MIMS Final Project 2018

PrivSec-F1: Compliance Toolkit

Team members:

“PrivSec-F1” is a compliance toolkit helping organizations navigate through the thicket of Information Security and Cybersecurity requirements. Around the world, data protection and security duties are increasing, most notably with the advent of new EU Data Protection Laws (“GDPR”) being enforceable May 25, 2018 onward. This toolkit will provide deliverables to users/clients in the form of an all in one stop shop for major compliance needs.

PrivSec-F1 attempts to incorporate various legal and regulatory requirements for Product Managers and CIOs/CISOs of small and mid-size businesses/startups, who often due to budget constraints, do not have in their organizational structure Cybersecurity or legal experts. We have attempted to deconstruct and highlight the intersections of the major security approaches along with policy requirements from consumer protection regulators in aspects of data security and privacy. 

The toolkit incorporates Cybersecurity requirements and "implicit-learning" derived by a detailed analysis of case literature of over 50 plus Information Security and Privacy cases brought by the Federal Trade Commission (FTC) against businesses. Furthermore, by utilizing the “PrivSec-F1 Mapping Matrix” users/clients can select appropriate controls/processes and cornerstones while avoiding “silos” and “lock-ins” from a single path dependency. The matrix incorporates the requirements from leading industry standard frameworks such as Cloud Security Alliance (CSA) requirements, International Organization for Standardization (ISO), and National Institute of Standards and Technology (NIST). 

Additionally, due to the impending deadline for GDPR compliance, the toolkit has a separate GDPR based framework which can be utilized to perform the last minute check of compliance with the regulations.

Last updated:

May 3, 2018