The Information Security or Cybersecurity organization has its origins in two different but related corporate functions. Network security, which largely grew out of the network infrastructure and systems administration disciplines, and what is commonly referred to Governance, Risk and Compliance (GRC) which often traces its roots to regulatory compliance, internal audit and program management. While network security was focused on protecting the network from unsanctioned activity, GRC was tasked with assessments and demonstrating compliance with standards, frameworks, and contracts. These two functions often worked hand-n-glove, defining proper hygiene, implementing controls, assessing network health, and monitoring for compliance.
The CISO Desk Reference Guide: Security Compliance is being developed to address the GRC function within the organization, whether it formally resides in the Information Security function or not.
The Data Privacy Program Guide: How to Build a Privacy Program that Inspires Trust is intended for privacy professionals including the Chief Privacy Officer (CPO), Data Protection Officer (DPO), and privacy program managers, as well as privacy attorneys, the CIO, CISO and anyone tasked with managing risk related to privacy laws, compliance regulations and reputation. Recognizing that while a younger sibling in many organizations, the role of the CPO is rapidly maturing, acquiring a larger and larger portfolio, both for customer advocacy and data privacy regulations, and is inexorably tied to information security.
Third-party risk, as introduced and covered in the CISO Desk Reference Guide, Volume 1, is a growing concern as access and data are shared in every more complex ways across a vast ecosystem of vendors and business partners. The CISO Desk Reference Guide: Vendor Management will provide a comprehensive approach to managing vendors and the risk derived from these relationships.