Category Archives: Government

The dog that didn’t bark

In a departure from normal practice, I comment upon an event unreported, as far as I can tell, in The Wall Street Journal.  For me, some things transcend politics.

Maybe I missed it.  Or maybe The Wall Street Journal didn’t see fit to print the leaked transcripts of President Trump’s post-inauguration phone calls with the leaders of Mexico and Australia.

What does it say that this story, blaring over the TV newswires, wasn’t printed?  Does it say something about some organizations placing the Nation’s security above their own circulation numbers?  Is that a control you can rely on?  Apparently not from everyone.

Even if the paper had or did print something on this, what does the leak of those transcripts say about information governance?  First, does the White House have adequate controls and culture in place?  Clearly not.  Maybe General Kelly can help with that.

But what about the person who signed an oath and nonetheless decided to leak these classified transcripts to the press, thinking little or nothing about the impact on future calls between world leaders?  What’s their understanding of duty?  Placing the Nation’s needs above those of party or self?

Hang ’em high.

Leave a comment

Filed under Access, Compliance, Controls, Culture, Duty, Employees, Governance, Government, Internal controls, Protect assets, Third parties

Too many controls?

A key element of governance is determining who’s in charge.  And who’s responsible when something goes wrong.

“Fed Looks To Ease Curbs on Directors,” The Wall Street Journal, August 4, 2017 B10. “The Federal Reserve proposed scaling back the requirements it places on banks’ boards of directors….”  The Fed is concerned “it has been overloading boards with too many specific requirements….”

Have the Fed attempts at micromanagement resulted in directors taking their eyes off the ball?  Does the Fed take responsibility for over-management?  Is the Fed a fiduciary, with liability to the banks or their shareholders?

 

Leave a comment

Filed under Board, Compliance, Controls, Corporation, Directors, Duty, Governance, Government, Third parties

Snitches get stitches

Apparently, keeping the identities of confidential informants secret poses some challenges.  Are there information governance lessons to be learned?

“Inmates Targeting Informants,” The Wall Street Journal, June 21, 2017 A3. “[C]lose to 700 witnesses and informants believed to have cooperated with the government have been threatened, wounded or killed” over three years.  One source of information: online court records that provide clues as to who cooperated with the prosecutors.  Some inmates may be posting their sentencing files to establish their bona fides.

Hard to classify this in this blog.  Does this pertain to

  • the value of accurate and complete information
  • the risk in making information widely available
  • the government’s duty to protect informants
  • the government’s duty to have a transparent criminal justice system
  • a defendant’s right to confront his/her accusers
  • the need for security and the difficulty in providing it
  • the proactive value of disclosure
  • the fact that information can be misused
  • the difficulty in creating effective controls
  • other?

 

Leave a comment

Filed under Access, Accuracy, Communications, Compliance, Controls, Data quality, Duty, Duty of Care, Governance, Government, Information, Internal controls, Oversight, Privacy, Protect assets, Risk, Third parties, Value

Kidnapping v. stealing information

One unique aspect of information is that it can be stolen, yet remain in the owner’s possession.  Apparently, medical facilities are required to report if your medical information is stolen, but not if it is merely kidnapped and held for ransom.

“Some Cyberattacks Go Unreported,” The Wall Street Journal, June 19, 20127 B3.  Whether hospitals need to report a ransomware attack of their files as a data breach is a “gray area,” and the federal government doesn’t require such reports, even if the government knows about them.  Some hospitals don’t report ransomware attacks, so these attacks are not in the HHS statistics.

So, patients don’t know when hospitals have weak security protection.  What value, then, are the government statistics?  Do they need a big asterisk?

 

Leave a comment

Filed under Controls, Corporation, Data quality, Duty, Government, Information, Internal controls, IT, Legal, Requirements, Security, Third parties, To report, Value

We have a Winner

What do you do when you discover who violated the law by leaking a classified document?  You arrest them.

“Contractor Charged in Leak,” The Wall Street Journal, June 6, 2017 A4.  Reality Winner, an employee of a contractor for the NSA, was arrested and charged for leaking a classified document to the news media.  A criminal offense.

Interesting story of how the government found out.  A news agency provided a copy of the document and requested the government to confirm its accuracy.  The government could tell from looking at the copy that it had been folded, and concluded someone printed it out and sneaked it out.  IT logs showed six people had printed it out.  The computer of one of them showed email contact with a news agency.  When questioned, Ms. Winner fessed up.

Common themes:  the NSA needs to watch the employees of its contractors carefully; IT has a record, somewhere; criminals get arrested; a newspaper can inadvertently disclose confidential sources.

 

Leave a comment

Filed under Access, Controls, Corporation, Duty, Employees, Governance, Government, Information, Internal controls, IT, Oversight, Ownership, Protect assets, Security, Third parties, Vendors

British two-step

Gee, how important are computers to your company?  Or, more importantly, the information they contain?

“Big Outage Dogs British Airways,” The Wall Street Journal, May 30, 2017 B3. A power surge apparently takes out BA’s entire IT system.  No flights, no baggage, and no customer communications.  This is partly a business continuity problem, and is a predictable hazard (I was working at Amoco in Chicago in the 90’s when a flood took out the email servers that were then in the basement- Ed.).  But it also highlights how important access to information is to having your business run right.  If you put all your eggs in one basket, watch that basket.

What happens when you have so much information that you can’t read it all? “U.K.’s MI5 Begins Internal Probe,” The Wall Street Journal, May 30, 2017 A9.  Apparently, the suicide bomber in Manchester was on, and then off, the security service’s radar screen.  He was one of 20,000 suspects, but not among the 3,000 most active ones.

Leave a comment

Filed under Access, Accuracy, Business Continuity, Communications, Controls, Duty, Governance, Government, Information, Interconnections, IT, Operations, Oversight, Supervision, Third parties, Value

Hacking hackers

“In Cyberwar, Spies May Be Targets,” The Wall Street Journal, May 25, 2017 B4.  In a breach of protocol, the hackers behind the WannaCry ransomware attack may be releasing the names of some of the hackers working for the NSA.  Certainly cuts down on their foreign travel.

If they can’t keep their own secrets secret, what’s a body to do?  Will this shut them down?

How well does your company keep its secrets?  How important is it to your employees?

Leave a comment

Filed under Access, Business Continuity, Controls, Duty, Government, IT, Privacy, Security, Third parties