Monthly Archives: December 2014

Time warp

The SEC posts a bunch of corporate regulatory filings on the web, through EDGAR.  The way things are configured now, certain people can pay $1,500/month and get early access to these filings, before they are posted through EDGAR.  Early access may only be 10 seconds.

“SEC to Close Gap in Filings’ Release,” Wall Street Journal, December 27, 2014 B1. The SEC is working to close this gap, which gives those people with early access an edge on the rest of the market.

In calculating the value of information, how much of a role does timeliness play?

Leave a comment

Filed under Controls, Information, Internal controls, Third parties, Value

Two from the front

Two stories from the front page today.

“U.S. Puts New Focus On Cyber Defenses,” Wall Street Journal, December 26, 2014 A1. White House looks at threat posed by Sony hack.  Might others follow the trend? Is this a national security issue?  Who owns the infrastructure?  Who’s responsible for protecting a commercial business from hacking?

Long After Arrests, Records Live On,” Wall Street Journal, December 26, 2014 A1. Records of arrests (without convictions) can live forever.  Should you have a right to be forgotten, or are facts facts?  Worse than a selfie or an intemperate online posting.

Who’s in charge of internet and email security? If there’s a statute of limitations for actions, shouldn’t there be a limited period for inquiry?  Would you want to know that your doctor/teacher/minister/politician had some flaws in his or her background?  Whose interests are paramount, the individual’s or society’s?

Leave a comment

Filed under Business Case, Controls, Definition, Information, Interconnections, Internal controls, IT, Ownership, Privacy, Protect, Risk, Security, Third parties, Use, Value


The Sony hack just keeps on giving.

After Hack, Secret-Messaging App Is Pitched to Hollywood,” Wall Street Journal, December 24, 2014 B5.  New app uses the Sony hack as a marketing opportunity for its self-destructing messaging.

The aftermath of the hack is continuing fodder for business school classes on information governance and crisis management, among others.  If you had such an app in development, do you wait for such an event to release your app?  Did Snapchat suffer from a timing gap?  How do you deal with this if you have discovery in litigation?

Leave a comment

Filed under Business Case, Controls, Discovery, Information, Internal controls, IT, Privacy, Risk, Security, Third parties, Use, Value

Two email stories

First, a must-read.  “Hackers Could Expose Any of Us,” Wall Street Journal, December 20, 2014 C3.  Bruce Schneier, a guru’s guru on security stuff, writes about how surprised experts were at how lax Sony’s protections were.  Then he makes the point that none of us are safe from a determined bunch of hackers.

Second, should you use email, and, if so, how long should you keep it? “Are You Sure You Want to Use Email?” Wall Street Journal, December 20, 2014 B1.  You really have to use it, so how do you reduce your exposure? Move it off-line?

Lots of lessons out of the Sony hack.

Leave a comment

Filed under Business Case, Controls, Governance, Internal controls, IT, Management, Protect, Protect assets, Protect information assets, Risk, Security, Third parties, Use


First they were hacked.  Then they were threatened.  What does “The Interview” tell us?

Hackers Threaten Sony Film Debut,” Wall Street Journal, December 17, 2014 B1.  Theaters released from obligation to carry movie opening following threats over “The Interview.”

Now the connection between the hacking and the threat seems a bit thin to DHS, it does raise the question, “What if they do this for all Sony films?”

Is this related to information governance, or is this just a limitation on what movies can be marketed? Are some subjects just not advisable?  Is this a risk Sony anticipated when they decided to do the film?  What does this presage for movies on other topics?  Will other theaters bow to the threats?

Leave a comment

Filed under Business Case, Risk, Use

The delivery mechanism

How do you get information to your paying customers?  Any way they want it.

“NBC Set to Live Stream Network,” Wall Street Journal, December 16, 2014 B2. NBC takes a different model than other networks.  Rather than setting up a separate paying stream, NBC is making the service to its existing customers.

Part of information governance is figuring out how to make money from what information you have, or more money from what you’re already providing.  Will this work for NBC?

Leave a comment

Filed under Information, Management, Use, Value

Interesting legal theory

Let’s see.  Someone hacks into your email system because you have inadequate controls.  They post embarrassing emails online.  What can you do?  Urge newspapers not to publish?Have your lawyer send a threatening letter.

“Sony Hires David Boies In a Bid to Halt Leaks,” Wall Street Journal, December 15, 2014 B1.  Sony has a high-powered lawyer send a threatening letter to news organizations to persuade them not to publish the leaked emails.

That’s the problem with freedom of the press — it’s free.  Yes, the information was stolen.  But then it was put into the public domain.  Hard to see how even Mr. Boies can succeed on this.  But letters are cheaper than lawsuits.

One problem with information is it can be stolen from you even though you still have it.  And your mitigation strategy needs to be a bit more robust.

Leave a comment

Filed under Business Case, Controls, Information, Internal controls, IT, Management, Operations, Ownership, Protect, Risk, Security, Third parties, Use