Category Archives: Security

Apple ≠ Facebook ≠ Google

Apple seems to be taking a different approach than Facebook or Google.

“iPhone Change To Block Police,” The Wall Street Journal, June 14, 2018 B1.  Apple “fixes” the technical hole that allows the authorities to break into the iPhone of a criminal or suspected criminal.

Is Apple more or less concerned about privacy of its users than either Google or Facebook is concerned about the privacy of their customers?  What about Apple’s demonstrated desire to block government access?  Is that more like Google (use of Google AI in weapons systems) or like Facebook (oh, heck, we’ll let just about anyone see our users’ data)?

Is controlling access to user data Governance?  Or is it a feature?  Whom do you trust more?

Advertisements

Leave a comment

Filed under Access, Controls, Corporation, Culture, Duty, Duty of Care, Governance, Government, Internal controls, IT, Oversight, Policy, Privacy, Protect assets, Security, Third parties

What politically sensitive information do you have on your phone?

“Spies Make Push Into Phone-Hacking,” The Wall Street Journal, June 8, 2018 B4. Governments increase attempts to hack mobile phone to access the vast troves of data there.

Well, of course they wouldn’t do that in the US.  Would they?

Leave a comment

Filed under Access, Communications, Controls, Duty, Governance, Government, Internal controls, IT, Oversight, Privacy, Security, Third parties

Crying “Wolf”?

“Facebook Exposed Postings, The Wall Street Journal, June 8, 2018 B1.  Posts for 14 million Facebook users made public for 10 days, regardless of their default preferences.  Software bug blamed.

Whose information is it and what rules apply?  What happens when you introduce a defective product into commerce?

Leave a comment

Filed under Access, Controls, Corporation, Culture, Duty, Duty of Care, Governance, Internal controls, IT, Oversight, Ownership, Privacy, Protect assets, Security, Third parties

On the Internet, no one knows you’re a dog

“Sophisticated Email Scam Hits Businesses,” The Wall Street Journal, June 12, 2018 A4.  Spoofing emails used to get companies to pay fake invoices. $685million is claims in Q1 2018.

An attorney mistakenly wired $250K to the wrong account.  Oops.

You have processes in place to prevent this, right?  Is that information governance or just good business practice?

Leave a comment

Filed under Accuracy, Controls, Corporation, Data quality, Directors, Duty, Duty of Care, Governance, Internal controls, IT, Oversight, Policy, Protect assets, Security

Cybersecurity

Interesting piece in the Journal Report on Cybersecurity on May 30, 2018.  Even a quick read provides some helpful context.

Some of the headlines:

Leave a comment

Filed under Protect assets, Security, Uncategorized

Too candid camera

“Spy Squad Fights Hidden Cameras,” The Wall Street Journal, June 4, 2018 A8. A team of 50 sweeps public restrooms in Seoul, Korea, searching for hidden cameras.

Yes, there are laws against placing such cameras in restrooms.  But as a part of Governance, don’t you need to check that people are complying?  The technology is widely available at low prices.  Does your company sweep “common rooms” for “surveillance devices”?  Should they?  What about hotels and locker rooms?  Or Air B&B’s?

This seems to fall somewhere between Privacy and Hacking.  Or somewhere.

Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Duty, Governance, Government, IT, Oversight, Privacy, Security, Technology

A Mayor’s challenge

“Probes, Cyberattack Distract Atlanta as It Pitches Amazon,” The Wall Street Journal, May 29, 2018 A3.  Investigations of former mayor and the aftermath of a ransomware attack hamper efforts to entice Amazon to the city.

Corporations should conduct structured risk assessments.  Do cities?

One assumes Atlanta has done a risk assessment and identified the risk of official misconduct.  Did it also capture the risk of a cyberattack?  Did the risk assessment suggest that if these risks occurred, Atlanta would lose the chance of phenomenal growth?

 

Leave a comment

Filed under Business Continuity, Communicate, Compliance, Compliance, Controls, Duty, Duty of Care, Governance, Government, Internal controls, IT, Management, Operations, Oversight, Protect assets, Risk assessment, Security, Third parties