Category Archives: Business Case

Ransomware Week

“Faux Ransomware Does Damage,” The Wall Street Journal, June 30, 2017 B3.  Motive for recent attacks was not blackmail, but just disruption.  The files that were attacked may not be recoverable.  “Malware Leaves Big Law Firm Hobbled,” The Wall Street Journal, June 30, 2017 B3.  DLA Piper shuts down after its computer systems hit.  “Hospital Is Forced To Scrap Computers,” The Wall Street Journal, June 30, 2017 B3. West Virginia hospital tosses its entire computer network after cyberattack.

Have the Visigoths gathered at the gate?  If we can’t protect our computers and the information they contain and send, does our civilization survive?  Is IT now more important that all the other functions?

Leave a comment

Filed under Access, Business Case, Business Continuity, Controls, Information, Interconnections, IT, Operations, Risk, Security, Value

Snitches get stitches

Apparently, keeping the identities of confidential informants secret poses some challenges.  Are there information governance lessons to be learned?

“Inmates Targeting Informants,” The Wall Street Journal, June 21, 2017 A3. “[C]lose to 700 witnesses and informants believed to have cooperated with the government have been threatened, wounded or killed” over three years.  One source of information: online court records that provide clues as to who cooperated with the prosecutors.  Some inmates may be posting their sentencing files to establish their bona fides.

Hard to classify this in this blog.  Does this pertain to

  • the value of accurate and complete information
  • the risk in making information widely available
  • the government’s duty to protect informants
  • the government’s duty to have a transparent criminal justice system
  • a defendant’s right to confront his/her accusers
  • the need for security and the difficulty in providing it
  • the proactive value of disclosure
  • the fact that information can be misused
  • the difficulty in creating effective controls
  • other?

 

Leave a comment

Filed under Access, Accuracy, Communications, Compliance, Controls, Data quality, Duty, Duty of Care, Governance, Government, Information, Internal controls, Oversight, Privacy, Protect assets, Risk, Third parties, Value

Algorithms

Is the use of algorithms to set prices a subterfuge to facilitate price fixing?

“To Set Prices, Stores Turn To Algorithms,” The Wall Street Journal, May 9, 2017 A1. Use of algorithms to establish prices for a wide range of products, from Staples to gas stations based on “big data.”

But what if everyone uses the same algorithm?  Or if the algorithms are wrong or the data upon which they are based is wrong?  Can anyone explain what they do and how they do it?  The ultimate black box.

 

Leave a comment

Filed under Analytics, Business Case, Collect, Compliance, Data quality, Governance, Information, IT, Management, New Implications, Operations, Oversight, Use, Use

4 for Thursday

There were four pieces in today’s WSJ relevant to governance or information governance, or both.

“Currency Trading Data Hint at Leaks in U.K.,” The Wall Street Journal, April 27, 2017 B1. Indications that some investors are getting a sneak peek at UK statistics before they are published.  Does this go to access or to the calculus of the value of information including a factor for timeliness?

“FCC Chief Rails At Net Neutrality,” The Wall Street Journal, April 27, 2017 B1.  Is the government right in trying to control how information is accessed over the internet, or how (high-speed) access to that information is priced?  Who governs the internet, if any one?

“United Cites Litany of Failures,” The Wall Street Journal, April 27, 2017 B1.  CEO says “‘We let our policies and procedures get in the way of doing the right thing.'”  CEO also to give up his role as Chairman of the Board. A CEO taking accountability for the actions of employees on his watch – remarkable.  United also took out full-page ad.  Intersection of governance and crisis management.

“Hedge Fund Bets on ‘Big Data,'” The Wall Street Journal, April 27, 2017 B11.  Investments in analytics to identify profitable trades.  Timeliness of information is a factor in the value of that information.

Leave a comment

Filed under Access, Analytics, Board, Business Case, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Government, Information, Internal controls, New Implications, Oversight, Oversight, Protect assets, Risk, Third parties, Value

What does bad information governance cost?

One of the risks of bad information governance is that your employees will violate some restriction/law/regulation and the corporation will have to pay for it.  How much, you may ask?

“Volkswagen Faces Up to Penalties,” The Wall Street Journal, March 11, 2017 B1.  Volkswagen pleaded guilty and “agreed” to pay penalties of $4.3 billion for misleading the regulators and the public in the diesel emissions scandal.

Cost to date: $25 billion for trying to hide something from the regulators and the public.  Would your company do something like that?  What has this cost the directors and managers who either missed it or ignored it?  What has it cost the Volkswagen shareholders?

 

Leave a comment

Filed under Accuracy, Board, Business Case, Compliance, Compliance, Compliance, Compliance Verification, Corporation, Culture, Directors, Duty, Employees, Governance, Management, Oversight, Oversight, Protect assets, Protect information assets, Risk

Deception strategy

How do you prevent the competition from punking your business?  Caller ID helps the pizza delivery business identify who’s calling.

“Uber Used Program to Evade Authorities,” The Wall Street Journal, March 6, 2017 B4.  Uber apparently wrote its terms of service, and monitors data on who and where calls are coming from, to reduce competitors’ interfering with its business (by making fake calls).  Also identifies people suspected of running a law enforcement sting operation.

So Uber looks for clues to see if you’re a regulator.  Do you use a burner phone?  Does your credit card belong to a regulatory agency? Is this using information to assist the achievement of your business model?

Leave a comment

Filed under Access, Accuracy, Analytics, Business Case, Collect, Controls, Governance, Management, New Implications, Operations, Policy, Protect assets, Risk assessment, Use, Use

Access

If you are in the information business (and who isn’t?), what if you can’t get to that information?  Worse, what if your customers can’t get to information you store for them, or their customers can’t get to their web pages?

“Amazon Outage Hits Cloud Customers,” The Wall Street Journal, March 1, 2017 B4. Failure at a storage center just outside of Washington, D.C. lasted about 4 hours and affected Amazon Web Services.  Uptime/downtime, and reliability.

What’s your plan if your main storage goes out?  How does your business continue to operate?

Leave a comment

Filed under Access, Business Case, Business Continuity, Controls, Governance, Interconnections, IT, Management, Operations, Protect, Protect assets, Risk, Third parties