Category: Information Security Compliance

6 Benefits of Internal Auditing

Written by
Published 07/14/2020

If you want confidence that your organization is meeting its core business goals, you need internal audits. If you want to save your organization time and money and keep everything running like a well-oiled machine, internal audits will help you get there. If you want to protect your enterprise against fraud and prevent fraudulent practices, internal audits are key. If you want to reduce risks to your operations, finances, cybersecurity, and other areas of concern, internal audits will tell you what you need to do and how to do it. If you want to make sure you’re following the laws, regulations, and standards that apply to your organization—and reduce your costs and hassle when external auditors test your compliance—you’ll want…

July 2020: Compliance Certification Roundup

Written by
Published 07/02/2020

Each month, Reciprocity highlights companies that have earned compliance certifications for information security frameworks. Here’s our July 2020 roundup of compliance news from around the United States, and around the world. PCI Certification  PCI certification and compliance are two different, but related, designations. PCI certification is a more rigorous process. It involves an intensive audit performed by a Qualified Security Assessor (QSA). PCI compliance means a company follows best practices to help protect Cardholder Data (CHD) following the guidelines set by the PCI Council. In June, the Qatar International Islamic Bank, Doha, Qatar, was awarded Payment Card Industry Data Security Standard v 3.2.1 (PCI-DSS) by SISA, a cybersecurity firm headquartered in Bangalore, India. Read more. In June, Invoiced, Austin, Texas,…

Top 5 Predictions for InfoSec GRC in 2020

Written by
Published 01/08/2020

January 1 ushers in a new year, a new decade, and new challenges—as well as new dimensions and re-ordering of existing challenges.  Reciprocity’s Team of GRC Experts share likely developments, trends to watch out for, and how your organization can navigate Information Security Risk, & Compliance in 2020.  With foresight, an organization can proactively take steps to address the challenges of the future. Our expert panel explores what’s coming: 1. Risk-based, Layered Approaches Eclipse One-dimensional Efforts “Risk Management and Risk Assurance will overshadow other approaches to GRC as organizations satisfy operational needs”  – Gerard Scheitlin, Founder of RISQ Management “While the requirements on information security, privacy, and compliance will only continue to expand and tighten, organizations are realizing that it…

Cybersecurity Audit Checklist

Written by
Published 12/19/2019

Today’s network and data security environments are complex and diverse. There are hundreds of pieces to a security system and all of those pieces need to be looked at individually and as a whole to make sure they are not only working properly for your organization, but also safe and not posing a security threat to your company and your data or the data of your customers. Risk management and risk assessments are important parts of this process. Data loss and data breaches are detrimental to your organization and can make or break a company, especially if a breach causes other organizations to lose confidence in your ability to keep yours and their data secure. For this reason, it is absolutely critical for you to…

ZenGage #AMA Series with Dr. Maxine Henry on the CCPA

Written by
Published 08/16/2019

ZenGage, the new Slack community for information security and GRC professionals, recently hosted CCPA expert Dr. Maxine Henry, in its first #AMA (Ask Me Anything) live Slack chat series. The nation’s most stringent data protection law (so far), the California Consumer Privacy Act of 2018 takes effect Jan. 1, 2020— and it’s generating a lot of buzz. Businesses from coast to coast are girding themselves for sweeping changes in how they collect, share, and protect California residents’ personal information. With the deadline for compliance right around the corner, GRC professionals have a lot of work to do.   In this candid discussion, Dr. Henry answers a broad range of questions, starting with the rights that the CCPA grants to California residents,…

How to Manage Technological Risks?

Written by
Published 06/10/2019

In all sectors, technology has become a vital aspect of operations and has transformed the workplace, but that dependence on technologies also poses a threat to organizational wellbeing. Data breaches, system failures, malicious attacks–as well as natural disasters that impact technologies–can wreak havoc on company reputations, regulatory compliance and fiscal health. In some cases, the damage from these events is irreversible or long-term. A proactive strategy to mitigate tech risks are foundational aspects of operations. Your company needs such a plan that prevents, responds and continuously monitors for these risks. Monitoring and Managing Risks in Technology The adage, “An ounce of prevention is worth a pound of cure,” is entirely applicable to monitoring and managing tech risks. A whole-organization system…