How ISO/IEC 27001 Can Help Achieve GDPR Compliance & Reduce Data Breach Risks
Dr. Robert E. Davis obtained a Bachelor of Business Administration in Accounting and Business Law, a Master of Business Administration in Management Information Systems, and a Doctor of Business Administration in Information Systems Management from Temple, West Chester, and Walden University; respectively. Moreover, during his twenty years of involvement in education, Dr. Davis acquired Postgraduate and Professional Technical licenses in Computer Science and Computer Systems Technology. Dr. Davis also obtained the Certified Information Systems Auditor (CISA) certificate — after passing the 1988 Information Systems Audit and Control Association’s rigorous three hundred and fifty multiple-choice questions examination; and was conferred the Certified Internal Controls Auditor (CICA) certificate by the Institute for Internal Controls.
Since starting his career as an information systems (IS) auditor, Robert has provided data security consulting and IS auditing services to corporations as well as other organizations; in staff through management positions. Before engaging in the practice of IS auditing and information security consulting; Robert (as a corporate employee) provided inventory as well as general accounting services to Philip Morris, USA, and general accounting services to Philadelphia National Bank (Wells Fargo). Furthermore, he has prior experience as a freelance writer of IT audit and information security training material.
Dr. Davis received recognition as an accomplished, energetic auditor, author, and speaker with a sound mix of experience and skills in monitoring and evaluating controls. Based on his accomplishments, Temple University's Fox School of Business and Management Alumni Newsletter, as well as The Institute for Internal Controls e-newsletter featured Dr. Davis. Furthermore, he is an Advisory Board Member of The Institute for Internal Controls, the first and inaugural Temple University CISA in Residence and a founding Temple University Master of Science in IT Auditing and Cyber-Security Advisory Councilmen. Last, he accepted invitations to join Delta Mu Delta International Honor Society, the Golden Key International Honour Society, the Thomson Reuters' Expert Witness List, the IT Governance LTD expert panel, as well as the International Association of IT Governance Standards honorary membership group.
Organizational IT usage categorization can be either support transaction processing or decision-making. Transaction-based information systems process data for routine business activities, whereas a decision-based information system commonly advises managers and professionals in non-routine judgments. Accordingly, information systems represent an architectural component that collects data, processes transactions, and communicates operational results; whereby management information systems satisfy common information requirements of administrators in the institution or an institutional function.
An abstracted apportionment of management levels is strategic planning, management control, and operational control. Strategic planning represents the highest decision-making level for determining an organizational formation’s foundational direction and purpose. Management control focuses on allocating predetermined available resources and reflects mid-level management decisions. Operational control addresses routine decisions and mirrors task orientation. However, organizational management information systems tend not to support specific and unique demands of individual or group option selection.
To meet the specific and unique needs of individual managers and managerial groups, technology-based decision support systems commonly assist in the decision-making process. In other words, a decision support system (DSS) addresses the unusual and particular requirements of one administrator or many managers. Ergo, by inference, a DSS enhances IT assistance to equal choice selection process levels and expands the IT role in decision making when compared to management information systems.
Among other knowledge and system control-related frameworks, the decision process is divisible into three distinct categories: structured, unstructured, and semi-structured. Contextually, structured decisions reflect determination variables measurable quantitatively. Whereas, unstructured decisions represent choice variables measurable non-quantitatively. By which semi-structured decisions lie between structured and unstructured decisions. Hence, DSS models addressing semi-structured judgments utilize quantitative variables.
Information is one of the most valuable and business-critical assets for any organization. In today’s hyper-connected world, organizations are facing large-scale information security threats and destructive cyber-attacks. ISO/IEC 27001 certification confirms that your organization has appropriate controls in place to reduce the risk of serious data security threats and reduces the exploitation of vulnerabilities within your organization’s systems.
Using an ISMS configuration can assist organizations, no matter the size and sector, in taking a systematic risk-based approach to managing and securing sensitive company data. ISO/IEC 27001 certification provides customers and other stakeholders with confidence that the organization’s manager-leaders have implemented internationally accepted best practices.
The GDPR makes protection confidence even more pertinent. Although the GDPR does not mandate certification, ISO/IEC 27001 is a powerful way to demonstrate accountability and compliance. Consequently, while having the ISO/IEC 27001 standard implemented does not automatically make you compliant with GDPR, it enables the necessary structures to help you meet compliance requirements.
By implementing ISO/IEC 27001, your organization is deploying an ISMS that enables support by top leadership; organizational culture, and strategy integration, with constant monitoring, updating, and review capabilities. Your organization will be able to ensure that the ISMS adapts to changes – both in the external and internal business environment – as well as identifies and reduces risks by using a process of continual improvement. During this webinar, Dr. Davis will discuss how to determine primary data breach risks and incident handling associated with GDPR mandates. Dr. Davis will also highlight how to map GDPR requirements to management system controls.
- An overview of the GDPR
- Practical advice on how to improve your ISMS deployment congruent with the GDPR requirements
- The benefits of implementing an ISMS
- The organizational requirements to achieve GDPR compliance
- The technical requirements to achieve GDPR compliance
- Critical actions in the event of a data breach
- The primary risks associated with data breaches
- How an ISO/IEC 27001-aligned ISMS can support compliance
Course Level - Basic
Who Should Attend
- Chief Information Security Officers
- Information Security Directors
- Data governance and management professionals
- Staff attorneys
- Privacy and compliance professionals
- Human resources professionals
- Risk management professionals and auditors tasked with compliance and risk transfer
- Data Protection Officers
- Chief Information Officers/Chief Technology Officers
- Internal Audit Managers and staff
- Information Technology Security Officers
- Information Technology and Data Consultants as well as project managers involved in data protection, information security, or cybersecurity issues.
Why Should You Attend
Although many businesses understand the importance of implementing the right procedures to detect, report, and investigate a data breach in compliance with the GDPR, not many are aware of the benefits of implementing ISO/IEC 27001 standards-compliant with an ISMS deployment. ISO/IEC 27001 permits an excellent starting point for achieving the technical and operational requirements necessary to assist in preventing a data breach under the GDPR.
Management information systems represent the aggregation of technological and organizational resources supporting data processing to produce information utilized for decision-making or problem-solving. Organizations typically implement management information systems with specific objectives designed to inscribe best-practice external and internal business solutions. Consequently, organizational employees should be able to rely on management information systems that reduce the risk of inappropriate responses to industry environmental conditions. Nevertheless, IT-related identity theft had cost consumers over $5 billion yearly.
With computer technologies considered indispensable to enabling information reliability, processing efficiency, and communication expediency for stakeholders and customers; organizations need appropriate information assets safeguarding since they have measurable value. Moreover, recent information processing and security debacles documented by journalists convey an image of organizational management overlooking ethics, dedication, and dependability issues when designing, constructing, and deploying information systems and associated technologies. Therefore, the issue addressed in this webinar reveals the potential impact of management information system incidents on consumer confidence. I suggest information technology (IT) leaders have the potential to design and deploy an effective data governance program in their organization by engaging the regulatory environment enabling consumer trust and reducing consumers’ costs.