An area that I’m passionate about is information security compliance. As a compliance professional with a focus on cybersecurity risk management, it is my role to help companies understand the importance of abiding by the handful of important regulations and standards that manage information security risks.
Applicable information security regulations may vary by industry, but some of the most notable standards and rules include: HIPPA, NIST, SOX, GDPR, ISO 27001 and PCI-DSS. Many companies’, information technology functions fall under the rubric of one or possibly more of these regulations and standards. My goal is to inform small businesses of these requirements and what they can do to comply.
Therefore, over the coming weeks, I will be posting installments discussing the specific requirements of these rules and standards, and providing my professional suggestions on how and why small businesses must comply. Included in these posts will be analyses of the repercussions for non-compliance and examples of non-compliant companies in the news.