I recently published a 2-part series for Finextra on Working With Your CIO to Negotiate GRC. In the first part in the series, I talk about the struggles organizations are facing with data security and the lack of board-support for the creation of mobile working policies. In that post, I advocated for a holistic three-stage approach to ensuring data is kept secure in order to comply with data protection regulations and to avoid fines.
In this second part in the series, I explore how companies put these three stages into practice. These stages include:
As the article explains, having both policy and technology in place will help organizations avoid the costly fines and fees associated with a data breach. It is up to CIOs to ensure that GRC becomes a board-level issue that should be discussed now. Feel free to leave a comment on the posts here or at Finextra to discuss this approach to data security.