As a cloud-based solution, ZenGRC deploys simply and quickly (six to eight weeks) even across a large media enterprise. It also provides a unified platform to manage controls across multiple frameworks, and a dashboard that lets CISOs monitor key performance indicators for compliance and IT security efforts.GET A DEMO
The media sector today is a cacophonous place. Barriers to entry are low (a website, a clever headline, and a dream), so media outlets must work insatiably to build total audience and engagement with audience members.
Media outlets must also be nimble, able to push new content via new platforms as they arise on social media: from written essay, to photo montage, to YouTube video, to Twitter chat. Then the outlet must capture data about who interacts with what content, to what extent, and analyze that information to develop revenue strategies.
Media companies can encounter significant regulatory burdens as they go about the business of collecting data on customers and their behavior. Consider some of the data they are likely to collect from website visitors:
Much of that data can be subject to protection from multiple laws, that can reach across multiple jurisdictions. A U.S. media outlet, for example, might be subject to Global Data Protection Regulation if it sells goods to EU citizens. Any data collected about minors requires parental consent. Credit card data is protected by federal law.
A critical question is whether the data collected can identify a specific person; even something as simple as a photo submitted in a “Cute Baby of the Week” contest can bring multiple compliance risks.
As media companies build their business based on one or more cloud-based services, compliance obligations start to add up. Media outlets can work with multiple frameworks to achieve those objectives. Credit cards can be secured with the PCI DSS framework. Other sensitive data can be governed by the NIST security protocols. Tracking risk assessments, gap analyses, and remediation efforts across multiple frameworks, however, can be daunting.
Assess vulnerabilities in the network and application layers
Study data collection practices for non-compliant behaviors (say, failure to secure consent for collecting social media profiles)
Remediate weaknesses, either through security patches to software or through changes to data collection practices
Map progress on those remediation efforts
Be prepared to report those risk assessments and remediations to other parties as necessary
Diagnosis of breaches when they happen, with disclosure according to breach notification laws
Click on one of the tabs to learn more about ZenGRC's compliance, risk or reporting features.
As a cloud-based solution, ZenGRC deploys simply and quickly (less than eight weeks) even across a large enterprise. It also provides a unified platform to manage controls across multiple frameworks, and a dashboard that lets CISOs monitor key performance indicators for compliance and IT security efforts.
Even at smaller media related businesses without existing compliance programs, ZenGRC allows you to collect data in a central repository, which in turn gives you more visibility into what your control framework demands and how to move forward with testing, audits, and reports to share with other stakeholders.