E-Book, Englisch, 210 Seiten
Iannarelli / O'Shaughnessy Information Governance and Security
1. Auflage 2014
ISBN: 978-0-12-800406-7
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
Protecting and Managing Your Company's Proprietary Information
E-Book, Englisch, 210 Seiten
ISBN: 978-0-12-800406-7
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
Information Governance and Security shows managers in any size organization how to create and implement the policies, procedures and training necessary to keep their organization's most important asset-its proprietary information-safe from cyber and physical compromise. Many intrusions can be prevented if appropriate precautions are taken, and this book establishes the enterprise-level systems and disciplines necessary for managing all the information generated by an organization. In addition, the book encompasses the human element by considering proprietary information lost, damaged, or destroyed through negligence. By implementing the policies and procedures outlined in Information Governance and Security, organizations can proactively protect their reputation against the threats that most managers have never even thought of. - Provides a step-by-step outline for developing an information governance policy that is appropriate for your organization - Includes real-world examples and cases to help illustrate key concepts and issues - Highlights standard information governance issues while addressing the circumstances unique to small, medium, and large companies
John G. Iannarelli has been an agent with the Federal Bureau of Investigation (FBI) for 18 years, specializing in cyber investigations. He has been assigned to Detroit, San Diego, Washington, DC, and Phoenix, where he currently serves as the assistant special agent in charge, the FBI's number two position in Arizona.In 2012 Mr. Iannarelli received an honorary doctorate of computer science for his contributions to the field of cyber investigations. He has presented at national and international gatherings, including presentations to Fortune 500 companies, law enforcement agencies, and the Vatican. He is the author of several books, including his recently released Why Teens Fail and What to Fix, a guide to protecting children from Internet dangers.Previously Mr. Iannarelli served as a San Diego Police Officer and he is an attorney admitted to the bars of California, Maryland, and the District of Columbia.
Autoren/Hrsg.
Weitere Infos & Material
1;Front Cover;1
2;Information Governance and Security: Protecting and Managing Your Company’s Proprietary Information;4
3;Copyright;5
4;Dedication;6
5;Contents;8
6;About the Authors;12
7;Survey and Disclaimer;14
8;Foreword;16
9;Quote;18
10;Chapter 1 - The Case for Information Governance;20
10.1;Information Governance;21
10.2;The Small Business;22
10.3;The Medium Size Business;26
10.4;The Large Business;27
10.5;What You will Learn;30
10.6;References;31
11;Chapter 2 - The Threats of Today and Tomorrow;32
11.1;Defining Threats;33
11.2;Future Concerns;44
11.3;References;46
12;Chapter 3 - The Ever Changing Technical Landscape;48
12.1;A Little History;49
12.2;The Issues;49
12.3;The World is Shrinking;60
12.4;References;60
13;Chapter 4 - The Changing Corporate Landscape;62
13.1;Today’s Cyber Environment;63
13.2;The Federal Government;67
13.3;The Private Sector;69
13.4;Why Should Corporate America Care?;70
13.5;References;72
14;Chapter 5 - How Information Governance Fits in the New World;74
14.1;Issues in the New World;74
14.2;References;92
15;Chapter 6 - The Human Element;94
15.1;Cyber;95
15.2;Physical Acts;99
15.3;References;108
16;Chapter 7 - The Technical Side;110
16.1;The Benefits;111
16.2;Concerns Brought About by Technology;122
16.3;References;125
17;Chapter 8 - Balancing Information Governance and Your Company’s Mission;126
17.1;Policies;127
17.2;Factors to Consider;132
17.3;References;141
18;Chapter 9 - The Case for Information Governance from within Your Organization;142
18.1;Negative Perceptions of Information Governance;143
18.2;Implementation;143
18.3;References;155
19;Chapter 10 - What to do First;156
19.1;The Basics;156
19.2;How to Determine Information Governance Needs for Your Company;166
19.3;How to Create Information Governance Policies;167
19.4;Methods of Security to Support Information Governance;167
19.5;How to Implement Information Governance Policies;168
19.6;References;170
20;Chapter 11 - What to do Forever;172
20.1;Continuing Efforts;172
20.2;Evaluate Effectiveness of Information Governance Policies;179
20.3;Encouraging Accountability and Ownership of Information Governance;180
20.4;Training and Education of Employees About Information Governance;180
20.5;References;181
21;Chapter 12 - Charting the Best Future Course for Your Organization;182
21.1;Information Governance Impacts All Facets of an Organization;184
21.2;Closing Thoughts;193
21.3;References;194
22;Appendix A;196
22.1;Information Security Personnel Check List;196
23;Appendix B;200
24;Appendix C;202
25;Works Cited;204
26;Index;206
Chapter 1 The Case for Information Governance
Abstract
In today’s information age, are businesses protecting their most important resources: company and client data? Annually, businesses lose billions of dollars due to data leakage, on top of which the government often imposes millions in fines. This does not include the irreparable damage caused to a company’s reputation. It is not a matter of whether you will be a victim; it is a matter of when. In this chapter, the authors explain why implementing a solid information governance plan is the key to avoiding becoming a victim and to keeping your company’s proprietary information safe. Keywords
Information Governance; Small business; Medium size business Guarding assets, staff, and accounts has always been a key to protecting businesses. But in the information age, are you protecting your most important resources—company and client data? Each year, businesses lose billions of dollars due to data leakage, on top of which the government often imposes millions in fines. In addition, leakage can cause irreparable damage to your company’s reputation. It is not a matter of if you will be a victim; it is a matter of when. We have all heard the old adage that an ounce of prevention is worth a pound of cure. When it comes to data management, that pound of cure may not be available, so the new adage might be that an ounce of prevention is worth preventing the total destruction of your business. The ounce of prevention is information governance, and—if you are like most people—you have no idea what that is or how to take advantage of it. This book explains how you—as a business owner, executive, or even someone just interested in keeping their proprietary information safe—can better adapt to twenty-first-century threats. By understanding the changing landscape and moving your organization to be focused and data centric, the damage or loss of your key information can be minimized if not out-right prevented. We will break down for you what information governance is and does for different sized companies. Large, medium, and small companies all have unique circumstances that will be addressed. Additionally, we will discuss what they have in common. Information governance has many standard issues that can and should be addressed across all organizations. One of the benefits of reading this book is the impact on your personal life. While this book is written to help in business, many of the tools and habits discussed are important for individuals. Digital threats affect people at work and at home. Be mindful as you read to see the parallels to your life away from the office. Let’s start with a bold statement: information governance is not a function of your information technology group. It is a base-level management function, much like human resources or finance. A properly developed and managed information governance program protects your company and keeps it effective and efficient. It helps to manage compliance issues and can be vital in defending against litigation. It will make employees more satisfied and secure in their work and limits your risk of loss from human error. Information governance is more than an IT problem that needs to be solved; it is a systemic solution to counteract threats, alleviate inefficiencies, and prepare for the future. Take, for example, the story of an architectural firm located in the southwestern United States that was happily doing business as a profitable midsized company in the spring of 2011. The employees were engaged. The clients were happy. The company was making money and having a great time. All seemed well, so what could go wrong? During that time a senior designer with full access to the client base and design work resigned and went to work for a competitor. In very short order, clients started leaving and much of the work was shifted to the competing firm by whom the employee had been hired. Not good. In an effort to stop the bleeding, the firm’s owner went to his attorney to take action on this sabotage by stopping the theft of clients and company designs. Upon review with legal counsel it was determined the employee had never been asked or required to sign a nondisclosure or a noncompete agreement. The owner even contacted law enforcement in an effort to right the wrong, but received the same response. There was nothing they could do. The former employee was not in breach of contract, nor could criminal intent be proven in a court of law. The victim company was able to recover, but only after shrinking in size, laying off office personnel, and moving to a new, smaller building. Several years later, they have still not fully regained their previous work levels. The situation was tragic and preventable. It occurred because the architectural firm did not have a policy that addressed data management and access. They had no employee agreements to hinder or address the theft of intellectual property. They had no information governance program to steer management to avoid such problems. Information Governance
So what exactly do we mean when we talk about information governance? It is a set of established policies and procedures you and your employees implement and follow in order to manage sensitive and proprietary information. For smaller businesses, which can be anything from a sole proprietor up to approximately fifty employees, participation in information governance should be from the top down. The smaller the organization, however, the more concentrated the development and implementation can be. Ensuring that everyone understands what they are supposed to do with important information and how to do it can make the difference in protecting the company’s vital interests. This understanding evolves as the threats and benefits of the digital age become clearer. Likewise, information governance can be applied in such a fashion that the company’s performance improves, productivity increases, and employee satisfaction can be positively impacted. So does the small business need to be concerned with taking the same actions as the big guys on the block? Absolutely! Loss and compromise of important information knows no boundaries. Small businesses are just as susceptible to threats, whether it is inadvertent yet preventable damage to proprietary information or the nefarious actions of some individuals interested in disrupting operations. But even if a lone employee operates the small business, that person needs to be just as vigilant in following the proper procedures to protect the company’s interests. In some instances, a small yet successful business is a greater target, as it may appear less diligent and secure than a larger organization. A medium-size company (50–1,500 employees) will have the same interests, yet based on its size, there may be fewer levels. Officers in the company will likely have multiple roles and broader discretion in implementing procedures, along with the ability to change those procedures as the need arises. Most medium-sized enterprises drive decisions to lower levels, which in effect makes an information governance program and its corresponding communication mechanisms even more important. For large businesses (over 2,500 employees), participation by personnel would incorporate all facets of the company, from the CEO down to the front-line employee. The Small Business
In many small businesses, just one person is in charge. The owner is responsible for everything, be it marketing, sales, operations, finance, or strategy. The dilemma facing most small business owners is staying on top of all of the details while keeping the business profitable. Small business owners have enough to worry about without having what they might perceive as unnecessary responsibilities placed upon them. The case for information governance, however, is much like purchasing insurance. Policyholders hope never to use the insurance, but they understand the risk and plan accordingly. A Ponemon–Experian cyber insurance study determined that nearly 20 percent of all cyber attacks are specifically aimed at businesses with 250 or fewer employees.1 For a small business, information governance is just another layer of insurance, but one that is more likely than not to be put into use. The results of not having an information governance program can be devastating for a small business. An excellent example of a small business that needed a solid information governance policy is a real estate investment company owned by Jeff. Jeff has a thriving business. He makes a nice living and enjoys what he does. His six employees seem to be satisfied and everyone works well together. Everything appears to be fine. Yet as the company clicks along, a danger hides within the work force. A trusted employee is harboring ill will and thinks he can do what Jeff does—and profit like Jeff does. But whereas Jeff built his company over time from the ground up, the nefarious employee is looking for a quicker way to make money. Initially, the employee adds some items to his expense reports, but soon moves to demanding—and getting—kickbacks from contractors. Eventually, this hidden threat finds a way to skim profit off the sale of properties, too. His actions go unnoticed by Jeff, who has nothing in place to check on the integrity of employees or to verify the financials being reported. Jeff is a victim and does not know it. He has no system to identify the issue. He just notices his numbers getting slightly worse over time. This is a sad but common issue with small...
