The purpose of this post is to lay out the endpoint of a series of posts and videos that will provide a baseline for future discussions regarding governance, AI, privacy, cyber, SEC issues, as well as a variety of other issues.
We start with the line of communication concept.
We then need to understand the implications of that line of communication, including the national security concerns.
Understanding the issues related to the use of data, including that they go beyond privacy is also a critical concept.
Thinking through who the key data stakeholders are is important as we think about data sustainability.
Nested governance is the next concept we must understand, which includes an understanding of core corporate principles, what governance actually is, the difference between oversight and controls, as well as other related concepts.
Making the distinction between risk and root cause is also important up front.
Similarly, there is a distinction between the root cause, and the root cause of the root cause, and that becomes relevant when interacting with law enforcement.
How Incident Response, and Crisis Management generally, is thought about also is impacted by these concepts, and the workstreams for IR should be focused on addressing all risks, not just notice issues, or legal risk.
Understanding how to assess and categorize risk in a risk matrix will be one of the final concepts we discuss.