Tag Archives: grc

Should the Chief Privacy Officer and Chief Information Security Officer Roles Merge?

Should the Chief Privacy Officer and Chief Information Security Officer Roles Merge?

The annual Privacy Security and Risk Conference, which is put on by the International Association of Privacy Professionals (IAPP), used to be attended almost exclusively by privacy professionals. But over the last few years, I have seen an increasing number of security and IT professionals in attendance.

Continue reading...

Is It Really All About Culture?

Is It Really All About Culture?

For the last several years, practitioners and consultants have been talking about culture as it relates to risk, compliance and ethics.  Two new pieces reinforce my view that culture is not just about risk, compliance, and ethics. There are many, many dimensions and sometimes they may actually conflict.

Continue reading...