J.R. Cunningham

VP, Product Management

J.R. Cunningham is an accomplished innovator and premier thinker in cyber security and risk management. As vice president of product management, Cunningham is responsible for maintaining Optiv’s industry leading advisory services offerings and developing innovative and practical solutions that solve real-world security challenges.

 

Part 2: Frameworks in Context: The Business-Aligned Information Security Program and Control Frameworks

· By J.R. Cunningham ·

In part 1 of this series, we provided insights responding to the frequent question regarding control frameworks and their place in the security strategy. During hundreds of strategy, risk and compliance engagements, we have seen that security programs (of different levels of maturity) are most successful when they participate in regular tune-ups to keep up with the business. In this installment, we will discuss the “how”—understanding the business, the role of the threat, current steps and the best way to approach the gaps, which doesn’t necessarily mean filling them.

Continue reading

Part 1: Frameworks in Context: The Business-Aligned Information Security Program and Control Frameworks

· By J.R. Cunningham ·

During hundreds of strategy, risk and compliance engagements, Optiv’s consultants often have been asked very thoughtful and deep questions about control frameworks and standards by our clients. Such topics often center on which of these frameworks and standards are most appropriate for a particular organization, which specific controls are most important, and in what order and to what depth an organization should pursue maturity with a particular set of controls. In this two-part blog series, I’d like to share some field observations on this topic gathered by Optiv’s strategy, risk and compliance teams.

Continue reading

The GDPR 90-Day Countdown is On! (No Need to Freak Out)

· By J.R. Cunningham ·

May 25, 2018 is a day that many organizations have (or should have) marked on their calendars as a game-changing moment for their business. That’s the “go-live” date for the European Union’s General Data Protection Regulation (GDPR). As I previously wrote, this truly is a groundbreaking piece of legislation that should be taken very seriously. And if you read the countless GDPR-related research reports and surveys, it’s clear that few (if any) US companies impacted by the regulation will be fully compliant in the next 90 days.

Continue reading

Want to be a Great Security Leader? You Need a Great Lawyer

· By J.R. Cunningham ·

Information security continues to evolve as a profession, and this is certainly evident in the role that legislation, privacy, third-party risk and incident management play in the daily life of the information security leader. More often, as I meet with clients to discuss security strategy and risk, security leaders are struggling with the myriad of compliance requirements, various state and national privacy laws, and their relationship with the information security program.

Continue reading

GDPR Part 3: GDPR and the Information Security Program

· By J.R. Cunningham ·

In this third and final part of the series, we’ll spend some time bringing GDPR and its various requirements back into the information security program in an effort to identify areas where GDPR compliance may become a side-effect of a business-aligned, risk-based, data-centric and threat-aware information security program.

Continue reading

GDPR Part 2: The Six Information Security Pillars

· By J.R. Cunningham ·

In this second part of the series, we will discuss Optiv’s Six Information Security Pillars for GDPR compliance. For the information security professional, these six pillars will look familiar as standard components of an effective information security program. For this discussion, however, we will be relating these components of the information security program to the various applicable components of the GDPR.

Continue reading

GDPR Part 1: A Legal, IT, or Information Security Issue?

· By J.R. Cunningham ·

The General Data Protection Regulation (GDPR) is a new regulation affecting organizations that reside in the European Union (EU) or merely transmit EU citizen data. The regulation is designed to strengthen data protection of this personal information and non-compliance comes with hefty penalties. Fines for the most serious infringements of GDPR are 20 million EUR or four percent of global revenue, whichever is greater.

Continue reading

Cyber Security Public Policy

· By J.R. Cunningham ·

Imagine a scenario where a highly motivated, trained, and well equipped enemy launched an invasion against the United States. Upon arriving at our shores, this enemy began grabbing anything of value—everything not literally fastened to the ground, and loaded these things onto a ship to take it back home. This scenario sounds far-fetched—but it’s happening every hour of every day here in the United States.

Continue reading

Leveraging Policy and Procedure to Get the Most Out of Cyber Defense Technology

· By J.R. Cunningham ·

Why Policy and Procedure is Critical to Effective Technology Countermeasure Deployment Technology countermeasures have come a long way since the dawn of information technology security. Just over a decade ago, IT security technology could be loosely categorized into endpoint and network security. With these broad categories one would have covered the vast majority of technology countermeasures

Continue reading
(9 Results)