Monthly Archives: February 2014

Trust is a function of time and experience

How would you handle the situation if your system were breached, resulting in a lot of customer data?

Well, you’d gather the facts and inform people and make a public announcement, no matter how painful.  And if more information came your way and you had a choice to disclose or not disclose, what would you do?

Think what you want about Target and the recent credit card breach.  But when the CEO was presented with the option to disclose negative information that maybe was premature and maybe did not need to be disclosed by him, he made, IMHO, the right decision.  How do you rebuild trust when the relationship is damaged?  You be trustworthy.

“Inside Target, CEO Struggles To Regain Shoppers’ Trust,” Wall Street Journal, February 19, 2014 A1 http://on.wsj.com/1oT1xnU

What’s one of your mitigations if a predictable hazard occurs?  A good crisis management plan.  Which is your opportunity to improve your brand.

Leave a comment

Filed under Business Case, Business Continuity, Communications, Culture, Data quality, Governance, Information, IT, Operations, Risk, Security

It depends which side you’re on

Net neutrality, whatever that is, is an big issue.  On one side, there’s Netflix, which has a lot of content.  On the other side are the ISPs, like Comcast and Verizon and AT&T. And on the other other side, there’s the user.

It appears to me that net neutrality is about who pays for the additional bandwidth and related infrastructure required to handle the volume.  I assume that one way or another, the user pays, and it’s just a question of how to divvy that up. Netflix doesn’t connect directly to Verizon and Comcast; instead it uses a lower-cost connection. So what do Verizon and Comcast at all do when they don’t like their cut?  They slow down Netflix’s traffic.

I guess if you’re the government, “net neutrality” means “what can you control?”

“Feuds Over Netflix Traffic Leads to Video Slowdown,” Wall Street Journal, February 19, 2014 A1 http://on.wsj.com/1hvXPQk

What’s the risk to your business model if a critical carrier decides to charge more?

Leave a comment

Filed under Business Case, Business Continuity, Governance, Interconnections, IT, Operations, Risk, Use

Both sides now

Page A1 of today’s WSJ had three stories, sort of.

On A1 proper, there were the stories of the Iranian hacking of the US Navy’s non-confidential computer network, and reports on the broadening of the UK and US investigations into the rigging of Libor. Barclays took another hit, as three of their former traders got pinched. “Iranian Hacking To Test NSA Pick,” Wall Street Journal, February 18, 2014 A1 http://on.wsj.com/1fbp0hD and “Prosecutors Widen Aim In Rate-Rig Investigation,” Wall Street Journal, February 18, 2014 A1 http://on.wsj.com/1dKq9Le.

And on the flip side of A1, curious questions over some Japanese research into stem cells, raising questions about the findings. “Stem-Cell Research Under Scrutiny,” Wall Street Journal, February 18, 2014 A2 http://on.wsj.com/O7G3Gn.

Issues implicated? How long does it take to fix your system once the bad guys break in? And how long do you say it took? Thank goodness the networks were segregated. How many cops can grab a piece of you if your alleged wrongdoing crosses borders? And what was the culture at Barclays at the time? Finally, you can’t believe everything you read in Nature.

Leave a comment

Filed under Business Case, Controls, Culture, Governance, Information, Interconnections, Internal controls, IT, Risk, Security, Value

It’s nice to know someone’s looking out for us

One would have thought that the next hacker target after Target, Neiman Marcus, and Michaels would be, say, a bank.

Apparently not.  According to people who watch out for those things (thank you all), a likely target may be nursing homes.

“Nursing Homes Exposed To Attacks By Hackers,” Wall Street Journal, February 18, 2014 B1 http://on.wsj.com/1oPeUFI

The three nursing homes in New York all used the safe software company.  And their information showed up on a hackers’ server.  Go figure.

The risk is everywhere, and the price of all the internet connectivity must be eternal vigilance, eh?

 

 

 

Leave a comment

Filed under Business Case, Controls, Information, Interconnections, IT, Risk, Security, Value

How do you let people know you were breached?

Stories of the breach of a website are lately in the vein of dog bites man — lots of them, and little noticed (unless you are the bitee).”Kickstarter data breached,” Houston Chronicle, February 17, 2014 B8 http://bit.ly/1gc3NQY

So the controls failed, and hackers got names, email addresses, phone numbers, and passwords.  But not credit cards, thankfully.

But how Kickstarter (a crowd-funding site) chose to notify people of the breach is interesting.  They posted it on their blog. http://kck.st/MnLBLI  Saves doing a press release or sending notices to the people whose data was at risk.

What’s your crisis communications plan following a breach?

Leave a comment

Filed under Business Case, Communications, Controls, Governance, IT, Privacy, Risk, Security

Long, descriptive sentences

Conventional information governance looks at information in the workplace.  This post goes back a bit.

How do we teach and how do we learn?  If we taught differently, would our students learn better, faster?  Yes.

“Long sentences really speak to toddlers,” Houston Chronicle, February 16, 2014 A17 http://bit.ly/1bVXizt

Apparently, increasing the amount of linked objects in your conversations with your baby increase your baby’s neural networks.  And it’s all about networks.  The differences are huge; at age 2, the difference between doing it better can advance development by 6 months over other 2 year-olds.  Is this part of information governance?  Knowledge sharing?

Leave a comment

Filed under Communications, Data quality, Governance, Information, Knowledge Management, Value

The pinnacle of information governance

Answering the age-old question of just what is Information Governance normally involves reference to definitions by consultants and many, many PowerPoint slides.

But what is it, exactly?  Is it something beyond collecting, protecting and using information the right way, consistent with law and custom?

The usual focus in today’s paper would be the report that Target had a lot of warnings before their credit card breach.  Now that’s a conventional information governance discussion.

Is there a clearer example in the buildup to the presidential elections in Afghanistan?

“Afghans Fear Repeat of Fraud in Election,” Wall Street Journal, February 15, 2014 A6 http://on.wsj.com/1cazevL

There, a country hopes that the process will comply with law and protect their “information,” i.e., their vote, and that the confidentiality and integrity of that information will not be corrupted, and that that information will be used correctly in selecting their next president?  What controls are in place to address the risk of vote-rigging? Outside observers help, but will the Taliban intimidate voters outside polling places by strutting their stuff?  What mitigations if the playing field is tilted?

Leave a comment

Filed under Business Case, Compliance, Controls, Definition, Duty of Care, Governance, Information, Internal controls, Investor relations, Operations, Ownership, Privacy, Risk, Security, Third parties, Use, Value

Opening Pandora’s box

Pandora has apparently been selling space for political ads based on the Zip code of the user.  You enter your Zip code at registration and Pandora determines which county you live in.  Based on how that county has voted lately, you will get political ads favoring the prevailing party.

I thought that was a bit spooky.  But, hey, the service is free.

Now Pandora is refining its mining, by allowing this data to be further divided based on what music you listen to, and then extrapolating that to which political party you belong to.  That’s downright scary.

“Pandora Ads Will Tie Music To Politics,” Wall Street Journal, February 14, 2014 B1 http://on.wsj.com/1eAgLFE

I understand how they might deduce persuasion based on Bob Marley.  But what if you listen to Warren Zevon?

Leave a comment

Filed under Information, Operations, Privacy, Use, Value

Radical approach to compensating brokers

I have long been a proponent of making employees bonuses subject to a deduction if the employee is found not to have complied with company policies.  I haven’t had a lot of luck securing executive buy-in.

Now one company (whose reputation has suffered some dings for compliance issues of late) is doing precisely that.  Hip, Hip, Hooray!

“Barclays Advisers’ New Performance Metric: Their Behavior,” Wall Street Journal, February 13, 2014 C1 http://on.wsj.com/1g35QH4.  Apparently, the new policy has caused some of the employees to look somewhere else for a job.  Sounds like the policy is working.  I don’t understand why this isn’t a separate factor in the Federal Sentencing Guidelines Manual.  How could a company be serious about compliance with law or policy if it didn’t have such a deduction? Recruiters in the field say that “they don’t expect other brokerages to follow suit.”  What does that say about the cultures at those brokerages?  Or their commitment to compliance?

Leave a comment

Filed under Business Case, Compliance, Controls, Culture, Governance, Internal controls, Risk

Who’s zooming whom?

A government can’t misreport trade data, can they?  Isn’t there a rule against that?

“China Rebound Invites Data Scrutiny,” Wall Street Journal, February 13, 2014 A10 http://on.wsj.com/1jdI0up  Eyebrows were raised after China reported higher-than-expected export numbers for January.  And who can challenge them.  The facts are what they say they are.  Was it over-invoicing?  Who can say?  Or is it accurate? Same question.  But what happens when a country’s reputation for truth and veracity is called into question?

Leave a comment

Filed under Controls, Data quality, Information, Internal controls, Value