Brian Whitelaw

About Brian Whitelaw

Brian has over 15 years experience in the domains of Information Security, Privacy and Risk. Brian has sat on cross-Canada Government committees for information security, and has conducted risk, security and privacy reviews for both public and private sector clients. Having worked for a municipality for 20 years, Brian also has significant expertise in the area of writing and responding to RFPs.

Risk of Incarceration: Cyber Security in the Boardroom

Why Boards must consider cyber security as part of corporate governance. For many years now, Information security, including Cyber Security, has been left to the IT Department. However, even if your IT people are doing a stellar job, here are five reasons for Directors to bring Cyber Security into the Boardroom. Pending SEC Legislation Bill [...]

Top 5 Steps to Protect Personal Health Information (PHI)

Many organizations have access to, or store PHI (Personal Health Information).  Not all of them are aware that they have legislated responsibilities to protect that personal information on behalf of their clients. Personal Health Information can be defined as any health information related to an individual which can be used to identify that individual, or [...]

Why The Difference Between Information Security and Information Privacy Matters

Information Security and Information Privacy are often confused with each other. It is important to understand the differences, and in some cases, the similarities. Information security vs. information privacy. Consider a window in your home. It is a vulnerability, as nefarious persons could break it and enter your home, but people could also just look [...]

Five Steps to Protect Your Information Assets

Protection from the Information Security bad guys. You know there is some nasty stuff out there on the Internet. You also know that your employees use company computers and networks to access the Internet, both for work and personal reasons. However, you’re not sure if you are exposing your organization’s information assets to the bad [...]

Four Basics of Responding to an IT RFI, RFQ, RFP

Boardroom Metrics provides Request for Proposal (RFP) response writing for Information Technology clients in the United States, Canada and Europe. Information Technology (IT) RFP responses must be written in a way that complies with all the mandatory requirements of the issuer – requirements that are unique to every proposal. In addition, IT RFPs often contain sections that [...]

By |May 18th, 2017|Business Development, RFP, RFP Writing|0 Comments

Snowden, Security & Privacy

In June of 2013, Edward Snowden leaked classified information from the National Security Agency (NSA). The leaked information revealed a number of surveillance programs that had been initiated by the NSA, and other international intelligence agencies throughout the world. These programs were keeping tabs on US citizens as well as foreign officials and dignitaries. They [...]

MISA Security Conference A Big Success

Approximately 200 delegates attended the 2015 MISA (Municipal Information Systems Association) Annual Security Conference in beautiful Niagara-on-the-Lake last week. There was something for everyone – the techies had training sessions, there were humorous keynote speakers and very informative sessions on what governments are doing to keep us and our information safe. Day 1 (Monday) was [...]

By |October 7th, 2015|Technology|0 Comments

Analyzing the Ashley Madison Data Breach

Analyzing a Data Breach: Ashley Madison - the Good, the Bad, and of course the Ugly Recently, the Ashley Madison network was compromised, allegedly by a group known as the Impact Team. The hackers have asked the owners of this site and another site called ‘Established Men’, to take down both sites, or they will [...]

By |August 26th, 2015|Information Technology Security, Technology|0 Comments