Information Security Risk and Tips Using Photocopiers

June 15, 2010

In a recent article written by Michael Kassner and posted on the TechRepulic.com website, we notice an area of information security and compliance risk concern that needs to be brought to the attention of our readers.

If your organization is in compliance to or certified to any information technology framework or international standard (i.e. ISO 27001:2005), then the security analysis process or at least the information security policy of your organization should address the information security and data security risk(s) associated with any digital photocopier product operating in your organization.

Many of our readers may be already aware of this risk, but, they also may be less than totally clear on the information system security risks associated with those copiers.

While whether a particular multi-function peripheral (MFP) saves every digitized document or not appears to depend on the brand, and, how it is configured — we suggest adding this article to your library of information security reference documents.

Please pass this along to your information security assessment and risk management team members in your organization.

Click here to read the full article.

Privacy Matters

May 27, 2010

In a recent posting on the ITBusinessEdge website, we found what our staff believes to be as one of the better “short and to the point” blog entries dealing with the topic of user privacy.  The other reason we like this posting is that we see this posting directed to a larger audience than just the audience of users on Facebook. 

When you look at the “Five Facts Facebook Should Know about Privacy” presented in this posting

            ●          Privacy Is Not Dead

            ●          Privacy Is an International Affair

            ●          Lip Service Won’t Cut It with Regulators

            ●          Simpler is Better for Users

            ●          Pushing the Envelope is not Always Worth It 

….. we believe that you too will see these facts as real and substantial elements of sound advice for anyone who is seriously concerned in general with protection of their rights to privacy.  

To read more of the details and information added to each of these presented facts, click here 

Nonetheless, and certainly not meant to belittle the concerns of Facebook users and the protection of their rights to privacy, we have also gathered some other related articles about privacy in general that we suggest should be added to the reading list of all organizational team members who are accountable for protecting the privacy rights of their associates along with all social networking related compliance risks and future information security audits facing their organization.  Those articles are titled: 

Seven Things to Stop Doing Now on Facebook 

Facebook CEO Zuckerberg announces new Privacy Tools 

U.S., D.C. Officials Call for Probe into Google’s Inadvertent Privacy Breach 

Facebook Pushes the Boundaries of Online Privacy Again 

Our staff hopes that you find this reading material relevant and valuable, and we ask again that you share your own comments on this topic so that our community of readers can be better informed and more valuable assets to their organizations.

Top Corporate Compliance Risk Areas in 2010

May 26, 2010

Much of the subject matters discussed on this website are focused on identifying those risks which have the potential of creating conditions, incidents and disasters which could disrupt the operations of a company and at the very least stop that company from being able to keep its doors open for business and thus satisfying the requirements of its customers.

With that thought in mind, we recommend reading a recent article written by Mark Srere, and posted on the Corporate Compliance Insights website.

In his article, Mr. Srere states that compliance risks for U.S. companies will increase in 2010.  And, given the economic downturn and current market conditions, this prediction, if true, will create many difficulties for many organizations.

He goes on to list the following five areas that are expected to generate some, if not most, of the increased risks facing a company in 2010:

●          Impact of Healthcare Reform Legislation

●          Increased Regulatory Oversight and enhanced enforcement in variety of areas

●          Implications of increased use of social media

●          Anti-Fraud / Anti-Corruption Prosecution

●          Managing e-data and document productions for any litigation

Moving forward in 2010, many compliance departments within organizations (if they have any at all) may be facing similar departmental risks found throughout so many organizations today – i.e. those risks resulting from a common denominator dynamic called lack of sufficient resources.  While we often relate these risks in our business continuity and risk managements team meetings, it is important to focus on the compliance requirements surrounding these risks.

For more details click here to read more ….and then, ask the question, “How does my organization fit into these categories of risk?”

Please pass this information along to the appropriate compliance risk managers in your organization.

Information Governance and Information Security

May 13, 2010

With more discussions and awareness now surrounding the topics of e-discovery, privacy rights, information security and regulatory compliance regarding corporate security, we wanted to bring our reader’s attention to an interesting blog entry that was posted earlier this year.

The content of this entry was written and posted by Debra Logan, a member of the Gartner blog network and was entitled, “What Is Information Governance? And Why Is It So Hard?”

If your company is just now dealing with and trying to write policies and procedures around the information security concerns in company e-mail activities, then this article will give you some insight as to how the term “governance” fits and addresses current management needs for information security compliance within organizations.

We suggest reading more about this topic of information governance and passing this information along to your organization’s risk management and information security specialists and team members.

Even if information security and management of privacy rights for your company’s email activities is not a problem or concern today, we think it might well be in the future,  if the current trends of regulatory compliance continue to increase over the next several months…..

Click here to read the full article.

New Report Predicts Increased Use of e-Discovery by Organizations

May 11, 2010

According to new research results from a CompTIA study, organizations have stated that they will increase their use of electronic discovery.

CompTIA is a leading trade association for the world’s information technology (IT) industry, and their recently released report findings came from more than 650 IT professionals surveyed.  Some of the highlights of the report are:

                53 percent of those surveyed expect the use of e-discovery within their organizations to increase over the next five (5) years,

                50 percent of organizations surveyed have already developed an e-discovery strategy, either partial or comprehensive, and

             26 percent indicate that their organization has no official e-discovery strategy but have engaged in e-discovery processes informally.

The CompTIA survey also identified situations that most often trigger the use of e-discovery. They include:

• Investigating an employee suspected of violating company rules (cited by 66 percent of survey respondents)
• Security breach stemming from an outside threat (62 percent)
• Pending lawsuit (60 percent)
• Intentional internal security breach (53 percent)
• Unintentional internal security breach (44 percent)

Please pass this information along to the risk management team members of your organization.

To read more about this survey and find out how you can view the entire report, click here.

E-Discovery and Why It Could be Part of a Company’s Business Impact Analysis Process

March 29, 2010

In an interview recently published by the ITBusinessEdge website, and organized by one its writers, Lora Bentley, the following observation was quoted, “…according to recent surveys (by the law firm Fulbright and Jarworski), about three quarters of U.S. businesses have at least one lawsuit commenced against them in the past year, and one third had a regulatory proceeding commenced within the last year.”

This revealing fact brings our attention to an area of busines continuity that is often ignored by most small and mid-size businesses – i.e. e-discovery.   Since the recent changes to the Federal Rules of Civil Procedure, and some famous legal cases, including Zublake v. USB Warburg, numerous corporations have recently been sanctioned and fined because of their failure to identify, collect and produce electronically stored information (ESI) as required by the rules and the case law.  In other words, those companies were not prepared for what could have been a controlled and well tested internal e-discovery process which could have produced the required documentation on time and without those sanctions and economic penalties.

When these sanctions and fines are applied to small or mid-sized organizations, and when these same companies have to take their eyes off of doing their everyday activities to address the timely requirements from these e-discovery demands, the result can be a major threat and risk to the ongoing business continuity of those businesses.    

For this reason, we believe that it is important to not ignore e-discovery in your business impact analysis process. And, it is also important to keep current developments in e-discovery on the agendas of your business continuity and risk management and regulatory compliance team meetings.

To read more about the topic of e-discovery in Lora Bentley’s interview with Andrew Cohen, compliance solutions VP and associate general counsel, EMS Corporation, click here.

Senators Share Concerns About FEMA’s National Disaster Recovery Framework (NDRF) Draft

March 2, 2010

Homeland Security and Governmental Affairs Chairman Joe Lieberman, ID-Conn., and Ranking Member Susan Collins, R-Me., along with Subcommittee on Disaster Recovery Chairman Mary Landrieu, D-La., and Ranking Member Lindsey Graham, R-S.C., have submitted formal comments to Department of Homeland Security Secretary Janet Napolitano on the draft National Disaster Recovery Framework (“NDRF”) released recently.  Those comments stressed that significant gaps still exist in this drafted framework document.

The Senators requested that their comment letter be treated as a response to the request for comments in FEMA Docket ID FEMA-2010-0004 (75 Fed. Reg. 6681 (February 10, 2010)) and included as part of the public record in that matter. 

One of the areas of concern commented upon was the fact that the Senators believe that current preparedness efforts of the federal government, as well as many state, local, and tribal governments, fail to focus adequately on recovery issues or otherwise fall short of what is necessary.

A short summary or overview of all of their concerns over the content of the drafted framework was formally stated and presented in a recent press release from the Senate Committee on Homeland Security and Governmental Affairs group and includes at least some of the following main topics of concern:

Ambiguity in leadership, roles, authorities, and responsibilities

Recovery Support Functions

Federal Recovery Coordinator

Federal Programs

Scalability to a catastrophe

Private Sector Preparedness

Mitigation

Difficulties in Operationalizing the NDRF

The Senator’s letter also recommended that the final NDRF should promote PS-Prep, the voluntary private sector preparedness certification program, established by Section 901 of the Implementing Recommendations of the 9/11 Commission Act of 2007.  They stated that this important program can play a vital role in helping the private sector recover from disasters, and, they believe the NDRF offers an excellent opportunity to encourage the private sector to voluntarily get prepared through the PS-Prep program. 

We recommend that you read the entire press release, and, that you pass this information along to those persons in your organization responsible for meeting similar disaster recovery and business continuity requirements affecting their own companies.

E-Discovery and Toyota’s Vehicle Safety Concerns

March 1, 2010

On Friday, February 26, 2010, House Oversight and Government Reform Committee Chairman Edolphus Towns (D-N.Y.) wrote Toyota North America President and CEO Yoshimi Inaba demanding to know whether the Japanese automaker, when facing lawsuits for vehicle rollovers, failed to turn over a so-called “Books of Knowledge” as required under U.S. law.

We believe that some of our readers, especially those who are responsible in their organization for monitoring developing news in the area of compliance to regulatory requirements, might find a recent article posted by a well-recognized publication called The Hill, and written by Michael O’Brien to be a potential addition to their library of related information resources.

To read the entire letter written by Mr. Towns, CLICK HERE.

e-Discovery Glossary Offers Valuable Resource for Information Management Teams

December 11, 2009

The Clearwell website has, as one of its many resource offerings, put together a section of its website called “E-Discovery Central”.  This resource is a comprehensive depository on nearly all issues pertaining to e-discovery including news, free downloadable content, and insights from a variety of expert sources.

This resource is also a great resource for organizational in-house business continuity planning groups and information system management teams to develop more knowledge of e-discovery practices and complex e-discovery issues. 

One of the best elements of this section is the free on-line “e-discovery glossary” which contains the commonly used terms for e-discovery and digital information management. 

This information will greatly assist in better  understanding any compliance management requirements resulting from a potential “legal hold” or any related regulatory compliance  request under litigation proceedings against your company. 

To view the glossary, CLICK HERE

• 
• 
• 
• 

• Subscribe

  • Subscribe to RSS
  • Comments

• Recent News

  • Career Options and the PS-Prep Program
  • E-Discovery – Compliance and Privacy Challenges
  • “Career Options and the PS-Prep Program” – July 27th, 2010 Webinar Reminder
  • Can Resilience be Enshrined in a Standard?
  • PS-Prep Developing Liability Protection?
  • PS-Prep Career Options Webinar
  • Emergency Plans and Behavioral Accuracy
  • Business Continuity Testing Guidance
  • Federal Cybersecurity Guidelines Document Update Released by NIST
  • Checklist Offered to Mitigate Project Related Risk Factors

• Categories

  • Events
  • Information
    • Auditing
    • Business Continuity Info
    • IT Service Management
    • Organizational Resiliency
    • PS-Prep Program
    • Regulatory Compliance
    • Standards & Best Practices
  • Security
    • Cybersecurity
    • Environmental Security
    • Executive Protection
    • Homeland Security Dpt
    • Information Security
    • Physical Security
    • Regulatory Compliance
    • Safety
  • Tools & Resources
    • Community Projects
      • Forms & Checklists
      • Glossary
    • First Timers
      • FAQs
  • Uncategorized

• Archives

  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009

• What Others Are Reading About

  ANAB ASIS ASIS SPC.1-2009 best practices Business Continuity business continuity management business continuity planning Business Continuity Plans compliance compliance risk contingency planning corporate security crisis management cybersecurity cyber security data breach Department of Homeland Security DHS disaster recovery disaster recovery planning e-Discovery emergency response enterprise risk management FEMA Information Security information systems security network security NFPA 1600 organizational resilience Organizational Resiliency Physical Security preparedness privacy Private Sector Preparedness PS-Prep PS-Prep Program readiness Regulatory Compliance resilience Resiliency risk assessment risk management Security security management security policies Auditing (4)
  Business Continuity Info (89)
  Community Projects (2)
  Cybersecurity (26)
  Environmental Security (2)
  Events (3)
  Executive Protection (1)
  FAQs (1)
  Forms & Checklists (1)
  Glossary (2)
  Homeland Security Dpt (11)
  Information (2)
  Information Security (57)
  IT Service Management (6)
  Organizational Resiliency (12)
  Physical Security (15)
  PS-Prep Program (57)
  Regulatory Compliance (16)
  Regulatory Compliance (9)
  Safety (4)
  Standards & Best Practices (9)
  Tools & Resources (4)
  Uncategorized (2)
  

  WP Cumulus Flash tag cloud by Roy Tanck and Luke Morton requires Flash Player 9 or better.