SlideShare a Scribd company logo

ITS 833 – INFORMATION GOVERNANCEChapter 11 – Information Gov.docx

Download as DOCX, PDF
D
donnajames55

ITS 833 – INFORMATION GOVERNANCE Chapter 11 – Information Governance Privacy and Security Functions University of the Cumberlands Dr Isaac T. Gbenle 1 1 CHAPTER GOALS AND OBJECTIVES 2 Things To Know: Sources of Threats to protection of data Solution s to threats to protection of data Identify some privacy laws that apply to securing an organization’s data What is meant by redaction What are the limitations on perimeter security? What is IAM? What are the challenges of securing confidential e-documents? What are the limitations on an repository-based approach to securing confidential e-documents? Things to Know: What are some solutions to securing confidential e-documents? What is stream messaging? How is a digital signature different from an electronic signature? What is DLP Technology? What are some basic DLP methods? What are some of the limitations of DLP? What is IRM? What are some key characteristics or requirements for effective IRM? What are some approaches to security data once it leaves the organization? 2 Who are the victims ? Government Corporations Banks Schools Defense Contractors Private Individuals Cyberattack Proliferation 3 Who are the perpetrators? Foreign Governments Domestic and foreign businesses Individual Hackers/Hacking societies Insiders 3 INSIDER THREATS 4 Some malicious/some not malicious Insider threats can be more costly than outside threats Nearly 70% of employees have engaged in IP theft Nearly 33% have taken customer contact information, databases and customer data Most employees send e-documents to their personal email accounts Nearly 60% of employees believe this is acceptable behavior Thieves who are insiders feel they are somewhat entitled as partial ownership because they created the documents or data 58% say the would take data from their company if terminated and believe they could get away with it 4 SOLUTION? Security – including document life cycle security Risk Education Employee Use Policy IG Training and Education Enforcement and Prosecution – Make an example! Monitoring 5 5 PRIVACY LAW THAT MAY APPLY Federal Wire Tapping Act Prohibits the unauthorized interception and/or disclosure of wire, oral or electronic communications Electronic Communications Privacy Act of 1986 Amended Federal Wire Tapping Act Included specifics on email privacy Stored Communications and Transactional Records Act Part of ECPA Sometimes can be used to protect email and other internal communications from discovery Computer Fraud and Abuse Act Crime to intentionally breach a “protected computer” Used extensively in the banking industry for interstate commerce Freedom of Information Act Citizens ability to request government documents – sometimes redacted 6 6 LIMITATIONS ON SECURITY “Traditional Security Techniques” Perimeter Security Firewalls Passwords Two-factor authentication Identity verification Limitations to traditional techniques Limited effectiveness Haphazard protections Complexity.

Education
1 of 14
ITS 833 – INFORMATION GOVERNANCE Chapter 11 – Information Governance Privacy and Security Functions University of the Cumberlands Dr Isaac T. Gbenle 1 1 CHAPTER GOALS AND OBJECTIVES 2 Things To Know: Sources of Threats to protection of data Solution s to threats to protection of data Identify some privacy laws that apply to securing an organization’s data What is meant by redaction What are the limitations on perimeter security? What is IAM?
What are the challenges of securing confidential e-documents? What are the limitations on an repository-based approach to securing confidential e-documents? Things to Know: What are some solutions to securing confidential e-documents? What is stream messaging? How is a digital signature different from an electronic signature? What is DLP Technology? What are some basic DLP methods? What are some of the limitations of DLP? What is IRM? What are some key characteristics or requirements for effective IRM? What are some approaches to security data once it leaves the organization? 2 Who are the victims ? Government Corporations
Banks Schools Defense Contractors Private Individuals Cyberattack Proliferation 3 Who are the perpetrators? Foreign Governments Domestic and foreign businesses Individual Hackers/Hacking societies Insiders 3 INSIDER THREATS 4 Some malicious/some not malicious Insider threats can be more costly than outside threats Nearly 70% of employees have engaged in IP theft Nearly 33% have taken customer contact information, databases and customer data Most employees send e-documents to their personal email
accounts Nearly 60% of employees believe this is acceptable behavior Thieves who are insiders feel they are somewhat entitled as partial ownership because they created the documents or data 58% say the would take data from their company if terminated and believe they could get away with it 4 SOLUTION? Security – including document life cycle security Risk Education Employee Use Policy IG Training and Education Enforcement and Prosecution – Make an example! Monitoring 5
5 PRIVACY LAW THAT MAY APPLY Federal Wire Tapping Act Prohibits the unauthorized interception and/or disclosure of wire, oral or electronic communications Electronic Communications Privacy Act of 1986 Amended Federal Wire Tapping Act Included specifics on email privacy Stored Communications and Transactional Records Act Part of ECPA Sometimes can be used to protect email and other internal communications from discovery Computer Fraud and Abuse Act Crime to intentionally breach a “protected computer” Used extensively in the banking industry for interstate commerce Freedom of Information Act Citizens ability to request government documents – sometimes redacted 6 6
LIMITATIONS ON SECURITY “Traditional Security Techniques” Perimeter Security Firewalls Passwords Two-factor authentication Identity verification Limitations to traditional techniques Limited effectiveness Haphazard protections Complexity No direct protections Security requires a change in thinking about security Secure the document itself, in addition to traditional techniques that secure “access” to the document 7 7
DEFENSE IN DEPTH TECHNIQUES TO SECURITY Use Multiple Layers of Security Mechanisms Firewall Antivirus/antispyware software Identity and Access Management (IAM) Hierarchical passwords Intrusion Detection Biometric Verification Physical Security What is IAM? Goal is to prevent unauthorized people from accessing a system Effective IAM included: Auditing Constant updating Evolving roles Risk reduction 8 8 LIMITATIONS OF REPOSITORY-BASED APPROACHES TO SECURITY Traditionally, we have applied “repository-based” solutions
which have not been effective. We have document repositories that reside in databases and email servers behind a firewall. Once Intruder breaches firewall and is inside the network, they can legitimately access data Knowledge workers tend to keep a copy of the documents on their desktop, tablet, etc. We operate in an Extended Enterprise of mobile and global computing comprising sensitive and confidential information 9 9 SOLUTION? Better technology for better enforcement in the extended enterprise Basic security for the Microsoft Windows Office Desktop- protection of e-documents through password protection for Microsoft Office files Good idea but passwords can’t be retrieved if lost
Consider that “deleted” files actually aren’t. Wipe the drive clean and completely erased to ensure that confidential information is completely removed Lock Down: Stop all external access to confidential documents. Take computer off network and block use to ports Secure Printing Use software to delay printing to network printers until ready to retrieve print Erase sensitive print files once they have been utilized 10 10 SOLUTION (contd) E-mail encryption Encryption of desktop folders and e-docs
Use Stream messages when appropriate Use of Digital Signatures ---not the same thing as an electronic signature Use Data Loss Prevention (DLP) software to ensure that sensitive data does not exit through the firewall (Three techniques for DLP-Scanning traffic for keywords or regular expressions, classifying documents and content based upon predefined set, and tainting) This method has weaknesses! IRM Software/ERM Software-provides security to e-documents in any state (persistent security) 11 11 SOLUTION (Contd)
Device Control Methods –example blocking ports Use of “thin clients” Compliance requirements by different organizations Hybrid Approach: Combining DLP and IRM technologies 12 12 More on IRM Transparently – no user intervention required Remote control of e-documents Provides for file-level protection that travels with file even if stolen Includes cross-protection for different types of documents Allows for creation and enforcement of policies governing access and use of sensitive/confidential e-documents Decentralized administration
Good IRM software provides useful audit trail Integration with other enterprise systems Provides embedded protection that allows the files to protect themselves Key Characteristics of IRM Security Transparency – can’t be more difficult to use than working with unprotected documents Easy to deploy and manage 13 13 SECURING DATA ONCE IT LEAVES THE ORGANIZATION REMEMBER – CONTROL DOES NOT REQUIRE OWNERSHIP! Consider new architecture where security is built into the DNA of the network using 5 data security design patterns Thin Client Thin Device-remotely wipe them
Protected Process Protected Data Eye in the Sky Document Labeling Document Analytics Confidential Stream Messaging 14 14 Discussions 15 15
ITS 833 – INFORMATION GOVERNANCEChapter 11 – Information Gov.docx

Recommended

Data+security+sp10
Data+security+sp10Data+security+sp10
Data+security+sp10ismaelhaider
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptxKnownId
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security STS
 
Data Protection and Privacy laws class 11
Data Protection and Privacy laws class 11Data Protection and Privacy laws class 11
Data Protection and Privacy laws class 11mufalegend
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
 
Itc chapter # 11
Itc chapter # 11Itc chapter # 11
Itc chapter # 11National university of modern languages
 
Beekman5 std ppt_12
Beekman5 std ppt_12Beekman5 std ppt_12
Beekman5 std ppt_12Department of Education - Philippines
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 

Recommended

Data+security+sp10
Data+security+sp10Data+security+sp10
Data+security+sp10ismaelhaider
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptxKnownId
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security STS
 
Data Protection and Privacy laws class 11
Data Protection and Privacy laws class 11Data Protection and Privacy laws class 11
Data Protection and Privacy laws class 11mufalegend
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
 
Itc chapter # 11
Itc chapter # 11Itc chapter # 11
Itc chapter # 11National university of modern languages
 
Beekman5 std ppt_12
Beekman5 std ppt_12Beekman5 std ppt_12
Beekman5 std ppt_12Department of Education - Philippines
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
The Financial Balance Sheet Part I This slidesh.docx
The Financial Balance Sheet Part I This slidesh.docxThe Financial Balance Sheet Part I This slidesh.docx
The Financial Balance Sheet Part I This slidesh.docxarnoldmeredith47041
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on reviewMiltonBiswas8
 
unit-1-is1.pptx
unit-1-is1.pptxunit-1-is1.pptx
unit-1-is1.pptxsorabhsingh17
 
Network Security
Network Security Network Security
Network Security Abdul Qadir Pattal
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)Andris Soroka
 
NewIinternet security
NewIinternet securityNewIinternet security
NewIinternet securityuniversity of mumbai
 
New internet security
New internet securityNew internet security
New internet securityuniversity of mumbai
 
Is4560
Is4560Is4560
Is4560Tara Hardin
 
brif enpoint.pptx
brif enpoint.pptxbrif enpoint.pptx
brif enpoint.pptxVSAM Technologies India Private Limited
 
Unit 1 Information Security.docx
Unit 1 Information Security.docxUnit 1 Information Security.docx
Unit 1 Information Security.docxPrernaThakwani
 
Data security
Data securityData security
Data securitySoumen Mondal
 
security IDS
security IDSsecurity IDS
security IDSGregory Hanis
 
Information security
Information securityInformation security
Information securityIshaRana14
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.Ni
 
Task 3
Task 3Task 3
Task 3BIBEKCHAUDHARYBScHon
 
IT-Presentation.pptx
IT-Presentation.pptxIT-Presentation.pptx
IT-Presentation.pptxRobertBhattarai
 
3e - Computer Crime
3e - Computer Crime3e - Computer Crime
3e - Computer CrimeMISY
 
3e - Security And Privacy
3e - Security And Privacy3e - Security And Privacy
3e - Security And PrivacyMISY
 
Security And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation TechnologySecurity And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation Technologyparamalways
 
KATIES POST The crisis case I chose to discuss this week is th.docx
KATIES POST The crisis case I chose to discuss this week is th.docxKATIES POST The crisis case I chose to discuss this week is th.docx
KATIES POST The crisis case I chose to discuss this week is th.docxdonnajames55
 
Kate Chopins concise The Story of an Hour.  What does Joseph.docx
Kate Chopins concise The Story of an Hour.  What does Joseph.docxKate Chopins concise The Story of an Hour.  What does Joseph.docx
Kate Chopins concise The Story of an Hour.  What does Joseph.docxdonnajames55
 

More Related Content

Similar to ITS 833 – INFORMATION GOVERNANCEChapter 11 – Information Gov.docx

IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
The Financial Balance Sheet Part I This slidesh.docx
The Financial Balance Sheet Part I This slidesh.docxThe Financial Balance Sheet Part I This slidesh.docx
The Financial Balance Sheet Part I This slidesh.docxarnoldmeredith47041
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on reviewMiltonBiswas8
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)Andris Soroka
 
Unit 1 Information Security.docx
Unit 1 Information Security.docxUnit 1 Information Security.docx
Unit 1 Information Security.docxPrernaThakwani
 
Information security
Information securityInformation security
Information securityIshaRana14
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.Ni
 
3e - Computer Crime
3e - Computer Crime3e - Computer Crime
3e - Computer CrimeMISY
 
3e - Security And Privacy
3e - Security And Privacy3e - Security And Privacy
3e - Security And PrivacyMISY
 
Security And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation TechnologySecurity And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation Technologyparamalways
 

Similar to ITS 833 – INFORMATION GOVERNANCEChapter 11 – Information Gov.docx (20)

IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professional
 
The Financial Balance Sheet Part I This slidesh.docx
The Financial Balance Sheet Part I This slidesh.docxThe Financial Balance Sheet Part I This slidesh.docx
The Financial Balance Sheet Part I This slidesh.docx
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
 
unit-1-is1.pptx
unit-1-is1.pptxunit-1-is1.pptx
unit-1-is1.pptx
 
Network Security
Network Security Network Security
Network Security
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
 
NewIinternet security
NewIinternet securityNewIinternet security
NewIinternet security
 
New internet security
New internet securityNew internet security
New internet security
 
Is4560
Is4560Is4560
Is4560
 
brif enpoint.pptx
brif enpoint.pptxbrif enpoint.pptx
brif enpoint.pptx
 
Unit 1 Information Security.docx
Unit 1 Information Security.docxUnit 1 Information Security.docx
Unit 1 Information Security.docx
 
Data security
Data securityData security
Data security
 
security IDS
security IDSsecurity IDS
security IDS
 
Information security
Information securityInformation security
Information security
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.
 
Task 3
Task 3Task 3
Task 3
 
IT-Presentation.pptx
IT-Presentation.pptxIT-Presentation.pptx
IT-Presentation.pptx
 
3e - Computer Crime
3e - Computer Crime3e - Computer Crime
3e - Computer Crime
 
3e - Security And Privacy
3e - Security And Privacy3e - Security And Privacy
3e - Security And Privacy
 
Security And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation TechnologySecurity And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation Technology
 

More from donnajames55

KATIES POST The crisis case I chose to discuss this week is th.docx
KATIES POST The crisis case I chose to discuss this week is th.docxKATIES POST The crisis case I chose to discuss this week is th.docx
KATIES POST The crisis case I chose to discuss this week is th.docxdonnajames55
 
Kate Chopins concise The Story of an Hour.  What does Joseph.docx
Kate Chopins concise The Story of an Hour.  What does Joseph.docxKate Chopins concise The Story of an Hour.  What does Joseph.docx
Kate Chopins concise The Story of an Hour.  What does Joseph.docxdonnajames55
 
Kadyr AkovaCosc 1437D. KirkEnemy.javaimport java.util..docx
Kadyr AkovaCosc 1437D. KirkEnemy.javaimport java.util..docxKadyr AkovaCosc 1437D. KirkEnemy.javaimport java.util..docx
Kadyr AkovaCosc 1437D. KirkEnemy.javaimport java.util..docxdonnajames55
 
K-2nd Grade3rd-5th Grade6th-8th GradeMajor Concepts,.docx
K-2nd Grade3rd-5th Grade6th-8th GradeMajor Concepts,.docxK-2nd Grade3rd-5th Grade6th-8th GradeMajor Concepts,.docx
K-2nd Grade3rd-5th Grade6th-8th GradeMajor Concepts,.docxdonnajames55
 
JWI 505 Business Communications and Executive Presence Lect.docx
JWI 505 Business Communications and Executive Presence Lect.docxJWI 505 Business Communications and Executive Presence Lect.docx
JWI 505 Business Communications and Executive Presence Lect.docxdonnajames55
 
Just Walk on By by Brent Staples My firs.docx
Just Walk on By by Brent Staples My firs.docxJust Walk on By by Brent Staples My firs.docx
Just Walk on By by Brent Staples My firs.docxdonnajames55
 
Just make it simple. and not have to be good, its the first draft. .docx
Just make it simple. and not have to be good, its the first draft. .docxJust make it simple. and not have to be good, its the first draft. .docx
Just make it simple. and not have to be good, its the first draft. .docxdonnajames55
 
JUST 497 Senior Seminar and Internship ExperienceInternationa.docx
JUST 497 Senior Seminar and Internship ExperienceInternationa.docxJUST 497 Senior Seminar and Internship ExperienceInternationa.docx
JUST 497 Senior Seminar and Internship ExperienceInternationa.docxdonnajames55
 
July 2002, Vol 92, No. 7 American Journal of Public Health E.docx
July 2002, Vol 92, No. 7 American Journal of Public Health E.docxJuly 2002, Vol 92, No. 7 American Journal of Public Health E.docx
July 2002, Vol 92, No. 7 American Journal of Public Health E.docxdonnajames55
 
Journals are to be 2 pages long with an introduction, discussion and.docx
Journals are to be 2 pages long with an introduction, discussion and.docxJournals are to be 2 pages long with an introduction, discussion and.docx
Journals are to be 2 pages long with an introduction, discussion and.docxdonnajames55
 
Judgement in Managerial Decision MakingBased on examples fro.docx
Judgement in Managerial Decision MakingBased on examples fro.docxJudgement in Managerial Decision MakingBased on examples fro.docx
Judgement in Managerial Decision MakingBased on examples fro.docxdonnajames55
 
Joyce is a 34-year-old woman who has been married 10 years. She .docx
Joyce is a 34-year-old woman who has been married 10 years. She .docxJoyce is a 34-year-old woman who has been married 10 years. She .docx
Joyce is a 34-year-old woman who has been married 10 years. She .docxdonnajames55
 
Journal Write in 300-500 words about the following topic.After .docx
Journal Write in 300-500 words about the following topic.After .docxJournal Write in 300-500 words about the following topic.After .docx
Journal Write in 300-500 words about the following topic.After .docxdonnajames55
 
Journal Supervision and Management StyleWhen it comes to superv.docx
Journal Supervision and Management StyleWhen it comes to superv.docxJournal Supervision and Management StyleWhen it comes to superv.docx
Journal Supervision and Management StyleWhen it comes to superv.docxdonnajames55
 
Journal of Soc. & Psy. Sci. 2018 Volume 11 (1) 51-55 Ava.docx
Journal of Soc. & Psy. Sci. 2018 Volume 11 (1) 51-55 Ava.docxJournal of Soc. & Psy. Sci. 2018 Volume 11 (1) 51-55 Ava.docx
Journal of Soc. & Psy. Sci. 2018 Volume 11 (1) 51-55 Ava.docxdonnajames55
 
Journal of Social Work Values & Ethics, Fall 2018, Vol. 15, No.docx
Journal of Social Work Values & Ethics, Fall 2018, Vol. 15, No.docxJournal of Social Work Values & Ethics, Fall 2018, Vol. 15, No.docx
Journal of Social Work Values & Ethics, Fall 2018, Vol. 15, No.docxdonnajames55
 
Journal of Policy Practice, 9220–239, 2010 Copyright © Taylor &.docx
Journal of Policy Practice, 9220–239, 2010 Copyright © Taylor &.docxJournal of Policy Practice, 9220–239, 2010 Copyright © Taylor &.docx
Journal of Policy Practice, 9220–239, 2010 Copyright © Taylor &.docxdonnajames55
 
Journal of Personality 862, April 2018VC 2016 Wiley Perio.docx
Journal of Personality 862, April 2018VC 2016 Wiley Perio.docxJournal of Personality 862, April 2018VC 2016 Wiley Perio.docx
Journal of Personality 862, April 2018VC 2016 Wiley Perio.docxdonnajames55
 
Journal of Personality and Social Psychology1977, Vol. 35, N.docx
Journal of Personality and Social Psychology1977, Vol. 35, N.docxJournal of Personality and Social Psychology1977, Vol. 35, N.docx
Journal of Personality and Social Psychology1977, Vol. 35, N.docxdonnajames55
 
Journal of Pcnonaluy and Social Psychology1»M. Vd 47, No 6. .docx
Journal of Pcnonaluy and Social Psychology1»M. Vd 47, No 6. .docxJournal of Pcnonaluy and Social Psychology1»M. Vd 47, No 6. .docx
Journal of Pcnonaluy and Social Psychology1»M. Vd 47, No 6. .docxdonnajames55
 

More from donnajames55 (20)

KATIES POST The crisis case I chose to discuss this week is th.docx
KATIES POST The crisis case I chose to discuss this week is th.docxKATIES POST The crisis case I chose to discuss this week is th.docx
KATIES POST The crisis case I chose to discuss this week is th.docx
 
Kate Chopins concise The Story of an Hour.  What does Joseph.docx
Kate Chopins concise The Story of an Hour.  What does Joseph.docxKate Chopins concise The Story of an Hour.  What does Joseph.docx
Kate Chopins concise The Story of an Hour.  What does Joseph.docx
 
Kadyr AkovaCosc 1437D. KirkEnemy.javaimport java.util..docx
Kadyr AkovaCosc 1437D. KirkEnemy.javaimport java.util..docxKadyr AkovaCosc 1437D. KirkEnemy.javaimport java.util..docx
Kadyr AkovaCosc 1437D. KirkEnemy.javaimport java.util..docx
 
K-2nd Grade3rd-5th Grade6th-8th GradeMajor Concepts,.docx
K-2nd Grade3rd-5th Grade6th-8th GradeMajor Concepts,.docxK-2nd Grade3rd-5th Grade6th-8th GradeMajor Concepts,.docx
K-2nd Grade3rd-5th Grade6th-8th GradeMajor Concepts,.docx
 
JWI 505 Business Communications and Executive Presence Lect.docx
JWI 505 Business Communications and Executive Presence Lect.docxJWI 505 Business Communications and Executive Presence Lect.docx
JWI 505 Business Communications and Executive Presence Lect.docx
 
Just Walk on By by Brent Staples My firs.docx
Just Walk on By by Brent Staples My firs.docxJust Walk on By by Brent Staples My firs.docx
Just Walk on By by Brent Staples My firs.docx
 
Just make it simple. and not have to be good, its the first draft. .docx
Just make it simple. and not have to be good, its the first draft. .docxJust make it simple. and not have to be good, its the first draft. .docx
Just make it simple. and not have to be good, its the first draft. .docx
 
JUST 497 Senior Seminar and Internship ExperienceInternationa.docx
JUST 497 Senior Seminar and Internship ExperienceInternationa.docxJUST 497 Senior Seminar and Internship ExperienceInternationa.docx
JUST 497 Senior Seminar and Internship ExperienceInternationa.docx
 
July 2002, Vol 92, No. 7 American Journal of Public Health E.docx
July 2002, Vol 92, No. 7 American Journal of Public Health E.docxJuly 2002, Vol 92, No. 7 American Journal of Public Health E.docx
July 2002, Vol 92, No. 7 American Journal of Public Health E.docx
 
Journals are to be 2 pages long with an introduction, discussion and.docx
Journals are to be 2 pages long with an introduction, discussion and.docxJournals are to be 2 pages long with an introduction, discussion and.docx
Journals are to be 2 pages long with an introduction, discussion and.docx
 
Judgement in Managerial Decision MakingBased on examples fro.docx
Judgement in Managerial Decision MakingBased on examples fro.docxJudgement in Managerial Decision MakingBased on examples fro.docx
Judgement in Managerial Decision MakingBased on examples fro.docx
 
Joyce is a 34-year-old woman who has been married 10 years. She .docx
Joyce is a 34-year-old woman who has been married 10 years. She .docxJoyce is a 34-year-old woman who has been married 10 years. She .docx
Joyce is a 34-year-old woman who has been married 10 years. She .docx
 
Journal Write in 300-500 words about the following topic.After .docx
Journal Write in 300-500 words about the following topic.After .docxJournal Write in 300-500 words about the following topic.After .docx
Journal Write in 300-500 words about the following topic.After .docx
 
Journal Supervision and Management StyleWhen it comes to superv.docx
Journal Supervision and Management StyleWhen it comes to superv.docxJournal Supervision and Management StyleWhen it comes to superv.docx
Journal Supervision and Management StyleWhen it comes to superv.docx
 
Journal of Soc. & Psy. Sci. 2018 Volume 11 (1) 51-55 Ava.docx
Journal of Soc. & Psy. Sci. 2018 Volume 11 (1) 51-55 Ava.docxJournal of Soc. & Psy. Sci. 2018 Volume 11 (1) 51-55 Ava.docx
Journal of Soc. & Psy. Sci. 2018 Volume 11 (1) 51-55 Ava.docx
 
Journal of Social Work Values & Ethics, Fall 2018, Vol. 15, No.docx
Journal of Social Work Values & Ethics, Fall 2018, Vol. 15, No.docxJournal of Social Work Values & Ethics, Fall 2018, Vol. 15, No.docx
Journal of Social Work Values & Ethics, Fall 2018, Vol. 15, No.docx
 
Journal of Policy Practice, 9220–239, 2010 Copyright © Taylor &.docx
Journal of Policy Practice, 9220–239, 2010 Copyright © Taylor &.docxJournal of Policy Practice, 9220–239, 2010 Copyright © Taylor &.docx
Journal of Policy Practice, 9220–239, 2010 Copyright © Taylor &.docx
 
Journal of Personality 862, April 2018VC 2016 Wiley Perio.docx
Journal of Personality 862, April 2018VC 2016 Wiley Perio.docxJournal of Personality 862, April 2018VC 2016 Wiley Perio.docx
Journal of Personality 862, April 2018VC 2016 Wiley Perio.docx
 
Journal of Personality and Social Psychology1977, Vol. 35, N.docx
Journal of Personality and Social Psychology1977, Vol. 35, N.docxJournal of Personality and Social Psychology1977, Vol. 35, N.docx
Journal of Personality and Social Psychology1977, Vol. 35, N.docx
 
Journal of Pcnonaluy and Social Psychology1»M. Vd 47, No 6. .docx
Journal of Pcnonaluy and Social Psychology1»M. Vd 47, No 6. .docxJournal of Pcnonaluy and Social Psychology1»M. Vd 47, No 6. .docx
Journal of Pcnonaluy and Social Psychology1»M. Vd 47, No 6. .docx
 

Recently uploaded

Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 

Recently uploaded (20)

Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 

ITS 833 – INFORMATION GOVERNANCEChapter 11 – Information Gov.docx

  • 1. ITS 833 – INFORMATION GOVERNANCE Chapter 11 – Information Governance Privacy and Security Functions University of the Cumberlands Dr Isaac T. Gbenle 1 1 CHAPTER GOALS AND OBJECTIVES 2 Things To Know: Sources of Threats to protection of data Solution s to threats to protection of data Identify some privacy laws that apply to securing an organization’s data What is meant by redaction What are the limitations on perimeter security? What is IAM?
  • 2. What are the challenges of securing confidential e-documents? What are the limitations on an repository-based approach to securing confidential e-documents? Things to Know: What are some solutions to securing confidential e-documents? What is stream messaging? How is a digital signature different from an electronic signature? What is DLP Technology? What are some basic DLP methods? What are some of the limitations of DLP? What is IRM? What are some key characteristics or requirements for effective IRM? What are some approaches to security data once it leaves the organization? 2 Who are the victims ? Government Corporations
  • 3. Banks Schools Defense Contractors Private Individuals Cyberattack Proliferation 3 Who are the perpetrators? Foreign Governments Domestic and foreign businesses Individual Hackers/Hacking societies Insiders 3 INSIDER THREATS 4 Some malicious/some not malicious Insider threats can be more costly than outside threats Nearly 70% of employees have engaged in IP theft Nearly 33% have taken customer contact information, databases and customer data Most employees send e-documents to their personal email
  • 4. accounts Nearly 60% of employees believe this is acceptable behavior Thieves who are insiders feel they are somewhat entitled as partial ownership because they created the documents or data 58% say the would take data from their company if terminated and believe they could get away with it 4 SOLUTION? Security – including document life cycle security Risk Education Employee Use Policy IG Training and Education Enforcement and Prosecution – Make an example! Monitoring 5
  • 5. 5 PRIVACY LAW THAT MAY APPLY Federal Wire Tapping Act Prohibits the unauthorized interception and/or disclosure of wire, oral or electronic communications Electronic Communications Privacy Act of 1986 Amended Federal Wire Tapping Act Included specifics on email privacy Stored Communications and Transactional Records Act Part of ECPA Sometimes can be used to protect email and other internal communications from discovery Computer Fraud and Abuse Act Crime to intentionally breach a “protected computer” Used extensively in the banking industry for interstate commerce Freedom of Information Act Citizens ability to request government documents – sometimes redacted 6 6
  • 6. LIMITATIONS ON SECURITY “Traditional Security Techniques” Perimeter Security Firewalls Passwords Two-factor authentication Identity verification Limitations to traditional techniques Limited effectiveness Haphazard protections Complexity No direct protections Security requires a change in thinking about security Secure the document itself, in addition to traditional techniques that secure “access” to the document 7 7
  • 7. DEFENSE IN DEPTH TECHNIQUES TO SECURITY Use Multiple Layers of Security Mechanisms Firewall Antivirus/antispyware software Identity and Access Management (IAM) Hierarchical passwords Intrusion Detection Biometric Verification Physical Security What is IAM? Goal is to prevent unauthorized people from accessing a system Effective IAM included: Auditing Constant updating Evolving roles Risk reduction 8 8 LIMITATIONS OF REPOSITORY-BASED APPROACHES TO SECURITY Traditionally, we have applied “repository-based” solutions
  • 8. which have not been effective. We have document repositories that reside in databases and email servers behind a firewall. Once Intruder breaches firewall and is inside the network, they can legitimately access data Knowledge workers tend to keep a copy of the documents on their desktop, tablet, etc. We operate in an Extended Enterprise of mobile and global computing comprising sensitive and confidential information 9 9 SOLUTION? Better technology for better enforcement in the extended enterprise Basic security for the Microsoft Windows Office Desktop- protection of e-documents through password protection for Microsoft Office files Good idea but passwords can’t be retrieved if lost
  • 9. Consider that “deleted” files actually aren’t. Wipe the drive clean and completely erased to ensure that confidential information is completely removed Lock Down: Stop all external access to confidential documents. Take computer off network and block use to ports Secure Printing Use software to delay printing to network printers until ready to retrieve print Erase sensitive print files once they have been utilized 10 10 SOLUTION (contd) E-mail encryption Encryption of desktop folders and e-docs
  • 10. Use Stream messages when appropriate Use of Digital Signatures ---not the same thing as an electronic signature Use Data Loss Prevention (DLP) software to ensure that sensitive data does not exit through the firewall (Three techniques for DLP-Scanning traffic for keywords or regular expressions, classifying documents and content based upon predefined set, and tainting) This method has weaknesses! IRM Software/ERM Software-provides security to e-documents in any state (persistent security) 11 11 SOLUTION (Contd)
  • 11. Device Control Methods –example blocking ports Use of “thin clients” Compliance requirements by different organizations Hybrid Approach: Combining DLP and IRM technologies 12 12 More on IRM Transparently – no user intervention required Remote control of e-documents Provides for file-level protection that travels with file even if stolen Includes cross-protection for different types of documents Allows for creation and enforcement of policies governing access and use of sensitive/confidential e-documents Decentralized administration
  • 12. Good IRM software provides useful audit trail Integration with other enterprise systems Provides embedded protection that allows the files to protect themselves Key Characteristics of IRM Security Transparency – can’t be more difficult to use than working with unprotected documents Easy to deploy and manage 13 13 SECURING DATA ONCE IT LEAVES THE ORGANIZATION REMEMBER – CONTROL DOES NOT REQUIRE OWNERSHIP! Consider new architecture where security is built into the DNA of the network using 5 data security design patterns Thin Client Thin Device-remotely wipe them
  • 13. Protected Process Protected Data Eye in the Sky Document Labeling Document Analytics Confidential Stream Messaging 14 14 Discussions 15 15