Category Archives: Information

Catching up

I was working on another project, and could not do my postings as timely as I would like.  But here’s a bunch of news items I wanted to write about:

Leave a comment

Filed under Compliance, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Lawyers, Oversight, Ownership, Privacy, Third parties, Uncategorized

VW Compliance Executive Pleads Guilty

“Ex-VW Official Admits Role in Emissions Cheating,” The Wall Street Journal, August 5, 2017 B3. A former VW “compliance executive” charged with conspiracy to defraud the US, wire fraud, and Clean Air Act violations pleads guilty.  He admits he knew about the software used to mislead US environmental regulators.  Faces sentencing in criminal case in December.

Hiding information from the government is not a good thing.  What was the culture that allowed this to happen?  Did people feel a need to do this to compete?  Too many car companies have been caught up in such scandals to have it be random.

The shareholders have paid (and are continuing to pay) for the mistakes of the employees of the company.  Who else from the company is going to go to jail,  or lose his/her job?  VW is facing costs in just the US of more than $25 billion and investigations elsewhere.  Does the “compliance executive” know of others who also knew?  Might he offer up some names before December?  People who bought VWs are going to want to recover damages from someone.

Leave a comment

Filed under Accuracy, Analytics, Board, Compliance, Compliance, Controls, Corporation, Culture, Culture, Data quality, Directors, Duty, Employees, Governance, Information, Internal controls, Oversight, Oversight, Value

Going to the movies

Sony was not alone.  HBO gets hacked, too, and Netflix.  Is nothing sacred?

“Hackers Stole HBO Programming,” The Wall Street Journal, August 1, 2017 B2.  Game of Thrones may be coming sooner than planned.    Hacker also got personal information on at least one executive.

How well is your information protected?  What’s that protection worth?

Leave a comment

Filed under Access, Controls, Governance, Information, Internal controls, IT, Management, Protect, Protect assets, Protect information assets, Security, Value

The grip on your information

“Apple Eases Its Grip in Chinese Data,” The Wall Street Journal, July 13, 2017 B3.  “To comply with tough new cybersecurity rules, Apple will begin storing all cloud data for its Chinese customers with a government owned company [in China] ….”  Apple “will retain control over encryption keys.”  That makes me much more comfortable.

It might appear that China is exerting its grip on the data stored by Chinese customers on iCloud.  But whose data is it, anyway?  And what if other countries take similar steps with their citizens’ data?  Any opportunity for mischief?

Leave a comment

Filed under Access, Controls, Information, Internal controls, IT, Ownership, Privacy, Security, Third parties

Pesky little documents

“Caterpillar Faces New Questions in Probe,” The Wall Street Journal, July 3, 2017 B1.  During a criminal investigation, required export documentation couldn’t be found. Apparently, there are also inconsistencies between what was submitted to the Department of Commerce and what was turned over in response to subpoenas.

So, a corpration may be charged criminally.  What about officers, directors, and employees?

It is only foolish consistency, not inconsistency, that is the hobgoblin of little minds.

Leave a comment

Filed under Accuracy, Compliance, Compliance Verification, Controls, Corporation, Data quality, Duty, Employees, Governance, Information, Internal controls, Oversight, Value

Ransomware Week

“Faux Ransomware Does Damage,” The Wall Street Journal, June 30, 2017 B3.  Motive for recent attacks was not blackmail, but just disruption.  The files that were attacked may not be recoverable.  “Malware Leaves Big Law Firm Hobbled,” The Wall Street Journal, June 30, 2017 B3.  DLA Piper shuts down after its computer systems hit.  “Hospital Is Forced To Scrap Computers,” The Wall Street Journal, June 30, 2017 B3. West Virginia hospital tosses its entire computer network after cyberattack.

Have the Visigoths gathered at the gate?  If we can’t protect our computers and the information they contain and send, does our civilization survive?  Is IT now more important that all the other functions?

Leave a comment

Filed under Access, Business Case, Business Continuity, Controls, Information, Interconnections, IT, Operations, Risk, Security, Value

Cyberattacks, revisited

It’s Groundhog Day.  Or becoming a dog-bites-man story.

“Cyberattack’s Fallout Fuels Scramble,” The Wall Street Journal, June 29, 2017 B3. A ransomware attack through Microsoft Windows hits Maersk, Merck, WPP, and Rosneft, among others.  Surgeries disrupted at a Pennsylvania hospital.  “Hospital Operator In Pennsylvania Works to Recover,” The Wall Street Journal, June 29, 2017 B3.

Does this become so routine we forget people are supposed to take steps to prevent it?  Do cyberattacks make the board agenda, without the tie to the greater information governance questions?  Is that progress?  Does industry not see the bigger risk?

 

Leave a comment

Filed under Access, Controls, Duty of Care, Governance, Information, Interconnections, Internal controls, IT, Oversight, Protect assets, Security, Third parties, Value