More and more organizations are looking for guidance on implementing and certifying to ISO 27001. But what exactly is ISO 27001? What does it require? Many clients with an IT or technical background expect a list of security controls – …
What is the CMMC (Cybersecurity Maturity Model Certification)? The CMMC is a new cybersecurity standard for companies working with the U.S. DoD (Department of Defense) and its data. This framework will serve as a tiered certification scheme to help the …
As we approach the July 1 enforcement date for the CCPA (California Consumer Privacy Act), organizations must act now to ensure they’re compliant. One of the most important requirements is staff training, because it demonstrates that employees understand and are …
This is a guest article written by Robert Mardisalu. The author’s views are entirely his own and may not reflect the views of IT Governance USA. Cyber criminals are always looking for ways to lie, cheat, and steal their way …
The only thing that seems to keep up with technology these days are the laws implemented to regulate its safe use. Although Europe’s GDPR has been in effect since 2018, recent guidance from Belgium’s regulatory authority will have companies questioning …
If you’ve taken the time to certify to ISO 27001, the last thing you want is to let that certification expire. Doing so means you’re not staying on top of your information security risks, increasing the likelihood of a data …
On May 4, 2020, Californians for Consumer Privacy announced that it had collected more than 900,000 signatures to qualify the CPRA (California Privacy Rights Act) for the November 2020 ballot. Also known as ‘CCPA 2.0’, the CPRA enhances privacy protections established by the CCPA (California Consumer Privacy Act) and builds …
As data privacy requirements become stricter across all states in the U.S., adoption of the information security standard ISO 27001 is becoming increasingly popular. Compliance with ISO 27001 requires continual monitoring and regular reviews of your ISMS (information security management …
If your organization collects EU residents’ personal data and you aren’t compliant with the EU GDPR (General Data Protection Regulation), you’d better get started. The GDPR, which came into effect on 25 May 2018, introduced strict rules on the way organizations …
This is a guest article written by Jori Hamilton. The author’s views are entirely her own and may not reflect the views of IT Governance USA. The need for cybersecurity is one thing that almost everyone agrees on. You need firewalls, …
