About Rebecca Herold

Rebecca Herold, CISSP, CIPP, CISA, CISM, FLMI
Author, Instructor, and Independent Information Privacy, Security and Compliance Consultant

Information Shield is please to have Rebecca Herold as a contributing consultant. Rebecca Herold is an independent information privacy, security and compliance consultant, author and instructor. Rebecca has over 15 years of privacy, education and information security experience, assists organizations of all sizes with their information privacy, security and regulatory compliance programs. Rebecca was selected as one of the top 59 most influential security experts of 2007 by ITSecurity.com and among the Top 25 Privacy Advisors by Computerworld. She specializes in risk assessment, gap analysis, policy content development, awareness training, strategy development and implementation. Rebecca has a B.S. in Math and Computer Science and an M.A. in Computer Science and Education.

Rebecca is a Certified Information Systems Security Professional (CISSP), a Certified Information Privacy Professional (CIPP), a Certified Information Systems Auditor (CISA), a Certified Information Systems Manager (CISM), and a Fellow of the Life Management Institute (FLMI). Rebecca has been a member of the Information Systems Audit and Control Association (ISACA) since 1990 and has held all board positions throughout her membership in the Iowa chapter. Rebecca is a charter member of the Iowa Infragard chapter that was formed in 2000, and a member of the International Association of Privacy Professionals (IAPP). Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group which was awarded the CSI Outstanding Security Program of the Year Award in 1997.

Rebecca is frequently interviewed and quoted in diverse publications such as Consumer Financial Services Law Report, hcPro Briefings on HIPAA, SC Magazine, SearchSecurity, Information Security, Business 2.0, Disaster Resource Guide, The Boston Herald, Pharmaceutical Formulation and Quality, IT Business Edge, Fortifying Network Security, IT Architect, CIO Strategy Center, Physicians Weekly, IEEE's Intelligent Systems, Cutter IT Journal and others, including the "Privacy Piracy" California radio broadcast.

Prior to owning her own business, Rebecca served in key privacy and security roles at several companies. Recently, she was Vice President, Privacy Services and Chief Privacy Officer at DelCreo, Inc. where she created information security and privacy policies, standards and procedures for multiple Fortune 500 organizations. There she developed her Privacy Impact Analysis (PIA) method used by companies to determine gaps in their privacy policies.

Prior to DelCreo, Rebecca was Chief Privacy Officer and Senior Security Architect for QinetiQ Trusted Information Management, Inc. (Q-TIM). Prior to joining Q -TIM, Rebecca was the Global Security Practice Central Region Security Subject Matter Expert for 2 years at Netigy (which became ThruPoint in September 2001). There she performed financial security and privacy regulatory requirements policies gap analysis and risk assessment for banks and mortgage clients. Prior to joining Netigy, Rebecca was Senior Systems Security Consultant at Principal Financial Group (PFG). While at PFG, Rebecca developed their corporate anti-virus strategy including a risk identification and mitigation process. She also created the information protection awareness and training strategy, framework and program aligned to business objectives.

Rebecca authored The Privacy Papers (Auerbach) in 2001, co-authored The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach) in 2003, Managing an Information Security and Privacy Awareness and Training Program (Auerbach) in 2005, the Privacy Management Toolkit for Information Shield in 2006, and most recently Protecting Information for Information Shield in 2007. Rebecca has also authored chapters for several books. Some of them include:

The Worldwide State of Privacy Laws, 2004 Disaster Resource Guide, Disaster Resource Guide, April 2004.
Training Your Employees to Identify Potential Fraud and How to Encourage Them to Come Forward, Guide to Establishing Corporate Accountability, Institutional Investor; 2004.
Law, Investigations and Ethics Domain; The Total CISSP Exam Prep Book; Auerbach Publishers; July 2002
Information Protection: Organization, Roles and Separation of Duties; Information Security Management Handbook 4th Edition Volume IV; Auerbach Publishers, Dec, 2002
HIPAA Privacy in the Health Care Industry, Health Care Information Systems Handbook; Auerbach Publishers, Dec, 2002

Rebecca has also authored dozens of articles that, along with the books and chapters, provide assistance and guidance to information security and privacy risk and compliance professionals to help them develop a systematic, analytical, and continuous information security and privacy risk management process. She has been writing a monthly information privacy column for the CSI Alert newsletter since 2001 and contributes articles to other publications regularly. Some of the dozens of articles Rebecca has authored on privacy, security and compliance include:

A Knockout to Business? The Impact of Privacy on Business; Computer Security Alert, Computer Security Institute; September 2004
The Privacy and Security Funding Treasure Hunt; Computer Security Alert, Computer Security Institute; August 2004
Privacy History: Digging Privacy Dirt...Going Beyond the Topsoil; Computer Security Alert, Computer Security Institute; July 2004
Privacy Smoke: Transborder Data Flow; Computer Security Alert, Computer Security Institute; June 2004
Bizarro Privacy; Computer Security Alert, Computer Security Institute; May 2004
Omniscient Oversight: Employee Privacy; Computer Security Alert, Computer Security Institute; April 2004
The Eyes Have It: Camera Cellphone Privacy and Security Issues; Computer Security Alert, Computer Security Institute; March 2004
Compliance Motivation: The Information Security Diet; Computer Security Alert, Computer Security Institute; February 2004
Social Security Numbers Revisited: Laws and Regulatory Requirements; Computer Security Alert, Computer Security Institute; January 2004
Let's Get Personal: What Is Personal Information? Computer Security Alert, Computer Security Institute; December 2003
Herding Grasshoppers: Regulatory Awareness Requirements; Computer Security Alert, Computer Security Institute; November 2003
Can You Program Privacy?; Computer Security Alert, Computer Security Institute; October 2003
Privacy Implementation Gap; Computer Security Alert, Computer Security Institute; September 2003
Privacy Paradox; Computer Security Alert, Computer Security Institute; August, 2003
California S.B. 1386; Computer Security Alert, Computer Security Institute; July 2003
Information Protection: Organization, Roles and Separation of Duties; Knowledgeleader.com; July 14, 2003
Lawful Intercept Control; Computer Security Alert, Computer Security Institute; June 2003
PET Peeves: Technology Threats to Privacy; Computer Security Alert, Computer Security Institute; May 2003
The Virtual Varied Industries Building: How to Keep Spam on the Plate and Out of Your Marketing Email; Computer Security Alert, Computer Security Institute; April 2003
Addressing Legislative Compliance Within Business Continuity Plans; Auerbach 2003
The HIPAA Ogre; Computer Security Alert, Computer Security Institute; March 2003
Records Retention and Security Regulations…Think About It!; Data Security Management, Auerbach, June 2003
So Do You Need A Web Site Privacy Policy?; Computer Security Alert, Computer Security Institute; February 2003
Has the Homeland Security Act Torpedoed Your Privacy Policies?; Computer Security Alert, Computer Security Institute; January 2003
Privacy Rights and Law Enforcement Requests; Computer Security Alert, Computer Security Institute; December 2002
Are You Privacy Savvy? Determining Your Organization's Privacy Practices Grade; Computer Security Alert, Computer Security Institute; November 2002
Does the New California Privacy Law Affect Your Business?; Privacy Journal, published by Robert Ellis Smith; November 2002
Does COPPA Apply to Your Business?; Computer Security Alert, Computer Security Institute; October 2002
Does the New California Privacy Law Affect Your Business?; Computer Security Alert, Computer Security Institute; September 2002
Chief Privacy Officer: Roles and Responsibilities; Computer Security Alert, Computer Security Institute; August 2002
What is the Difference Between Security and Privacy?; Computer Security Alert, Computer Security Institute; July 2002
Email & Privacy…A Hodge Podge of Issues; Computer Security Alert, Computer Security Institute; June 2002
European Union (EU) Data Protection Directive FAQ; Computer Security Alert, Computer Security Institute; May 2002
Ethical Computing Behavior Within Your Organization; Data Security Management; Auerbach Publications; 2002.
Interview: What's the Role of Insurance in Cyber Security?; Computer Security Alert, Computer Security Institute; December 2001
PC Security; Computer Security Alert; Computer Security Institute; August, 2001
Tips on Wireless Security; Computer Security Alert; Computer Security Institute; July, 2001
How to Secure Remote Control Access; Computer Security Alert; Computer Security Institute; February, 2001
Modem Management and Security; Data Security Management; Auerbach Publications; August, 2000
How to Develop and Communicate Company Privacy Policies; Computer Security Journal; Computer Security Institute; Spring, 2000
CSI Roundtable on Outsourcing: Managing Related Security Risks; Computer Security Journal; Computer Security Institute; Summer 1999
Extranet Audit and Security; Computer Security Journal; Computer Security Institute; Winter, 1998
Who's On the Company Network?; Security Management; American Society for Industrial Security; June, 1998
Intranet Security Roundtable Discussion; Computer Security Alert; (co-authored with Slemo Warrigon) Computer Security Institute; 1997

For more information, Rebecca can be reached at:
email: rebeccaherold@rebeccaherold.com
Phone: 1.515.491.1564