BiZZdesign Blog

Education and inspiration for business transformation

 
 
8 Steps Enterprise Architects Can Take to Deal with GDPR

posted by Marc Lankhorst on Jan 31, 2017

In my previous blog post, I described the new EU General Data Protection Regulation (GDPR) that will go into effect in May 2018, and I outlined its profound effects on organizations, not just in Europe but around the globe. This regulation, and related EU Directives such as the ePrivacy Directive and the Network and Information System Security (NIS) Directive, force organizations to rethink how they deal with personal, privacy-sensitive data. In this blog, I want to address the steps you can take as an architect to help your organization comply with these regulations.




7 Things Every Enterprise Architect Needs to Know About the GDPR

posted by Marc Lankhorst on Dec 20, 2016

The General Data Protection Regulation (GDPR) is a stringent EU Regulation on privacy protection, which will go into effect in May 2018. Enterprise architects can play an important role in helping their organization be GDPR-compliant. Are you aware of the impact of the GDPR on your organization?




Information Security in the Boardroom

posted by Remco Blom on Jul 24, 2015

After a recent presentation on “Security is not an IT problem”, which investigated the lacking relations between policies and measures within many organizations, we decided to have a World Cafe to discuss surrounding topics further. We separated the discussion into four topics, and had a debate on each one. In my previous blog in this series, I wrote about the 7 worst practices in Information Security. In this blog, I will present the outcomes of the discussion on Information Security in the Boardroom. Feel free to share your thoughts with us in the comments section below.




Information Security: 7 Worst Practices

posted by Remco Blom on Jul 2, 2015

Sharing knowledge and good practices is one of the core values of BiZZdesign. We regularly organize and contribute to online and offline seminars, conferences and round tables. After presentations on “Security is not an IT problem”, which discussed the lacking relations between security policies and measures in many organizations, we continued the debate in the form of a World Café. My last blog post was about building awareness around Information Security. In this blog post, I want to 7 seven worst practices we learned from the participants of our seminar. Please share your best and worst practices in the comments section below. 




Information Security: What Really Works to Build Awareness

posted by Remco Blom on Jun 19, 2015

One of our core values at BiZZdesign is sharing knowledge and best practices. That's why we regularly organize and contribute to online and offline seminars, conferences, and round tables. After a presentation entitled "Security is not an IT problem", which illustrated the often lacking connection between policies and measures within organizations, we decided to have a World Cafe to discuss a number of topics surrounding this. The last blog post in the series tackled the question of how to communicate about information security. In this blog post, I will present the outcome of a debate on what really works to build information security awareness? Feel free to share your thoughts in the comment section below.




Information Security: 7 Communication Tips to Involve Your Business

posted by Remco Blom on May 22, 2015

Earlier this month, I wrote the first blog post in a series based on a World Cafe discussion we had around the lacking relations between policies and measures in many organizations. The discussion took place in the form of 4 debate rounds. In the previous blog post, I presented Information Security as a necessity of life. There is no doubt that Information Security is a very important topic for most organizations, but during the debate, many participants were uncertain as to whether, and how to communicate to the rest of the company about it. In this blog post, I will present the conclusions of this discussion.




Information Security: A Necessity of Life

posted by Remco Blom on May 12, 2015

One of our core values at BiZZdesign is sharing knowledge and best practices. We regularly organize and contribute to online and offline seminars, conferences, and round tables. After a recent presentation entitled "Security is not an IT problem", which illustrated the often lacking connection between policies and measures within organizations, we decided to have a World Cafe. In this blog post, I will present the findings of one of the debates we had, based around the importance of Information Security. Feel free to check out my last post in this series: From Security Architecture to a Secure Architecture.




From Security Architecture to a Secure Architecture

posted by Remco Blom on May 1, 2015

Sharing knowledge and good practices is one of our core values at BiZZdesign. We regularly organize and contribute to online and offline seminars, conferences and round table sessions. After one such presentation entitled “Security is not an IT problem”, we organized a World Café to discuss the related topics. Please share your good and worst practices by reacting to this blog.




Data governance gone bad… and how to get it right!

posted by Tim Vehof & Matthijs Scholten on Nov 6, 2014

Earlier this week, a large Dutch insurance company got itself into the national headlines after mixing up sensitive customer data. By mistake,  over 2,500 participants in a large-scale medical research received an e-mail with information that was intended for other participants.

“In creating and handling the data, we made a mistake. This way we accidentally coupled the wrong information to the e-mail addresses of the research participants”. According to the insurance company, this was a “human error’’, and not an error in the organization’s system, which was tested extensively.




Enterprise Risk Management Approach

posted by Rob Kroese on Jul 29, 2014

In a previous blog post, Marc Lankhorst discussed the value of EA in managing risk, compliance and security in the enterprise. He suggested a number of steps to take next; two of these steps are discussed in more detail in this blog: