A presentation from Will Roebuck from www.eradar.eu on online security. Vido of the talk is available on Youtube.

1. What's on your E RADAR?
IT Governance, Security and Risk
across the online economy
Will Roebuck
Founder and CEO
E RADAR | Smarter business online

2. Why is IT governance important?
● It costs jobs and affects livelihoods without it
● Safeguard competitive and collaborative advantage
● Corporate reputation
● (Public) procurement requirements
● Officer (director) liability
● Meet fiscal, legal and regulatory requirements
● Provide minimum standards of best practice

3. Online in 2012 – 15 years of strengths
● Speed and convenience of business transactions
● Cost and inventory control
● Global presence and market opportunity
● Better customer service
● Competitive and collaborative advantage
● Research and innovation
● Social revolution (accessibility and connecting people)

4. Online in 2012 – 15 years of weaknesses
● Pace of change v legacy technologies
● e.g. Royal Bank of Scotland, NHS IT Infrastructure
● Conflict of laws and regulations
● Whose law applies?
● Common law v statute
● Work place social networking v time-management
● Increased globalisation = domino effect (e.g. Enron)
● Take up of network and information security
● Beware of imitations...

5. Know who you're talking to?

6. Online in 2012 – 15 years of opportunity
● 2,405,510,036 online June 2012 (34.3% world population)*
● E-commerce sales represents 16.9 per cent of total sales
● Website sales represented 4.2 per cent of total sales
● 78.7 per cent of businesses had a website
● 51.9 per cent of businesses had mobile broadband using
3G
● 86.5 per cent of businesses used the Internet to interact
with public authorities.
* Internet World Stats http://www.internetworldstats.com/stats.htm

7. Online in 2012 – 15 years of threats
● Society, business and government
● Financial fraud
● Children and citizens e.g. harassment, bullying...
● Theft – identity, data, intellectual property
● International terrorism
● UK Cyber Crime Strategy (Nov 2011)
● Cost to UK economy
● Cyber crime - £27 billion per year?
● Welfare/tax fraud - £200/£300 per citizen per year

8. Online business environment
● Supply and demand
● Goods, services, digital downloads, financial instruments
● The 'bottom line'
● Encouraged by
● Competition, enterprise and innovation
● Supported by
● People, processes, technology, and information
● Laws, regulations, standards and best practice

9. What does this all mean?
● Balance supply and demand against risk
● Deploy resources carefully
● Smarter business management
● Identify, develop and use 'the right' people skills
● Re-engineer business processes
● Invest in enabling technology
● Provide good laws and regulations
● Responsive legal environment

10. IT challenges over next decade
● Cloud computing
● More online applications
● Just require connectivity; transparent licensing
● Social networks and software
● Enagage with partners and customers; find out interests
● Document management and collaboration
● Organise resources centrally – audit trails
● CRM 2.0
● Internet capabilities to manage customers, incl loyalty

11. IT challenges over next decade
● Unified communications
● Connecting to the right people
● Web 3.0 – semantic web
● Intelligent applications
● Business intelligence
● Improving insights to employees... professional networks
● Virtualisation – Green IT
● Physical to virtual servers saving energy, carbon foot print,
● Enterprise mobility
● Applications accessible from mobile devices

12. Why governance and compliance?
● Customer trust and confidence
● Business protection e.g. evidential trail
● Sector requirements
● Reduced insurance premiums
● Corporate reputation
● Director and vicarious liability
● 'The regulatory stick'
● Secure transactions

13. Challenges and issues
● Corporate
● Vicarious and director liability
● Duty of care towards employee
● Prevent improper and illegal activity over systems /networks
● Personal
● Directors failing to undertake duties implied by law or as
additional duties in their contract

14. Challenges and issues
Contractual
● Prove existence of agreement in disagreement with a
customer
● Defend an action for unfair dismissal before employment
tribunal
● Legal
● Prove an intellectual property right or invention

15. Challenges and issues
Regulatory
● Registering, reporting, retaining and disposal of records
– Annual returns
– Invoicing and VAT
– Health and Safety
– Personnel records
● Data Protection
● Consumer Protection
● Security of systems and networks... and information

16. Digital evidence and admissibility
● Evidence is
● the way that a fact is proved or disproved in a court, tribunal
or disciplinary.
● Oral, real (primary or secondary) or hearsay (less reliable)
– Primary = e.g. signed original contract
– Secondary = e.g. unsigned draft of the contract
● Burden of proof
● Civil cases = with plaintiff and 'balance of probabilities'
● Criminal cases = with prosecution and 'beyond reasonable
doubt'

17. Digital evidence and admissibility
● Evidence in electronic format is admissible
● Electronic Communications Act 2000
● Civil Evidence Act / Youth Justice and Criminal Evidence Act
● May be legally acceptable but may not be admissible.
● Admissible document must be sufficiently relevant
● Court must decide and may give different weight to primary
or secondary evidence
● British Standards Code for Legal Admissibility and
Evidential Weight of Information Stored Electronically.

18. Misuse of devices
● Abuse and misuse (Illegal, illicit or wrong)
● Defamatory remarks
● Breach of confidentiality
● Using and abusing copyright without permission
● Negligence in sending viruses to other business
● Sexual or racial harassment
● Criminal Offences
● e.g. downloading child pornography
● Other illegal images

19. Monitoring communications
● Right to privacy – even at work
● Regulation of Investigatory Powers Act 2000
● Lawful Business Practice Regulations 2000
● Inform monitoring for lawful business purposes
● Quality, training and security
● How do you 'monitor' remote workers?
● Blanket monitoring of employees not acceptable
● Must be justified
● Other alternatives?

20. Data protection
● 8 data protection principles
● Principle 7 – adequate security measures
● Principle 8 – international transfers
● Cloud computing
● Where is personal data
● Information Commissioner's Guidance
● Sensitive personal data
● Encryption

21. Retention, deletion and retrieval
● Organisations must have evidence to rely upon it!
● Information management policy covering
● Retention, access and exchange (including security),
deletion and retrieval
● Why a policy?
● Business (cost, time and risk management)
● Legal (e.g. accounting records = 6 years, criminal penalties)
● Regulatory (FSA Rules, Food Standards etc)

22. About E RADAR
● Championing enterprise and the online economy
● Focus on public policy, governance, compliance and risk
● Pre-legislation and post legislation
● IT and online contracting
● Free-to-use forums
● Monitoring and scrutiny
● Thought-leadership and best practice
● Knowledge Xchange
● Social network

23. Back to you... and 2012
● A turning point?
● Global recession with Euro under threat
● £1 trillion UK government borrowing
● 60% EU cross-border e-commerce transactions fail
● Public sector cuts and increasing unemployment
● European Digital Single Market – working or not?
We need visionaries, innovators and entrepreneurs to
recognise the opportunities and walk through the door...”

24. “The best way to predict
the future is to create it!”

25. Thank you!
will@eradar.eu
http://www.eradar.eu