October 25, 2018 · 12:42 pm
“Smart Devices Draw New Defenses,” The Wall Street Journal, October 18, 2018 B1. Companies move to add security to the Internet of Things things, like interconnected devices inside your home (e.g., cameras, routers, refrigerators, and tvs).
Do we really know how insecure the appliances you have in your house? Do we really care? I posted earlier today about Apple in China building and selling phones that have the option, but not the requirement to have two-factor authentication. Is the user the weakest link?
October 25, 2018 · 12:12 pm
“Apple Says It’s Sorry for Chinese Hacks,” The Wall Street Journal, October 17, 2018 B4. Apple apologizes to customers who didn’t use two-factor authentication and who lost money when their accounts got hacked. No disclosure of how the Apple IDs were stolen.
One could comment on this as a hack, or as the failure of the user to use optional controls in a software/hardware app, or as the failure to make the control required rather than optional. But, as with the earlier post today, this post takes a different tack: what does it say about Governance in China when a vendor is pressured to apologize for its customers’ decisions? That doesn’t happen stateside, much. Is this punishment for Apple’s non-compliance? Versus a lawsuit, which would be the Western approach?
Filed under Access, Communications, Compliance (General), Controls, Corporation, Culture, Duty, Governance, Internal controls, Technology, Third parties, To report
October 25, 2018 · 11:58 am
“Advertisers Allege Facebook Put Off Disclosing Error,” The Wall Street Journal, October 17, 2018 B1. Facebook sued two years ago for knowing the statistics on how long users were looking at videos were flawed, overstating the average time videos were viewed but failed to let the advertisers know. So advertisers paid for posting videos based on inaccurate information from the seller (Facebook).
I guess one could comment on the culture at Facebook that would permit this behavior, or upon the Compliance implications of the apparent failure to punish anybody (employees, directors) for this apparent breach of customer trust. But instead one could focus on how much value Facebook derived from not disclosing information about known defects in its processes. So, either (a) the definition of Information includes information you don’t disclose or (b) the value of information can include the value of not disclosing it.
The documents turned over in discovery are not favorable to FB.
Filed under Accuracy, Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Data quality, Definition, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Reliance, Supervision, Technology, To report, Value
October 16, 2018 · 9:12 pm
“Delete Old Digital Haunts,” The Wall Street Journal, October 15, 2018 B4. A how-to guide on how to clear out the electronic information and the applications you don’t use any more.
Part of information governance is getting rid of data that we no longer need (and that is no longer required by law) – goes by the catchy title Defensible Disposal. A part of governance is how we manage this (or not) in our own lives. If you don’t do it in your own life, how can you be expected to do it at work?
October 16, 2018 · 8:48 pm
“Facebook Details Data Breach,” The Wall Street Journal, October 13, 2018 B1. Data exposed between July 2017 and September 2018. But thankfully only affected 30 million users, not the 50 million users originally feared. It only took 2 days to stop it after it was discovered. A flaw in the computer code opened a door.
The decrease in the number of affected users was reported in a blog post.
Does this mean that a defective product was released into commerce? So who pays how much to whom?
Filed under Compliance (General), Controls, Corporation, Duty, Governance, Information, Internal controls, IT, Oversight, Protect assets, Security, Supervision, Technology
October 16, 2018 · 8:41 pm
“Turkey Says Journalist’s Killing Was Recorded,” The Wall Street Journal, October 12, 2018 A1. Turkey alleges audio and video demonstrate that Jamal Khashoggi was killed in the Saudi consulate in Istanbul.
Was this captured in part on his Apple Watch?
Do we lose sight of the places where information can be found? How would (or do) we control this in our organization? A visitor who wears a watch?
October 15, 2018 · 10:10 am
“Facebook Hackers Access Nearly 50 Million Accounts,” The Wall Street Journal, September 29, 2018 A1. Unknown hackers may have gotten access as early as July 2017 by exploiting flaws in the system’s code. May have taken over your account and gotten to your posts and private messages, and may have the credentials to access other services, like Tinder and Spotify.
Is Facebook responsible for making sure its site is secure? How did the executive in charge of safety and security miss this? Does the Board at Facebook have liability? Facebook no longer has a Chief Security Officer.
Filed under Access, Board, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Oversight, Oversight, Protect assets, Protect information assets, Security, Technology, Third parties
August 18, 2018 · 12:20 pm
Appliances we use often capture data about how we use them. Who owns that data, where is it stored, and what is it used for (and by whom)?
“What Your Car Knows About You,” The Wall Street Journal, August 18, 2018 B4. Large of amounts of data being collected from on-board devices, and used by car makers and others.
Will this lead to more targeted advertising? May be worth $750 billion by 2030. How much of that will the car owners get?
Sure, currently you have to opt in to this service. You will read (and understand) the terms and conditions, won’t you? And this will all be stored securely, with your privacy protected, won’t it? Not that anyone could use your location or your driving habits against you.
August 11, 2018 · 12:12 pm
A key element of either Compliance or Governance (or both) is penalizing violations. Otherwise, the rule is on paper only, and isn’t real.
“U.S. Steps Up Grid Defense,” The Wall Street Journal, August 6, 2018 A1. Government devising new penalties for foreign (and domestic) agents who hack into critical infrastructure.
Sounds good. But might we be better off with a few more ounces of prevention (education, technology controls, testing, etc.)? The “internal” controls. By the time you’re penalizing folks, you’ve been hacked.
Filed under Access, Compliance (General), Controls, Duty, Governance, Government, Interconnections, Internal controls, IT, Security, Technology, Third parties
July 23, 2018 · 10:43 am
“Blockchain Helps Track Web Ads,” The Wall Street Journal, July 13, 2018 B4. Technology used to determine whether “views” are by humans or bots, and where the advertising dollars are going.
How do you track how much of your sales price you actually receive? For online ad publishers, Blockchain may help. Also helps the advertisers.
More information is good. Accurate information, even gooder.