Stephen B. Kaplan, JDChief Privacy and Security Officer
areas of expertise
- Policy & Procedure Development
- Risk Assessments
- PCI DSS Readiness Assessment
- Bachelor of Arts, University of Florida
- Juris Doctorate, Emory University Law
Stephen serves as a Chief Privacy and Security Officer for GoldSky Security.
Stephen has served companies across in a compliance, security, and privacy roles since 2002, including acting as the Chief Privacy & Security Officer for multiple organizations. Mastering diverse roles in technology, policy, regulations, and risk management, he accumulated extensive experience and knowledge in a wide breadth of industries.
In addition to delivering results on a project basis, Stephen holds increasing responsibilities in executive level privacy and management roles for various companies, improving and overseeing the completion of information management initiatives.
As a consultant, he advises on and assists with the development and implementation of the entity’s data privacy policies and practices, working across business groups to drive data privacy excellence.
Recently, he has led the security and privacy improvement of companies in the Healthcare, SaaS, Insurance Industries as well several 501c(3) organizations, performing gap assessments against applicable frameworks and regulatory mandates. From the gap assessments, Steve and his team facilitated implementation of remediation efforts and proper missing controls, including:
- Information Security Policies and Procedures
- Risk Assessments
- System Security Plans
- Incident Response Plans, Training and Testing
- Configuration Management Plans
Stephen approaches his work from a “Client Up” perspective, taking great care to learn a client’s business functions and objectives and then applying a privacy & security framework overlay rather than beginning with a regulatory schema or baseline and simply “draping it” over the business. He is a consummate professional and extremely passionate about helping his clients reduce the risks of cyber-attacks and assist in achieving regulatory compliance mandates.
Why Small to Midsized Law Firms Must Protect Themselves Before Defending Others Cybersecurity and privacy risks are top issues plaguing law firms today. The volume of sensitive data managed by law firms makes them a prime target for cybercriminal activities. Therefore, the absence of a comprehensive data risk management framework exposes organizations in the legal
Are Law Firms Ready For Cybersecurity Risks and Regulatory Compliance Challenges of The 21st Century? It is a fact that every industry in the 21st century will face cybersecurity risks and regulatory compliance challenges. These challenges exist as a result of the growing complexities of conducting business across multiple domains of technology. For legal firms,
Democratizing Data Security By Leveraging Best Practices Of Big Firms For Small & Mid-Sized Firms A clear vision and prudent decision-making can help small and mid-size firms effectively handle sensitive and confidential data. Small and medium-sized enterprises can leverage some of the cyber security best practices of big firms to protect their critical assets from