Skip to content
Tiatra, LLCTiatra, LLC
Tiatra, LLC
Information Technology Solutions for Washington, DC Government Agencies
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact
 
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact

Managing an Increasingly Risk-Averse Regulatory Environment

Risk management and mitigation is a high priority for CEOs and other senior executives worldwide — including CIOs and cybersecurity executives. The fact is, it’s impossible to separate risk from technology implementations and the potential cybersecurity vulnerabilities they present.

One of the biggest challenges of risk management, as it relates to IT, is the emergence of a growing number of government and industry regulations regarding data privacy and security. The difficulty of complying with all the regulations — particularly for heavily regulated organizations such as financial services firms, healthcare institutions and government agencies — is daunting.

Some of the regulations that address specific sectors have been in place for a number of years. For example, in financial services the Gramm–Leach–Bliley Act (GLBA) requires financial firms to protect customer data and disclose all of their data-sharing practices with customers.

In the healthcare sector, the Health Insurance Portability and Accountability Act (HIPAA) requires the protection of sensitive patient health information from being disclosed without the patient’s consent or knowledge. Risk management and technology leaders in the industry have been grappling with HIPAA compliance since the law was enacted in 1996.

In the US federal government, agencies have to deal with the Federal Risk and Authorization Management Program (FedRAMP), a government-wide initiative that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

And in retail and other sectors, companies need to be compliant with the Payment Card Industry Data Security Standard (PCI DSS), a cyber security standard for organizations that handle branded credit cards from the major card companies. The PCI Standard, mandated by the card brands and administered by the Payment Card Industry Security Standards Council, was created to increase controls around cardholder data to reduce credit card fraud.

More recently, the General Data Protection Regulation (GDPR) was enacted in the European Union (EU) in 2018 to protect the privacy of data about EU citizens. GDPR’s primary aim is to enhance individuals’ control and rights over their personal data. And the California Consumer Privacy Act (CCPA) was enacted in the state in 2018 to enhance privacy rights and consumer protection for residents of California.

Many other states have pending legislation related to data protection and privacy, and some of these might be enacted in the near future.

Then there’s the American Data Privacy and Protection Act (ADPPA) a proposed federal online privacy bill that would regulate how organizations keep and use consumer data. The bipartisan bill is the first American consumer privacy bill to pass committee markup. ADPPA would regulate how organizations keep and use consumer data. It has several main principles, including data minimization, individual ownership, and private right of action. The burden of evaluating each organization’s programs would fall to the organization.

As the first federal user data privacy legislation, ADPPA would largely supersede state laws such as CCPA and Colorado Privacy Act.

We’re in the midst of an environment in which governments, organizations, consumers, business partners and indeed regulators are feeling increased risk aversion and a desire for increased security consciousness, which motivates regulatory change.

Regulators, in particular, want more transparency and increased controllability from organizations in virtually all industries regarding data and how it’s used.

How to manage the risks

With all of this data privacy regulatory activity going on, how can organizations ensure they remain in compliance?

One of the most important things is to be aware of any existing and emerging regulations that apply to the company. This goes without saying for regulated industries. But really, any business needs to devote resources to evaluating the regulatory scene, including keeping up on all the latest regulatory activities that apply to the organization.

Create a team that can assess and coordinate compliance activities. Whether this team is led by the head of risk management, compliance, audit, data governance or some other executive, the CIO and the CISO need to be involved because so much of data privacy involves the IT infrastructure. Other interested parties should include the legal and human resources departments.

Close and ongoing coordination among different facets of the organization is vital because data is such an all-encompassing entity within businesses today.

Another important organizational practice is to hire the necessary compliance experts. As with any technology-related skills today, it might be a challenge to find and retain people. If this proves to be impossible, there are countless consulting firms that handle data privacy issues for companies.

Of course, it’s also important to have access to the right tools and services to help ensure data privacy compliance. These tools should be capable of identifying vulnerability and compliance exposures within a very short period of time across widely distributed infrastructure components.

Some conduct vulnerability and compliance assessments against various operating systems, applications and security configurations and policies. They provide the data needed to help eliminate exposures, enhance overall security and simplify the preparation for audits.

Compliance functions are maturing, moving from a reactive and advisory role to becoming a proactive partner with the business, according to IT consulting and services firm Accenture.

A study the firm released in May 2022 showed that there’s an increased commitment to establishing a culture of shared compliance responsibility across the enterprise. The firm surveyed 860 compliance leaders and found that nearly half planned to upskill their compliance staff to drive a culture of compliance across the enterprise, and about 40% planned to invest in new technology to achieve this goal.

More than half of the respondents said they are using leading technologies to strengthen their compliance function, and 93% said new technologies such as artificial intelligence and cloud make compliance easier by automating human tasks, standardization, and making the process more effective and efficient.

Assess the risk of your organization with the Tanium Risk Assessment. Your customized risk report will include your risk score, proposed implementation plan, how you compare to industry peers, and more.

Risk Management


Read More from This Article: Managing an Increasingly Risk-Averse Regulatory Environment
Source: News

Category: NewsDecember 6, 2022
Tags: art

Post navigation

PreviousPrevious post:Establishing Trust and Control in the Age of Data Privacy RegulationNextNext post:Managing M&A Risk: How Endpoint Visibility Could Deliver Critical Advantage

Related posts

휴먼컨설팅그룹, HR 솔루션 ‘휴넬’ 업그레이드 발표
May 9, 2025
Epicor expands AI offerings, launches new green initiative
May 9, 2025
MS도 합류··· 구글의 A2A 프로토콜, AI 에이전트 분야의 공용어 될까?
May 9, 2025
오픈AI, 아시아 4국에 데이터 레지던시 도입··· 한국 기업 데이터는 한국 서버에 저장
May 9, 2025
SAS supercharges Viya platform with AI agents, copilots, and synthetic data tools
May 8, 2025
IBM aims to set industry standard for enterprise AI with ITBench SaaS launch
May 8, 2025
Recent Posts
  • 휴먼컨설팅그룹, HR 솔루션 ‘휴넬’ 업그레이드 발표
  • Epicor expands AI offerings, launches new green initiative
  • MS도 합류··· 구글의 A2A 프로토콜, AI 에이전트 분야의 공용어 될까?
  • 오픈AI, 아시아 4국에 데이터 레지던시 도입··· 한국 기업 데이터는 한국 서버에 저장
  • SAS supercharges Viya platform with AI agents, copilots, and synthetic data tools
Recent Comments
    Archives
    • May 2025
    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • April 2024
    • March 2024
    • February 2024
    • January 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • July 2023
    • June 2023
    • May 2023
    • April 2023
    • March 2023
    • February 2023
    • January 2023
    • December 2022
    • November 2022
    • October 2022
    • September 2022
    • August 2022
    • July 2022
    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    Categories
    • News
    Meta
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Tiatra LLC.

    Tiatra, LLC, based in the Washington, DC metropolitan area, proudly serves federal government agencies, organizations that work with the government and other commercial businesses and organizations. Tiatra specializes in a broad range of information technology (IT) development and management services incorporating solid engineering, attention to client needs, and meeting or exceeding any security parameters required. Our small yet innovative company is structured with a full complement of the necessary technical experts, working with hands-on management, to provide a high level of service and competitive pricing for your systems and engineering requirements.

    Find us on:

    FacebookTwitterLinkedin

    Submitclear

    Tiatra, LLC
    Copyright 2016. All rights reserved.