Has your organization reviewed its privacy practices in the past year? Are you prepared for that next disaster? Can you respond on a timely and reliable basis in the event of a major security incident or worse when disaster strikes?

Some leading resources to help you become better “prepared”.

Have another great week.

1. Privacy Compliance: A Guide for Organizations & Assurance Practitioners

Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) creates an enforceable right to privacy with respect to the collection, use and disclosure of personal information by private sector organizations. To ensure compliance with the information privacy requirements of the PIPEDA and any corresponding provincial legislation, businesses must establish a privacy compliance regime. This Guide will assist organizations in developing appropriate personal information privacy systems. http://www.cica.ca/1/0/0/9/index1.shtml

2. OPERATIONAL EXCELLENCE: Linking Your Business, Compliance, Operations and Security. In the Prescriptive Guide to Achieving Operational Excellence, Tripwire brought together industry experts in, operations, IT audit, information security, payment card industry standard and compliance—combining their expertise with Tripwire’s experience to help you meet these pervasive challenges. The Guide begins with a perspective on the value of creating a culture of effective change management and concludes with a retrospect on the compliance decade. http://www.tripwire.com/files/guide/prescriptive_guide.pdf

3. Preparing For A Disaster: Determining the Essential Functions That Should Be Up First.
How do you determine those services and functions that should be up first when a disaster strikes? A Business Impact Analysis (BIA) will verify the critical functions/processes (and their related dependencies) that are essential for your business to continue operating. The BIA will also discover vulnerabilities, present a risk mitigation strategy and determine financial loss over time along with the cost to recover. www.sans.org/reading_room/whitepapers/recovery/1658.php

4. Computer security incident response team (CSIRT) development
Organizations must respond quickly and effectively to computer security incidents. Timely and effective response can limit damage and lessen recovery costs. Establishing a computer security incident response team (CSIRT) is a great way to provide this rapid response capability and help prevent future incidents. http://www.cert.org/csirts/

5. Interactive Data - Building XBRL into Accounting Information Systems
The purpose of this study is to explore the implementation and business process implications of tagging XBRL at different levels in an organization’s information infrastructure. http://www.cica.ca/index.cfm/ci_id/27401/la_id/1.htm

6. Governing for Enterprise Security: An Implementation Guide

http://www.cert.org/archive/pdf/ISACAWinnipegNov07GESAllen.pdf