We at American Cyber Security Management are happy to announce the release of our newest offering: AI Readiness Assessment.

You can read more here: https://www.americancsm.com/artificial-intelligence-readiness-offering/

The benefits can be extremely substantial as businesses begin using AI, both consciously and unconsciously. And the risks/issues can be just as detrimental and long-lasting. Accelerated AI adoption suffers from as much chance to harm others as it does from lack of strategic vision and follow through.

We are seeing AI being successfully applied to many use cases:

• IT/Security
• Marketing
• Customer Service
• Manufacturing

Being prepared for AI adoption can help business units be more efficient with the application of the technology, ensure proper use of AI, and help the business remain compliant with upcoming regulations.

Our AI Readiness offering can provide the following benefits:

• Knowledge of your AI responsibilities
• Create a custom approach/roadmap for AI compliance
• Testing your Privacy and Security Programs
• Through access to our unique AI talent team

We might even find data sets that are already under AI utilization. Our offering helps provide the business with a roadmap for proper AI utilization with the lowest risk.

ACSM has been helping businesses protect their assets and improve their security and privacy posture since 2006. Our skilled team can help your business understand its cyber weaknesses and potential threats as well as improve your security, privacy, and compliance postures. Our services include penetration testing, maturity assessments, cyber security, and privacy implementation assistance, CISO-as-a-Service, and DPO-as-a-Service, to mention a few.
To learn more about how ACSM can help support your cyber defense needs, please use our contact page https://www.americancsm.com/contact-us/ and schedule a free consultation call today.

Happy Data Privacy Day!

Did you know Data Privacy Day has been celebrated in the U.S. since 2008, and the U.S. federal government made it official in 2011?

It is a good time to reflect on the Principals of GDPR, which have now become the core privacy principals all business should follow for Data Privacy:

• Lawfulness, fairness, and transparency: Personal data must be processed in a lawful, fair, and transparent manner. 
• Purpose limitation: Personal data can only be collected for specific, legitimate, and explicit purposes. 
• Data minimization: Personal data processing must be relevant, adequate, and limited to what is necessary. 
• Accuracy: Personal data must be accurate and kept up to date. 
• Storage limitation: Personal data should only be kept for as long as necessary to fulfill the purposes for which it was collected. 
• Integrity and confidentiality: Personal data must be protected with integrity and confidentiality. 
• Accountability: Everyone who processes personal data must be able to demonstrate compliance with the other six principles. 

And of course, here is just a reminder of some critical steps for businesses to take to protect their data:

• Know how your data is collected
• Know your data locations
• Know your data types
• Know where you data is going
• Classify your data
• Secure your data with encryption
• Manage access to your data based on classification and roles
• Delete data as it ages or becomes unnecessary
• Utilize data deliberately

ACSM has been helping businesses protect their assets and improve their security and privacy posture since 2006. Our skilled team can help your business understand its cyber weaknesses and potential threats as well as improve your security, privacy, and compliance postures. Our services include penetration testing, maturity assessments, cyber security and privacy implementation assistance, CISO-as-a-Service and DPO-as-a-Service, to mention a few.

To learn more about how ACSM can help support your cyber defense needs, please use our contact page https://www.americancsm.com/contact-us/ and schedule a free consultation call today.

AmericanCSM.com (https://www.americancsm.com/ ) is excited to announce our involvement with the International Map Industry Association (IMIA) (https://imiamaps.org/). IMIA is holding its annual Mapping Leaders Forum in Denver, Colorado this June 5-6.

The theme for this year’s Mapping Leaders Forum is about building trust.  This event will host speakers with visionary perspectives, cutting-edge mapping methodologies, emerging trends, and innovative applications.

As a company that prides itself on delivering top-notch privacy and cybersecurity services—including Privacy Assessments, and our CISO-as-a-Service and DPO-as-a-Service, AmericanCSM.com understands the importance of fostering a strong privacy and cybersecurity community. IMIA’s Mapping Leaders Forum 2024 is another leading industry gathering where leaders are focused on building trust with their clients, distributors, partners and employees.

Carlin Dornbusch, a seasoned veteran in the realms of privacy and cybersecurity and President of AmericanCSM.com, will discuss the topics of Privacy, Security, and Risk of data in a modern age. Carlin will talk over the modern challenges for businesses and individuals around data protection, as well as the impact of AI and other tools of the threat actors. Attendees will take away the Do’s and Don’t for managing their data, tips for managing data risks, and approaches for their businesses.

We also invite all attendees to connect with Carlin Dornbusch after the event at the cocktail reception and discuss more about trust building.

For more information on IMIA’s Mapping Leaders Forum 2024, please visit their website at https://imiamaps.org/mapping-leaders-forum/ and we look forward to seeing you there and continuing to trust around the globe together.

As businesses are being impacted by the European Union’s (EU) enactment of the General Data Protection Regulation (GDPR), many are asking themselves questions around the ownership of their privacy program. Do I need a Data Protection Officer (DPO)? Can I get by assigning this to my CISO, Director of Compliance, or my General Council?

The GDPR requirements for a DPO, their duties and reporting structure, are spelled out in Section 4 of the regulation, which encompasses Articles 37-39.

According to Article 37, you must assign a DPO if:

• You are a public authority processor
• You regularly and systematically monitor data subjects on a large scale
• You are processing on a large scale any special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10

This article goes on to state that public authorities are able to designate a single resource that can aggregate the responsibility across multiple organizations. This decision needs to take into account the bandwidth of the DPO and how scalable the policies and processes are across the organizations.

It is also important to note that the DPO can be an employee of the organization or a contracted resource. In either case, the controller must publish the contact details of the DPO and ensure the EU supervisory authorities have this information.

While there are parts of the GDPR that are considered unclear or grey, the requirements for a DPO are very clear. The DPO role is new for many U.S. based companies, but it should bring a strong sense of certainty around privacy to any company where EU citizen/resident data needs to be managed.

If you have questions about whether or not you need a DPO, please contact us at: https://www.americancsm.com/services/privacy-by-design/

*American Cyber Security Management (AmericanCSM.com) is focused on reducing your risk of data misuse. We do this through our Security, Privacy and DevOps offerings, delivered by seasoned experts. Our Privacy specialists can help you make sense of and comply with GDPR.

 

 

As the deadline for GDPR, May 25, 2018, nears, many companies are still struggling with their implementation and some are complete. This MeetUp brings together privacy practitioners, GRC leads, and others interested in and leading their GDPR transformations. The goal of this group is to discuss and share learnings, emerging best practices, technical solutions, and keep up to date on regulation changes.

You are welcome to join this group via MeetUp.com at https://www.meetup.com/meetup-group-coxjsIUF/ . Our next meeting will be focused on an overview of GDPR, allowing the group to determine future topics and the level of detail desired. Carlin Dornbusch from American Cyber Security Management will present the GDPR Overview and lead the group through Q&A.

This informative meeting will be held on Tuesday, February 27th, 2018, at the Trimble office in Westminster: 10368 Westmoor Dr, Westminster, CO 80021.

Details on GDPR specifics can be found on the EU’s official website: http://www.eugdpr.org/