Description
Each year in the United States and around the world regulations are enhanced to further protect citizens and nations from those wanting to gain from others. This course will focus on three highly relevant topics concerning corporations and individuals today: Data Governance and Data Privacy and what is needed to build a robust data management program.
The program is designed to heighten an auditor’s knowledge of Data Privacy and Data Governance and what is a part of Data Management, using common business language. During the course we will discuss some current and pending regulations and explore some of the known vulnerabilities, threats and risks facing today's enterprise or agency, and some of the more common controls used to safeguard data, regardless of its form.
By the end of our course attendees will gain a broad base understanding of data governance, data privacy and information governance as well as how to build a data management program including incorporating Data Privacy and Data Governance components into every audit engagement.
During the session we will conduct a series of activities, which will provide attendees with the “bones” of a data management program from designing data dictionaries to assessing the program controls.
Learning Objectives:
Build a repeatable and agile Privacy Program that fits the changing regulatory and criminal landscape
Build a repeatable and agile Data Governance Program that fits the changing regulatory and criminal landscape
Develop Data Privacy policies and procedures to meet company culture and regulatory requirements
Develop a Data Governance Program that meets regulatory and business requirements
Prerequisite: Introduction to Information Security (ISG101), Cybersecurity Audit School (ITG250) or equivalent experience
Advance Preparation: None
Learning Level: Basic
Delivery Method: Group-Live
Field: Auditing
What you will learn
1. The Connection between Data Governance, Privacy and Information Security
2. The Difference Between IT, Data and Information Governance
3. Data Privacy, Data Governance and Information Governance Fundamentals
4. Fundamentals of Data Management
• Data dictionary
• Data classification
• Data ownership
• Data custodianship
• Data controls
5. Common Privacy Frameworks and Principles
6. Data Privacy Regulations – US and International
7. Critical Components and Success Factors when building or assessing Data Management and Privacy Programs
8. Policy Considerations Related to Data/Information
9. Data Privacy and Data Management Assessments
10. Data Related Contract Language (SLA, MOU, SOW)
11. Common privacy and data management related vulnerabilities, threats and possible risks facing enterprises who use the Internet to:
• Interact with Consumers, Customers, Suppliers and other Third Parties through computers and mobile devices
• Process, Transmit or Store Cardholder or other Personally Identifiable Data
• Use Social Media
• Use email, chat and Voice Over IP
12. Basic Control Suite
13. Audit Programs and Procedures
• Auditing Privacy and Data Governance
• Auditing the Data Management Program
1-(866) 378-0761
Email
