Protecting Data Privacy: A Practical Guide to Managing Risk
Jill Frisby - Crowe Chizek and Company LLC
Sep 19, 2007PDF (238KB) Size: 406.3MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractProtecting valuable information assets, including personal data about employees, students, customers, and medical patients, is an enterprise-wide responsibility. Like all components of good corporate governance, it begins with senior leadership establishing a culture of awareness about the importance of safeguarding these assets, and extends through coordinated actions among all business units, divisions, and departments. When creating data privacy programs, organizations should align them with their strategic enterprise risk management objectives and follow a top-down approach to achieve the greatest benefit.
This presentation will focus on a practical approach to data privacy, that seeks to understand the business needs for data and align a data privacy protection program to those needs. Effective programs prevent companies from ending up in the news, disclosing a data loss, by enabling its employees to stay vigilant for situations where data may be at risk. Topics to be discussed include:
* The Goals of an Effective Data Privacy Program
* Current Data Privacy Landscape
* Common Privacy Program Pitfalls
* Key Components of a Successful Data Privacy Program
* The Top Down Data Privacy Risk Assessment
* Data Privacy Roles and Responsibilities
* High Level Roadmap and Ideas to Consider for Future Strategy
About the SpeakerJill Frisby is a Manager in the Risk Consulting Practice with a specialty in the area of Information Security and Data Privacy. She has been the keynote presenter on Information Security for several regulatory agencies, banking associations, and industry roundtables.
Jill has become an industry thought leader in the area of the Data Privacy, developing Crowe Chizek’s full suite of services to help ensure initial and continuing protection and compliance. She designed a web-based tool for the facilitation of Information Systems Risk Assessments, and has helped major companies and government organizations remedy significant deficiencies in safeguarding consumer information. Jill’s research and methodologies were been published in Bank Accounting and Finance in a whitepaper explaining “A Five-Step Plan for Comprehensive Information Security and Privacy” (June 2004 issue).
In addition, Jill has been featured in 5 major newspapers and on three network evening television broadcasts related to her research in the area of Wireless LAN Security. These media publications were completed in conjunction with a Crowe Chizek research study, the goal of which was, upon investigation, to inform the public of the growing problems with Wireless LAN security and the ways to remedy these issues
Jill currently performs assessments in the areas of:
* Gramm Leach Bliley Act Compliance
* Information Security Policy and Standards Development
* Network Security Assessments
* Internal and External Penetration Assessments
* Information Systems General Controls Reviews
Jill is a Certified Information Systems Auditor, Certified Information Systems Security Professional, Microsoft Certified Systems Administrator with a Specialization in Security, a Project Management Professional and a CompTia Certified Security Professional. She is a graduate of the University of Illinois, where she majored in General Engineering and minored in Technology Management.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.