Information Governance and Security - John G. Iannarelli, Michael O'Shaughnessy

Information Governance and Security (eBook)

Protecting and Managing Your Company's Proprietary Information

John G. Iannarelli, Michael O'Shaughnessy (Autoren)

eBook Download: PDF | EPUB

2014 | 1. Auflage
210 Seiten
Elsevier Science (Verlag)
978-0-12-800406-7 (ISBN)

Information Governance and Security shows managers in any size organization how to create and implement the policies, procedures and training necessary to keep their organization's most important asset-its proprietary information-safe from cyber and physical compromise. Many intrusions can be prevented if appropriate precautions are taken, and this book establishes the enterprise-level systems and disciplines necessary for managing all the information generated by an organization. In addition, the book encompasses the human element by considering proprietary information lost, damaged, or destroyed through negligence. By implementing the policies and procedures outlined in Information Governance and Security, organizations can proactively protect their reputation against the threats that most managers have never even thought of. - Provides a step-by-step outline for developing an information governance policy that is appropriate for your organization - Includes real-world examples and cases to help illustrate key concepts and issues - Highlights standard information governance issues while addressing the circumstances unique to small, medium, and large companies

John G. Iannarelli has been an agent with the Federal Bureau of Investigation (FBI) for 18 years, specializing in cyber investigations. He has been assigned to Detroit, San Diego, Washington, DC, and Phoenix, where he currently serves as the assistant special agent in charge, the FBI's number two position in Arizona.In 2012 Mr. Iannarelli received an honorary doctorate of computer science for his contributions to the field of cyber investigations. He has presented at national and international gatherings, including presentations to Fortune 500 companies, law enforcement agencies, and the Vatican. He is the author of several books, including his recently released Why Teens Fail and What to Fix, a guide to protecting children from Internet dangers.Previously Mr. Iannarelli served as a San Diego Police Officer and he is an attorney admitted to the bars of California, Maryland, and the District of Columbia.

Front Cover 1
Information Governance and Security: Protecting and Managing Your Company’s Proprietary Information 4
Copyright 5
Dedication 6
Contents 8
About the Authors 12
Survey and Disclaimer 14
Foreword 16
Quote 18
Chapter 1 - The Case for Information Governance 20
Information Governance 21
The Small Business 22
The Medium Size Business 26
The Large Business 27
What You will Learn 30
References 31
Chapter 2 - The Threats of Today and Tomorrow 32
Defining Threats 33
Future Concerns 44
References 46
Chapter 3 - The Ever Changing Technical Landscape 48
A Little History 49
The Issues 49
The World is Shrinking 60
References 60
Chapter 4 - The Changing Corporate Landscape 62
Today’s Cyber Environment 63
The Federal Government 67
The Private Sector 69
Why Should Corporate America Care? 70
References 72
Chapter 5 - How Information Governance Fits in the New World 74
Issues in the New World 74
References 92
Chapter 6 - The Human Element 94
Cyber 95
Physical Acts 99
References 108
Chapter 7 - The Technical Side 110
The Benefits 111
Concerns Brought About by Technology 122
References 125
Chapter 8 - Balancing Information Governance and Your Company’s Mission 126
Policies 127
Factors to Consider 132
References 141
Chapter 9 - The Case for Information Governance from within Your Organization 142
Negative Perceptions of Information Governance 143
Implementation 143
References 155
Chapter 10 - What to do First 156
The Basics 156
How to Determine Information Governance Needs for Your Company 166
How to Create Information Governance Policies 167
Methods of Security to Support Information Governance 167
How to Implement Information Governance Policies 168
References 170
Chapter 11 - What to do Forever 172
Continuing Efforts 172
Evaluate Effectiveness of Information Governance Policies 179
Encouraging Accountability and Ownership of Information Governance 180
Training and Education of Employees About Information Governance 180
References 181
Chapter 12 - Charting the Best Future Course for Your Organization 182
Information Governance Impacts All Facets of an Organization 184
Closing Thoughts 193
References 194
Appendix A 196
Information Security Personnel Check List 196
Appendix B 200
Appendix C 202
Works Cited 204
Index 206

Chapter 1

The Case for Information Governance

Abstract

In today’s information age, are businesses protecting their most important resources: company and client data? Annually, businesses lose billions of dollars due to data leakage, on top of which the government often imposes millions in fines. This does not include the irreparable damage caused to a company’s reputation. It is not a matter of whether you will be a victim; it is a matter of when. In this chapter, the authors explain why implementing a solid information governance plan is the key to avoiding becoming a victim and to keeping your company’s proprietary information safe.

Keywords

Information Governance; Small business; Medium size business

Guarding assets, staff, and accounts has always been a key to protecting businesses. But in the information age, are you protecting your most important resources—company and client data? Each year, businesses lose billions of dollars due to data leakage, on top of which the government often imposes millions in fines. In addition, leakage can cause irreparable damage to your company’s reputation. It is not a matter of if you will be a victim; it is a matter of when.

We have all heard the old adage that an ounce of prevention is worth a pound of cure. When it comes to data management, that pound of cure may not be available, so the new adage might be that an ounce of prevention is worth preventing the total destruction of your business. The ounce of prevention is information governance, and—if you are like most people—you have no idea what that is or how to take advantage of it.

This book explains how you—as a business owner, executive, or even someone just interested in keeping their proprietary information safe—can better adapt to twenty-first-century threats. By understanding the changing landscape and moving your organization to be focused and data centric, the damage or loss of your key information can be minimized if not out-right prevented. We will break down for you what information governance is and does for different sized companies. Large, medium, and small companies all have unique circumstances that will be addressed. Additionally, we will discuss what they have in common. Information governance has many standard issues that can and should be addressed across all organizations.

One of the benefits of reading this book is the impact on your personal life. While this book is written to help in business, many of the tools and habits discussed are important for individuals. Digital threats affect people at work and at home. Be mindful as you read to see the parallels to your life away from the office.

Let’s start with a bold statement: information governance is not a function of your information technology group. It is a base-level management function, much like human resources or finance. A properly developed and managed information governance program protects your company and keeps it effective and efficient. It helps to manage compliance issues and can be vital in defending against litigation. It will make employees more satisfied and secure in their work and limits your risk of loss from human error. Information governance is more than an IT problem that needs to be solved; it is a systemic solution to counteract threats, alleviate inefficiencies, and prepare for the future.

Take, for example, the story of an architectural firm located in the southwestern United States that was happily doing business as a profitable midsized company in the spring of 2011. The employees were engaged. The clients were happy. The company was making money and having a great time. All seemed well, so what could go wrong?

During that time a senior designer with full access to the client base and design work resigned and went to work for a competitor. In very short order, clients started leaving and much of the work was shifted to the competing firm by whom the employee had been hired. Not good.

In an effort to stop the bleeding, the firm’s owner went to his attorney to take action on this sabotage by stopping the theft of clients and company designs. Upon review with legal counsel it was determined the employee had never been asked or required to sign a nondisclosure or a noncompete agreement. The owner even contacted law enforcement in an effort to right the wrong, but received the same response. There was nothing they could do. The former employee was not in breach of contract, nor could criminal intent be proven in a court of law.

The victim company was able to recover, but only after shrinking in size, laying off office personnel, and moving to a new, smaller building. Several years later, they have still not fully regained their previous work levels. The situation was tragic and preventable. It occurred because the architectural firm did not have a policy that addressed data management and access. They had no employee agreements to hinder or address the theft of intellectual property. They had no information governance program to steer management to avoid such problems.

Information Governance

So what exactly do we mean when we talk about information governance? It is a set of established policies and procedures you and your employees implement and follow in order to manage sensitive and proprietary information.

For smaller businesses, which can be anything from a sole proprietor up to approximately fifty employees, participation in information governance should be from the top down. The smaller the organization, however, the more concentrated the development and implementation can be. Ensuring that everyone understands what they are supposed to do with important information and how to do it can make the difference in protecting the company’s vital interests. This understanding evolves as the threats and benefits of the digital age become clearer. Likewise, information governance can be applied in such a fashion that the company’s performance improves, productivity increases, and employee satisfaction can be positively impacted.

So does the small business need to be concerned with taking the same actions as the big guys on the block? Absolutely! Loss and compromise of important information knows no boundaries. Small businesses are just as susceptible to threats, whether it is inadvertent yet preventable damage to proprietary information or the nefarious actions of some individuals interested in disrupting operations. But even if a lone employee operates the small business, that person needs to be just as vigilant in following the proper procedures to protect the company’s interests. In some instances, a small yet successful business is a greater target, as it may appear less diligent and secure than a larger organization.

A medium-size company (50–1,500 employees) will have the same interests, yet based on its size, there may be fewer levels. Officers in the company will likely have multiple roles and broader discretion in implementing procedures, along with the ability to change those procedures as the need arises. Most medium-sized enterprises drive decisions to lower levels, which in effect makes an information governance program and its corresponding communication mechanisms even more important.

For large businesses (over 2,500 employees), participation by personnel would incorporate all facets of the company, from the CEO down to the front-line employee.

The Small Business

In many small businesses, just one person is in charge. The owner is responsible for everything, be it marketing, sales, operations, finance, or strategy. The dilemma facing most small business owners is staying on top of all of the details while keeping the business profitable. Small business owners have enough to worry about without having what they might perceive as unnecessary responsibilities placed upon them. The case for information governance, however, is much like purchasing insurance. Policyholders hope never to use the insurance, but they understand the risk and plan accordingly.

A Ponemon–Experian cyber insurance study determined that nearly 20 percent of all cyber attacks are specifically aimed at businesses with 250 or fewer employees.1 For a small business, information governance is just another layer of insurance, but one that is more likely than not to be put into use. The results of not having an information governance program can be devastating for a small business.

An excellent example of a small business that needed a solid information governance policy is a real estate investment company owned by Jeff. Jeff has a thriving business. He makes a nice living and enjoys what he does. His six employees seem to be satisfied and everyone works well together. Everything appears to be fine. Yet as the company clicks along, a danger hides within the work force. A trusted employee is harboring ill will and thinks he can do what Jeff does—and profit like Jeff does. But whereas Jeff built his company over time from the ground up, the nefarious employee is looking for a quicker way to make money.

Initially, the employee adds some items to his expense reports, but soon moves to demanding—and getting—kickbacks from contractors. Eventually, this hidden threat finds a way to skim profit off the sale of properties, too. His actions go unnoticed by Jeff, who has nothing in place to check on the integrity of employees or to verify the financials being reported. Jeff is a victim and does not know it. He has no system to identify the issue. He just notices his numbers getting slightly worse over time.

This is a sad but common issue with small...

Erscheint lt. Verlag	9.9.2014
Sprache	englisch
Themenwelt	Informatik ► Netzwerke ► Sicherheit / Firewall
	Wirtschaft ► Betriebswirtschaft / Management ► Unternehmensführung / Management
	Wirtschaft ► Betriebswirtschaft / Management ► Wirtschaftsinformatik
ISBN-10	0-12-800406-1 / 0128004061
ISBN-13	978-0-12-800406-7 / 9780128004067

Haben Sie eine Frage zum Produkt?

PDF (Adobe DRM)
Größe: 1,7 MB

Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM

Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine Adobe-ID und die Software Adobe Digital Editions (kostenlos). Von der Benutzung der OverDrive Media Console raten wir Ihnen ab. Erfahrungsgemäß treten hier gehäuft Probleme mit dem Adobe DRM auf.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine Adobe-ID sowie eine kostenlose App.
Geräteliste und zusätzliche Hinweise

Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

EPUB (Adobe DRM)
Größe: 2,6 MB

Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.

Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.