GDPR Is Coming and Many Organizations Aren’t Ready

Each year, ESG surveys around 700 cybersecurity and IT professionals as part of its annual IT spending intentions research. In this year’s survey, ESG asked respondents several questions about GDPR readiness. Here’s what we found out:

  1. While 11% of organizations are completely prepared for GDPR (i.e., would be ready if it went into effect tomorrow), 33% say they are mostly prepared (i.e., most work done but some tasks left to accomplish), and 44% claim they are somewhat prepared (i.e., organization has identified all the steps to meet the GDPR deadline but are early in the process of completing all tasks).
Topics: Cybersecurity regulatory compliance GDPR

vBlog: Regulatory Compliance vs Operational Readiness (part 4 of 4): Government CO-OP

This month, I am taking a look at the differences between ‘Regulatory Compliance’ and ‘Operational Readiness’ through a series of videos.

Regulatory Compliance

The efforts to check the boxes before audits – often mandated by an industry (e.g. HIPAA), corporate (SOX) or legal (DOD 5.015.2-STD).

Operational Readiness

The IT efforts to ensure that key IT systems and data are resilient through high availability (HA), disaster recovery (DR) or business continuity (BC) technologies and services.

vblog-regulatory-compliance-vs-operational-readiness-part-1-of-4/index.html" target="_blank">First, I did an overview of the dichotomy between regulatory compliance and operational readiness (BC/DR/HA).

Then, I looked at regulations that affect vblog-regulatory-compliance-vs-operational-readiness-part-2-of-4-for-public-companies-and-financial-institutions-through-sarbanes-oxley-sox/index.html" target="_blank">US financial institutions (SEC) and publicly-held companies (SOX).

Last week, we looked at vblog-regulatory-compliance-vs-operational-readiness-part-3-of-4-hipaa/index.html">healthcare organizations and their regulatory mandates in HIPAA.

This week, we'll finish the series by looking at Continuity of Operations (CO-OP) mandates for Government agencies.

Week 4: Government agencies and contractors

I hope that you enjoyed the series -- and found value in the information. What should my next series be?

Thanks for watching.

Topics: Data Protection Information and Risk Management regulatory compliance

vBlog: Regulatory Compliance vs Operational Readiness (part 3 of 4): HIPAA

This month, I am taking a look at the differences between ‘Regulatory Compliance’ and ‘Operational Readiness’ through a series of videos.

Regulatory Compliance

The efforts to check the boxes before audits – often mandated by an industry (e.g. HIPAA), corporate (SOX) or legal (DOD 5.015.2-STD).

Operational Readiness

The IT efforts to ensure that key IT systems and data are resilient through high availability (HA), disaster recovery (DR) or business continuity (BC) technologies and services.

vblog-regulatory-compliance-vs-operational-readiness-part-1-of-4/index.html" target="_blank">First, I did an overview of the dichotomy between regulatory compliance and operational readiness (BC/DR/HA).

Last week, I looked at regulations that affect vblog-regulatory-compliance-vs-operational-readiness-part-2-of-4-for-public-companies-and-financial-institutions-through-sarbanes-oxley-sox/index.html" target="_blank">US financial institutions (SEC) and publicly-held companies (SOX).

This week, we'll look at healthcare organizations and their regulatory mandates in HIPAA.

Week 3: Healthcare Organizations

Next week, we’ll look closer at what IT professionals delivering data protection in government organizations, agencies and contractors that are regulated by CO-OP.

Thanks for watching.

Topics: Data Protection Information and Risk Management regulatory compliance

vBlog: Regulatory Compliance vs Operational Readiness (part 2 of 4): SEC & SOX

This month, I am taking a look at the differences between ‘Regulatory Compliance’ and ‘Operational Readiness’ through a series of videos.

Regulatory Compliance

The efforts to check the boxes before audits – often mandated by an industry (e.g. HIPAA), corporate (SOX) or legal (DOD 5.015.2-STD).

Operational Readiness

The IT efforts to ensure that key IT systems and data are resilient through high availability (HA), disaster recovery (DR) or business continuity (BC) technologies and services.

vblog-regulatory-compliance-vs-operational-readiness-part-1-of-4/index.html" target="_blank">Last week, I did an overview of the dichotomy between regulatory compliance and operational readiness (BC/DR/HA). For the next few weeks, I will take closer looks at specific segments of companies and their respective regulations.

This week, let’s take a look at the regulations that affect US financial institutions (SEC) and publicly-held companies (SOX).

Week 2: Publicly-held Companies and Financial Institutions

Next week, we’ll look closer at what IT professionals delivering data protection in healthcare organizations should know about HIPAA.

Thanks for watching.

Topics: Data Protection Information and Risk Management regulatory compliance

vBlog: Regulatory Compliance vs Operational Readiness (part 1 of 4)

This month, I am taking a look at the differences between ‘Regulatory Compliance’ and ‘Operational Readiness’ through a series of videos.

Regulatory Compliance

The efforts to check the boxes before audits – often mandated by an industry (e.g. HIPAA), corporate (SOX) or legal (DOD 5.015.2-STD).

Operational Readiness

The IT efforts to ensure that key IT systems and data are resilient through high availability (HA), disaster recovery (DR) or business continuity (BC) technologies and services.

For the next four weeks, I’ll take a look at some regulatory mandates and try to glean some pragmatic IT ideas for data protection from them. So come back each Tuesday in April.

Week 1: Overview of Regulatory Compliance vs. Operational Readiness

The rest of the series (blog post edited):

vblog-regulatory-compliance-vs-operational-readiness-part-2-of-4-for-public-companies-and-financial-institutions-through-sarbanes-oxley-sox/index.html">Part 2: Publicly traded companies (Sarbanes-Oxley / SOX) and Financial Institutions (SEC)

vblog-regulatory-compliance-vs-operational-readiness-part-3-of-4-hipaa/index.html">Part 3: Healthcare organizations (HIPAA)

vblog-regulatory-compliance-vs-operational-readiness-part-4-of-4-government-co-op/index.html">Part 4: Federal agencies and contractors (Continuity of Operations / CO-OP)

Thanks for watching.

Topics: Data Protection Information and Risk Management regulatory compliance

Data Center Network Security: Will Anyone Discuss This at RSA?

Less than a week before the RSA Conference in San Francisco and my telephones are ringing off the hook. People want to discuss a variety of topics including APTs, mobile security, cloud security, big data analytics, and so on.

Topics: IBM Cybersecurity Cisco VMware Networking Information and Risk Management McAfee regulatory compliance