Day: March 30, 2021
Third parties are still perceived as the most prominent high risk for companies. Other than bribery and corruption — modern slavery/human trafficking, data privacy, information and cybersecurity, anti-money laundering, and other areas are requiring third-party integrated risk assessment and planning. Compliance and data privacy law thought leader Kristy Grant-Hart, CEO of Spark Compliance Consulting, offers an innovative approach and inspiring perspective in this conversation.
Major takeaways discussed in the episode:
- Bribery and Corruption: This remains the most significant problem since the general business population’s perception that what a third party does on your behalf isn’t your problem. Because some countries have laws like that, this built the sensibility that “if I didn’t do it, then it doesn’t matter.”
- Due Diligence Integration: Every company is different; however, it is crucial to apply a comprehensive and consistent approach to conducting due diligence in all categories in appointing and maintaining relationships with third parties.
- Scoping: By defining the degree of risk to be reviewed and identifying the highest probable risk scenario, this will be based on the quantitative things that we know, like the CPI score, like the Trafficking in-person report. That’s where you try to start so that you’re looking at the right risk with the right tools.
- Digital Assets: Many parts of the business are not working together to have that third-party onboarding. The problem is that they don’t want to work together necessarily. Using various technology-enabled solutions for your clients will enable you to clearly and effectively see across the entire risk spectrum.
The “Nuts and Bolts” for Creating a Comprehensive Compliance Plan
The first chapter of this unique work lays out a succinct yet thorough 31-day approach to operationalizing a company’s compliance regimen. Beginning with a section on what 2020 brought to the compliance landscape, the chapter methodically outlines best practices for everything from establishing policies, procedures, and internal controls, to assessing risk, training, handling investigations, and more. Each day ends with three key takeaways you can implement at little or no cost.
Understanding Compliance Responsibility Across the Organization
The Compliance Handbook also takes a close look at all professionals’ roles with compliance responsibility, from Compliance Officers and Boards of Directors to Human Resources, to Internal Audit and Internal Controls and Communications and Training professionals.
In-Depth Treatment of Hot Topics and Trends
The Handbook provides an in-depth look at the latest thinking and trends for the full range of critical compliance topics, including:
• Compliance and business ventures
• Third-party risk management
• The Board’s Role in Compliance
• Continuous improvement
• Compliance innovation
• And much more
Order your copy OR copies of The Compliance Handbook: A Guide to Operationalizing Your Compliance Program. Save 25% off.
http://www.lexisnexis.com/fox25
In this episode we speak with Mavi Etzyon-Grizer, Director of the Microsoft Information Protection and Compliance Customer Experience (CXE) Team, who helps customers from around the world use and deploy our Microsoft Security and Compliance products. Join Bhavy and Mavi as they reflect on the one-year anniversary of the customer experience team and all of the resources, community pages and platforms that have been developed for you, based directly on your feedback to our engineering teams.
Voices of Data Protection is a show about the latest processes and solutions to help you manage your data, keep it safe, and stay compliant. We talk with industry experts, leaders, and program managers from Microsoft to learn how digital transformation is accelerating the need for compliance, how organizations are navigating this new landscape, and learn best-in-class practices and solutions to get your organization started and bring compliance to the next level. Transcripts are available for all episodes. For more infomration, visit: https://aka.ms/voicesofdataprotection
Learn More
Subscribe on: Apple Podcasts, Spotify, Google Podcast, Stitcher, Deezer
Jenna Waters is a Cybersecurity Consultant at True Digital Security where she specializes in information security program development, industry compliance assessments, threat intelligence, and cloud security controls. She helps clients through the challenges of cybersecurity program development and holistic security consulting, and also consults companies across varying industries. Tom Fox welcomes her to this week’s show as they discuss technological safety within industries, and what her company is doing to curb cyber attacks.
The Micro/Macro Focus
Jenna is a USN veteran, and during her time in the Navy, she worked on highly sophisticated computer information systems and with a lot of other sophisticated technologies as well. Tom asks her to elaborate on the Navy’s approach to cybersecurity as opposed to the public and private sector. Jenna iterates that the Navy, as well as any other military, federal, or law enforcement agency, is focused on a very global, or what she calls a “macro threat” environment. They are focused on protecting the country as a whole from cyber and information warfare attacks. On the other hand, the private and public sectors have a microfocus: in industries or specific business types and the risks and threats those industries or business types may face.
“To End Security Breaches”
Tom remarks that True Digital Security strives to bring an end-to-end solution, and makes mention of the company’s statement “To end security breaches.” Jenna explains that it’s the company’s goal and that True Digital strives to be at the forefront of cybersecurity. Doing this means preventing breaches from occurring in the first place. However, in the event that breaches do happen, ensuring that attackers don’t acquire vital information is important. “Even if you suffer a minor breach, they’re just stuck because we want our clients to have a very layered defense, an in-depth approach that prevents them [attackers] from getting something valuable,” Jenna says.
Software Inventory Management
“It’s the process of keeping an updated inventory of all your software and your applications from even the smallest minutia of an application used within your IT environment,” Jenna says in response to Tom’s question about software inventory management. She adds that it’s one core aspect of overall IT asset management. It enables the recording of vital information such as software update cycles, as well as ensuring that all the critical security patches are applied. Software Inventory Management keeps records of the quantity of applications software that exist within an organization. It helps detect if there’s been a breach as the bit size of applications changes when a breach occurs.
The Impact of COVID-19
The pandemic has not changed True Digital’s approach very much, Jenna remarks. What the company has been doing is helping clients pivot without the notice of attackers. Remote working comes with its own challenges and insecurities, and so assisting clients and pivoting in a way that helps them continue to achieve their cybersecurity compliance program and development goals is important. The rise in attacks emphasizes the need for structural and legal practices and precedents. Jenna stresses that governments of the world, as well as public and private sectors, need to come together to denounce cyber attacks and enforce actual consequences for these actions.
Resources
Jenna Waters | LinkedIn
TrueDigitalSecurity.com
