INFORMATION GOVERNANCE

31 Oct INFORMATION GOVERNANCE

Posted at 15:01h in 2Past Paper by Homework Writer

ITS 833 – INFORMATION GOVERNANCE

Chapter 11 – Information Governance and Privacy and Security Functions

Dr. Sandra J. Reeves

CHAPTER GOALS AND OBJECTIVES

Things To Know:

Sources of Threats to protection of data

Solutions to threats to protection of data

Identify some privacy laws that apply to securing an organization’s data

What is meant by redaction

What are the limitations on perimeter security?

What is IAM?

What are the challenges of securing confidential e-documents?

What are the limitations on an repository-based approach to securing confidential e-documents?

Things to Know:

What are some solutions to securing confidential e-documents?

What is stream messaging?

How is a digital signature different from an electronic signature?

What is DLP Technology?

What are some basic DLP methods?

What are some of the limitations of DLP?

What is IRM?

What are some key characteristics or requirements for effective IRM?

What are some approaches to security data once it leaves the organization?

Cyberattack Proliferation

Who are the victims?

Government

Corporations

Banks

Schools

Defense Contractors

Private Individuals

Who are the perpetrators?

Foreign Governments

Domestic and foreign businesses

Individual Hackers/Hacking societies

Insiders

INSIDER THREATS

Some malicious/some not malicious

Insider threats can be more costly than outside threats

Nearly 70% of employees have engaged in IP theft

Nearly 33% have taken customer contact information, databases and customer data

Most employees send e-documents to their personal email accounts

Nearly 60% of employees believe this is acceptable behavior

Thieves who are insiders feel they are somewhat entitled as partial ownership because they created the documents or data

58% say the would take data from their company if terminated and believe they could get away with it

SOLUTION?

Security – including document life cycle security

Risk Education

Employee Use Policy

IG Training and Education

Enforcement and Prosecution – Make an example!

Monitoring

PRIVACY LAW THAT MAY APPLY

Federal Wire Tapping Act

Prohibits the unauthorized interception and/or disclosure of wire, oral or electronic communications

Electronic Communications Privacy Act of 1986

Amended Federal Wire Tapping Act

Included specifics on email privacy

Stored Communications and Transactional Records Act

Part of ECPA

Sometimes can be used to protect email and other internal communications from discovery

Computer Fraud and Abuse Act

Crime to intentionally breach a “protected computer”

Used extensively in the banking industry for interstate commerce

Freedom of Information Act

Citizens ability to request government documents – sometimes redacted

LIMITATIONS ON SECURITY

“Traditional Security Techniques”

Perimeter Security

Firewalls

Passwords

Two-factor authentication

Identity verification

Limitations to traditional techniques

Limited effectiveness

Haphazard protections

Complexity

No direct protections

Security requires a change in thinking about security

Secure the document itself, in addition to traditional techniques that secure “access” to the document

DEFENSE IN DEPTH TECHNIQUES TO SECURITY

Use Multiple Layers of Security Mechanisms

Firewall

Antivirus/antispyware software

Identity and Access Management (IAM)

Hierarchical passwords

Intrusion Detection

Biometric Verification

Physical Security

What is IAM?

Goal is to prevent unauthorized people from accessing a system

Effective IAM included:

Auditing

Constant updating

Evolving roles

Risk reduction

LIMITATIONS OF REPOSITORY-BASED APPROACHES TO SECURITY

Traditionally, we have applied “repository-based” solutions which have not been effective. We have document repositories that reside in databases and email servers behind a firewall.

Once Intruder breaches firewall and is inside the network, they can legitimately access data

Knowledge workers tend to keep a copy of the documents on their desktop, tablet, etc.

We operate in an Extended Enterprise of mobile and global computing comprising sensitive and confidential information

SOLUTION?

Better technology for better enforcement in the extended enterprise

Basic security for the Microsoft Windows Office Desktop-protection of e-documents through password protection for Microsoft Office files

Good idea but passwords can’t be retrieved if lost

Consider that “deleted” files actually aren’t.

Wipe the drive clean and completely erased to ensure that confidential information is completely removed

Lock Down: Stop all external access to confidential documents.

Take computer off network and block use to ports

Secure Printing

Use software to delay printing to network printers until ready to retrieve print

Erase sensitive print files once they have been utilized

SOLUTION…continued

E-mail encryption

Encryption of desktop folders and e-docs

Use Stream messages when appropriate

Use of Digital Signatures —not the same thing as an electronic signature

Use Data Loss Prevention (DLP) software to ensure that sensitive data does not exit through the firewall

(Three techniques for DLP-Scanning traffic for keywords or regular expressions, classifying documents and content based upon predefined set, and tainting) This method has weaknesses!

IRM Software/ERM Software-provides security to e-documents in any state (persistent security)

SOLUTION…continued

Device Control Methods –example blocking ports

Use of “thin clients”

Compliance requirements by different organizations

Hybrid Approach: Combining DLP and IRM technologies

More on irm

Transparently – no user intervention required

Remote control of e-documents

Provides for file-level protection that travels with file even if stolen

Includes cross-protection for different types of documents

Allows for creation and enforcement of policies governing access and use of sensitive/confidential e-documents

Decentralized administration

Good IRM software provides useful audit trail

Integration with other enterprise systems

Provides embedded protection that allows the files to protect themselves

Key Characteristics of IRM

Security

Transparency – can’t be more difficult to use than working with unprotected documents

Easy to deploy and manage

SECURING DATA ONCE IT LEAVES THE ORGANIZATION

REMEMBER – CONTROL DOES NOT REQUIRE OWNERSHIP!

Consider new architecture where security is built into the DNA of the network using 5 data security design patterns

Thin Client

Thin Device-remotely wipe them

Protected Process

Protected Data

Eye in the Sky

Document Labeling

Document Analytics

Confidential Stream Messaging

THE END

Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.

Do you need an answer to this or any other questions?

About Writedemy

We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.

How It Works

To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Are there Discounts?

All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.

Hire a tutor today CLICK HERE to make your first order

Print page