Tuesday, April 16, 2024
HomeAvePoint BlogAddressing the Complete Risk Lifecycle at the Global Privacy Summit 2015 #PrivacySummit

Addressing the Complete Risk Lifecycle at the Global Privacy Summit 2015 #PrivacySummit

Greetings from the halls of the International Association of Privacy Professionals (IAPP) Global Privacy Summit 2015! For the next three days, members of the privacy community from around the world have gathered here in Washington, DC, to engage in discussions and learning about the hot topics of privacy and information security. AvePoint is a proud Gold Sponsor of this year’s event and you can find us at booth 209 in the exhibit hall throughout.

If you’re in DC for the event, be sure to stop by to learn more about the following data privacy and compliance initiatives we’ll be sharing.

Introducing the AvePoint Risk Intelligence System (ARIS)

Today we unveiled the AvePoint Risk Intelligence System (ARIS), which allows organizations to address the complete lifecycle of risk across the enterprise. Leveraging the templates and question banks created for the AvePoint Privacy Impact Assessment (APIA) system – used by more than 2,000 practitioners today to evaluate, assess, and report on IT system privacy implications – ARIS extends risk identification to provide meaningful action to assessments, including quantifying, lowering, and monitoring instances.

With ARIS, organizations will be able to address risk through the following functions:

  • Assess: Based upon the organization’s industry and geography, take inventory of sensitive information to learn specific compliance best practices to put in place. Derive answers from the privacy assessments created with APIA and identify where risk may live within an organization.
  • Validate: Prove how closely aligned the organization is with industry regulations and privacy impact assessments. Automatically pull reports to better understand where risk lives and quantify its impact to the business.
  • Control: Learn best practices for controlling risk and create checklists to guide IT to the right solutions. Protect sensitive information with controls for security, geography, retention, and classification – reducing risk across the enterprise.
  • Report: Provide executive reports on Key Performance Indicators (KPIs) or Key Control Indicators (KCIs) to highlight areas in the business that need to be addressed to reduce risk, or report on progress made throughout the lifecycle.

To learn more about ARIS, please visit our website.

See What’s New with AvePoint Compliance Guardian

AvePoint Compliance Guardian is our full Data Loss Prevention (DLP) and Governance, Risk, and Compliance (GRC) platform designed to help you safeguard your most sensitive information across information gateways. Throughout the Global Privacy Summit, we’ll be highlighting Compliance Guardian’s latest DLP capabilities, including:

  • Data Leakage Detection: Centrally monitor the status associated with any incident and its associated risk levels to ensure critical violations are prioritized according to business needs. With trend reports and detailed historical analysis, organizations can track and manage incidents more efficiently to drive a successful risk management lifecycle.
  • Data at Rest: Discover dark data wherever it lives in an IT environment through extensible APIs. Compliance Guardian data repository scans are currently available out-of-the-box for file shares, databases, Web sites, Web applications, Web-based systems, Microsoft SharePoint, cloud, and social platforms – including Microsoft Lync and Yammer.
  • Data Identification: Protect regulated and sensitive data from harmful leaks or misuse with scheduled and real-time, context-aware reporting and classification. This includes Fingerprinting, Compliance Guardian’s latest check type, which allows administrators to use file patterns as test criteria in order to identify files that are identical or similar.

For more on Compliance Guardian, be sure to visit our product page!

AvePoint-led Session

At 10 a.m. Eastern Time (ET) on Friday, March 6, 2015, I’m looking forward to leading the session, “Getting to Yes: Privacy & Security by Design”. Throughout this interactive presentation, I will provide best practices and tips that allow IT and the business to implement effective privacy initiatives and make key technology decisions that enable secure information systems and environments. Attendees of the session are eligible to receive Continuing Privacy Education CPE credit.

If you’re in DC for the event, be sure to stop by booth 209! We’d love to talk about your organization’s privacy initiatives and share ways we can help. Keep an eye on this space in the coming days for more insights directly from the Global Privacy Summit.

Dana S.
Dana S.
Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint. She is responsible for AvePoint’s privacy, data protection, and security programs. She manages a global team of subject matter experts that provide executive level consulting, research, and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts, and solutions for risk management and compliance. Ms. Simberkoff is responsible for maintaining relationships with executive management and multiple constituencies both internal and external to the corporation, providing guidance on product direction, technology enhancements, customer challenges, and market opportunities. Ms. Simberkoff has led speaking sessions at data privacy and security events around the globe. She was featured in Forbes, writes a monthly column for CMSWire, and was highlighted in the CSO Online list of “12 Amazing Women in Security”. She is a current member of the Women Leading Privacy Advisory Board and a past member of the Education Advisory Board for the International Association of Privacy Professionals (IAPP). Ms. Simberkoff holds a BA from Dartmouth College and a JD from Suffolk University Law School. LinkedIn: www.linkedin.com/in/danalouisesimberkoff/en Twitter: http://www.twitter.com/danalouise


  1. My only concern about automated risk management like this is that it may give organizations a false sense of security, giving them further reasons to avoid spending the money on proper pen testing and other traditionally skipped, badly needed security measures.

    • Greg-thank you for your comment-to be clear-I do not think that technology will EVER replace the need for people, processes and training. Its only one of several steps of an overall compliance program. ARIS very much depends on the questions, answers and controls that are implemented-and it would work along side of other tools and techniques such as pen testing. I very much support a layered approach to security that includes multiple measures of proactive and defensive controls! There is no system that is 100% secure, so you need to prevent as much as you can and then be able to react quickly if and when something bad does happen!

  2. Is there a copy of the presentation posted anywhere? I’d love to share this with my clients!

  3. Does anyone know if ARIS offers encryption or a similar feature on emails: content and attachments?


Please enter your comment!
Please enter your name here

More Stories