Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
• Introduction
• Why role separation?
• From the news…
• Considering the CISO, DPO & Auditor roles
• Combining CISO and DP...
Introduction
Peter Geelen (CyberMinute)
• 20+ years experience in security
• Enterprise Security & IAM
• Cybersecurity
• Data Protectio...
Stefan Mathuvis (QMA)
• 20 years experience in security
• Quality Management
• Quality Auditor
• Cybersecurity
• Security,...
Why role separation?
We’re used to … lots of CISO, bit of privacy and audit
In many case when companies think “security”,
they point to IT to m...
Various roles and functions kicked in…
• Security manager, security officer, CSO, CISO, CDO…
• DPO, data protection manage...
Role separation is not that simple
• There is no exact prescription & guidance how to do it in YOUR
specific situation
• E...
Organizing security governance is difficult, because
• … people HATE change and
• … people feel threatened (losing their j...
From the news… last few weeks
GDPR in the news (DPO issues)
Source: https://www.dataguidance.com/news/belgium-belgian-dpa-issues-%E2%82%AC50000-fine-org...
CISO, Risk manager, GRC officer… issues
Source: https://www.fieldfisher.com/en/services/privacy-security-and-information/p...
Happy CISO?
Source (NL): https://www.security.nl/posting/660081/It-bedrijf+moet+schade+door+ransomware+bij+klant+grotendee...
Considering CISO, DPO and auditor roles
Untangling security & DP governance
The Information security & Data protection basics
Getting started with
• Information Security management (aka CISO)
• DPO ...
The Information security & Data protection basics
CISO
• Responsible for enterprise information security management
• Focu...
The Information security & Data protection basics
Auditor (*)
• See ISO for definition of tasks and responsibilities
• Com...
GDPR & DPO
Impossible job?
Art. 37 (1): Designation of the data protection officer
1. The controller and the processor shall designate a data protect...
Art. 37 (5): Designation of the data protection officer
5. The data protection officer shall be designated on the basis of...
Art 37 (6)
“6. The data protection officer may be a staff member of the controller or processor, or
fulfil the tasks on th...
GDPR Art 39: Tasks of the data protection officer
1. The data protection officer shall have at least the following tasks:
...
What’s NOT the responsibility of the DPO?
• Organizing information security
• Organizing data protection
• Accountable for...
What qualifications you need to do the job
• Business expertise
• Know the business and your company
• Legal expertise
• L...
But also needs…
• Incident management, Business continuity, disaster recovery…
• Soft skills
• Management skills
• Project...
Consider
• DPO office
• An expert for each function or task
• External support for certain tasks
• …
The ideal DPO?
From WP29 guidelines
• If you’re not sure you need a DPO, assign a DPO
• Involvement of DPO in all issues related to data ...
Internal or external DPO
Some considerations
Pro and cons
Advantages
• Knowing the company
• Direct impact
• Connection to management
• Internal Multi-discipline team ...
Pro and cons
Advantages
• Authority as expert
• DPO office (knowledge coverage)
• External view
Disadvantages & risks
• La...
CISO
Up or down the tree of hierarchy?
What’s in a name?
• SO or ISO?
• CSO or CISO?
• Information security or IT security?
What options do you have in hierarchy...
Main position level choices
• Strategic
• C-level
• Board-level
• Upper management
• Tactical
• Department level
• Operati...
Traditional approach (from IT)
Source: PECB ISO27002 Lead implementer
Some options (with pro and cons)
Traditional approach (from business)
Source: PECB ISO27002 Lead implementer
Some options (with pro and cons)
Other organizational options
Source: PECB ISO27002 Lead implementer
• GRC team
• Compliance
• Risk
• CSO Office
• Security...
No strict governance guidelines or rules
• Current drive for Security by design (ref ISO27001, PCI-DSS, GDPR,
ISO27701, …)...
Combining CISO and DPO
Always trouble?
Guidelines on DPO’s
• Guidelines on Data Protection Officers (‘DPOs’)
https://ec.europa.eu/information_society/newsroom/im...
Good practice advise for DP/DC
“Depending on the activities, size and structure of the organisation, it can be good practi...
Segregation of duties
Do NOT combine
 DPO
 Management function
You CAN combine (with due diligence)
 DPO
 Security ope...
Identify conflicts of interest
Segregation of duties vs team/company size
• When IS/DP is handled by single/small team, co...
ISMS audit roles
Audit, advisory & consulting?
Goals
• Compliance check
• Keeping security in line of business
• Continuous improvement
Types of audit
• Internal
• Exter...
Auditor vs implementer (from previous sessions)
• If you know how the audit works, you know better what to
implement
• Bot...
• The audit cycle pushes the implementation of PDCA
• Continuous improvement
• Step by step
• Have an independent / extern...
• Include audit considerations from the start
• Involve audit throughout the project
• Internal audit vs external audit
• ...
• Look at the external auditor as advisor
• Not a checklist dummy
• [NOT consultant ;) ]
• Watch out for conflicts of inte...
ISO27006 5.2.1
Certification bodies may carry out the following duties without them being considered as
consultancy or hav...
ISO27006 5.2.1
b) making available or publishing on request information describing the certification body’s
interpretation...
ISO17021 5.2 Management of impartiality
5.2.1 Conformity assessment activities shall be undertaken impartially. The certif...
ISO17021 5.2 Management of impartiality
5.2.10 In order to ensure that there is no conflict of interests, personnel who ha...
Initial audit
• “Get in control”
• Passing the mark
• Basic maturity (ref. CMMI … level 3)
• Room for growth and maturity
...
References
Important
• FAQ
• https://ec.europa.eu/information_society/newsroom/image/document/20
16-51/wp243_annex_en_40856.pdf
• Gui...
Ramping up…
Relevant PECB Training courses
Check the PECB agenda, select the ISO/IEC 27701 Lead
Implementer
https://pecb.com/en/partnerEvent/event_schedule_list
Trai...
ISO/IEC 27701
Training Courses
• ISO/IEC 27701 Foundation
2 Day Course
• ISO/IEC 27701 Lead Implementer
5Days Course
Exam ...
THANK YOU
?
info@cyberminute.com CyberMinute
Stefan Mathuvisstefan@qma.be
Key Data Privacy Roles Explained: Data Protection Officer, Information Security Manager, and Information Security Auditor
Próxima SlideShare
Cargando en…5
×

Key Data Privacy Roles Explained: Data Protection Officer, Information Security Manager, and Information Security Auditor

Key Data Privacy Roles Explained: Data Protection Officer, Information Security Manager, and Information Security Auditor

In this session, we will go through the roles and responsibilities of the main actors responsible for protecting data in an organization: the Data Protection Officer, Information Security Manager, and Information Security Auditor.
The webinar will cover:
• What are the roles and responsibilities of the main actors responsible for protecting data in an organization?
• How can an organization find out if they are required to designate a DPO role or not?
• Can the roles of a DPO and Information Security Manager be covered by the same individual?
• What organizations are required to do to have the DPO perform its role and responsivities independently?

Presenter:

Our first presenter for this webinar is Peter Geelen, director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Our second presenter is Stefan Mathuvis, owner & senior consultant at Quality Management & Auditing BV, Zonhoven, Belgium. With over 20 years of experience, Stefan built strong experience in quality management systems, Information Security management systems, GDPR, data privacy & data protection. Stefan is accredited ISO/IEC 27001 Lead Auditor and operates as a third party auditor for DQS Belgium. Dividing his time between consultancy, training & third party auditing on an international scale, Stefan remains in touch with the issues of today allowing him to assist clients in their needs for Information Security and Data Privacy.

Recorded webinar: https://www.youtube.com/watch?v=Y0hnv1laxAw&feature=youtu.be

  • Sé el primero en comentar

  • Sé el primero en recomendar esto

Key Data Privacy Roles Explained: Data Protection Officer, Information Security Manager, and Information Security Auditor

  1. 1. • Introduction • Why role separation? • From the news… • Considering the CISO, DPO & Auditor roles • Combining CISO and DPO • Q & A Agenda
  2. 2. Introduction
  3. 3. Peter Geelen (CyberMinute) • 20+ years experience in security • Enterprise Security & IAM • Cybersecurity • Data Protection & Privacy • Incident management, Disaster Recovery • Trainer, coach, auditor • ISO27001 Master & Lead ISO27002 • ISO27701 Lead Impl. & Lead Auditor • Certified DPO & Fellow In Privacy • Lead Incident Mgr & Disaster Recovery • ISO27032 Sr. Lead Cybersecurity Mgr • Lead ISO27005 (Risk Mgmt) • Accredited ISO27001/9001 Lead auditor • Accredited Security Trainer My experience Certification Accreditation http://www.cyberminute.com https://ffwd2.me/pgeelen More info (LinkedIn): peter@cyberminute.com
  4. 4. Stefan Mathuvis (QMA) • 20 years experience in security • Quality Management • Quality Auditor • Cybersecurity • Security, Data Protection & Privacy • Trainer, coach, auditor • ISO27001 Lead Auditor • ISO9001 Lead Auditor • Lead auditor ESD & GDP Pharma • Lead auditor GQS • CDPO • Master trainer DGQ • Accredited ISO27001 lead auditor • Accredited 9001 Lead auditor My experience Certification Accreditation http://www.qma.be https://ffwd2.me/stefan More info (LinkedIn): Stefan@qma.be
  5. 5. Why role separation?
  6. 6. We’re used to … lots of CISO, bit of privacy and audit In many case when companies think “security”, they point to IT to manage it… • CISO aka “security officer” securing IT operations • Legal department for damage control • Business... Eh… do their own thing, little concern for security if everything goes well • Security = cost, not benefit • Privacy or “data protection” wasn’t really part of the business driver (except for some sensitive data areas like health…) What it was… (before GDPR)
  7. 7. Various roles and functions kicked in… • Security manager, security officer, CSO, CISO, CDO… • DPO, data protection manager, • CPO, Privacy officer, privacy manager, • Data security, privacy, data privacy, … • Internal auditor, external auditor • GRC, Compliance officer • Risk manager, risk officer, … • Legal officer, … Since 2008 (financial crisis)…
  8. 8. Role separation is not that simple • There is no exact prescription & guidance how to do it in YOUR specific situation • Each role requires specific expertise, knowledge and experience • The company organization, hierarchy or organigram hinders the required role delegation • In many cases reorganization is required to support security and data protection implementation… But in reality…
  9. 9. Organizing security governance is difficult, because • … people HATE change and • … people feel threatened (losing their job) • … management only sees the costs (not the benefits) • … organization is “too small” • … conflicts of interest • … lack of expertise and experience • … lack of courage (to speak up, to make the change…) But in reality…
  10. 10. From the news… last few weeks
  11. 11. GDPR in the news (DPO issues) Source: https://www.dataguidance.com/news/belgium-belgian-dpa-issues-%E2%82%AC50000-fine-organisation-dpo-appointment-violation Source: https://www.enforcementtracker.com/
  12. 12. CISO, Risk manager, GRC officer… issues Source: https://www.fieldfisher.com/en/services/privacy-security-and-information/privacy-security-and-information-law-blog/heads-of-compliance-legal-step- down-as-dpo
  13. 13. Happy CISO? Source (NL): https://www.security.nl/posting/660081/It-bedrijf+moet+schade+door+ransomware+bij+klant+grotendeels+vergoeden (jun 2020) IT company has to largely compensate customer damage from ransomware
  14. 14. Considering CISO, DPO and auditor roles Untangling security & DP governance
  15. 15. The Information security & Data protection basics Getting started with • Information Security management (aka CISO) • DPO role in data protection management & GDPR • Information security audit (both internal as external) Today’s focus
  16. 16. The Information security & Data protection basics CISO • Responsible for enterprise information security management • Focus on company obligations • Company internal (even with CISO as a service) DPO • Data protection officer • Main tasks & responsibility definition in GDPR • Focus subject rights Some definitions (1)
  17. 17. The Information security & Data protection basics Auditor (*) • See ISO for definition of tasks and responsibilities • Compliance control • Not only “policing”, but also advisory and • pushing continuous improvement • Internal Audit (company) • External Audit (certification) (*) Focus on Information Security audit (not financial, …) Some definitions (2)
  18. 18. GDPR & DPO Impossible job?
  19. 19. Art. 37 (1): Designation of the data protection officer 1. The controller and the processor shall designate a data protection officer in any case where: a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity; b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10. GDPR & DPO designation requirement
  20. 20. Art. 37 (5): Designation of the data protection officer 5. The data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks referred to in Article 39. DPO qualification
  21. 21. Art 37 (6) “6. The data protection officer may be a staff member of the controller or processor, or fulfil the tasks on the basis of a service contract” DPO in hierarchy?
  22. 22. GDPR Art 39: Tasks of the data protection officer 1. The data protection officer shall have at least the following tasks: a) to inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions; b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including • the assignment of responsibilities, • awareness-raising and • training of staff involved in processing operations, and • the related audits; c) to provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35; d) to cooperate with the supervisory authority; e) To act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36, and to consult, where appropriate, with regard to any other matter. 2. The data protection officer shall in the performance of his or her tasks have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing. DPO tasks
  23. 23. What’s NOT the responsibility of the DPO? • Organizing information security • Organizing data protection • Accountable for data breaches • Risk management & risk assessment • Implementing security/data protection/privacy by design • … NOT the DPO tasks
  24. 24. What qualifications you need to do the job • Business expertise • Know the business and your company • Legal expertise • Legal & regulatory insights • Compliance • Audit & GRC • Data protection • Information security • Current state of protection, ref. State-of-the-art security techniques The ideal DPO?
  25. 25. But also needs… • Incident management, Business continuity, disaster recovery… • Soft skills • Management skills • Project management skills • Communication • Education • Authority • Behavioral skills (handling the human bad practices …) The ideal DPO?
  26. 26. Consider • DPO office • An expert for each function or task • External support for certain tasks • … The ideal DPO?
  27. 27. From WP29 guidelines • If you’re not sure you need a DPO, assign a DPO • Involvement of DPO in all issues related to data protection • Necessary resources (see ideal DPO) • Acting in an independent manner • Dismissal or penalty for performing DPO tasks • Conflict of interests • Data processing by DPO when executing tasks… (!) DPO attention points
  28. 28. Internal or external DPO Some considerations
  29. 29. Pro and cons Advantages • Knowing the company • Direct impact • Connection to management • Internal Multi-discipline team support • Availability Disadvantages & risks • Conflict of interest (being employee) • Lack of authority • Data protection vs information security Internal DPO
  30. 30. Pro and cons Advantages • Authority as expert • DPO office (knowledge coverage) • External view Disadvantages & risks • Lack of knowledge on company internals • Availability • Accountability • Data management & transfers (processing contract!) External DPO
  31. 31. CISO Up or down the tree of hierarchy?
  32. 32. What’s in a name? • SO or ISO? • CSO or CISO? • Information security or IT security? What options do you have in hierarchy? • Operational Information Security Officer (not “C”) • Departmental CISO • C-level security officer (CSO or CISO) Choice of department • Security • Risk • IT • Business • … Power of hierarchy
  33. 33. Main position level choices • Strategic • C-level • Board-level • Upper management • Tactical • Department level • Operational • IT security • Practical Some options (with pro and cons)
  34. 34. Traditional approach (from IT) Source: PECB ISO27002 Lead implementer Some options (with pro and cons)
  35. 35. Traditional approach (from business) Source: PECB ISO27002 Lead implementer Some options (with pro and cons)
  36. 36. Other organizational options Source: PECB ISO27002 Lead implementer • GRC team • Compliance • Risk • CSO Office • Security Office • Internal Audit • Operational security (non-IT) • …. Some options (with pro and cons)
  37. 37. No strict governance guidelines or rules • Current drive for Security by design (ref ISO27001, PCI-DSS, GDPR, ISO27701, …) • But no GDPR or direct regulatory requirement to have CISO • Security vs performance vs budget • Necessary resources to do the job • Conflict of interests • Acting in an independent manner (?) • Dismissal or penalty for performing CISO tasks (integrity) • DPO (subject interests) vs CISO (company interests) CISO attention points
  38. 38. Combining CISO and DPO Always trouble?
  39. 39. Guidelines on DPO’s • Guidelines on Data Protection Officers (‘DPOs’) https://ec.europa.eu/information_society/newsroom/image/document/2016- 51/wp243_en_40855.pdf?wb48617274=CD63BD9A • WP243 Annex – FAQ https://ec.europa.eu/information_society/newsroom/image/document/2016- 51/wp243_annex_en_40856.pdf WP29/EDPB advisory
  40. 40. Good practice advise for DP/DC “Depending on the activities, size and structure of the organisation, it can be good practice for controllers or processors: • to identify the positions which would be incompatible with the function of DPO • to draw up internal rules to this effect in order to avoid conflicts of interests • to include a more general explanation about conflicts of interests • to declare that their DPO has no conflict of interests with regard to its function as a DPO, as a way of raising awareness of this requirement • to include safeguards in the internal rules of the organisation and • to ensure that the vacancy notice for the position of DPO or the service contract is sufficiently precise and detailed in order to avoid a conflict of interests. In this context, it should also be borne in mind that conflicts of interests may take various forms depending on whether the DPO is recruited internally or externally.” WP29/EDPB advisory
  41. 41. Segregation of duties Do NOT combine  DPO  Management function You CAN combine (with due diligence)  DPO  Security operations Attention point
  42. 42. Identify conflicts of interest Segregation of duties vs team/company size • When IS/DP is handled by single/small team, conflict of interest will arise (by default) • Add policy/process/procedure to maintain due diligence Important difference (identify tasks!) • DPO • Management functions • Operational security /data protection functions Attention point
  43. 43. ISMS audit roles Audit, advisory & consulting?
  44. 44. Goals • Compliance check • Keeping security in line of business • Continuous improvement Types of audit • Internal • External What is audit about?
  45. 45. Auditor vs implementer (from previous sessions) • If you know how the audit works, you know better what to implement • Both in the right spirit • Results based, • not check list based • Growth mindset • Not perfect at first step • Better done than perfect • Think big, act small… Why is this important?
  46. 46. • The audit cycle pushes the implementation of PDCA • Continuous improvement • Step by step • Have an independent / external view • Keep the helicopter view, with good relation between • Business • IT • DPO • Legal The auditor view helps to…
  47. 47. • Include audit considerations from the start • Involve audit throughout the project • Internal audit vs external audit • External audit • mostly end stage (before you restart the cycle) • Certification target • Internal audit • Separate department • Why not cross check? (cross-department) • External auditor (but still under authority of data controller) Some practical hints
  48. 48. • Look at the external auditor as advisor • Not a checklist dummy • [NOT consultant ;) ] • Watch out for conflicts of interest • Auditor -> general advice • Advise <> consultancy (specific, targeted advices) • Guidelines • ISO27006 (ISO27001 auditor guidance) • ISO17021 (audit the auditor, general) Some practical hints
  49. 49. ISO27006 5.2.1 Certification bodies may carry out the following duties without them being considered as consultancy or having a potential conflict of interest: a) arranging and participating as a lecturer in training courses, provided that, where these courses relate to information security management, related management systems or auditing, certification bodies shall confine themselves to the provision of generic information and advice which is publicly available, i.e. they shall not provide company-specific advice which contravenes the requirements of b) below; Auditor – Conflicts of interest
  50. 50. ISO27006 5.2.1 b) making available or publishing on request information describing the certification body’s interpretation of the requirements of the certification audit standards (see 9.1.3.6); c) activities prior to audit, solely aimed at determining readiness for certification audit; however, such activities shall not result in the provision of recommendations or advice that would contravene this clause and the certification body shall be able to confirm that such activities do not contravene these requirements and that they are not used to justify a reduction in the eventual certification audit duration; d) performing second and third-party audits according to standards or regulations other than those being part of the scope of accreditation; e) adding value during certification audits and surveillance visits, e.g. by identifying opportunities for improvement, as they become evident during the audit, without recommending specific solutions. The certification body shall not provide internal information security reviews of the client’s ISMS subject to certification. Furthermore, the certification body shall be independent from the body or bodies (including any individuals) which provide the internal ISMS audit. Auditor – Conflicts of interest
  51. 51. ISO17021 5.2 Management of impartiality 5.2.1 Conformity assessment activities shall be undertaken impartially. The certification body shall be responsible for the impartiality of its conformity assessment activities and shall not allow commercial, financial or other pressures to compromise impartiality 5.2.3 The certification body shall have a process to identify, analyse, evaluate, treat, monitor, and document the risks related to conflict of interests arising from provision of certification including any conflicts arising from its relationships on an ongoing basis. Where there are any threats to impartiality, the certification body shall document and demonstrate how it eliminates or minimizes such threats and document any residual risk Auditor – Conflicts of interest
  52. 52. ISO17021 5.2 Management of impartiality 5.2.10 In order to ensure that there is no conflict of interests, personnel who have provided management system consultancy, including those acting in a managerial capacity, shall not be used by the certification body to take part in an audit or other certification activities if they have been involved in management system consultancy towards the client. A recognized mitigation of this threat is that personnel shall not be used for a minimum of two years following the end of the consultancy Auditor – Conflicts of interest
  53. 53. Initial audit • “Get in control” • Passing the mark • Basic maturity (ref. CMMI … level 3) • Room for growth and maturity Surveillance audit (1yr) + recertification (3yr) • “Stay in control” • Focus on improvement • Increasing maturity • Based on metrics and measurement… Remember the ISO audit lifecycle…
  54. 54. References
  55. 55. Important • FAQ • https://ec.europa.eu/information_society/newsroom/image/document/20 16-51/wp243_annex_en_40856.pdf • Guidelines on Data Protection Officers ('DPOs'), wp243rev.01_en • https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612048 • Available language versions • http://ec.europa.eu/newsroom/just/document.cfm?doc_id=48137 EDPB (aka WP29) on DPO
  56. 56. Ramping up… Relevant PECB Training courses
  57. 57. Check the PECB agenda, select the ISO/IEC 27701 Lead Implementer https://pecb.com/en/partnerEvent/event_schedule_list Training Events For full detailed information about an event click on the ‘View’ button on the right hand side under ‘View full details’. Note: Before applying for any training courses listed below, please make sure you are registered to PECB Training Agenda
  58. 58. ISO/IEC 27701 Training Courses • ISO/IEC 27701 Foundation 2 Day Course • ISO/IEC 27701 Lead Implementer 5Days Course Exam and certification fees are included in the training price. https://pecb.com/en/education-and-certification-for-individuals/iso- 27701 www.pecb.com/events
  59. 59. THANK YOU ? info@cyberminute.com CyberMinute Stefan Mathuvisstefan@qma.be

    Sé el primero en comentar

Key Data Privacy Roles Explained: Data Protection Officer, Information Security Manager, and Information Security Auditor In this session, we will go through the roles and responsibilities of the main actors responsible for protecting data in an organization: the Data Protection Officer, Information Security Manager, and Information Security Auditor. The webinar will cover: • What are the roles and responsibilities of the main actors responsible for protecting data in an organization? • How can an organization find out if they are required to designate a DPO role or not? • Can the roles of a DPO and Information Security Manager be covered by the same individual? • What organizations are required to do to have the DPO perform its role and responsivities independently? Presenter: Our first presenter for this webinar is Peter Geelen, director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more. Our second presenter is Stefan Mathuvis, owner & senior consultant at Quality Management & Auditing BV, Zonhoven, Belgium. With over 20 years of experience, Stefan built strong experience in quality management systems, Information Security management systems, GDPR, data privacy & data protection. Stefan is accredited ISO/IEC 27001 Lead Auditor and operates as a third party auditor for DQS Belgium. Dividing his time between consultancy, training & third party auditing on an international scale, Stefan remains in touch with the issues of today allowing him to assist clients in their needs for Information Security and Data Privacy. Recorded webinar: https://www.youtube.com/watch?v=Y0hnv1laxAw&feature=youtu.be

Vistas

Total de vistas

1.731

En Slideshare

0

De embebidos

0

Número de embebidos

956

Acciones

Descargas

99

Compartidos

0

Comentarios

0

Me gusta

0

×