Search

Gary McIntyre is a Director with Focal Point’s Cyber Defense practice and brings over 19 years of experience focused on information security with a specialization in the end-to-end design, deployment, and operation of Security Operations Centers.

Benchmark your cybersecurity policies, processes, and technology against leading standards and gain actionable insights for maturing your program.

Focal Point actively seeks to hire veterans, reservists, National Guard members, and military spouses and to provide them with opportunities to advance their careers in cutting-edge technical fields like cybersecurity, identity and access management, IT strategy, data privacy, and audit and compliance.

Benchmark your privacy policies, processes, and technology against leading standards and gain actionable insights for maturing your program.

A recent Cisco study found that 80% of consumers are willing to act to protect their privacy, saying they would spend more time and money to do so and that they consider it a buying factor. Nearly half of these respondents also indicated that they had switched companies over data privacy policies or data sharing practices. Privacy is no longer just about regulatory compliance – it has become a critical part of doing business and a competitive differentiator for many organizations. More organizations are seeking to implement privacy policies and programs that protect consumer data and give consumers control over their data, while still meeting business needs. But this is not any easy goal to accomplish. New technology, shifting business needs, and multiple, sometimes disparate, privacy regulations like the GDPR and the CCPA all add layers of complexity to this challenge. To help organizations address this, NIST announced its plan to develop a privacy framework based on the structure of its Cybersecurity Framework (CSF) in 2018. After a year of collaborating with businesses, government agencies, academics, industry experts, and non-profits, the preliminary draft was released for feedback in 2019. Finally, in January 2020, Version 1.0 of the NIST Privacy Framework: A Tool for Improving Privacy though Enterprise Risk Management was published.

Focal Point adds former Big 4 expert David Graff to lead Integrated Risk Management services. Graff will consult on leading IRM technologies.

David Martinez is an IT Audit Director in Focal Point’s Audit and Advisory Services practice.

Ninety percent of the world’s data was generated over the last two years. By 2025, it’s estimated that over 460 exabytes of data will be created every day. While this flood of data has become indispensable for performing daily tasks in most organizations, the mismanagement or loss of it could result in operational inefficiencies, reputational damage, fines, lost revenue, and more. As the volume and use of data grows, the need for organizations to ensure they are properly governing this massive amount of data has intensified. The rise of the General Data Protection Regulation (GDPR), the California Consumer Protection Act (CCPA), and other data privacy regulations around the globe has put legal obligations on companies to protect this data and manage it securely. These new regulatory requirements have pushed many organizations to implement privacy governance tools to support their privacy programs and manage compliance. Privacy governance tools like OneTrust, Nymity, and BigID have grown in popularity over the last few years as data volume increased and new privacy laws were passed, and they are expected to become even more widely adopted in the coming months. Understanding the role of these tools, the key features of privacy governance tools, and the benefits they can bring to your organization are essential when making the decision to implement a privacy governance tool. 

Less than 30% of organizations have formal workforce development plans in place for their IT and security staff, according to Gartner. With training consistently ranking among the most requested benefits by employees, especially those of younger generations, the lack of commitment to workforce development is particularly surprising. This problem, of course, is not unique to cybersecurity. But because of the staggering lack of skilled, experienced cybersecurity job seekers, the failure to effectively train those already in the field has a more serious impact. A failure to train cybersecurity professionals can result in a failure to protect an organization and its critical data. Fortunately, the industry appears to be changing course. Roughly half of security organizations plan to increase their budgets for cybersecurity training in 2020. If you’re in this group (and we hope you are), there are four important pitfalls to avoid as you transition from traditional training models to a high-performing workforce development program: