Monthly Archives: February 2014

Speed premium

High-speed traders used to pay for quicker access to news of corporate earnings, and use the momentary advantage to make money. Not at Business Wire, or at least not now.

“Traders’ Access to Releases Curbed,” Wall Street Journal, February 21, 2014 C1

Was it the fact that some traders get the information sooner than others, or was it that Berkshire Hathaway was profiting from the profiting?  Can we ever level the playing field enough that someone won’t get information a little sooner than someone else?  Hasn’t this always been the case?

Isn’t part of the value of information the fact that you have it sooner than someone else?

Leave a comment

Filed under Controls, Definition, Information, Interconnections, IT, Third parties, Value

Are your employees listening?

Your employees bring their phones to work. They sometimes use their personal PCs at home to do work. Do they back up these appliances to the cloud or elsewhere? Do those backups include your company’s proprietary information? Do the employees backup their data files on company equipment to the cloud? Do you know?

“Perilous Mix: Cloud, Devices From Home.” Wall Street Journal, February 20, 2014 B4

You probably have policies that restrict or prohibit your employees’s use of certain technologies to store your company’s information. But you also put pressure on those same employees to work efficiently. Is it easier for your employees to ignore your policies if those policies get in the way of how the employees want to work?

Which is more important? Your company policy or your employees’s autonomy over how they do their work?

Leave a comment

Filed under Business Case, Compliance, Controls, Culture, Governance, Information, Internal controls, Ownership, Policy, Risk

Hobson’s choice

Questions have arisen regarding your practice of collecting a lot of information.  Legislators are considering new legislation; potential litigants abound.

You are running out of secure storage space, either because of availability or because of cost constraints.  So, do you stop collecting the information on an ongoing basis (even though the jury is still out, so to speak, on whether it is legal for you to collect it) or do you start deleting the old information?  Or just get more money from the shareholders to cover infinite storage space? Is there a litigation hold in place?

“NSA Weighs Retaining Data for Suits,” Wall Street Journal, February 20, 2014 A4

Cost constraints on keeping data that may be relevant to a legal case? Welcome to the party.

Leave a comment

Filed under Business Case, Business Continuity, Controls, Discovery, Legal, Operations, Risk

Trust is a function of time and experience

How would you handle the situation if your system were breached, resulting in a lot of customer data?

Well, you’d gather the facts and inform people and make a public announcement, no matter how painful.  And if more information came your way and you had a choice to disclose or not disclose, what would you do?

Think what you want about Target and the recent credit card breach.  But when the CEO was presented with the option to disclose negative information that maybe was premature and maybe did not need to be disclosed by him, he made, IMHO, the right decision.  How do you rebuild trust when the relationship is damaged?  You be trustworthy.

“Inside Target, CEO Struggles To Regain Shoppers’ Trust,” Wall Street Journal, February 19, 2014 A1

What’s one of your mitigations if a predictable hazard occurs?  A good crisis management plan.  Which is your opportunity to improve your brand.

Leave a comment

Filed under Business Case, Business Continuity, Communications, Culture, Data quality, Governance, Information, IT, Operations, Risk, Security

It depends which side you’re on

Net neutrality, whatever that is, is an big issue.  On one side, there’s Netflix, which has a lot of content.  On the other side are the ISPs, like Comcast and Verizon and AT&T. And on the other other side, there’s the user.

It appears to me that net neutrality is about who pays for the additional bandwidth and related infrastructure required to handle the volume.  I assume that one way or another, the user pays, and it’s just a question of how to divvy that up. Netflix doesn’t connect directly to Verizon and Comcast; instead it uses a lower-cost connection. So what do Verizon and Comcast at all do when they don’t like their cut?  They slow down Netflix’s traffic.

I guess if you’re the government, “net neutrality” means “what can you control?”

“Feuds Over Netflix Traffic Leads to Video Slowdown,” Wall Street Journal, February 19, 2014 A1

What’s the risk to your business model if a critical carrier decides to charge more?

Leave a comment

Filed under Business Case, Business Continuity, Governance, Interconnections, IT, Operations, Risk, Use

Both sides now

Page A1 of today’s WSJ had three stories, sort of.

On A1 proper, there were the stories of the Iranian hacking of the US Navy’s non-confidential computer network, and reports on the broadening of the UK and US investigations into the rigging of Libor. Barclays took another hit, as three of their former traders got pinched. “Iranian Hacking To Test NSA Pick,” Wall Street Journal, February 18, 2014 A1 and “Prosecutors Widen Aim In Rate-Rig Investigation,” Wall Street Journal, February 18, 2014 A1

And on the flip side of A1, curious questions over some Japanese research into stem cells, raising questions about the findings. “Stem-Cell Research Under Scrutiny,” Wall Street Journal, February 18, 2014 A2

Issues implicated? How long does it take to fix your system once the bad guys break in? And how long do you say it took? Thank goodness the networks were segregated. How many cops can grab a piece of you if your alleged wrongdoing crosses borders? And what was the culture at Barclays at the time? Finally, you can’t believe everything you read in Nature.

Leave a comment

Filed under Business Case, Controls, Culture, Governance, Information, Interconnections, Internal controls, IT, Risk, Security, Value

It’s nice to know someone’s looking out for us

One would have thought that the next hacker target after Target, Neiman Marcus, and Michaels would be, say, a bank.

Apparently not.  According to people who watch out for those things (thank you all), a likely target may be nursing homes.

“Nursing Homes Exposed To Attacks By Hackers,” Wall Street Journal, February 18, 2014 B1

The three nursing homes in New York all used the safe software company.  And their information showed up on a hackers’ server.  Go figure.

The risk is everywhere, and the price of all the internet connectivity must be eternal vigilance, eh?




Leave a comment

Filed under Business Case, Controls, Information, Interconnections, IT, Risk, Security, Value