Media
As a cloud-based solution, ZenGRC deploys simply and quickly (six to eight weeks), even across a large media enterprise, providing a unified system to manage controls across multiple frameworks and monitor key performance indicators for compliance and IT security efforts.
GET A DEMOThe Regulatory Burden
The media sector today is a cacophonous place. Barriers to entry are low (a website, a clever headline and a dream), so media outlets must work insatiably to build total audience and engagement with audience members.
Media outlets must also be nimble, able to push new content via new platforms as they arise on social media: from written essay, to photomontage, to YouTube video, to Twitter chat. Then the outlet must capture data about who interacts with what content, to what extent, and analyze that information to develop revenue strategies.
Media companies can encounter significant regulatory burdens as they go about the business of collecting data on customers and their behavior. Consider some of the data they are likely to collect from website visitors:
- Name
- Credit card
- Address
- Age
- Location
- Social media profiles
Much of that data can be subject to protection from multiple laws that can reach across various jurisdictions. A U.S. media outlet, for example, might be subject to Global Data Protection Regulation if it sells goods to EU citizens. Any data collected about minors requires parental consent. Credit card data is protected by federal law.
A critical question is whether the data collected can identify a specific person; even something as simple as a photo submitted in a “Cute Baby of the Week” contest can bring multiple compliance risks.
Compliance Objectives
As media companies build their business based on one or more cloud-based services, compliance obligations start to add up. Media outlets can work with multiple frameworks to achieve those objectives. Credit cards can be secured with the PCI DSS framework. The NIST security protocols can govern other sensitive data. Tracking risk assessments, gap analyses and remediation efforts across multiple frameworks, however, can be daunting.
-
Assess vulnerabilities in the network and application layers.
-
Study data collection practices for non-compliant behaviors (say, failure to secure consent for collecting social media profiles).
-
Remediate weaknesses, either through security patches to software or through changes to data collection practices.
-
Map progress on those remediation efforts.
-
Be prepared to report those risk assessments and remediations to other parties as necessary.
-
Diagnosis of breaches when they happen, with disclosure according to breach notification laws.

Ebooks

Guides

Webinars
Top Initiatives for Infosec Teams to Consider in Implementing Business Continuity & Resiliency
Watch WebinarVendor Risk Management: What your organization can and cannot do under the GDPR
Watch Webinar
Articles
The Difference Between Vulnerability Assessment and Vulnerability Management
Read ArticleCCPA Exemptions: The California Consumer Privacy Act and the Gramm-Leach-Bliley Act
Read ArticleHow Big Data Analysis Helps Compliance & Business Leaders Make Better Decisions
Read ArticleCompliance Offers Internal Stakeholder Value: Automation as Transmogrifier
Read ArticleRisk Management Automation and Customer Engagement: Rupees in the Grass
Read Article7 Challenges of Being an IT Compliance Manager: Automation Makes You an American Ninja Warrior
Read ArticleCybersecurity Awareness Training Game to Celebrate Cybersecurity Awareness Month
Read ArticleProtecting Your Corporate Website as an Enterprise Risk Management Strategy
Read ArticleCloud Security Compliance: 11 Steps on the Stairway to Cloud Services Heaven
Read ArticleLegal Liability in Information Security: How Compliance Can Be Used to Protect Assets
Read ArticleWebinar Recording Now Available – 6 Time Saving Steps to Simplify Your GRC Strategy
Read ArticleHow to Conduct a Compliance Self-Assessment – an Excerpt from our GRC Software Buyers’ Guide
Read ArticleWhen to Implement a GRC Tool? – An Excerpt from Reciprocity’s GRC Software Buyer’s Guide
Read ArticleSmarter Compliance, Less Risk – an Excerpt from Reciprocity’s GRC Software Buyer’s Guide
Read ArticleWhat is GRC – an Excerpt from Reciprocity’s GRC Software Buyer’s Guide
Read ArticleZenGRC v2.4 Release Features New Audit and Evidence Request Dashboards, and More
Read Article“Competent Compliance” Webinar Recording Now Available, Learn How to Move Beyond Spreadsheets
Read ArticleJoin Our Live Webinar – Competent Compliance: 3 Ways to Move Beyond Spreadsheets
Read ArticleZenGRC v2.2 Release Features New System of Record Dashboard, Tree View Updates
Read ArticleZenGRC v2.1 Release Features Improved Audit Capabilities, Simplified Customer Support
Read ArticleHow to Tell if it is Time to Start a Compliance Program [Infographic]
Read ArticleA Perfect Nightmare: Compliance and Record Keeping Disaster Waiting to Happen
Read ArticleChanges Are Coming For The Trust Services Principles And Criteria – Are You Ready?
Read ArticleSelecting the Right Service Organization Control Report for Outsourced Operations
Read Article
FAQs

Infographics
Learn how we can fit into your business.
Schedule a demo to learn how we can help guide your organization to confidence in infosec risk and compliance.