203 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
Ways to avoid Information Governance pitfalls
Wed, Oct 5th 2016 2
Ways to avoid Information Governance pitfalls
Wed, Oct 5th 2016 7
Finding PCI and PII Data with Discovery Attender
Wed, Sep 21st 2016 2
Finding PCI and PII Data with Discovery Attender
Wed, Sep 21st 2016 7
Bring Your Own Device & Data Security
Tue, Aug 30th 2016 3
Bring Your Own Device & Data Security
Tue, Aug 30th 2016 4
Understanding the General Data Protection Regulation
Wed, Aug 24th 2016 1
Top 10
Cloud Computing: Is the Risk Worth the Reward?
Fri, May 2nd 2014 8
Off the topic: Become a tailgating all-star
Thu, Nov 5th 2015 8
Top 10 Horror Movies for Halloween
Thu, Oct 29th 2015 7
Important Exchange 2016 Information for Mail Attender Clients
Tue, Nov 3rd 2015 7
Off-the-topic: 5 Winter Getaway Ideas
Tue, Feb 9th 2016 7
How IT can take the lead in Information Governance projects
Wed, Apr 20th 2016 7
Finding PCI and PII Data with Discovery Attender
Wed, Sep 21st 2016 7
Ways to avoid Information Governance pitfalls
Wed, Oct 5th 2016 7
White Paper: Implementing an Information Governance Program
Thu, Apr 3rd 2014 6
Best (but not most followed) practices
Wed, May 21st 2014 6


Targeting Risks in IT – 5 Things to Consider
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
Marta Farensbach    

Today’s compliance, litigation, and regulation-heavy business environments introduce a number of challenges for busy IT professionals. Ignoring any of these areas, as well as failing to implement a strong Information Governance (IG) platform, can introduce substantial risk into your organization. In the worst cases, data breaches, adverse judgements, or non-compliance penalties could thrust a company into the glare of national headlines. Poor policy can affect more than just the finances of a company; loss of reputation and consumer confidence can be far more impactful in the greater marketplace. Take a look at the links below for information and ideas from Sherpa Software on how to reduce risk in various problem areas.

The biggest area of concern for many companies may well be Data Security. Strong, well tested methods are essential to prevent loss of critical material and ensures that key information assets are not mislaid or misused. Procedures need to be in place (and audited) to prevent hacks and other cybercrimes. When combined with Regulatory Compliance, data security forms a critical portion of corporate responsibility in many IT departments. For example, regulations dealing with PCI / PII data are numerous and far reaching. These rules are designed to deter data theft and encourage the secure handling of critical records. They include best practices for data in storage and data in transit. Personally Identifiable Information (PII), such as date of birth, social security numbers or social insurance numbers (SIN) and credit card information, falls under Payment Card Industry (PCI) standards, and are also included in these guidelines. Scanning your environment, evaluating your processes, and testing for weaknesses are essential to ensure that sensitive information is protected.

Compliance is also felt in other areas. Many organizations, such as those regulated by Sarbanes Oxley (SOX), HIPAA, Gramm-Leach-Bliley, and others, need to perform scheduled audits and respond to regulatory requests to fulfill their legally mandated obligations. Public entities are not immune from these regulatory concerns. On the federal, state, and local level, the Freedom of Information Act (FOIA) and other ‘Open Records’ or ‘Sunshine’ laws require governments, schools, and other public entities to produce records requested by citizens.

Risk pops up in eDiscovery – an area that often requires significant attention from the IT department. Whether responding to subpoenas, putting together proactive response plans, or deploying in-house resources, the search and collection of electronically stored information (ESI) can prove to be overwhelming for an underprepared staff.

The dangers inherent with poorly executed eDiscovery cannot be overstated. Many aspects of litigation are mandated by the Federal Rules of Civil Procedure (FRCP). A detailed eDiscovery plan mitigates risk while streamlining the costs, resources, and time associated with legal action. An essential requirement of the FRCP is to prevent the spoliation (destruction or modification) of data relevant to ongoing litigation. Litigation Holds should follow the legal mandates to preserve data; the penalties for failure can be severe, including fines and adverse judgements.

EDiscovery also provides the backbone for Internal Investigations which need to be performed quickly and effectively to maintain security and prevent data loss, fraud, and other menaces to corporate wellbeing.

Both Compliance and eDiscovery are aided by an effective Information Governance (IG) strategy. A good IG framework reduces risk by implementing policy and processes designed to manage company data assets from creation to dissolution.   This includes the creation and enforcement of rule governing wide-ranging areas including data access, internet use, disaster recovery, and ‘bring your own device’ (BYOD) as well as the regulation and control of corporate communications and data storage.

Another critical component of IG is policy enforcement which combines with electronic records management to prevent redundant, outdated and trivial information (ROT) from clogging up servers, bogging down business processes, and making essential data more difficult to locate.   An effective policy will clarify the retention and disposition of records based on organizational value. These types of policy form credible defensible deletion plans.

Sherpa Software offers a number of solutions for a variety of environments to target these critical functions to help reduce risk for your entire organization. In addition to the articles listed above, keep an eye out for our new White Paper outlining the best practices for applying a Risk Management strategy.

 

The post Targeting Risks in IT – 5 Things to Consider appeared first on Sherpa Software.



---------------------
http://www.sherpasoftware.com/blog/targeting-risks-in-it-5-things-to-consider/
Jul 11, 2016
3 hits



Recent Blog Posts
2
Ways to avoid Information Governance pitfalls
Wed, Oct 5th 2016 2:25p   Jeff Tujetsch
Ways to avoid Information Governance pitfalls Information Governance (IG) -It sounds like it is a very extensive process because unfortunately, it is.  There are many components to IG, with the two major players being software and people. In this article, I will try to expose possible issues that you can hopefully avoid. For those of you that have had school-age kids, you can attest to the kids succeeding more when a routine is established and followed. So why am I talking about routine? Beca
2
Finding PCI and PII Data with Discovery Attender
Wed, Sep 21st 2016 1:21p   Marta Farensbach
Various privacy laws and other data security regulations detail how private, financial, and other confidential records should be handled. These rules cover the usage and storage of data, such as credit card numbers, social security numbers, social insurance information, and health care records. As described in a previous blog article, having this Personally Identifiable information (PII) or Payment Card Industry (PCI) data loose in your system can cause all kinds trouble, ranging from fi
3
Bring Your Own Device & Data Security
Tue, Aug 30th 2016 4:25p   Harvey Coblin
With the proliferation of portable electronic devices, increasing numbers of professionals are preferring to carry their own smart phones, laptops, tablets, etc. to use for work-related purposes. Rather than transporting duplicate devices to distinguish between professional vs. personal data, employees can work where and when they please and with hardware and applications they are already familiar with. It is estimated worldwide that one in three employees are utilizing personal devices at the
1
Understanding the General Data Protection Regulation
Wed, Aug 24th 2016 1:13p   Rick Wilson
If your organization has international operations in the European Union, you should be planning for GDPR compliance now! The General Data Protection Regulation (GDPR) is set to become the overriding data protection regulation with the EU. It was adopted by the European Parliament Council and Commission in 2015, took effect in 2016 and enforcement is scheduled to begin in May of 2018. At its core, the GDPR is intended to provide citizens of the EU with greater control over their personal data
0
Targeting Risks in IT – 5 Things to Consider
Mon, Jul 11th 2016 6:04p   Marta Farensbach
Today’s compliance, litigation, and regulation-heavy business environments introduce a number of challenges for busy IT professionals. Ignoring any of these areas, as well as failing to implement a strong Information Governance (IG) platform, can introduce substantial risk into your organization. In the worst cases, data breaches, adverse judgements, or non-compliance penalties could thrust a company into the glare of national headlines. Poor policy can affect more than just the finances of a
0
FOIA reforms are on the way, are you ready?
Wed, Jun 22nd 2016 2:06p   Rick Wilson
If you are employed by a federal government agency, then you are probably well aware of FOIA, or the Freedom of Information Act. FOIA was originally signed into law during the 1960’s by then President Lyndon B. Johnson to establish a process whereby citizens can request copies of governmental records that are not published in the Federal Registry. Agencies, in turn, are required to provide this information in a timely fashion (usually 20 days). Although FOIA is a federal mandate, it has also
1
Breach of Security: Measuring the Cost of Cyber Crime
Wed, Jun 8th 2016 2:10p   Harvey Coblin
Cybercrime is an increasing threat. Estimates vary widely, but according to a recent Reuters article, “Cyber crime costs (the) global economy $445 billion a year.” Other estimates place the costs as high as $1 trillion. The reason estimates vary is due in part to the fact that cybercrime can come in many forms, ranging from denial of service, theft of credit card or other financial information  (PCI/PII), industrial espionage, all the way up the ladder to state-sponsored terroris
1
How to Survive Data Discovery in the Digital Age
Wed, May 18th 2016 12:42p   Jeff Tujetsch
eDiscovery. That one word will make IT professionals start shaking. But, as the most technologically advanced civilization in the world, why is that? Is it because of what will be found? Is it because of what they are asked to search? Or is it because of the search terms they are asked to use? Well, the answer to each question is ‘Yes’. Data Discovery has grown into a multi-billion dollar world-wide business. Though the United States might lead the way because of our litigiousness,
0
Information Governance and the Internet of Things
Wed, May 11th 2016 2:28p   Marta Farensbach
Machines talking to machines.  Once the province of science fiction, the Internet of Things is set to transform industries as visionaries incorporate its wide reach into everyday objects. On a very simple level, the Internet of Things (IoT) describes the freeing of communication from the domain of computers and smart phones by allowing all types of devices to share information across the internet.  ‘Things’ like cars, fridges, health monitors, water meters and so much more can be empower
1
WHITE PAPER: Implementing Office 365: Inherent Features and the Need for Third Party Tools
Wed, May 4th 2016 12:59p   bhat67i
In this white paper, the topic of Office 365 and complementary solutions will be discussed; insights will be offered on a business’ future migration plans and knowing the options available. One will learn:  Why Office 365 is a compelling platform, Examples of productivity integrations, About the importance of information governance integration, Supplementing with third party software Click here to download this white paper! The post WHITE PAPER: Implementing Office 365: Inherent Fea




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition