TrueCISO™ Forums ISO 27001 – ISMS Workshop ISO 27001 - ISMS Lead Auditor ISO 27001 - ISMS Lead Implementer
Security & Privacy Convergence & Collaboration

2-day Learning Event Overview:
Handling complex and difficult Privacy and Information Security issues has moved to the top of the list for companies maintaining customer and employee information. However, there are often gaps in communication and coordination between Privacy and Information Security activities. These gaps create more complexity and bigger challenges for companies to handle as well as putting the organization at greater risk for incidents, along with contractual and regulatory non-compliance. Successful programs require the two strategies to be complementary and integrated throughout all of the enterprise-within every business process stage and at every level within the organization. This workshop will provide practical knowledge and numerous tools to address complex privacy and information security convergence and compliance issues within your organization as well as learn how other organizations are handling these Privacy and Information Security challenges. Through discussing key trends, and issues, such as legal requirements and frameworks, that are common to both areas, attendees will learn how privacy and security teams can effectively work together. Participants will take away numerous valuable resources and tools they can start using right away to help successfully meet these complex and difficult challenges.

Time-Based Objectives:

Day One
Privacy and Information Security Trends
We will discuss the evolution of privacy and security activities within businesses, and highlight at least 20 important trends for which businesses must be aware. We will define and discuss the Privacy and Security roles, responsibilities, and organizational challenges, as well as business processes that are most impacted by Privacy and Security processes and initiatives.

Privacy Laws and Strategy
We will provide an overview of the many laws that organizations must be aware of and address. We will also discuss effective privacy strategies and the business impact of privacy, including common regulatory and compliance issues.

Information Security Strategy
We will discuss effective Security strategies and the business impact of security, such as those relating to risk management and regulatory compliance. We will provide a practical method of incorporating industry best practices into any organization, and provide a toolset for creating Security and Privacy roadmaps.

Security and Privacy Roadmaps
We will discuss the need for planning, documenting, communicating, and executing your security and privacy strategy.

Day Two
We will discuss at length the five most common overlapping privacy and information security areas that have the most impact to businesses. For the first common area we will discuss how privacy and information security policies and procedures must be in sync, and the issues involved with making them effective. The second common area will demonstrate the needs and values for privacy impact assessments and information security risk assessments, and how the two types of activities should be coordinated to realize greatest business value. The third common area will address the critical need for business partner and vendor privacy and security program reviews and what to include within the associated contracts. Common area four will provide details about the systems development life cycle (SDLC) and how to effectively address privacy and security issues within every phase of an SDLC. Common area five will provide important information all organizations must know about incident response for both privacy and information security, in addition to providing the key components of an effective response plan. We will provide case studies and exercises throughout the day to support and demonstrate how these common areas impact business, and the ways in which privacy and information security must partner.

Key Objectives:

• Instill understanding of privacy and information security issues and governance methodologies for best business impact
• Instill understanding of how to use existing governance frameworks to successfully integrate privacy and information security throughout the entire organization
• Instill understanding of the major privacy and information security common challenges and how to establish partnerships to most successfully address all the accompanying issues
• Learn the legal ramifications and necessary key compliance activities necessary to demonstrate regulatory and legal due diligence and establish a standard of due care that supports business success
• Learn to create an actionable roadmap for coordinating privacy and information security activities within the organization
• Instill understanding of the importance of partnering information security and privacy in incident planning, implementation, and execution

Attendees Will Leave With:

• A valuable set of course materials that you will be able to use as a reference on an ongoing basis immediately upon your return to the office
• A ready-to-use information security and privacy program planning toolkit and sample framework that participants can customize to fit their organizational needs
• Sample IT controls for privacy and information security for regulatory compliance
• A usable information security and privacy posture assessment tool and visual roadmap generator
• Sample website privacy policy
• Privacy impact assessment worksheet
• A ready-to-use business partner and vendor security and privacy program assessment and due diligence toolkit
• A security and privacy contract clause considerations checklist
• A comprehensive listing of useful security and privacy references and resources