Good Enough IT Risk Management

ISMS: "The value you can measure is the value you deliver"

[fa icon="calendar'] Monday, 12 November 2018 / by Jakob Holm Hansen under ISO 27001, ISMS, annual information security plan

[fa icon="comment"] 0 comments

ISMS performance monitoring allows security officers to document specific business value while also enhancing the level of security within the organisation. A Neupart white paper provides inspiration on how to select, define and monitor effects in an ISMS solution.

More [fa icon="long-arrow-right"]

Information Security: How to get the most out of limited resources

[fa icon="calendar'] Thursday, 20 September 2018 / by Jakob Holm Hansen under GDPR, information security annual cycle, continuous compliance

[fa icon="comment"] 0 comments

With an annual cycle for information security, you can ensure that the right security processes are in place, and that the company’s internal resources have enough time to solve the many other tasks that require attention.
More [fa icon="long-arrow-right"]

GDPR: What will happen after 25 May 2018?

[fa icon="calendar'] Wednesday, 30 May 2018 / by Jakob Holm Hansen under GDPR

[fa icon="comment"] 0 comments

  • After 25 May, businesses may suffer from a mental information security hangover
  • What does the future hold now that the preparations are complete, and the rules have come into force?
  • A security expert from Neupart offers advice and recommend - among other things - that future information security work be organised and compiled into an annual cycle
More [fa icon="long-arrow-right"]

GDPR: If you are like most people, you prepare far more records of processing activities than you should

[fa icon="calendar'] Monday, 14 May 2018 / by Jakob Holm Hansen under eu general data protection regulation, GDPR, processing activities

[fa icon="comment"] 0 comments

Due both to an eagerness to do things correctly and a fear of doing things wrong, many companies prepare far more records of their processing activities than necessary. A Neupart expert explains how you can group together your processing activities and save yourself many hours of (wasted) work.

More [fa icon="long-arrow-right"]

GDPR: You Passed the Test – Now What?

[fa icon="calendar'] Friday, 16 February 2018 / by Jakob Holm Hansen under compliance, GDPR

[fa icon="comment"] 0 comments

Picture this: it’s the end of May and you’ve managed to fulfil the criteria of the EU Data Protection Regulation - you’ve achieved GDPR compliance. But how do you make sure you stay compliant in the future?

No doubt the GDPR implementation project was big and required a team effort. There might even have been extra resources allocated, as everyone realised the importance of getting this right. But now that the deadline has passed, and the goal has been met, your co-workers need to get back to their day-to-day assignments. So how do you successfully maintain continuous GDPR compliance with half the people, and maybe even half the resources?

More [fa icon="long-arrow-right"]

To Assess, Or Not To Assess

[fa icon="calendar'] Tuesday, 19 December 2017 / by Jakob Holm Hansen under eu general data protection regulation, GDPR

[fa icon="comment"] 0 comments

- Guidance and good advice for carrying out a DPIA

For some organisations, the DPIA is high on the list of GDPR related assignments that need to be sorted. But for many, the DPIA can actually wait – or at least be simplified so that it doesn’t require so many resources. The Director of Neupart explains when and how you should carry out a DPIA.

More [fa icon="long-arrow-right"]

GDPR: Make It Easy to Do It Right

[fa icon="calendar'] Tuesday, 21 November 2017 / by Jakob Holm Hansen under eu general data protection regulation, GDPR, awareness

[fa icon="comment"] 0 comments

The EU Data Protection Regulation states that you must train your employees in handling - and securing - personal data. However, it doesn't say anything about how you should train your employees in handling personal data.

"That part is open to interpretation, so you have to get creative," says Lone Forland, Neupart's product specialist who also works with information security campaigns.

More [fa icon="long-arrow-right"]

Dear IT Manager: GDPR is not your responsibility – but it is your task

[fa icon="calendar'] Monday, 16 October 2017 / by Jakob Holm Hansen under eu general data protection regulation, GDPR

[fa icon="comment"] 1 comments

The EU Data Protection Regulation is a good example of just how important it is to define a challenge before you start trying to solve it.

Essentially, GDPR is about organisations protecting their personal data. However, before you can figure out how your organisation protects its personal data, you need to know why the organisation has this data to begin with. Understanding the reason is basically a pre-requisite for taking any action.

More [fa icon="long-arrow-right"]

Why You Should Be Carrying Out a Risk Assessment

[fa icon="calendar'] Saturday, 08 July 2017 / by Jakob Holm Hansen under ISO 27001, Risk management

[fa icon="comment"] 0 comments

Most organisations know that performing a risk assessment is good practice. However, not all organisation actually do risk assessments, and those who do, often approach them in the wrong way. All too often, risk assessments are treated as a project that can be finished and that will be that, whereas the reality is that risk assessment and risk treatment are an ongoing process.

Risk Assessment And Risk Treatment Are a Process

Risk assessment is a process, not a one-off project. The reasons for this can be boiled down to these three points:

More [fa icon="long-arrow-right"]

GDPR Compliance: You do not need to carry out an exhaustive dataflow analysis

[fa icon="calendar'] Wednesday, 28 June 2017 / by Jakob Holm Hansen under eu general data protection regulation, GDPR

[fa icon="comment"] 0 comments

- Registering your data processing activities is enough.

Are you busy preparing for the GDPR, but getting stuck carrying out a dataflow analysis? Then you need to read this: When it comes to complying with the GDPR, a comprehensive and detailed dataflow analysis is not necessary or mandatory!

It is uncertain where the speculation started, but at some point, people started talking about the necessity of performing lengthy dataflow analyses to be compliant with the GPDR. 

Likely, this resulted from an embellishment of the regulation requirements, and somehow it seems to have stuck around. The fact is - the Data Protection Regulation does not explicitly mention nor require you to carry out a dataflow analysis! It does however state that you need to “maintain a record” of your relevant “processing activities”. One could argue semantics here, but it is easy to see where exaggerations and embellishments can be easily introduced. 

More [fa icon="long-arrow-right"]

Good enough IT risk management

The Neupart blog offers advice and knowledge of effective information security management, security strategies, risk management, compliance with information security standards and other requirements, business continuity planning, ISO2700x, EU Data Protection Regulation, PCI DSS, etc.

Popular Posts