Group items tagged

The takeaway is to have a written agreement that governs this issue!

PhoneDog said it suffered $340,000 in damages. The account had 17,000 followers, "which according to industry standards, are each valued at $2.50."

The Deloitte Forensic Center’s analysis of the E-Discovery: Mitigating Risk Through Better Communication survey results1 identified three interrelated challenges. They are: Communication Awareness Readiness

At the heart of e-discovery are two corporate functions that historically have had little in common, and tend to speak their own technical languages: legal and IT

Neither can be truly effective in the e-discovery process without a clear understanding of the other, yet communication and coordination between these two departments appears to be unclear to many survey participants: More than one-third of respondents (36 percent) don’t know the answer to how their legal and IT departments communicate.

It gets worse . . . auditors and legal can step in and cry 'foul.' It is difficult to provide non-repudiation within spreadsheets in a scalable context. Basically, one can not go back and truly state that "this person answered this compliance (a legal process) on this date and time, and we know this is the original answer and it has not been modified." Spreadsheets do not have this level of authentication, access control and audit trail. GRC processes require a robust audit trail so that you know who answered a question and if that answer was modified - spreadsheets do not provide the functionality to cover this.

To replace spreadsheets I would look towards governance, risk, and compliance (GRC) management platforms. Vendors in this space include Archer Technologies, Axentis, BWise, MEGA, MetricStream, OpenPages, Paisley, and QUMAS. These vendors, and many more, have integrated content and workflow technologies to manage GRC assessment processes. They are a much better choice over the use of spreadsheets for GRC processes.

The new partnership appears to be part of an effort to move past previous agency turf wars. Last March, for example, Rod Beckstrom resigned from his position as director of the DHS' National Cyber Security Center, citing insufficient funding and support. In his letter of resignation to Napolitano, Beckstrom said the DHS's cybersecurity efforts are "controlled" by the NSA. Meanwhile, it is not uncommon for government departments and agencies to enter into formal agreements to work together on certain issues and to “swap” employees to improve synchronization, Marcus Sachs, director of the SANS Internet Storm Center, told SCMagazineUS.com on Thursday. This agreement is particularly important because the DoD and DHS have a joint mission to protect the United States in cyberspace, he said.

Thing is, the pitch is less believable these days, and the atmosphere is becoming downright hostile. We face more and larger breaches, increased costs, more advanced adversaries, and a growing number of public control failures.

The conference has commenced this morning in Jerusalem, a city of both ancient traditions and thoroughly modern influences, and I was reminded of how that same dynamic is true of privacy in the Internet age.  Yesterday marked the 30th anniversary of the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.  These privacy guidelines have served as the basis for numerous privacy laws in place across the globe.  Yet, even these privacy principles need to keep pace with the changing information environment.  In my remarks today at a panel discussion titled “Notice and Consent:  Illusion or Reality?”, I suggested that individual participation through mediums such as notice and consent remains important to safeguarding users’ privacy, but by itself does not afford enough protection.  This is particularly true given the explosion of information collection and use that is the fuel of today’s Internet economy. The same is true of the various legal frameworks that govern data collection, usage, and sharing.  Both are important, but neither is sufficient on its own.

Alongside individual participation and regulatory oversight, another vital aspect of privacy protection is often overlooked: the role and responsibility of the organization in maintaining and protecting personal data.

Microsoft’s view, as outlined in a new white paper released today at the conference, is that organizations’ privacy policies and data management practices most directly influence whether users’ personal information is kept safe or exposed to risk. Therefore, we believe that organizations—including Microsoft—must hold themselves accountable for acting to protect users’ interests and taking appropriate measures to safeguard privacy and personal data, even in the absence of specific regulatory mandates.

Businesses that hold personally identifiable information on Massachusetts residents have one month to comply with what security experts are calling the toughest data security requirements in the nation. The Massachusetts Data Breach Law, passed in 2007, goes into effect March 1 and requires personal information in networked systems to be protected with strong encryption, firewalls, antivirus and access controls.

The law was written in response to the theft of information on more than 45 million credit card accounts from TJX Companies in 2007

The law is designed to ensure “the security and confidentiality of customer information,” based on current industry standards, focusing on threats that can or should be anticipated. The regulations take into account the size of a business, the amount of resources available to it, the amount of personal data held and the sensitivity of the data. It covers paper and electronic records and requires physical and IT security.

“The City and County of San Francisco has always been forward-thinking in leveraging technology to improve the services it provides,” said Gail Thomas Flynn, vice president of U.S. State and Local Government at Microsoft Corp. “We are excited at the opportunity to equip and support the employees of San Francisco with the tools they need to better serve the people of San Francisco.”

Several competing solutions were examined based on criteria that included price, security, functionality, flexibility, SLA-backed service, proven record for support, and integration with existing infrastructure and tools.

“By moving to the Microsoft platform, we not only get immediate improvements to our system, but we gain a disaster-resilient system that provides the most modern information tools, with solid support provisions that can scale with the needs of our constituents,” San Francisco Chief Information Officer Jon Walton said.