, whether due to a virus, malware, or online scam, it’s essential to take action.

    According to the IRS, you should report identity theft to the FTC, your bank, and each of the credit bureaus. You might want to freeze your credit and place a one-year alert on your credit report. Credit monitoring companies can help you protect your credit score by alerting you of any fraudulent activity. If you follow the tips listed above, you can recover your data and protect yourself from future attacks.




    Comments (1)

    Protecting Controlled Unclassified Information

    Protecting Controlled  Unclassified Information 





    CCPA: What You Need to Know About California’s New Privacy Law


    CCPA Assessment:

    A Roadmap to NIST 800-171 Compliance

    DISC helps business owners in California to meet the new 2018 requirements of the CCPA and how to implement the National Institute of Standards and Technology’s (NIST) 800-171 cybersecurity framework. The roadmap is provided specifically to the CCPA either for a business, agency or organization that is required to meet this new State Law and describes both technical and administrative measures that will attain an acceptable level of compliance for State certifying officials. Assessment will include but not limited to compliance with policies and procedures, security strategy/plan, and plan of actions & milestones. The initial assessment will determine the as-is state of your data privacy program business, legal and regulatory requirements. DISC will provide a target state (to-be) which will include tech controls, mgmt. control, and ops control to build your data privacy program based on NIST 800-171. So basically the transition plan (roadmap) will enumerate the details of how to get from as-is state to to-be state.

    DISC Cybersecurity consultant support business and agencies effectively to meet the 110 security controls in NIST 800-171 which has become the de facto standard for cybersecurity compliance. It ensures that security policies and practices of the framework meet the intent of CCPA. Adequate security is defined by ”compliance” with the 110 NIST 800-171 security controls.


    NIST 800-171 Overview






    Enter your email address:

    Delivered by FeedBurner

    Leave a Comment

    California is bringing law and order to big data. It could change the internet in the U.S.

       ⚖️ California is bringing law and order to big data ⚖️

    California Expands Consumer Privacy Protections | The California Consumer Privacy Act, or CCPA, gives residents of California the ability to request the data that businesses collect on them, demand that it be deleted, and opt out of having that data sold to third parties, among other things.

    The state’s attorney general wants to avoid a troubled rollout, à la Obamacare, when the far-reaching restrictions on user data go into effect on Jan. 1.

    Source: California is bringing law and order to big data. It could change the internet in the U.S.

    here’s the no paywall copy of the article… https://archive.fo/NmU9E


     Subscribe in a reader

    Leave a Comment