Are You Ready for the General Data Protection Regulation (GDPR)?

As we move closer to the enforceable compliance date of May 25, 2018 for the General Data Protection Regulation (GDPR), many organizations are asking themselves if they are on track to meet the regulation requirements. Many organizations are still unsure if the regulation even applies to them. Given the severity of potential penalties for non-compliance greater of €20 million or 4% of revenue for non-compliance with core tenets of GDPR, such as violation of data subject rights or transfers of data to unauthorized third countries), this perspective covers who GDPR applies to and the key items you should explore in your organization to ensure you are prepared. Continue reading

Formalizing an Information Security Program

Formalizing an Information Security ProgramFormalizing your information security program is a critical step to drive information security capability maturation in any organization. The intent of formalizing a program is to get clear on focus and ensure everyone is on the same page about who is doing what.

From our experience, building a great information security program starts with asking the right questions. At Avalution, we build information security programs from the top down, starting with the strategy of the business and focusing on the following five key questions:

  1. Why do we have an information security program?
  2. What are we going to protect?
  3. How are we going to achieve it?
  4. Who is responsible and accountable?
  5. What are the results going to look like?

Let’s take a closer at each. Continue reading

A Cross-Functional Approach to Hospital Preparedness

A Cross-functional Approach to Hospital PreparednessBringing Together HICS, Business Continuity, IT Disaster Recovery, and Information Security

Hospitals place high importance on delivering uninterrupted care regardless of circumstances, and, as such, invest heavily in preparedness.  Hospitals that are the most successful in achieving a high-level of preparedness typically have integration between four disciplines: Emergency Preparedness (HICS), Business Continuity, IT Disaster Recovery, and Information Security.  Building cohesion sounds fairly straightforward, but, in reality, it can be complex.  Continue reading

General Data Protection Regulation (GDPR)

General Data Protection Regulation - GDPRGeneral Data Protection Regulation (GDPR) is the most comprehensive personal data privacy regulation ever issued, and its implementation deadline in May 2018 is approaching quickly. With the potential fines accompanying noncompliance, GDPR has shifted the business world’s attention to privacy. However, since this regulation was issued by the European Union, there is a lot of uncertainty around how GDPR impacts US-based businesses. Bottom-line – if your business sells to or holds EU residents’ personal information, GDPR affects you. Continue reading

Avalution Opens European Headquarters in Dublin, Ireland

Avalution EuropeFor over 12 years, Avalution has been laser focused on business continuity and recently expanded into information security due to trends toward integrated risk management. Until recently, Avalution delivered consulting services and supported our Catalyst SaaS solution with resources based solely in the United States. We’ve become the leading provider of business continuity software and consulting in the US – working with 13% of the Fortune 100, including the largest American organizations in seven different industries.

We’ve become well-known for delivering business continuity and information security services that are connected to the strategy of the business, pragmatic, and reliably delivered.

In August, we expanded into the European Union by opening a new office located in Dublin, Ireland. Continue reading

Ransomware Changes the Game for IT Disaster Recovery

Ransomware Changes the Game for IT Disaster RecoveryImagine entering your workplace and being met with a sign instructing you NOT to turn on your desktop computers or dock your laptops until further notice. No network access; no email; no dependent application. Unfortunately, this was the actual scenario that played out for one global law firm, DLA Piper, who fell victim to the Petya cyberattack in late June. For this law firm, the loss of email services is devastating; and their email was unavailable for over one week.

The June 2017 cyberattack, known as Petya, affected major organizations throughout many industries. Global shipping conglomerate, Maersk, has estimated quarterly losses of between $200M-$300M, due to experienced interruptions. Large manufacturing facilities were brought offline for many days while working to re-establish critical systems.

Prior to Petya, in May, WannaCry spread worldwide and infected over 200,000 computers. In both cases, infected computers had their data encrypted and hidden from its owners until a ransom was paid. Continue reading

Introducing Our Information Security Practice

Introducing Avalution's Information Security PracticeFor twelve years, Avalution has been laser focused on business continuity. We’ve become the leading provider of business continuity software and consulting in the US. We work with 13% of the Fortune 100, including the largest organizations in seven different industries.

We’ve become well known for delivering business continuity services that are connected to the strategy of the business, pragmatic, and reliably delivered.

Today, we are expanding into Information Security Management.  Continue reading