In 1985, The Committee of Sponsoring Organizations of the Treadway Commission (COSO) originally formed to enable the National Commission on Fraudulent Financial Reporting. COSO’s original goal, to review causal factors leading to fraudulent financial reporting, ultimately evolved as more technologies became embedded in the process.
The alphabet soup of cybersecurity includes standards and regulations such as ISO, COBIT, COSO, NIST, NY DFS, and GDPR. While some industries must meet regulatory compliance requirements, other businesses need to choose a standard to which they align their cybersecurity controls. With that in mind, you may want to select the most user-friendly information technology security standard to help management and your IT department create a risk-based program.
Creating a vendor management program is difficult. However, that’s only the first part of the process. To fully implement your plan, you need to measure its effectiveness at reducing risk. To do that, you need objective key performance indicators (KPIs) for determining how well your vendors comply with the outlined controls in the service level agreement.
Agile companies do things faster. When you think about agile regarding lean startup model, you focus on quick wins, ruthless prioritization, external focus, and continuous improvement. At its core, agile development relies on continuous testing leading to continuous improvement. In cybersecurity, continuous monitoring enables an agile continuous compliance stance.
As a business owner, you know the European Union (EU) General Data Protection Regulation (GDPR) went into effect in May 2018. However, one of the most confusing aspects for a lot of businesses, large and small, has been the infamous “cookie policy.” No matter where your business resides, your website reaches customers protected by the GDPR which means you need to understand how to implement a GDPR compliant cookie policy.
The first step to cybersecurity compliance lies in creating controls. Nearly every standard or regulation requires you to establish policies, procedures, and protocols. However, the adage holds: “actions speak louder than words.” Ensuring that everyone within the organization complies with policies and procedures can sometimes be a more formidable process than creating them.
