I am currently a CyberSec professional doing everything from CISO stuff (compliance, policies, training, etc) to common analyst duties (AV, monitoring our MSSP dashboards, email security, DLP, and more).

Due to working in the healthcare sector at a public company that does business in the USA AND Europe, I am finding it difficult to put all of these together and manage them more efficiently.

As of right now, we have separate policies for HIPAA, SOC 2, and GDPR (PCI is coming to us very soon).If you’re familiar with these, they are huge and even worse if you have a big scope.

Here are my questions:
– How do you manage all these separate policies — do you have one massive infosec document or one for each framework/standard?
– Any neat tools you use to manage this? (We already have a GRC platform)
– How are you managing your overall infosec? (Just want to see if there’s anything I can do to improve our program)

Share This Discussion

Leave a Comment

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.