Category Archives: Security

Abandoned

“Delete Old Digital Haunts,” The Wall Street Journal, October 15, 2018 B4.  A how-to guide on how to clear out the electronic information and the applications you don’t use any more.

Part of information governance is getting rid of data that we no longer need (and that is no longer required by law) – goes by the catchy title Defensible Disposal.  A part of governance is how we manage this (or not) in our own lives.  If you don’t do it in your own life, how can you be expected to do it at work?

Advertisements

Leave a comment

Filed under IT, Security, Records Management, Controls, Internal controls, Technology

Facebook again. Plus or minus 20 million.

“Facebook Details Data Breach,” The Wall Street Journal, October 13, 2018 B1.  Data exposed between July 2017 and September 2018.  But thankfully only affected 30 million users, not the 50 million users originally feared.  It only took 2 days to stop it after it was discovered.  A flaw in the computer code opened a door.

The decrease in the number of affected users was reported in a blog post.

Does this mean that a defective product was released into commerce?  So who pays how much to whom?

Leave a comment

Filed under Compliance (General), Controls, Corporation, Duty, Governance, Information, Internal controls, IT, Oversight, Protect assets, Security, Supervision, Technology

Apple watch

“Turkey Says Journalist’s Killing Was Recorded,” The Wall Street Journal, October 12, 2018 A1.  Turkey alleges audio and video demonstrate that Jamal Khashoggi was killed in the Saudi consulate in Istanbul.

Was this captured in part on his Apple Watch?

Do we lose sight of the places where information can be found?  How would (or do) we control this  in our organization?  A visitor who wears a watch?

Leave a comment

Filed under Controls, Information, Interconnections, Internal controls, IT, Security, Technology, Third parties

Hiding the ball

“Google Hid Data Breach for Months,” The Wall Street Journal, October 9, 2018 A1.  Alphabet hid or failed to disclose the breach of “hundreds of thousands of users” for six months, to avoid “regulatory scrutiny and … reputational damage.”  Data accessed between 2011 and 2018.

What did the delay in notification cost customers? Did Google care?  Who at Google knew, and are they still employed?  Why?

Don’t be evil.

Leave a comment

Filed under Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Duty, Duty of Care, Governance, Information, Internal controls, IT, Privacy, Security, To report

Amazon leak

“Amazon Fires Worker for Leaking Data,” The Wall Street Journal, October 6, 2018 B1. Leaker of customer email addresses fired and may be prosecuted.

Is this a Man-Bites-Dog story, just considering the source?  What did this cost the employee?  What did it cost Amazon?  What damage did it cause to the customers?

 

Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Information, Internal controls, IT, Oversight, Protect assets, Security

Facebook again. Again.

“EU May Fine Facebook $1.63 Billion Over Breach,” The Wall Street Journal, October 1, 2018 B1.  The hack of 50 million Facebook users reported earlier may lead to a large fine against Facebook (4 times its annual revenue).  The regulator in Europe has demanded more information.

Impact of stock value not reported.

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Governance, Information, Internal controls, Investor relations, IT, Oversight, Protect assets, Security, Value

FB in the news. Again.

“Facebook Hackers Access Nearly 50 Million Accounts,” The Wall Street Journal, September 29, 2018 A1.  Unknown hackers may have gotten access as early as July 2017 by exploiting flaws in the system’s code.  May have taken over your account and gotten to your posts and private messages, and may have the credentials to access other services, like Tinder and Spotify.

Is Facebook responsible for making sure its site is secure?  How did the executive in charge of safety and security miss this?  Does the Board at Facebook have liability?  Facebook no longer has a Chief Security Officer.

1 Comment

Filed under Access, Board, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Oversight, Oversight, Protect assets, Protect information assets, Security, Technology, Third parties