Recently, I asked a nonprofit executive how his organization planned to comply with the new General Data Protection Regulation (GDPR) that will go into effect in the European Union this spring. I expected him to rattle off a loose outline of steps that his IT team is taking to prepare for the GDPR guidelines. Instead,…

Over the years, I’ve seen a remarkable shift in the way organizations approach their cybersecurity strategies. After the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS) debuted, most security programs focused on compliance issues. Organizations scrambled to ensure their operations were up to par before the…

Good risk assessments tend to include at least three distinct assessment components of varying complexity, followed by a good reporting system with internal and external checks and balances. While specifically designed for the Health Insurance Portability and Accountability Act (HIPAA), this general methodology could be used for any assessment project with a compliance component. For…