Notes from the Field: Center for Internet Security Control 12 – Network Infrastructure Management

by Greg Halpin / November 17th, 2023

In our increasingly busy lives, we often find ourselves making promises we can't keep. We promise to start our diet on Monday, but order in on Tuesday. We promise that this will be the year we take our dream trip, or finally learn French, or run a marathon. Maybe we promise that we'll implement the perfect network infrastructure. But life, as it often does, gets in the way. A company…

Auditor Insights: Where to Start with GDPR Compliance

by Mark Hinely / October 30th, 2023

As GDPR becomes a more and more prevalent data privacy law, we want to give organizations four actions to start with when working towards GDPR compliance. These areas should help organizations understand what kind of personal data of data subjects that they have, where it goes, and what role (data controller or data processor) they fit into under GDPR. I chose the areas of data mapping, contract management, documentation review,…

Notes from the Field: Center for Internet Security Control 11 – Data Recovery 

by Greg Halpin / October 30th, 2023

The client I was working with had undergone a management shakeup over the previous year. The CIO left and was replaced by someone who brought in several new managers. The result was a lot of IT and DevOps staff turnover. Many skilled staff who knew how everything worked at the company left amid the uncertainty. There were not enough senior people left to train all of the new hires. Without…

Notes from the Field: Center for Internet Security Control 10 – Malware Defenses 

by Greg Halpin / September 14th, 2023

The client I was working with had a web application hosted on a Windows server with the anti-virus software disabled. When I asked the head of Information Technology about it, he said the company's web application didn't work when anti-virus was running, so they couldn't enable it. They weren't concerned about it as they had a firewall in place with malware protection. I strongly advised them to reconsider that decision.…

Why Data Mapping Is Critical for GDPR Compliance:  A Comprehensive Tip Sheet for GDPR Compliance 

by Suzette Corley / August 29th, 2023

We understand how hard it is to keep up with today’s privacy expectations. Privacy regulations are constantly evolving, and maintaining compliant data privacy practices is overwhelming.    One of the key aspects of building a compliant privacy program is learning where your data is, how it flows, and what regulations are affecting it. Data mapping, a GDPR requirement, is a great way to understand your data flow process as well as how to…