First Steps on Security and Privacy

I've been doing Security since 2000 and technologies since my highschool days (1986 - yes, I'm old!) but Privacy is something new to me. Started work on Privacy during my HIPAA compliance and audit days back at my former employer and that was in 2005. Now, as an almost full-time Privacy guy, I've been very involed with Privacy-related Frameworks, Best Practices, Methodologies, Laws and Regulations.

As a first step for people diving into the Privacy career path, look at GAPP (by AICPA). It's the best model available if you're planning to setup your company's Privacy Program. Every company, whether small, medium or large, should have a Privacy Program to protect your company's information but more importantly, employee and customer data.

Another option is to look into various open-source resources such as NIST (they have a good document on protecting PII - that is personally identifiable information), GAO, ISACA, ISSA, HHS, ITCI and many others.

In Security, there is not a lot of mystery - many sites and organizations offer a wealth of information. Some of the notables are NIST, CIS, ISO, ISC2, ISACA, ISSA, ISF, Big 4 Firms, SecurityFocus, SecurityNewsPortal, CCCure.Org, PCI, HHS (HIPAA) and probably thousands more!

m4x