Digital transformation through effective cybersecurity
  • Digital Transformation
  • Corporate Cybersecurity
  • Security / IT Primer
  • Advisory Services
  • Contact

Compliance

Problems today

  • Too many standards, frameworks, laws, regulations and acts
  • Don’t know which, how, or when to apply
  • Many overlap and are contradictory
  • More money is not better protection
  • Should not become a “protocol” or just annual “checklist”

 

Need to change mindset from:

"Doing what we're required"

¯

"Doing what we should do"
to innovate and protect the company


Cyber Negligence = Criminal Matter

 

Blue gear icons with filled with icons of Courthouse, law books, People search, judge's gavel, Scales of Justice, clipboard

 U.S. Department of Justice (Criminal Division)

 

Issued new guidance (June 2020) to prosecutors of white-collar crime to assessing whether a company complied with its own risk management program.

 

Prosecutors will asses...

“the adequacy and effectiveness of the corporation’s compliance program at the time of the offense, as well as at the time of a charging decision” 

 

To promote corporate behavior...

“to implement an adequate and effective corporate compliance program or to improve an existing one.” 

 

  • To encourage dynamic compliance to fit changing circumstances 
  • To develop a risk management process
  • Support a risk-tailored resource allocation
  • Facilitate updates and revisions and subject risk assessment to periodic dynamic reviews
  • Develop a process for tracking and coordinating changes in its risk management program based on its experience
  • Implement risk-based training and communications
Scales of justice in front of dark computer screen showing lines of binary code fade out into the back

 

“Fundamental questions“ for prosecutors

 

1. “Is the corporation’s compliance program well designed?“

  • Risk Assessment
  • Policies and Procedures
  • Training and Communications
  • Confidential Reporting Structure and Investigation Process
  • Third Party Management
  • Mergers and Acquisitions (M&A)

2. “Is the program being applied earnestly and in good faith?“

Is the program adequately resourced and empowered to function effectively?

  • Commitment by Senior and Middle Management
  • Autonomy and Resources
  • Incentives and Disciplinary Measure

3. “Does the corporation’s compliance program work“ in practice?

  • Continuous Improvement, Periodic Testing, and Review
  • Investigation of Misconduct
  • Analysis and Remediation of Any Underlying Misconduct

Cyber Laws, Regulations and Acts (Select)

  • Brazilian General Data Protection Act (LGPD)
  • California Consumer Privacy Act (CCPA)
  • Children's Online Privacy Protection Act (COPPA)
  • Continuous Diagnostics & Mitigation (CDM)
  • Corporate Information Security Accountability Act (CISAA)
  • Criminal Justice Information Services (CJIS)
  • Customs-Trade Partnership Against Terrorism (C-TPAT)
  • Data Security & Breach Notification Act
  • Electronic Fund Transfer Act, Regulation E (EFTA)
  • Fair and Accurate Credit Transactions Act (FACTA)
  • Family Educational Rights and Privacy Act (FERPA)
  • FDA regulations on electronic records and Electronic Signatures (ERES) - 21 CFR § 11.1(a)
  • Federal Information Security Management Act (FISMA)
  • Federal Risk and Authorization Management Program (FedRAMP)
  • Federal Rules of Civil Procedure (FRCP)
  • Financial Industry Regulatory Authority (FINRA 17a-4)
  • Free and Secure Trade Program (FAST)
  • General Data Protection Regulation (EU / GDPR)
  • Gramm-Leach-Bliley Act (GLBA) - 16 CFR § 314.1 Section 501(b) 
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Health Information Technology for Economic and Clinical Health Act (HITECH)
  • North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) 
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Personal Information Protection and Electronic Documents Act (Canada / PIPEDA)
  • Protection of Personal Information Act (S. Africa / POPI)
  • Sarbanes-Oxley Act (SOX)
  • Society for Worldwide Interbank Financial Telecommunication Customer Security Controls (SWIFT CSC)
  • State Data Breach Laws – All 50 states + D.C., Guam, PR, Virgin Islands

Silver metal gears with the words "Regulations, Rules, Compliance, Standards, Policies.

Let us help you improve your cybersecurity compliance

Cybersecurity Compliance
  • Cybersecurity Today
  • Corporations
  • Executives
  • Compliance
  • Benefits
  • Strategy
  • Security by Design
Tweets by intecur
About | Privacy Policy | Cookie Policy | Sitemap
Intecur, Inc. Copyright © 2020 All Rights Reserved.
Log in Log out | Edit
  • Digital Transformation
    • Digital Transformation - Definition
    • The Reality
    • The New Global "M's"
    • Global Trends
    • COVID-19
    • Issues & Challenges
    • Strategy
    • What Stage is Your Organization?
  • Corporate Cybersecurity
    • Cybersecurity Today
    • Corporations
    • Executives
    • Compliance
    • Benefits
    • Strategy
    • Security by Design
  • Security / IT Primer
    • General Security Concepts
    • Aspects of Cybersecurity
    • People and Cybersecurity
    • Defender vs. Attacker
    • Complexity vs. Security
    • Resilience vs. Reliability
    • Cyber Hygiene
    • Testing
    • Threats Modeling
    • Traditional vs. IT Domains
    • Traditional vs. IT / Security Engineering
    • What is PCI DSS?
      • PCI Levels
      • PCI Compliance
    • Cyber Insurance
      • Coverage
      • Qualities
    • 5G
    • Aviation
      • Aviation Systems
      • Aviation Networks
  • Advisory Services
    • CISO-as-a-Service
    • Experience
    • Acronym Glossary
  • Contact
    • About Us
    • Partner Login
  • Scroll to top
Close