This is not intended as a ‘How To’ book. Despite that, you will come away with a lot of ‘How To’ guidance and material. I discuss some laws as models, or because they are new, or relevant, but this is not about laws. I will impart some practices, and offer topical workshops and exercises that you can use, but this is not a book on practice. It is based on years of experience, but I won’t speak at length about me or what I have done, only as passing references. Mostly it is about risk. And controls. And a protective ecosystem. It is about protecting a business.

 

Threats are changing. Laws are changing. Business is changing. The skills we need have changed.

Some may not have had extensive experience in privacy, continuity, or incident response. Others may not be current with new cyber, breach, and global privacy laws.

 

I discuss continuity and offer a new way to approach it.

 

I discuss privacy and how to assess and protect it. 

 

I address the European General Data Protection Regulation (GDPR), CCPA, and the NYDFS Cybersecurity Regulation and much more.

 

This book is intended to challenge and transform approaches, and enhance competencies, twist, ignite, and promote disruption in how we see our roles, and how we think about risk, controls, business, and business protection overall. We need to do this, because others are doing it for us.