The Financial
Balance Sheet
Part I
This slideshow reviews the Financial
Balance Sheet (FBS). The foundational
information in this slideshow will be
used throughout the text.
• A model of the corporation used to visualize the financial
functions and objectives of a firm.
The Financial Balance Sheet (FBS)
• Deals with a firm’s investments, such as:
– accounts on the accounting statement
– tangible and intangible assets
The Left-Hand Side (LHS)
• Deals with a firm’s sources of financing, which are
divided into two kinds of claims:
– Fixed claims are legally protected
– Residual claims are not legally protected
The Right-Hand Side (RHS)
• Capital gained from RHS claims is used to make LHS
investments. Cash generated by investments is then used
to satisfy claims and/or reinvested in the company.
LHS and RHS Interaction
• The three methods of acquiring capital are trade credit,
secondary trading, and retention of residual cash flows.
Capital Acquisition
• Financial managers make decisions related to both sides
of the FBS:
– LHS decisions include investments a firm makes
– RHS decisions include sources of capital used to fund
investments
Management and the FBS
Slide Number 1Slide Number 2Slide Number 3Slide Number 4Slide Number 5Slide Number 6Slide Number 7Slide Number 8
ITS 833 – INFORMATION GOVERNANCE
Chapter 11 – Information Governance
Privacy and Security Functions
[email protected] Asante 2019
1
1
CHAPTER GOALS AND OBJECTIVES
[email protected] Asante 2019
2
Things To Know:
Sources of Threats to protection of data
Solution
s to threats to protection of data
Identify some privacy laws that apply to securing an organization’s data
What is meant by redaction
What are the limitations on perimeter security?
What is IAM?
What are the challenges of securing confidential e-documents?
What are the limitations on an repository-based approach to securing confidential e-documents?
Things to Know:
What are some solutions to securing confidential e-documents?
What is stream messaging?
How is a digital signature different from an electronic signature?
What is DLP Technology?
What are some basic DLP methods?
What are some of the limitations of DLP?
What is IRM?
What are some key characteristics or requirements for effective IRM?
What are some approaches to security data once it leaves the organization?
2
Who are the victims ?
Government
Corporations
Banks
Schools
Defense Contractors
Private Individuals
Cyberattack Proliferation
[email protected] Asante 2019
3
Who are the perpetrators?
Foreign Governments
Domestic and foreign businesses
Individual Hackers/Hacking societies
Insiders
3
INSIDER THREATS
[email protected] Asante 2019
4
Some malicious/some not malicious
Insider threats can be more costly than outside threats
Nearly 70% of employees have engaged in IP theft
Nearly 33% have taken customer contact information, databases and customer data
Most employees send e-documents .
The Financial Balance Sheet Part I This slidesh.docx
1. The Financial
Balance Sheet
Part I
This slideshow reviews the Financial
Balance Sheet (FBS). The foundational
information in this slideshow will be
used throughout the text.
• A model of the corporation used to visualize the financial
functions and objectives of a firm.
The Financial Balance Sheet (FBS)
• Deals with a firm’s investments, such as:
– accounts on the accounting statement
– tangible and intangible assets
The Left-Hand Side (LHS)
• Deals with a firm’s sources of financing, which are
2. divided into two kinds of claims:
– Fixed claims are legally protected
– Residual claims are not legally protected
The Right-Hand Side (RHS)
• Capital gained from RHS claims is used to make LHS
investments. Cash generated by investments is then used
to satisfy claims and/or reinvested in the company.
LHS and RHS Interaction
• The three methods of acquiring capital are trade credit,
secondary trading, and retention of residual cash flows.
Capital Acquisition
• Financial managers make decisions related to both sides
of the FBS:
– LHS decisions include investments a firm makes
– RHS decisions include sources of capital used to fund
investments
Management and the FBS
Slide Number 1Slide Number 2Slide Number 3Slide Number
4Slide Number 5Slide Number 6Slide Number 7Slide Number 8
ITS 833 – INFORMATION GOVERNANCE
3. Chapter 11 – Information Governance
Privacy and Security Functions
[email protected] Asante 2019
1
1
CHAPTER GOALS AND OBJECTIVES
[email protected] Asante 2019
2
Things To Know:
Sources of Threats to protection of data
Solution
s to threats to protection of data
Identify some privacy laws that apply to securing an
organization’s data
What is meant by redaction
What are the limitations on perimeter security?
What is IAM?
What are the challenges of securing confidential e-documents?
What are the limitations on an repository-based approach to
4. securing confidential e-documents?
Things to Know:
What are some solutions to securing confidential e-documents?
What is stream messaging?
How is a digital signature different from an electronic
signature?
What is DLP Technology?
What are some basic DLP methods?
What are some of the limitations of DLP?
What is IRM?
What are some key characteristics or requirements for effective
IRM?
What are some approaches to security data once it leaves the
organization?
2
Who are the victims ?
Government
Corporations
Banks
Schools
5. Defense Contractors
Private Individuals
Cyberattack Proliferation
[email protected] Asante 2019
3
Who are the perpetrators?
Foreign Governments
Domestic and foreign businesses
Individual Hackers/Hacking societies
Insiders
3
INSIDER THREATS
[email protected] Asante 2019
4
Some malicious/some not malicious
Insider threats can be more costly than outside threats
Nearly 70% of employees have engaged in IP theft
Nearly 33% have taken customer contact information, databases
and customer data
Most employees send e-documents to their personal email
6. accounts
Nearly 60% of employees believe this is acceptable behavior
Thieves who are insiders feel they are somewhat entitled as
partial ownership because they created the documents or data
58% say the would take data from their company if terminated
and believe they could get away with it
4
SOLUTION?
Security – including document life cycle security
Risk Education
Employee Use Policy
IG Training and Education
Enforcement and Prosecution – Make an example!
Monitoring
[email protected] Asante 2019
5
7. 5
PRIVACY LAW THAT MAY APPLY
Federal Wire Tapping Act
Prohibits the unauthorized interception and/or disclosure of
wire, oral or electronic communications
Electronic Communications Privacy Act of 1986
Amended Federal Wire Tapping Act
Included specifics on email privacy
Stored Communications and Transactional Records Act
Part of ECPA
Sometimes can be used to protect email and other internal
communications from discovery
Computer Fraud and Abuse Act
Crime to intentionally breach a “protected computer”
Used extensively in the banking industry for interstate
commerce
Freedom of Information Act
Citizens ability to request government documents – sometimes
redacted
[email protected] Asante 2019
6
8. 6
LIMITATIONS ON SECURITY
“Traditional Security Techniques”
Perimeter Security
Firewalls
Passwords
Two-factor authentication
Identity verification
Limitations to traditional techniques
Limited effectiveness
Haphazard protections
Complexity
No direct protections
Security requires a change in thinking about security
Secure the document itself, in addition to traditional techniques
that secure “access” to the document
[email protected] Asante 2019
7
9. 7
DEFENSE IN DEPTH TECHNIQUES TO SECURITY
Use Multiple Layers of Security Mechanisms
Firewall
Antivirus/antispyware software
Identity and Access Management (IAM)
Hierarchical passwords
Intrusion Detection
Biometric Verification
Physical Security
What is IAM?
Goal is to prevent unauthorized people from accessing a system
Effective IAM included:
Auditing
Constant updating
Evolving roles
Risk reduction
[email protected] Asante 2019
8
8
10. LIMITATIONS OF REPOSITORY-BASED APPROACHES TO
SECURITY
Traditionally, we have applied “repository-based” solutions
which have not been effective. We have document repositories
that reside in databases and email servers behind a firewall.
Once Intruder breaches firewall and is inside the network, they
can legitimately access data
Knowledge workers tend to keep a copy of the documents on
their desktop, tablet, etc.
We operate in an Extended Enterprise of mobile and global
computing comprising sensitive and confidential information
[email protected] Asante 2019
9
9
SOLUTION?
Better technology for better enforcement in the extended
11. enterprise
Basic security for the Microsoft Windows Office Desktop-
protection of e-documents through password protection for
Microsoft Office files
Good idea but passwords can’t be retrieved if lost
Consider that “deleted” files actually aren’t.
Wipe the drive clean and completely erased to ensure that
confidential information is completely removed
Lock Down: Stop all external access to confidential documents.
Take computer off network and block use to ports
Secure Printing
Use software to delay printing to network printers until ready to
retrieve print
Erase sensitive print files once they have been utilized
[email protected] Asante 2019
10
10
12. SOLUTION (continued)
E-mail encryption
Encryption of desktop folders and e-docs
Use Stream messages when appropriate
Use of Digital Signatures ---not the same thing as an electronic
signature
Use Data Loss Prevention (DLP) software to ensure that
sensitive data does not exit through the firewall
(Three techniques for DLP-Scanning traffic for keywords
or regular expressions, classifying documents and content based
upon predefined set, and tainting) This method has weaknesses!
IRM Software/ERM Software-provides security to e-documents
in any state (persistent security)
[email protected] Asante 2019
11
13. 11
SOLUTION (Continued)
Device Control Methods –example blocking ports
Use of “thin clients”
Compliance requirements by different organizations
Hybrid Approach: Combining DLP and IRM technologies
[email protected] Asante 2019
12
12
More on IRM
14. Transparently – no user intervention required
Remote control of e-documents
Provides for file-level protection that travels with file even if
stolen
Includes cross-protection for different types of documents
Allows for creation and enforcement of policies governing
access and use of sensitive/confidential e-documents
Decentralized administration
Good IRM software provides useful audit trail
Integration with other enterprise systems
Provides embedded protection that allows the files to protect
themselves
Key Characteristics of IRM
Security
Transparency – can’t be more difficult to use than working with
unprotected documents
Easy to deploy and manage
[email protected] Asante 2019
13
13
15. SECURING DATA ONCE IT
LEAVES THE ORGANIZATION
REMEMBER – CONTROL DOES NOT REQUIRE
OWNERSHIP!
Consider new architecture where security is built into the DNA
of the network using 5 data security design patterns
Thin Client
Thin Device-remotely wipe them
Protected Process
Protected Data
Eye in the Sky
Document Labeling
Document Analytics
Confidential Stream Messaging
[email protected] Asante 2019
14
14
THE END
[email protected] Asante 2019
16. 15
15
The Financial
Balance Sheet
Part II
This slideshow continues our review of
the Financial Balance Sheet (FBS).
• The FBS is impacted by the economic and regulatory
environments in which a firm operates.
17. The Financial Balance Sheet
• The government regulates markets, passes laws that may
benefit or limit firms, and collects taxes on business
income.
Government and the FBS
• A firm’s activity in product markets is reflected by its
corporate assets on the LHS.
• A firm’s activity in financial markets represent how it
acquired the RHS funds to finance its assets.
Markets and the FBS
The Financial �Balance Sheet�Part IISlide Number 2Slide
Number 3Slide Number 4Slide Number 5