Blog

Security is the Foundation for Building an Adaptable, Future-Proof Privacy Program

October 18, 2022

Privacy regulations boil down to protecting information. In other words, privacy is about the security of data.

In today’s data-driven economy, your organization’s data is often its most valuable asset. You may be subject to multiple jurisdictions (e.g., GDPR, CCPA, HIPAA, GLBA) requiring a central privacy program capable of supporting the entire matrix of international, federal, and rapidly changing state laws and regulations.

The various privacy rights can be traced back to core security principles defined by NIST as Confidentiality, Integrity, and Availability (CIA). The various privacy regulations, regardless of approach, reach the same end: to protect the CIA of sensitive information. When organizations establish a firm foundation in security, they can implement controls that can anticipate future regulations and evolve accordingly. Privacy and security go hand in hand. Whether you take a custom approach or use an existing framework, the most effective privacy program is the one you’re going to use.

Creating an Adaptable Privacy Program

  • Identify the Assets: Privacy assets are generally codified as SSN, Credit Card, or Health Information and are classified under the statute as PI, PII, PHI, etc.
  • Privacy Program BlogIdentify Applicable Threats to the Assets: Threats can be not only people but also events or circumstances.
  • Identify Vulnerabilities: These are weaknesses surrounding or relating directly to the particular asset that, if exploited, could undermine the CIA of the asset in some way. This includes business processes.
  • Assess the Impact and Likelihood: For each asset where a weakness has been identified, consider the potential impact of each threat—typically called “Threat Events.”
  • Mitigate: According to ‘Reasonable Security’ best practice, organizations are required to implement controls to protect consumers’ private data.

 

Learn More about The intersection of Privacy and Security:

Join us at the Cybersecurity Summit Minneapolis, to hear expert advice from our Principal Security Consultant, Jerrod Montoya JD, on how you can develop and maintain a risk-based program designed to evolve with changing regulatory, threat landscape and business requirements.

In this presentation, you will hear about upcoming legal changes in privacy with an emphasis on US privacy laws, how these laws converge with best security practices, and how you can use security practices to make privacy programs more resilient to frequent changes in the law. Whether you are responsible for privacy or just a resource to a privacy group in your organization, this presentation will leave you with actionable steps to get your program on the right track.

Speaker: Jerrod Montoya JD Principal Security Consultant, Truvantis

Security is the Foundation for Building an Adaptable, Future-Proof Privacy Program 3

Jerrod Montoya is a business-oriented practitioner with a unique blend of legal, information security and privacy experience who aids organizations with the implementation of smart solutions to meet business objectives.

Related Articles By Topic

Security Program Privacy

Contact Us
Contact Truvantis for a Security Program Consultation
Schedule a call
Contact Us

Recent Articles

Truvantis - Cybersecurity Maturity - One Size Does Not Fit All
PCI DSS, CIS Controls, Security Program, Privacy, ISO27001
Cybersecurity Maturity - One Size Does Not Fit All – Rick Folkerts

It's common knowledge that enterprise organizations need effective security, privacy and compliance programs to survive and grow. There are a handful of generic best practices but beyond that, cybersecurity programs must be tailored to...

Read more
The Silver Bullet Defense to Ransomware – by Andy Cottrell
Ransomware
The Silver Bullet Defense to Ransomware – by Andy Cottrell

In an era of cost-cutting, downsizing and generally insufficient budgets for everything, we are often asked, what is the one, main thing to do to protect against a ransomware attack? According to Statista, in 2022, there were 493.33 mi...

Read more
Cryptographic Agility – by Jeff Hall (the ’PCI Guru’)
Security Program
Cryptographic Agility – by Jeff Hall (the ’PCI Guru’)

With the advent of quantum computing, a new threat has been added to the information security mix. The threat is today’s secure cryptography may not be secure once quantum computers reach their potential. The threat to cryptography has...

Read more

info@truvantis.com

+1 (415) 422-9844

    © 2022 Truvantis, Inc All Rights Reserved.

    Privacy Policy    Terms of Service