Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

IISP NW branch meeting 15 nov 2012 security through governance, compliance…


Published on

A presentation from Will Roebuck from on online security. Vido of the talk is available on Youtube.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

IISP NW branch meeting 15 nov 2012 security through governance, compliance…

  1. 1. Whats on your E RADAR? IT Governance, Security and Risk across the online economy Will Roebuck Founder and CEO E RADAR | Smarter business online
  2. 2. Why is IT governance important?● It costs jobs and affects livelihoods without it● Safeguard competitive and collaborative advantage ● Corporate reputation ● (Public) procurement requirements ● Officer (director) liability● Meet fiscal, legal and regulatory requirements● Provide minimum standards of best practice
  3. 3. Online in 2012 – 15 years of strengths● Speed and convenience of business transactions● Cost and inventory control● Global presence and market opportunity● Better customer service● Competitive and collaborative advantage● Research and innovation● Social revolution (accessibility and connecting people)
  4. 4. Online in 2012 – 15 years of weaknesses● Pace of change v legacy technologies ● e.g. Royal Bank of Scotland, NHS IT Infrastructure● Conflict of laws and regulations ● Whose law applies? ● Common law v statute● Work place social networking v time-management● Increased globalisation = domino effect (e.g. Enron)● Take up of network and information security● Beware of imitations...
  5. 5. Know who youre talking to?
  6. 6. Online in 2012 – 15 years of opportunity ● 2,405,510,036 online June 2012 (34.3% world population)* ● E-commerce sales represents 16.9 per cent of total sales ● Website sales represented 4.2 per cent of total sales ● 78.7 per cent of businesses had a website ● 51.9 per cent of businesses had mobile broadband using 3G ● 86.5 per cent of businesses used the Internet to interact with public authorities.* Internet World Stats
  7. 7. Online in 2012 – 15 years of threats● Society, business and government ● Financial fraud ● Children and citizens e.g. harassment, bullying... ● Theft – identity, data, intellectual property ● International terrorism● UK Cyber Crime Strategy (Nov 2011)● Cost to UK economy ● Cyber crime - £27 billion per year? ● Welfare/tax fraud - £200/£300 per citizen per year
  8. 8. Online business environment● Supply and demand ● Goods, services, digital downloads, financial instruments ● The bottom line● Encouraged by ● Competition, enterprise and innovation● Supported by ● People, processes, technology, and information ● Laws, regulations, standards and best practice
  9. 9. What does this all mean?● Balance supply and demand against risk● Deploy resources carefully● Smarter business management ● Identify, develop and use the right people skills ● Re-engineer business processes ● Invest in enabling technology● Provide good laws and regulations ● Responsive legal environment
  10. 10. IT challenges over next decade● Cloud computing● More online applications ● Just require connectivity; transparent licensing● Social networks and software ● Enagage with partners and customers; find out interests● Document management and collaboration ● Organise resources centrally – audit trails● CRM 2.0 ● Internet capabilities to manage customers, incl loyalty
  11. 11. IT challenges over next decade● Unified communications ● Connecting to the right people● Web 3.0 – semantic web ● Intelligent applications● Business intelligence ● Improving insights to employees... professional networks● Virtualisation – Green IT ● Physical to virtual servers saving energy, carbon foot print,● Enterprise mobility ● Applications accessible from mobile devices
  12. 12. Why governance and compliance?● Customer trust and confidence● Business protection e.g. evidential trail● Sector requirements● Reduced insurance premiums● Corporate reputation● Director and vicarious liability● The regulatory stick● Secure transactions
  13. 13. Challenges and issues● Corporate ● Vicarious and director liability ● Duty of care towards employee ● Prevent improper and illegal activity over systems /networks● Personal ● Directors failing to undertake duties implied by law or as additional duties in their contract
  14. 14. Challenges and issuesContractual ● Prove existence of agreement in disagreement with a customer ● Defend an action for unfair dismissal before employment tribunal● Legal ● Prove an intellectual property right or invention
  15. 15. Challenges and issuesRegulatory ● Registering, reporting, retaining and disposal of records – Annual returns – Invoicing and VAT – Health and Safety – Personnel records ● Data Protection ● Consumer Protection● Security of systems and networks... and information
  16. 16. Digital evidence and admissibility● Evidence is ● the way that a fact is proved or disproved in a court, tribunal or disciplinary. ● Oral, real (primary or secondary) or hearsay (less reliable) – Primary = e.g. signed original contract – Secondary = e.g. unsigned draft of the contract● Burden of proof ● Civil cases = with plaintiff and balance of probabilities ● Criminal cases = with prosecution and beyond reasonable doubt
  17. 17. Digital evidence and admissibility● Evidence in electronic format is admissible ● Electronic Communications Act 2000 ● Civil Evidence Act / Youth Justice and Criminal Evidence Act● May be legally acceptable but may not be admissible.● Admissible document must be sufficiently relevant● Court must decide and may give different weight to primary or secondary evidence● British Standards Code for Legal Admissibility and Evidential Weight of Information Stored Electronically.
  18. 18. Misuse of devices● Abuse and misuse (Illegal, illicit or wrong) ● Defamatory remarks ● Breach of confidentiality ● Using and abusing copyright without permission ● Negligence in sending viruses to other business ● Sexual or racial harassment● Criminal Offences ● e.g. downloading child pornography ● Other illegal images
  19. 19. Monitoring communications● Right to privacy – even at work● Regulation of Investigatory Powers Act 2000● Lawful Business Practice Regulations 2000 ● Inform monitoring for lawful business purposes ● Quality, training and security● How do you monitor remote workers? ● Blanket monitoring of employees not acceptable ● Must be justified ● Other alternatives?
  20. 20. Data protection● 8 data protection principles● Principle 7 – adequate security measures● Principle 8 – international transfers ● Cloud computing ● Where is personal data ● Information Commissioners Guidance● Sensitive personal data ● Encryption
  21. 21. Retention, deletion and retrieval● Organisations must have evidence to rely upon it!● Information management policy covering ● Retention, access and exchange (including security), deletion and retrieval● Why a policy? ● Business (cost, time and risk management) ● Legal (e.g. accounting records = 6 years, criminal penalties) ● Regulatory (FSA Rules, Food Standards etc)
  22. 22. About E RADAR● Championing enterprise and the online economy● Focus on public policy, governance, compliance and risk ● Pre-legislation and post legislation ● IT and online contracting● Free-to-use forums ● Monitoring and scrutiny ● Thought-leadership and best practice ● Knowledge Xchange● Social network
  23. 23. Back to you... and 2012● A turning point? ● Global recession with Euro under threat ● £1 trillion UK government borrowing ● 60% EU cross-border e-commerce transactions fail ● Public sector cuts and increasing unemployment ● European Digital Single Market – working or not?We need visionaries, innovators and entrepreneurs torecognise the opportunities and walk through the door...”
  24. 24. “The best way to predictthe future is to create it!”
  25. 25. Thank you!