Information is one of the most valuable and business-critical assets for any organization. In today’s hyper-connected world, organizations are facing large-scale information security threats and destructive cyber-attacks. International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27001 certification confirms that your organization has appropriate controls in place to reduce the risk of serious data security threats and reduces the exploitation of vulnerabilities within your organization’s systems.
Organizations had until 1 January 2019 to comply with the CCPA. The potential CCPA certification schemes, such as the International Organization for ISO/IEC 27001 framework, can assist in demonstrating that the organization is actively managing data protection mechanisms in line with international best practices.
By implementing ISO/IEC 27001, your organization is deploying an information security management system that enables support by top leadership, organizational culture and strategy integration, with constant monitoring, updating and review capabilities. Your organization will be able to ensure that the information security management system adapts to changes – both in the external and internal business environment – as well as identifies and reduces risks through using a process of continual improvement.
In this webinar, information systems management expert Dr. Robert E. Davis, CISA, CICA will walk you through how to implement an exceptional management system configuration that can help you towards compliance with the new California Consumer Privacy Act (CCPA) legal mandate. You will take away from this session:
• The CCPA definition of personal data
• CCPA requirements
• How CCPA affects U.S.-based enterprises
• State-of-play on compliance
• Data management challenges
• Steps you must take to be compliant
• Approaches and solutions to CCPA requirements
Information is data interpretation presented in a form that furnishes value to a recipient. The CCPA was agreed upon by the state legislatures and signed by the Governor on June 28, 2018, and amended Part 4 of Division 3 of the California Civil Code as the primary regulation on how companies should protect California citizenry data. As an enforceable statute, the CCPA is a binding legislative act that applies across industries.
An increasing trend is adopting a holistic approach to managing information security risks. The assigned personnel, defined structures, designed processes -- with risk management integration -- are the crucial components of an effective information security management system. Organizations typically implement an information security management system with specific objectives designed to inscribe best-practice external and internal business solutions. Consequently, organizational employees should be able to rely on their information security management system to reduce the risk of inappropriate responses to industry environmental conditions.
Areas covered in the session encompass:
• An overview of the CCPA regulations and how an ISO/IEC 27001-aligned information security management system can support compliance by discussing requirements, territorial reach, legal risks, and achieving objectives.
• The primary risks associated with data breaches and critical actions in the event of a data breach that address validation, monitoring, and incident handling
• The technical and organizational requirements to achieve CCPA compliance through policies, procedures, and technology.
• The benefits of deploying an information security management system by providing how an information security management system reflects a holistic approach to managing information security – confidentiality, integrity, and availability of information and data
• Practical advice on how to improve your management system deployment congruent with the CCPA requirements
Though many businesses understand the importance of implementing the right procedures to detect, report, and investigate a data breach under the CCPA compliance, not many are aware of the benefits of implementing ISO/IEC 27001 standards-compliant with a management system deployment. ISO/IEC 27001 permits an excellent starting point for achieving the technical and operational requirements necessary to assist in preventing a data breach under the CCPA.
An information security management system is a system representing the aggregation of technological and organizational resources supporting data processing to produce information used for decision-making or problem-solving. Using a management system configuration can assist organizations, no matter the size and sector, in taking a systematic risk-based approach to managing and securing sensitive company data. ISO/IEC 27001 certification provides customers and other stakeholders with confidence that the organization’s manager-leaders have implemented internationally accepted best practices.
The CCPA, which applies from January 1, 2020, makes protection confidence even more pertinent. Although the CCPA does not mandate certification, ISO/IEC 27001 is a powerful way to demonstrate accountability and compliance. Though having an ISO/IEC 27001 does not automatically make you compliant with CCPA, it indeed helps design and deploy the necessary structures for compliance. Willfully violating CCPA can cause enterprise discontinuance. The CCPA enforcement clock is ticking!
• Chief Information System Officers
• Information Security Directors
• Data governance and management professionals
• Staff Attorneys
• Privacy and Compliance Professionals
• Human Resource Professionals
• Risk management professionals and Auditors tasked with compliance and risk transfer
• Data Protection Officers
• Chief Information Officers/Chief Technology Officers
• Internal Audit Managers and Staff
• Information Technology Security Officers
• Information Technology and Data Consultants as well as project managers involved in data protection, information security or cyber security issues
Dr. Robert E. Davis obtained a Bachelor of Business Administration in Accounting and Business Law, a Master of Business Administration in Management Information Systems, and a Doctor of Business Administration in Information Systems Management from Temple, West Chester, and Walden University; respectively. Moreover, during his twenty years of involvement in education, Dr. Davis acquired Postgraduate and Professional Technical licenses in Computer Science and Computer Systems Technology. Dr. Davis also obtained the Certified Information Systems Auditor (CISA) certificate — after passing the 1988 Information Systems Audit and Control Association’s rigorous three hundred and fifty multiple-choice questions examination; and was conferred the Certified Internal Controls Auditor (CICA) certificate by the Institute for Internal Controls.
Since starting his career as an information systems (IS) auditor, Robert has provided data security consulting and IS auditing services to corporations as well as other organizations; in staff through management positions. Before engaging in the practice of IS auditing and information security consulting; Robert (as a corporate employee) provided inventory as well as general accounting services to Philip Morris, USA, and general accounting services to Philadelphia National Bank (Wells Fargo). Furthermore, he has prior experience as a freelance writer of IT audit and information security training material.
Dr. Davis received recognition as an accomplished, energetic auditor, author, and speaker with a sound mix of experience and skills in monitoring and evaluating controls. Based on his accomplishments, Temple University's Fox School of Business and Management Alumni Newsletter, as well as The Institute for Internal Controls e-newsletter featured Dr. Davis. Furthermore, he is an Advisory Board Member of The Institute for Internal Controls, the first and inaugural Temple University CISA in Residence and a founding Temple University Master of Science in IT Auditing and Cyber-Security Advisory Councilmen. Last, he accepted invitations to join Delta Mu Delta International Honor Society, the Golden Key International Honour Society, the Thomson Reuters' Expert Witness List, the IT Governance LTD expert panel, as well as the International Association of IT Governance Standards honorary membership group.