Global Information Intelligence


Global Information Intelligence provides Expert Intelligence on Critical Global Information Solutions

Critical Intelligence on Current and Emerging Global Information Trends and Solutions

Traceable GRC by Global Information Intelligence LLC


Information Security, Cyber Security and Emerging Threats Challenges:

The rapid increase in the trends on global information security and cyber security and regulatory compliance present major challenges for every use in the world to assimilate, filter, examine, analyze and digest relevant, critical and vital information for daily use and require continuous proactive counter measures.

Emerging and Latest Threats on security and Cyber Security , Best Practices and Proactive Intelligence , and Self-Paced for all employees - All Public, Private, Federal, State, Local and Academic and Industry

All Security: All IT, Enterprise, Infrastructure, Cyber Security, etc.

Critical Information and Cyber Security: All Information Security, Enterprise, Infrastructure, Architecture, Application, Web, Data Cloud, Big Data, Private-Public, Cyber Security, etc.

All Data Sets, IT, Financial, Banks, Health Datasets. Electronic Medical Records, Decision Sciences and Data Protection and Privacy, Business, Financial, Insurance, Legal, Engineering, Public Policy, Global Population, Economics, Government, Academic and Industry, Public and Private Sectors

Traceable GRC - Global Information Intelligence LLC

What is Effective and Traceable Governance, Risk and Compliance:

EFFECTIVE AND TRACEABLE GRC?

EFFECTIVE AND TRACEABLE GRC provides a strategic and effective means of managing all risks of an organization. Effective and Traceable GRC is not a mere software solution implementation, which still requires data acquisition of actual traceable documentation of Effective and Traceable GRC controls. The traceable and effective governance provides a framework of consistent and traceable controls for all Enterprise IT, Data, Applications and Systems. The Governance controls provide comprehensive compensating controls for mitigation of all Risks and at the same time meet all Compliance requirements for the future for ALL Global and Regional Standards, Regulations, Laws and Frameworks: All Global Standards, Regulations and Frameworks including ISO, NIST, PCI, HIPAA, SOX, ITIL, GLBA, Privacy, Data Protection and Privacy, COBIT, COSO, IEEE, IEC, Safe Harbor; EU-US, Asia-Pacific, Latin America: All Regional and Global Regulations and Standards, etc. See Compliance References Below ISO 27001-27002; ISO 27003 – 270058, OMB and NIST, etc.

Once the EFFECTIVE AND TRACEABLE GRC controls have been designed, developed, mapped, documented and implemented, the result includes

Effective Security Operations and Compliance with ALL Requirements of Regulations, Standards and Laws by simple incremental controls using Strategic Cost and Time Saving Multi-Mapping of effective operating controls.

Furthermore, auditors will have little or no issues during audit each year.

Moreover, EFFECTIVE AND TRACEABLE GRC enables effective incremental changes to the set of controls of the organization.


Why is EFFECTIVE AND TRACEABLE GRC Important?

  • Provides Effective and Traceable GRC for all IT, Security and Compliance Controls for Federal, State and Local Regulations
  • Effective, Efficient and Cost-Effective controls each year are streamlined to existing controls for effective traceability in sequence


EFFECTIVE AND TRACEABLE GRC enables an organization to perform the following effectively and efficiently including

  • All IT, Security, Compliance Controls: Infrastructures, Data Protection and Privacy, etc.
  • EFFECTIVE AND TRACEABLE GRC has the great benefit of impacting all areas of IT, Security and Compliance:
  • Data Protection, Enterprise Networks, Databases, Applications, Master Data Management (MDM) and Service Oriented Architecture (SOA)
  • Cloud Computing: Software As a Service (SAAS), Platform As a Service (PAAS), Infrastructure As a Service (IAAS)
  • Data Loss Prevention Data Leak Protection (DLP), etc.
  • Documentation ID Reference No (DIN)

Major Benefits of EFFECTIVE AND TRACEABLE GRC

EFFECTIVE AND TRACEABLE GRC enables effective and traceable controls to be implemented by an organization and remediation of critical gaps so that they do not re-occur every year, including the following:

  • Provides a strategic and effective means of managing all risks of an organization.
  • Provides a consistent framework of consistent and traceable controls for all IT, Data and Applications and Systems
  • Provides easily modifiable and traceable controls for all IT, Data, Applications and Systems
  • Provides compensating controls for mitigation of all Risks
  • Provides controls for simultaneously meeting all Regulatory Compliance requirements for the future
  • Once the EFFECTIVE AND TRACEABLE GRC controls have been developed, documented and implemented, auditors will have little or no issues during audit each year
  • Easier to design organization’s own test plans without auditors asking for too many unnecessary documentation
  • Provides efficient and easy controls testing for each audit cycle
  • Enables easy incremental changes in controls and test plans prior to auditors arrival
  • Documentary Evidence for all auditing of compliance regulations
  • Effective remediation and solving of all gaps for effective operating Enables implementation of all IT, security and compliance controls for changes to organization’s environment
  • Furthermore, EFFECTIVE AND TRACEABLE GRC enables effective incremental changes to the set of controls of the organization. The changes in a given year are streamlined to existing controls for effective traceability in sequence as follows:


What will happen if EFFECTIVE AND TRACEABLE GRC is not implemented?

Absence of EFFECTIVE AND TRACEABLE GRC results in ineffective and non-traceable controls for implementation by an organization including the following:

  • Repeatable gaps so that they do re-occur every year
  • No strategic and effective means of managing all risks of an organization.
  • No consistent traceable controls for all IT, Data, Applications and Systems
  • Difficulty in modifications of controls
  • Non-traceable controls for all IT, Data and Applications and Systems.
  • No compensating controls for mitigation of all Risks
  • No effective controls for simultaneously meeting all Regulatory Compliance requirements for the future.
  • Repeatable issues and gaps from auditors during audit each year.
  • Difficulty in designing organization’s own test plans without auditors asking for too many unnecessary documentation
  • Inefficiency and problems in controls testing for each audit cycle
  • Inefficient incremental changes in controls and test plans prior to auditors arrival
  • No Documentary Evidence for all auditing of compliance regulations
  • No Effective remediation and solving of all gaps for effective operating controls
  • Ineffective implementation of all IT, security and compliance controls for changes to organization’s environment
  • No effective incremental changes to the set of controls of the organization
  • No effective streamlining of existing controls for effective traceability in sequence

EFFECTIVE AND TRACEABLE GRC References:

Documentary Evidence and Remediation: Documentation of Effective Operating Controls for Auditors –> Effective Operating Controls and Final Eradication of all gaps for Federal Regulatory Compliance for all successive years for All Global Standards, Regulations and Frameworks including ISO, NIST, PCI, HIPAA, SOX, ITIL, GLBA, Privacy, Data Protection and Privacy, COBIT, COSO, IEEE, IEC, Safe Harbor; EU-US, Asia-Pacific, Latin America: All Regional & Global Regulations, Standards, etc.


Summary of Significant Strategic and Effective Security IT, ISO 27001/2 to 270058, NIST 800 Series, etc.

  • ISO 27001-27002; ISO 27003 – 270058, FISMA, NIST Standards, etc.
  • Applicable Executive Orders, National Policy, FERC Policy and Public Laws, for this policy including ISO 27001-27002; ISO 27003 – 270058, OMB Circular A-130, section 8b(3), Security Agency Information Systems : FISMA, Public Law 107-347
  • Federal Information Processing Standards (FIPS) Publication (PUB) 200, Minimum Security Requirements for Federal Information and Information Systems
  • Federal Information Processing Standards Publication 197, Advance Encryption Standard (AES); OMB M-06-16, Protection of Sensitive Agency Information
  • NIST SP 800-53, Recommended Security Controls for Federal Information Systems
  • NIST SP 800-114, User’s Guide to Securing External Devices for Telework and Remote Physical and Environmental protection
  • NIST Standards: 800- Series
  • NIST 800 53, 800-57, 800-37, 800-61, 800-91, 800-100, 800-34, 800-63, etc.
  • NIST FIPS 200 Minimum Security Requirements for Federal Information and Information Systems
  • Federal Information Processing Standards (FIPS) Publication (PUB) 199, Standards for Security Categorization of Federal Information and Information Systems
  • NIST Cyber Security Framework 2013, 2017, etc.
  • ISO 27001/2 Information Security Standards: 2005, 2008, 2013, ISO 27001-27058, etc.
  • HIPAA/HITECH, PHI, ePHI, PII, BAA, EMR, 1996, 2009, 2013, 2015 Enforcement, etc.

Intelligent Information Security and Cyber Security: Dr. Emmanuel Hooper, Global information Intelligence LLC

Related NIST System and services acquisition Standards

  • NIST FIPS 200 Minimum Security Requirements for Federal Information and Information Systems
  • NIST Special Publication 800-30 Risk Management Guide for Information Technology Systems
  • NIST Special Publication 800-57 Revision 4 Recommendation for Key Management
  • NIST Special Publication 800-61 Computer Security Incident Handling Guide
  • NIST Special Publication 800-63-3 Digital Identity Guidelines
  • NIST Special Publication 800-66 Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
  • NIST Special Publication 800-92 Guide to Computer Security Log Management
  • NIST Special Publication 800-100 Information Security Handbook: A Guide for Managers
  • NIST SP 800-171 Rev. 1 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
  • NIST Cybersecurity Framework: 2013
  • NIST Framework for Improving Critical Infrastructure Cybersecurity, 2017
  • NIST Special Publication (SP) 800-53 Revision 4 Security and Privacy Controls for Federal Information Systems and Organizations
  • NIST Special Publication 800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
  • NIST SP 800-37 Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
  • NIST SP 800-126 Technical Guide to Information Security Testing and Assessment
  • NIST SP 800-59 Guideline for Identifying an Information System as a National Security System
  • NIST SP 800-51 Guide for Mapping Types of Information and Information Systems to Security Categories: (2 Volumes) - Volume 1: Guide Volume 2: Appendices
  • NIST SP 800-34 Incident Response Guide for Information Technology Systems SP 800-34 Rev. 1 Draft Incident Response Guide for Information Technology Systems


Major Problems, Issues, Challenges, Trends and Solutions on Global Information

Dangerous Mistakes and Assumptions about Privacy and Data Protection

Making the wrong decision in any area that affects your company’s data, assets, privacy, or the privacy of your customers and business partners can cost you money. Imagine reading the morning news and finding the name of your company in association with a privacy or data protection breach. The damage to reputation can be very costly, not to mention the costly measures that must be taken internally to reduce the risk of any repeat offence. Avoiding these dangerous mistakes and assumptions can help your organization protect private data and make intelligent decisions and provide privacy and save time and resources and funds.

Strategic Steps for Effective Compliance with Global Data Privacy and Protection Laws and Regulations

Global Organizations, Federal Government, States, Counties, Cities, Local, Industry, Public-Private Sectors

Founding Director, Consortium for Strategic Emerging Technologies-Harvard

Global Information Intelligence LLC

Contact: Global Information Intelligence LLC (Global Info Intel)

Cambridge, MA, Palo Alto, CA; Plano, TX

6860 North Dallas Parkway, Suite 200, Plano, TX 75025

Phone: 617-520-4085

Dr. Emmanuel Hooper, PhD, PhD, PhD, Harvard and Yale Alumni

President, Global Information Intelligence LLC

ehooper@globalinfointel.com

Phone: 408-250-9045

http://scholar.harvard.edu/ehooper

ehooper@post.harvard.edu

ehooper@aya.yale.edu

Visit Global Info Intel: Website: www.globalinfointel.com

See the Services on the Menu on the Left Side Navigation of this Website

All Rights Reserved, Copyright Global Information Intelligence LLC (Global Info Intel), 2000 - 2018