Category Archives: Access

Chinks in the chain

“Wi-Fi Flaw May Endanger Security,” The Wall Street Journal, October 17, 2017 B4.  A wi-fi flaw opens up systems to hackers.  Impact mostly for corporations, affecting WPA2 protocols.  But does affect older Android phones and use of Wi-Fi networks while traveling.

Is cyber-security too complex for humans to understand?

Hopefully, the corporations will install the patches on a timely basis.  What other steps should we take in the meantime?

Advertisements

Leave a comment

Filed under Access, Controls, Interconnections, IT

Equifax, cont’d

“After Equifax, a New Way Forward,” The Wall Street Journal, October 17, 2017 B4.  How to replace the Social Security Number as the common way to identify us and authenticate our transactions to lots of organizations, both public and government.

Who decided to take the risk of using the SSN for this?  Should the same people (i.e., banks) pay for the cost of their chosen course of action, or for using someone else’s information?  Or your doctor/insurance company?  Sure, it’s easy(ier) for the banks.

Who owns your SSN?  You?  The government?  Did you consent to this use of your information?  Did the government?  If you didn’t, I guess getting a mortgage would be difficult.

Leave a comment

Filed under Access, Controls, Information, Ownership, Third parties

Another hack

“New York Investigates Deloitte Cyberbreach,” The Wall Street Journal, October 13, 2017 B10.  New York AG investigates breach, which “compromised information on a small number of clients.”  The breach started a year ago and wasn’t detected until April 2017.  The information compromised may have been limited to access credentials and the like, rather than account information.  Sort of like Equifax.

Who else has been attacked and (a) knows about it but is still keeping it quiet, or (b) doesn’t know about it yet?

Leave a comment

Filed under Access, Board, Compliance, Compliance, Controls, Corporation, Duty, Duty of Care, Governance, Information, Internal controls, IT, Oversight, Oversight, Ownership, Protect assets, Protect information assets, Security, Value

A top goal?

“CEOs Make Protecting Data a Top Goal,” The Wall Street Journal, October 13, 2017 B4.  Unfortunately, the focus is on cyber-security rather than the broader information risk profile.  While this affect CEOs’ email habits, as they are phishing targets?

While this is a start, do CEOs really understand how much their company’s proprietary information is worth?  Or their duty to protect the company’s assets (people, physical equipment, cash, and information)?  Why not?

And where are the boards?  Don’t they have an overarching duty to oversee the major risks the company is facing and to make sure there’s an effective program in place to address?

I hear the violin.  Is Rome burning?

Leave a comment

Filed under Access, Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, IT, Managers, Oversight, Oversight, Ownership, Policy, Protect assets, Protect information assets, Security, Value

More military hacks

“Australia Hack Nets Data on U.S. Arms,” The Wall Street Journal, October 13, 2017 A6.  Hacker hacks a defense contractor’s computers and carried off “commercially sensitive data on sophisticated U.S. weapons systems.”  The ease of the hack is mind-boggling.

Is there a common scheme here?  Or otherwise solve this equation for X.

Leave a comment

Filed under Access, Controls, Corporation, Duty, Governance, Government, Information, Interconnections, Internal controls, IT, Oversight, Protect assets, Security, Third parties, Vendors

Electrical banana (reprise)

Slack is a new communications software in use in many companies.  Do your policies deal with the implications of the use and misuse of yet another new technology?  How will you handle this when litigation comes in?

“Tips to Tighten Slack Users’ Skills,” The Wall Street Journal, October 12, 2017 B4.

Leave a comment

Filed under Access, Communications, Compliance, Content, Controls, Corporation, Discovery, Duty, Duty of Care, Employees, Governance, Information, Interconnections, Internal controls, IT, Legal, New Implications, Oversight, Policy, Protect assets, Security

Change management

“Russia Modifies Software to Spy,” The Wall Street Journal, October 12, 2017 A1.  The Russian software used by the NSA for virus protection had been modified to “scan computers around the world for classified U.S. government documents ….”

Who are your vendors?  How much should you trust them?

Leave a comment

Filed under Access, Controls, Duty, Duty of Care, Governance, Government, Information, Interconnections, Internal controls, IT, Oversight, Ownership, Protect assets, Security, Third parties, Value, Vendors