Developments - April 2018 - 23

your organization conducts business and an
audit of potential security risks. Companies
processing credit cards, performing transactions over the Internet, developing software,
or utilizing cloud hosting providers will
need to consider several security standards.
Conducting business in certain states or
countries, or having a distributed operation
across locations with remote workers, may
subject your organization to still other
security standards. Each of these scenarios
requires different security standards to be
applied in order to maintain compliance
and reduce risk.
A good starting point to learn more about
security standards and their application
can be found from major vendors in the
areas described above. In addition, the
U.S. Department of Commerce's National
Institute of Standards and Technology
(NIST) has a section dedicated to cybersecurity, including a comprehensive
Cybersecurity Framework, which can be
thought of as a collection of best practices
for organizations of all sizes and types to
manage cybersecurity-related risk.
Helpful information is also available
directly from regulators and bodies that
maintain security standards. For example,
the FTC has free resources available
online to help businesses of any size meet
their legal obligations with respect to
data security. Similarly, resources about
contractual standards are made available
through the self-regulating bodies which
manage these standards, such as the PCI
Security Standards Council's PCI DSS Quick
Reference Guide available on its website.
Applying Security Standards
Applying security standards requires a
right-sizing approach where the standards
are tailored to your organization - including
its size and complexity, the nature and scope
of its activities, and the sensitivity of the personal information it handles. Best practices
with specific, measurable, and verifiable
requirements are the most straightforward
to implement.
In contrast, security standards with general
requirements that are open to interpretation
can be more difficult to implement. In that

instance, consideration of the level of risk
and exposure, along with the reasonableness
of the interpretation, can help right-size the
implementation of the security standard for
your particular organization. When making
this evaluation, your organization should
also consider the Return-on-Investment
(ROI) to weigh the relative costs of compliance, both in terms of financial costs and
operational impacts, against the likelihood
and severity of the risks.
Sometimes these decisions are easy, and
other times they can be "close calls" that are
complex and difficult. Do not hesitate to have
your Chief Information Officer coordinate
with outside technology consultants and
legal counsel to navigate these issues.
Focusing on these matters early-before they
become an issue-can save time, money, and
headaches further down the road.
Validating Compliance
with Security Standards
Once implemented, security standards should be audited or certified.
Implementation of general best practice
security standards can be internally audited
and confirmed for compliance.
In some cases, these standards may be
audited as part of a broader and more
formal audit or certification if done for
SOX, PCI, or other security standards.
Specific standards such as PCI may have
obligations for a level of certification
necessary based on several factors such as
company size, number of transactions, or
other similar factors. Some organizations
may be able to self-attest compliance levels,
while others may need to hire a Qualified

Security Assessor (QSA) for a formal report
and certification.
Regardless of the certification or audit
levels applicable to your organization,
consideration should be given to hiring
an independent third party. Receiving
validation from an independent third
party is another way your organization can
demonstrate compliance and reduce risk.
Conclusion
Security standards-legal and contractual
standards as well as best practices-are
central to your organization's privacy and
data security operations. They are both a
"shield" for how to protect sensitive personal
information, and a "sword" that can be used
against your organization if it fails to do so.
Understanding which standards apply to
your organization is the critical first step.
Thoughtful and right-sized implementation of these standards, coupled with
regular audits and certification, will position
your organization to meet its legal and
contractual obligations without breaking
the bank or hindering operations.
This article is the first of many editorial
contributions from the members of the
ARDA Technology Committee, which is
chaired by Suzzi Albrycht Morrison. The
goal is to create a collection of "Technology
Bytes," different types of content aimed for
audiences at various professional levels.
This collection will be both on-line and print
items, as well as Webinars, conference
sessions, etc.
Look for more from this team in 2018!

April 2018 Developments

- 23



Table of Contents for the Digital Edition of Developments - April 2018

UP FRONT
FIRST WORD
AROUND THE INDUSTRY
TRENDS
FACES FROM THE FRONTLINES
TECHNOLOGY
PARTNER SHOWCASE
RESORT OPS
WHERE GREEN DESIGN IS GOING
WHO’S THE BOSS?
FROM THE EXPERTS
FOCUS ON: REPUTATION MANAGEMENT
MEMBER MATTERS
MEMBERSHIP UPDATES
LAST WORD
Developments - April 2018 - AD
Developments - April 2018 - Cover1
Developments - April 2018 - Cover2
Developments - April 2018 - 1
Developments - April 2018 - 2
Developments - April 2018 - 3
Developments - April 2018 - 4
Developments - April 2018 - 5
Developments - April 2018 - UP FRONT
Developments - April 2018 - 7
Developments - April 2018 - FIRST WORD
Developments - April 2018 - 9
Developments - April 2018 - AROUND THE INDUSTRY
Developments - April 2018 - 11
Developments - April 2018 - 12
Developments - April 2018 - 13
Developments - April 2018 - 14
Developments - April 2018 - 15
Developments - April 2018 - 16
Developments - April 2018 - 17
Developments - April 2018 - TRENDS
Developments - April 2018 - 19
Developments - April 2018 - FACES FROM THE FRONTLINES
Developments - April 2018 - 21
Developments - April 2018 - TECHNOLOGY
Developments - April 2018 - 23
Developments - April 2018 - PARTNER SHOWCASE
Developments - April 2018 - 25
Developments - April 2018 - RESORT OPS
Developments - April 2018 - 27
Developments - April 2018 - 28
Developments - April 2018 - 29
Developments - April 2018 - WHERE GREEN DESIGN IS GOING
Developments - April 2018 - 31
Developments - April 2018 - 32
Developments - April 2018 - 33
Developments - April 2018 - WHO’S THE BOSS?
Developments - April 2018 - 35
Developments - April 2018 - FROM THE EXPERTS
Developments - April 2018 - 37
Developments - April 2018 - 38
Developments - April 2018 - 39
Developments - April 2018 - FOCUS ON: REPUTATION MANAGEMENT
Developments - April 2018 - 41
Developments - April 2018 - MEMBER MATTERS
Developments - April 2018 - 43
Developments - April 2018 - MEMBERSHIP UPDATES
Developments - April 2018 - 45
Developments - April 2018 - 46
Developments - April 2018 - 47
Developments - April 2018 - 48
Developments - April 2018 - 49
Developments - April 2018 - 50
Developments - April 2018 - 51
Developments - April 2018 - LAST WORD
Developments - April 2018 - 53
Developments - April 2018 - 54
Developments - April 2018 - 55
Developments - April 2018 - 56
Developments - April 2018 - Cover3
Developments - April 2018 - Cover4
https://www.nxtbook.com/ygsreprints/ARDA/developments-winter-2021
https://www.nxtbook.com/ygsreprints/ARDA/1120_ARDA_Nxtbook
https://www.nxtbook.com/ygsreprints/ARDA/SUM20_ARDA_Nxtbook
https://www.nxtbook.com/ygsreprints/ARDA/arda_trusteedirectory_2020
https://www.nxtbook.com/ygsreprints/ARDA/0520_ARDA_Nxtbook
https://www.nxtbook.com/ygsreprints/ARDA/0420_ARDA_Nxtbook
https://www.nxtbook.com/ygsreprints/ARDA/0220_ARDA_Nxtbook
https://www.nxtbook.com/ygsreprints/ARDA/G112065_arda_novdec2019
https://www.nxtbook.com/ygsreprints/ARDA/G398743_arda_oct2019
https://www.nxtbook.com/ygsreprints/ARDA/G110069_arda_sept2019
https://www.nxtbook.com/ygsreprints/ARDA/0919_arda_50thSup
https://www.nxtbook.com/ygsreprints/ARDA/G109015_arda_aug2019
https://www.nxtbook.com/ygsreprints/ARDA/G108120_arda_jul2019
https://www.nxtbook.com/ygsreprints/ARDA/G107369_arda_jun2019
https://www.nxtbook.com/ygsreprints/ARDA/arda_trusteedirectory_2019
https://www.nxtbook.com/ygsreprints/ARDA/G105240_arda_apr2019
https://www.nxtbook.com/ygsreprints/ARDA/G104323_arda_mar2019
https://www.nxtbook.com/ygsreprints/ARDA/G103171_arda_feb2019
https://www.nxtbook.com/ygsreprints/ARDA/G102857_arda_jan2019
https://www.nxtbook.com/ygsreprints/ARDA/G100505_arda_novdec2018
https://www.nxtbook.com/ygsreprints/ARDA/G993377_arda_oct18
https://www.nxtbook.com/ygsreprints/ARDA/G98243_arda_sept2018
https://www.nxtbook.com/ygsreprints/ARDA/G97455_arda_aug2018
https://www.nxtbook.com/ygsreprints/ARDA/G96594_arda_july2018
https://www.nxtbook.com/ygsreprints/ARDA/G93341_arda_may2018
https://www.nxtbook.com/ygsreprints/ARDA/G92771_arda_apr2018
https://www.nxtbook.com/ygsreprints/ARDA/G91395_arda_mar2018
https://www.nxtbook.com/ygsreprints/ARDA/G90172_arda_feb2018
https://www.nxtbook.com/ygsreprints/ARDA/G88761_arda_jan2018
https://www.nxtbook.com/ygsreprints/ARDA/G85176_arda_novdec2017
https://www.nxtbook.com/ygsreprints/ARDA/G83609_arda_october2017
https://www.nxtbook.com/ygsreprints/ARDA/G81545_arda_september2017
https://www.nxtbook.com/ygsreprints/ARDA/G80017_arda_august2017
https://www.nxtbook.com/ygsreprints/ARDA/G79156_arda_july2017
https://www.nxtbook.com/ygsreprints/ARDA/G77028_arda_june2017
https://www.nxtbook.com/ygsreprints/ARDA/G74802_arda_aprmay2017
https://www.nxtbook.com/ygsreprints/ARDA/G73958_arda_mar2017
https://www.nxtbook.com/ygsreprints/ARDA/minidigest2017_interval
https://www.nxtbook.com/ygsreprints/ARDA/minidigest2017_rci
https://www.nxtbook.com/ygsreprints/ARDA/G72702_arda_feb2017
https://www.nxtbook.com/ygsreprints/ARDA/G70973_arda_jan2017
https://www.nxtbook.com/ygsreprints/ARDA/arda_NovDec2016
https://www.nxtbook.com/ygsreprints/ARDA/G66901_October2016
https://www.nxtbook.com/ygsreprints/ARDA/G66137_September2016
https://www.nxtbook.com/ygsreprints/ARDA/g64853_august2016
https://www.nxtbook.com/ygsreprints/ARDA/g63556_arda_july16
https://www.nxtbook.com/ygsreprints/ARDA/arda_may16
https://www.nxtbook.com/ygsreprints/ARDA/arda_april16
https://www.nxtbook.com/ygsreprints/ARDA/arda_march16
https://www.nxtbook.com/ygsreprints/ARDA/minidigest2016_interval
https://www.nxtbook.com/ygsreprints/ARDA/minidigest2016_rci
https://www.nxtbook.com/ygsreprints/ARDA/arda_feb16
https://www.nxtbook.com/ygsreprints/ARDA/g56444_arda_0116
https://www.nxtbook.com/ygsreprints/ARDA/g55471_arda_1115
https://www.nxtbook.com/ygsreprints/ARDA/g54352_arda_1015
https://www.nxtbook.com/ygsreprints/ARDA/g53078_arda_0915
https://www.nxtbook.com/ygsreprints/ARDA/g52346_arda_aug15
https://www.nxtbook.com/ygsreprints/ARDA/g51820_arda_july2015
https://www.nxtbook.com/ygsreprints/ARDA/g50568_arda_june2015
https://www.nxtbook.com/ygsreprints/ARDA/g48582_arda_aprmay2015
https://www.nxtbook.com/ygsreprints/ARDA/g48198_arda_mar2015
https://www.nxtbook.com/ygsreprints/ARDA/ARDA/arda_minidigest15
https://www.nxtbook.com/ygsreprints/ARDA/ARDA/arda_minidigest15_rci
https://www.nxtbook.com/ygsreprints/ARDA/arda_minidigest15_interval
https://www.nxtbook.com/ygsreprints/ARDA/g47739_arda_feb2015
https://www.nxtbook.com/ygsreprints/ARDA/g47155_arda_jan2015
https://www.nxtbook.com/ygsreprints/ARDA/g45549_arda_nov14
https://www.nxtbook.com/ygsreprints/ARDA/g44747_arda_oct2014
https://www.nxtbook.com/ygsreprints/ARDA/g44047_arda_sept2014
https://www.nxtbook.com/ygsreprints/ARDA/g43314arda_aug2014
https://www.nxtbook.com/ygsreprints/ARDA/g42697_arda_july2014
https://www.nxtbook.com/ygsreprints/ARDA/g42010_arda_jun2014
https://www.nxtbook.com/ygsreprints/ARDA/g40308_arda_aprmay2014
https://www.nxtbook.com/ygsreprints/ARDA/g39858_arda_mar2014
https://www.nxtbook.com/ygsreprints/ARDA/arda_minidigest_interval14
https://www.nxtbook.com/ygsreprints/ARDA/arda_minidigest_rci14
https://www.nxtbook.com/ygsreprints/ARDA/g39339_arda_feb2014
https://www.nxtbook.com/ygsreprints/ARDA/g38847_arda_jan2014
https://www.nxtbook.com/ygsreprints/ARDA/g37182_arda_novdec2013
https://www.nxtbook.com/ygsreprints/ARDA/g36850_arda_oct2013
https://www.nxtbook.com/ygsreprints/ARDA/g36032_arda_sep2013
https://www.nxtbook.com/ygsreprints/ARDA/g35644_arda_aug2013
https://www.nxtbook.com/ygsreprints/ARDA/g34942_arda_jul2013
https://www.nxtbook.com/ygsreprints/ARDA/g34203_arda_jun2013
https://www.nxtbook.com/ygsreprints/ARDA/g32965_arda_developments-aprmay2013
https://www.nxtbook.com/ygsreprints/ARDA/g32413_arda_mar2013
https://www.nxtbook.com/ygsreprints/ygs/arda_minidigest
https://www.nxtbook.com/ygsreprints/ygs/arda_minidigest_rci
https://www.nxtbook.com/ygsreprints/ygs/arda_minidigest_interval
https://www.nxtbook.com/ygsreprints/ygs/g31739_arda_feb13
https://www.nxtbook.com/ygsreprints/ygs/g31264_arda_developments_jan2013
https://www.nxtbook.com/ygsreprints/ygs/g29933_arda_developments_novdec2012
https://www.nxtbook.com/ygsreprints/ygs/g29207_arda_developments-oct2012
https://www.nxtbook.com/ygsreprints/ygs/g28427_arda_developments_sept2012
https://www.nxtbook.com/ygsreprints/ygs/g27671_arda_developments_aug2012
https://www.nxtbook.com/ygsreprints/ygs/7091_arda_developmentsjuly2012
https://www.nxtbook.com/ygsreprints/ygs/g26491_arda_june12
https://www.nxtbook.com/ygsreprints/ygs/g24897_arda_dev_aprilmay12
https://www.nxtbook.com/ygsreprints/ygs/g24629arda_dev_march2012
https://www.nxtbook.com/ygsreprints/ygs/g24005arda_dev_feb12
https://www.nxtbook.com/ygsreprints/ygs/g23471_dev_jan12
https://www.nxtbook.com/ygsreprints/ygs/g22146_arda_novdec11
https://www.nxtbook.com/ygsreprints/ygs/g21696ardaoct11
https://www.nxtbook.com/ygsreprints/ygs/arda_sept11_nxtbk
https://www.nxtbook.com/ygsreprints/ygs/g20778_arda_august2011
https://www.nxtbook.com/ygsreprints/ygs/g20046arda_nxtbook
https://www.nxtbook.com/ygsreprints/ygs/g20045arda_nxtbk
https://www.nxtbook.com/ygsreprints/ygs/G18220_ARDA_aprmay11
https://www.nxtbook.com/ygsreprints/ygs/g18768_arda_march2011
https://www.nxtbook.com/ygsreprints/ygs/g18289arda_feb11
https://www.nxtbook.com/ygsreprints/ygs/g17975_arda_jan11
https://www.nxtbook.com/ygsreprints/ygs/g16746arda_novdec10
https://www.nxtbook.com/ygsreprints/ygs/ARDA/arda_flashadcompilation
https://www.nxtbook.com/ygsreprints/ygs/p16572_arda_2011mediakit
https://www.nxtbook.com/ygsreprints/ygs/g16282arda_oct10
https://www.nxtbook.com/ygsreprints/ygs/g15671_arda_sep10
https://www.nxtbook.com/ygsreprints/ygs/g15375_arda_aug2010a
https://www.nxtbook.com/ygsreprints/ygs/g14892_ardajuly10_final
https://www.nxtbook.com/ygsreprints/ygs/g14484_arda_june
https://www.nxtbook.com/ygsreprints/ygs/g13575_arda_may10_cvt
https://www.nxtbook.com/ygsreprints/ygs/p14395_ARDA_MemberKit
https://www.nxtbook.com/ygsreprints/ygs/g13153_ARDA_marchaprl10
https://www.nxtbook.com/ygsreprints/ygs//g12797_arda_feb10
https://www.nxtbook.com/ygsreprints/ygs/g12360_jan10nxtbook
https://www.nxtbook.com/ygsreprints/ygs/G11457ARDA2
https://www.nxtbook.com/ygsreprints/ygs/G10696_arda_oct
https://www.nxtbook.com/ygsreprints/ygs/2010sponbroc_nxtbook1
https://www.nxtbook.com/ygsreprints/ygs/developements_sept09
https://www.nxtbook.com/ygsreprints/ygs/Developments2010_MK1
https://www.nxtbookmedia.com