Research Paper Sentence Outline::
Research Question: How e-commerce companies address privacy in its policies?
Purpose: The purpose of this assignment is to prepare you for the dissertation process by creating a sentence outline for a research paper.
Description: The topic of your sentence outline is your research paper topic. After completing this week's Learning Activities, develop a sentence outline.
Deliverable: Prepare a Microsoft Word document that includes the following headings and one full sentence in each section:
· Title Page
· Abstract
· Introduction
· Literature review
· Research Method
· Results
· Discussion
· Conclusion
John Fulcher
CYB/110
Playbook / Runbook Part 2 – Social Network Security
John W. Fulcher
University of Phoenix Online
CYB/110
Question 3
The scenario that happened involved the Win32/Virut malware that was notorious and wreaked havoc on one machine in the company (Microsoft). The malware was detected and stopped before it spread to any other computer on the network. It operates by modifying the software executables on the computers and spreads by targeting every software executable that opens and writes its code that introduces a backdoor that allows hackers to access the system from remote servers. The malware is introduced when an infected executable is run on the machine and once it has been installed along with the innocent-looking software, it copies itself to every other executable as soon as it is opened, meaning that it does not spread if no executable file is run. This, in turn, means that any software that is yet to be run is safe.
Upon realizing the corruption, which was done when an online scan using ESET antivirus was conducted, every executable was closed down (ESET). This allowed for antivirus to effectively isolate any executable affected and list it. Indeed, the executables were listed and it turned out that 7 executables had been affected already, these were immediately quarantined. Some of the software affected were office word and operating system executables. To effectively deal with the threat, I restored the quarantined files so that I could cleanly uninstall the software. After the uninstallation, the online scan was run again, since it was not vulnerable to infection through the executable corruption. This time around, every identified threat was removed and an operating system disc used to repair the corrupted operating system files. Finally, the ESET antivirus was installed so that such threats can be prevented before happening to reduce the extent of the damage. The affected software was then reinstalled and the system scanned with the offline antivirus and scheduled to automatically scan every day (Koret and Bachaalany).
Employees must be guided not to share the following information online:
· Usernames
· Office address
· Their medical history and records
· Their work experiences
· The place they have lived in
· Family member’s identity
· Date of births
· ...
Student NameCYB110Playbook Runbook Parts 1-3S.docxdeanmtaylor1545
Student Name
CYB/110
Playbook / Runbook Parts 1-3
Student Name
University of Phoenix Online
CYB/110
Question 3
The scenario that happened involved the Win32/Virut malware that was notorious and wreaked havoc on one machine in the company (Microsoft). The malware was detected and stopped before it spread to any other computer on the network. It operates by modifying the software executables on the computers and spreads by targeting every software executable that opens and writes its code that introduces a backdoor that allows hackers to access the system from remote servers. The malware is introduced when an infected executable is run on the machine and once it has been installed along with the innocent-looking software, it copies itself to every other executable as soon as it is opened, meaning that it does not spread if no executable file is run. This, in turn, means that any software that is yet to be run is safe.
Upon realizing the corruption, which was done when an online scan using ESET antivirus was conducted, every executable was closed down (ESET). This allowed for antivirus to effectively isolate any executable affected and list it. Indeed, the executables were listed and it turned out that 7 executables had been affected already, these were immediately quarantined. Some of the software affected were office word and operating system executables. To effectively deal with the threat, I restored the quarantined files so that I could cleanly uninstall the software. After the uninstallation, the online scan was run again, since it was not vulnerable to infection through the executable corruption. This time around, every identified threat was removed and an operating system disc used to repair the corrupted operating system files. Finally, the ESET antivirus was installed so that such threats can be prevented before happening to reduce the extent of the damage. The affected software was then reinstalled and the system scanned with the offline antivirus and scheduled to automatically scan every day (Koret and Bachaalany).
Employees must be guided not to share the following information online:
· Usernames
· Office address
· Their medical history and records
· Their work experiences
· The place they have lived in
· Family member’s identity
· Date of births
· Personal information regarding bank detail or similar data (Norton).
If employees put this data online, their personal information can be misused and they may face an issue which can be severe.
Employees also need to be trained to interact securely while they use the internet. They must take care of the confidential information while sharing it in an email because if the emails are not protected, company data may be at high risk. If they have to share any document or attachment with the management, they need to develop a special code or a password to safeguard the sensitive and confidential information. Employees need to frequently change the passwords because the si.
The document summarizes a data breach that occurred at Target Corporation between November and December 2013. Hackers installed malware on Target's point-of-sale systems that stole payment card information for over 110 million customers. This led to fraudulent purchases and significant costs for Target, including a $1 billion estimated total cost, 25% drop in stock price, resignation of the CEO, and closure of some stores. The document outlines the nature of the attack, malware used, response by Target, and implications for digital security leadership.
A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...ijccsa
Corporations face a dangerous threat that existing security technologies do not adequately address, which includes malware, track ware and adware, describes any program that may track online and/or offline PC activity and locally saves or transmits those findings to third parties without user’s knowledge or consent. The same activities that make our employees efficient and productive doing research over the internet, sharing files, sending instant messages to customers and coworkers, and emailing status information while travelling are making our IT infrastructures vulnerable to mobile malicious code, Spyware, viruses, Trojan horses, phishing, and pharming. Gateway firewalls and antivirus software is no match for these new, virulent threats. To ensure the needed protection, organizations need to incorporate content level protection into their overall security strategies. As web-borne threats become more complex and virulent, companies must face the need to supplement their existing, traditional security measures. So, in this paper, we will highlight about our work which attempts to keep a real time track of each events of the client’s behavior inside a network.
International Journal on Cloud Computing: Services and Architecture (IJCCSA)ijccsa
As web-borne threats become more complex and virulent, companies must face the need to supplement their existing, traditional security measures. So, in this paper, we will highlight about our work which attempts to keep a real time track of each events of the client’s behavior inside a network.
Why security is the kidney not the tail of the dog v3Ernest Staats
Security is sometimes thought of being the tail that wags the Dog. A better analogy is that Cyber Security should be the Kidneys of the organization taking out the waste while allowing the useful information to pass.
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxchristiandean12115
ISE 510 Final Project Scenario Background Limetree Inc. is a research and development firm that engages in multiple research projects with the federal government and private corporations in the areas of healthcare, biotechnology, and other cutting-edge industries. It has been experiencing major growth in recent years, but there is also a concern that information security lapses are becoming rampant as the company grows. Limetree Inc. is working to establish a strong reputation in the industry, and it views a robust information security program as part of the means to achieving its goal. The company looks to monitor and remain compliant to any regulation impacting its operations.
Limetree Inc. recently experienced a security breach; it believes confidential company data has been stolen, including personal health information (PHI) used in a research study. Limetree Inc. believes the breach may have occurred because of some security vulnerabilities within its system and processes.
Limetree Inc.’s virtual environment is presented in the Agent Surefire: InfoSec educational video game. The rest of the environment is presented via an interview with the security manager, Jack Sterling.
Highlight of Interview with Jack Sterling
Interview with Jack Sterling revealed the following about Limetree Inc.’s system and processes:
Hardware/Software:
Desktop Apps: Internet Explorer, Firefox, Google Chrome, MS Office, Adobe Flash, Adobe Acrobat
Applications/Databases:
Browser – Browser in use is Internet Explorer and browser security setting was set to low. Browsers allow remote installation of applets, and there is no standard browser for the environment.
Virus Software – MacAfee is deployed locally on each user's machine and users are mandated to update their virus policy every month.
SQL Database – Ordinary users can escalate privilege via SQL Agent. Disk space for SQL database log is small and is overwritten with new information when it is full. Limetree Inc. is not using any encryption for sensitive data at rest within the SQL server environment.
Network:
The network comprises the following: three web/applications servers, three email servers, five file and printer servers, two proxy servers, seven remotely manageable Cisco switches, 250 desktops, three firewall devices, one gateway (router) device to the internet, and three wireless access points.
Configuration Highlights:
Wireless – Wireless network is available with clearly advertised SSID, and it is part of the local area network (LAN). There is no segmentation or authentication between the wireless and wired LAN. Visitors are provided access code to the wireless network at the front desk to use the internet while they wait to be attended to.
Managed switches – There is no logging of network activities on any of the switches.
Web server – Public-facing web server is part of the LAN. This is where internet users get needed information on the company. The web servers are running the f.
Information Security And The HealthcareTracy Berry
Information security and privacy are important in healthcare to securely share patient information. As healthcare organizations store vast amounts of sensitive data, they must implement robust information security practices. Hospitals in particular house critical healthcare data and tools that patients rely on, so protecting this information from computer viruses or infected devices is essential. Intrusion detection and prevention systems help monitor networks for threats, but healthcare organizations must also raise awareness of security risks and regularly evaluate firewall and router configurations to maintain strong defenses.
Norbert Wiener's work during World War II laid the foundations for the field of computer ethics. His book discussed the purpose of human life, principles of justice, applied ethics methods, and key computer ethics topics and issues. One of the largest early computer crimes occurred from 1970-1973 when a bank teller embezzled over $1.5 million by hacking hundreds of customer accounts. In 2013, hackers briefly crashed stock prices by tweeting a false report that President Obama had been injured in an attack. Professional organizations have established ethics codes to guide computing professionals and users. Common computer crimes include financial fraud, hacking, software and hardware piracy, and computer viruses. Data security relies on physical safeguards, access controls,
Student NameCYB110Playbook Runbook Parts 1-3S.docxdeanmtaylor1545
Student Name
CYB/110
Playbook / Runbook Parts 1-3
Student Name
University of Phoenix Online
CYB/110
Question 3
The scenario that happened involved the Win32/Virut malware that was notorious and wreaked havoc on one machine in the company (Microsoft). The malware was detected and stopped before it spread to any other computer on the network. It operates by modifying the software executables on the computers and spreads by targeting every software executable that opens and writes its code that introduces a backdoor that allows hackers to access the system from remote servers. The malware is introduced when an infected executable is run on the machine and once it has been installed along with the innocent-looking software, it copies itself to every other executable as soon as it is opened, meaning that it does not spread if no executable file is run. This, in turn, means that any software that is yet to be run is safe.
Upon realizing the corruption, which was done when an online scan using ESET antivirus was conducted, every executable was closed down (ESET). This allowed for antivirus to effectively isolate any executable affected and list it. Indeed, the executables were listed and it turned out that 7 executables had been affected already, these were immediately quarantined. Some of the software affected were office word and operating system executables. To effectively deal with the threat, I restored the quarantined files so that I could cleanly uninstall the software. After the uninstallation, the online scan was run again, since it was not vulnerable to infection through the executable corruption. This time around, every identified threat was removed and an operating system disc used to repair the corrupted operating system files. Finally, the ESET antivirus was installed so that such threats can be prevented before happening to reduce the extent of the damage. The affected software was then reinstalled and the system scanned with the offline antivirus and scheduled to automatically scan every day (Koret and Bachaalany).
Employees must be guided not to share the following information online:
· Usernames
· Office address
· Their medical history and records
· Their work experiences
· The place they have lived in
· Family member’s identity
· Date of births
· Personal information regarding bank detail or similar data (Norton).
If employees put this data online, their personal information can be misused and they may face an issue which can be severe.
Employees also need to be trained to interact securely while they use the internet. They must take care of the confidential information while sharing it in an email because if the emails are not protected, company data may be at high risk. If they have to share any document or attachment with the management, they need to develop a special code or a password to safeguard the sensitive and confidential information. Employees need to frequently change the passwords because the si.
The document summarizes a data breach that occurred at Target Corporation between November and December 2013. Hackers installed malware on Target's point-of-sale systems that stole payment card information for over 110 million customers. This led to fraudulent purchases and significant costs for Target, including a $1 billion estimated total cost, 25% drop in stock price, resignation of the CEO, and closure of some stores. The document outlines the nature of the attack, malware used, response by Target, and implications for digital security leadership.
A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...ijccsa
Corporations face a dangerous threat that existing security technologies do not adequately address, which includes malware, track ware and adware, describes any program that may track online and/or offline PC activity and locally saves or transmits those findings to third parties without user’s knowledge or consent. The same activities that make our employees efficient and productive doing research over the internet, sharing files, sending instant messages to customers and coworkers, and emailing status information while travelling are making our IT infrastructures vulnerable to mobile malicious code, Spyware, viruses, Trojan horses, phishing, and pharming. Gateway firewalls and antivirus software is no match for these new, virulent threats. To ensure the needed protection, organizations need to incorporate content level protection into their overall security strategies. As web-borne threats become more complex and virulent, companies must face the need to supplement their existing, traditional security measures. So, in this paper, we will highlight about our work which attempts to keep a real time track of each events of the client’s behavior inside a network.
International Journal on Cloud Computing: Services and Architecture (IJCCSA)ijccsa
As web-borne threats become more complex and virulent, companies must face the need to supplement their existing, traditional security measures. So, in this paper, we will highlight about our work which attempts to keep a real time track of each events of the client’s behavior inside a network.
Why security is the kidney not the tail of the dog v3Ernest Staats
Security is sometimes thought of being the tail that wags the Dog. A better analogy is that Cyber Security should be the Kidneys of the organization taking out the waste while allowing the useful information to pass.
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxchristiandean12115
ISE 510 Final Project Scenario Background Limetree Inc. is a research and development firm that engages in multiple research projects with the federal government and private corporations in the areas of healthcare, biotechnology, and other cutting-edge industries. It has been experiencing major growth in recent years, but there is also a concern that information security lapses are becoming rampant as the company grows. Limetree Inc. is working to establish a strong reputation in the industry, and it views a robust information security program as part of the means to achieving its goal. The company looks to monitor and remain compliant to any regulation impacting its operations.
Limetree Inc. recently experienced a security breach; it believes confidential company data has been stolen, including personal health information (PHI) used in a research study. Limetree Inc. believes the breach may have occurred because of some security vulnerabilities within its system and processes.
Limetree Inc.’s virtual environment is presented in the Agent Surefire: InfoSec educational video game. The rest of the environment is presented via an interview with the security manager, Jack Sterling.
Highlight of Interview with Jack Sterling
Interview with Jack Sterling revealed the following about Limetree Inc.’s system and processes:
Hardware/Software:
Desktop Apps: Internet Explorer, Firefox, Google Chrome, MS Office, Adobe Flash, Adobe Acrobat
Applications/Databases:
Browser – Browser in use is Internet Explorer and browser security setting was set to low. Browsers allow remote installation of applets, and there is no standard browser for the environment.
Virus Software – MacAfee is deployed locally on each user's machine and users are mandated to update their virus policy every month.
SQL Database – Ordinary users can escalate privilege via SQL Agent. Disk space for SQL database log is small and is overwritten with new information when it is full. Limetree Inc. is not using any encryption for sensitive data at rest within the SQL server environment.
Network:
The network comprises the following: three web/applications servers, three email servers, five file and printer servers, two proxy servers, seven remotely manageable Cisco switches, 250 desktops, three firewall devices, one gateway (router) device to the internet, and three wireless access points.
Configuration Highlights:
Wireless – Wireless network is available with clearly advertised SSID, and it is part of the local area network (LAN). There is no segmentation or authentication between the wireless and wired LAN. Visitors are provided access code to the wireless network at the front desk to use the internet while they wait to be attended to.
Managed switches – There is no logging of network activities on any of the switches.
Web server – Public-facing web server is part of the LAN. This is where internet users get needed information on the company. The web servers are running the f.
Information Security And The HealthcareTracy Berry
Information security and privacy are important in healthcare to securely share patient information. As healthcare organizations store vast amounts of sensitive data, they must implement robust information security practices. Hospitals in particular house critical healthcare data and tools that patients rely on, so protecting this information from computer viruses or infected devices is essential. Intrusion detection and prevention systems help monitor networks for threats, but healthcare organizations must also raise awareness of security risks and regularly evaluate firewall and router configurations to maintain strong defenses.
Norbert Wiener's work during World War II laid the foundations for the field of computer ethics. His book discussed the purpose of human life, principles of justice, applied ethics methods, and key computer ethics topics and issues. One of the largest early computer crimes occurred from 1970-1973 when a bank teller embezzled over $1.5 million by hacking hundreds of customer accounts. In 2013, hackers briefly crashed stock prices by tweeting a false report that President Obama had been injured in an attack. Professional organizations have established ethics codes to guide computing professionals and users. Common computer crimes include financial fraud, hacking, software and hardware piracy, and computer viruses. Data security relies on physical safeguards, access controls,
Risk and Threat Assessment Report Anthony WolfBSA 5.docxmalbert5
Risk and Threat Assessment Report
Anthony Wolf
BSA/ 520
May 11th, 2020
Jeffery McDonough
Running head: RISK AND THREAT ASSESSMENT REPORT
1
RISK AND THREAT ASSESMENT REPORT
2
Risk and Threat Assessment Report
The rise of innovation and technological advancement has affected the aspects of technology in different ways. Improvement of software and operating systems gives hackers a reason to strive and develop more complex forms of overweighing security measures on those applications. Traditional application security best practices and secure coding are often recommended in protecting different applications against runtime attacks.
Runtime application self-protection is an emerging application in the protection of software applications, data, and databases. The increase in attacks has triggered the development of security technology that is linked or build into an application runtime environment. Besides, database deployment is safeguarded by run time application self-protection that can control the execution of applications, detecting, and preventing real-time attacks. The threats and risks associated with operating systems, networks, and software systems are significant concerns to users.
The internet has changed how people do their businesses. With the growth of e-commerce and other online transactions, there has been a subsequent increase in internet risk threats that are commonly occasioned by hacking and malware attacks. There are different types of e-commerce threats and might be accidental, deliberately done by perpetrators, or occur due to human error. The most prevalent threats are money theft, unprotected services, credit card fraud, hacking, data misuse, and phishing attacks. Heats associated with online transactions can be prevented or reduced by keeping the credit cards safe. Consumers/customers should be advised to avoid carrying their credit cards in their wallets since they increase the chances of misplacement. Each buyer should be cautious when using their you’re their online credit information.
The advancement in technology has seen an increase in online transactions. The practice of doing business transactions via the internet is called e-commerce. Their growth has subsequently lead to the rise in internet risk threats that are commonly occasioned by hacking and malware attacks. E-commerce is the activity of conducting transactions via the internet. Internet transactions can be drawn on various technologies, including internet marketing, electronic data exchanges, automated data collection systems, electronic fund transfer, and mobile commerce.
Online transaction threats occur by using the internet for unfair means with the aim of fraud, security breach, and stealing. The use of electronic payment systems has a substantial risk of fraud. It uses the identity of a customer to authorize a payment like security questions and passwords. If someone accesses a customer's password, he will gain access to his accounts and.
Running head mobile application security1mobile application se.docxtodd581
Running head: mobile application security 1
mobile application security 8
Project Report On Mobile Application Security
ISOL534 Application Security
Submitted By
Guided By Dr. Suanu Bliss Wikina
Contents
Executive Summary……………………………………………………………………...3
Introduction………………………………………………………………………..……..4
Types of Mobile Applications……………………………………………………..……..5
Importance of Mobile Application Security…………………………………..………..7
Recommendations for Using Mobile Applications……………………………..………9
Top Three Best Mobile Security Applications…………………………………..…….10
Conclusion………………………………………………………………………………12
References……………………………………………………………………………….13
Executive Summary
This report is about the mobile application security and importance to have installed the mobile application security in the mobile gadgets like the Smartphones or the tablet computers. The use of mobile gadgets have increased in the recent past and it has also brought danger to our personal information as well which are generally saved in our mobiles like the credit card information, contacts, business particulars, etc. Therefore, the importance of mobile application security shall be discussed in detail in the report so that ho we can save our personal data from the external threats in the shape of malwares.
Keywords: Types of Mobile Applications, Importance of Mobile Application Security, Recommendations for using Mobile Applications, Best Mobile Security Applications.
Introduction:
The mobile applications play an important role in our daily life and they are helpful in managing our day to day needs like online banking, chatting to other friends and family, share of online information including photos, banking transactions, codes, etc. However, we are not aware of one thing and that is threats in the shape of malware. The malware are the online threats that can put your personal information and data on risk and you may suffer in various manners like monetary losses, bad repute, etc.
The mobile applications allow users to have mini computers in their mobile phones and enjoy the services. The smart phones allows many built-in applications in their mobile phones which are basic in nature like calculator, calendar, camera, libraries, etc. and the users may download unlimited applications in their mobile phones like emails, video recorders, MP3 players, Medical apps, online organizational applications for sale & purchase of good online, banking applications and most importantly the games. The main advantage is that you can avail functions of such applications without any computer at anywhere with the help of mobile phone and internet.
The previous approach for developing applications were for the desktop computers and laptops but now the trend has changed and the developers are following the approach “Mobile-First” and they are developing such applications that can easily be downloaded on the mobile phones. It is also reported that about 197 Billion different mobile applications are .
Running head mobile application security1mobile application se.docxglendar3
Running head: mobile application security 1
mobile application security 8
Project Report On Mobile Application Security
ISOL534 Application Security
Submitted By
Guided By Dr. Suanu Bliss Wikina
Contents
Executive Summary……………………………………………………………………...3
Introduction………………………………………………………………………..……..4
Types of Mobile Applications……………………………………………………..……..5
Importance of Mobile Application Security…………………………………..………..7
Recommendations for Using Mobile Applications……………………………..………9
Top Three Best Mobile Security Applications…………………………………..…….10
Conclusion………………………………………………………………………………12
References……………………………………………………………………………….13
Executive Summary
This report is about the mobile application security and importance to have installed the mobile application security in the mobile gadgets like the Smartphones or the tablet computers. The use of mobile gadgets have increased in the recent past and it has also brought danger to our personal information as well which are generally saved in our mobiles like the credit card information, contacts, business particulars, etc. Therefore, the importance of mobile application security shall be discussed in detail in the report so that ho we can save our personal data from the external threats in the shape of malwares.
Keywords: Types of Mobile Applications, Importance of Mobile Application Security, Recommendations for using Mobile Applications, Best Mobile Security Applications.
Introduction:
The mobile applications play an important role in our daily life and they are helpful in managing our day to day needs like online banking, chatting to other friends and family, share of online information including photos, banking transactions, codes, etc. However, we are not aware of one thing and that is threats in the shape of malware. The malware are the online threats that can put your personal information and data on risk and you may suffer in various manners like monetary losses, bad repute, etc.
The mobile applications allow users to have mini computers in their mobile phones and enjoy the services. The smart phones allows many built-in applications in their mobile phones which are basic in nature like calculator, calendar, camera, libraries, etc. and the users may download unlimited applications in their mobile phones like emails, video recorders, MP3 players, Medical apps, online organizational applications for sale & purchase of good online, banking applications and most importantly the games. The main advantage is that you can avail functions of such applications without any computer at anywhere with the help of mobile phone and internet.
The previous approach for developing applications were for the desktop computers and laptops but now the trend has changed and the developers are following the approach “Mobile-First” and they are developing such applications that can easily be downloaded on the mobile phones. It is also reported that about 197 Billion different mobile applications are .
This document is a seminar report submitted by Nupur Roy to the Department of Information Technology at International Institute of Information Technology in Bhubaneswar, India in January 2014. The report explores the topic of spyware, including its definition, types, how it operates, impact, and countermeasures. It contains chapters on introduction, overview, motivation, objectives, details about spyware and different types, how spyware operates to track information, impact of spyware, ways to counter spyware, and legal implications.
Looking to understand how hackers and other attackers use cyber technology to attack your network and your executives? This slide set provides an overview and details the anatomy of a cyber attack, and the strategies you can use to manage and mitigate risk.
We Are Instructor Led Online Training Hub.Get access to the world’s best learning experience at our online learning community where millions of learners learn cutting-edge skills to advance their careers, improve their lives, and pursue the work they love. We provide a diverse range of courses, tutorials, resume formats, projects based on real business challenges, and job support to help individuals get started with their professional career.
This document discusses cyber crimes and how to secure computers from cyber threats. It is divided into several sections that cover the definition of cyber crimes, types of cyber crimes such as against persons and property, and types of hackers such as black hats and white hats. The document also provides tips for securing computers, including choosing a secure operating system, internet browser, and security software like firewalls, antivirus programs, and using safe internet practices.
Deep Learning based Threat / Intrusion detection systemAffine Analytics
The document describes a proposed intrusion/threat detection system with the following key components:
1. A feature engineering module to extract relevant features from organizational data like employee information and online activities.
2. A text processing and topic modeling module to analyze communications data and identify confidential information.
3. An internal threat detection system using deep learning to detect threats in real-time with a risk score and predefined response policies.
4. An external threat detection system using signatures and anomaly detection to enforce actions against external threats.
Understanding the term hacking as any unconventional way of interacting with some system it is easy to conclude that there are enormous number of people who hacked or tried to hack someone or something. The article, as result of author research, analyses hacking from different points of view, including hacker's point of view as well as the defender's point of view. Here are discussed questions like: Who are the hackers? Why do people hack? Law aspects of hacking, as well as some economic issues connected with hacking. At the end, some questions about victim protection are discussed together with the weakness that hackers can use for their own protection. The aim of the article is to make readers familiar with the possible risks of hacker's attacks on the mobile phones and on possible attacks in the announced food of the internet of things (next IoT) devices
Hyena has built-in security, user authentication, and automated upgrades, among other features. Hyena has built-in security, user authentication, and automated upgrades, among other features. This is probably all you need to create a secure mobile app from scratch. The Hyena app includes security cover for DIY apps, enterprise apps, business apps, in-house employee apps, and more.
The document discusses security risks to networks from both internal and external threats. It notes that internal threats from employees may pose an even greater risk than external hackers. The document advocates for a layered security approach using technologies like firewalls, antivirus software, web filtering, intrusion detection, and AI tools to automate tasks and improve security efficiency while reducing demands on IT staff. It provides examples of real security incidents caused by disgruntled or negligent employees accessing inappropriate content or leaking sensitive information.
Final Year Projects Computer Science (Information security) -2015Syed Ubaid Ali Jafri
Final Year Project Ideas for Computer Science Students, These Projects helps students to enhance their Expertise in the area of Information Security + they would be able to understand the concept of Information Security
This presentation is intended for an experienced audience knowledgeable about MS Office, internet, networks, Windows operating systems, and general PC troubleshooting. Attendees should understand common IT security issues like viruses, spyware, malware, and botnets as well as remedies for these issues. The presentation will be delivered by Mishra and comments from the audience are welcome.
The document discusses the need for information security professionals and provides an overview of information security. It describes how connecting to the internet exposes computers to risks from malicious actors. It then covers key topics in information security including identity theft, malware, patch management failures, and distributed denial of service attacks. The document concludes by recommending best practices for protecting digital assets such as using antivirus software, firewalls, and keeping systems updated with the latest patches.
Meltdown and Spectre Haunt the World’s Computers”In early Janua.docxroushhsiu
“Meltdown and Spectre Haunt the World’s Computers”
In early January 2018, computer users all over the world were shocked to learn that nearly every computer chip manufactured in the last 20 years contained fundamental security flaws that make it possible for attackers to obtain access to data that were thought to be completely protected. Security researchers had discovered the flaws in late 2017. The flaws arise from features built into the chips that help them run faster. The vulnerability enables a malicious program to gain access to data it should never be able to see.
There are two specific variations of these flaws, called Meltdown and Spectre. Meltdown was so named because it “melts” security boundaries normally enforced by hardware. By exploiting Meltdown, an attacker can use a program running on a computer to gain access to data from all over that machine that the program shouldn’t normally be able to see, including data belonging to other programs and data to which only administrators should have access. (A system administrator is responsible for the upkeep, configuration, and reliable operation of computer systems.) Meltdown only affects specific kinds of Intel chips produced since 1995.
Spectre is not manufacturer-specific and affects nearly all modern processors. It requires more intimate knowledge of the victim program’s inner workings. Spectre’s name comes from speculative execution, in which a chip is able to start work on predicted future operations in order to work faster. In this case, the system is tricked into incorrectly anticipating application behavior. The name also suggests that Spectre will be much more difficult to neutralize. Other attacks in the same family will no doubt be discovered, and Spectre will be haunting us for some time.
With both Meltdown and Spectre, an attacker can make a program reveal some of its own data that should have been kept secret. For example, Spectre could harness JavaScript code on a website to trick a web browser into revealing user and password information. Meltdown could be exploited to view data owned by other users and also virtual servers hosted on the same hardware, which is especially dangerous for cloud computing host computers. The most worrisome aspect of Meltdown and Spectre is that security vulnerabilities are not from flawed software but from the fundamental design of hardware platforms beneath the software.
There is no evidence that Spectre and Meltdown have been exploited, but this would be difficult to detect. Moreover, the security flaws are so fundamental and widespread that they could become catastrophic, especially for cloud computing services where many users share machines. According to researchers at global security software firm McAfee, these vulnerabilities are especially attractive to malicious actors because the attack surface is so unprecedented and the impacts of leaking highly sensitive data are so harmful. According to Forester, performance of laptops, des.
This document analyzes data from the Shodan search engine to summarize exposed cyber assets in the top 10 largest US cities by population. It finds that while New York City has a larger population than Houston, Houston has over 3 times as many exposed assets. The majority of exposed devices run embedded Linux and are connected via Ethernet/modem. Common exposed device types include firewalls, webcams, wireless access points, printers, routers, and phones. The document aims to increase awareness of exposed devices and associated security risks.
Digital Security and safety for journalistsantoniokisembo
This document provides information on digital security and privacy. It discusses the different types of digital data traces people leave behind everyday through online activities. These can include personal content, metadata, behavioral data, and derived data inferred about individuals. The document also outlines strategies for maintaining privacy, such as using encryption and open source tools for email, chat, file sharing and document collaboration. Key questions are presented to evaluate different digital tools and their security practices.
Mr. Bush, a 45-year-old middle school teacher arrives at the emergen.docxaudeleypearl
Mr. Bush, a 45-year-old middle school teacher arrives at the emergency department by EMS ground transport after he experienced severe mid-sternal chest pain at work. On arrival to the ED:
a. What priority interventions would you initiate?
b. What information would you require to definitively determine what was causing Mr. Bush’s chest pain?
.
Movie Project Presentation Movie TroyInclude Architecture i.docxaudeleypearl
Movie Project Presentation: Movie: Troy
Include: Architecture in the movie. Historical research to figure out if the movie did a good job of representing the art historical past of not. Anything in the movie that are related to art or art history. And provide its outline and bibliography (any website source is acceptable as well)
.
Motivation and Retention Discuss the specific strategies you pl.docxaudeleypearl
Motivation and Retention
Discuss the specific strategies you plan to use to motivate individuals from your priority
population to participate in your program and continue working on their behavior change.
You can refer to information you obtained from the Potential Participant Interviews. You
also can search the literature for strategies that have been successfully used in similar
situations; be sure to cite references in APA format.
.
Mother of the Year In recognition of superlative paren.docxaudeleypearl
The document discusses Facebook's decision in 2015 to change the "like" button on the platform. It describes how Chris Cox, Facebook's chief product officer, led discussions about overhauling the button. The like button had become a blunt tool, and Cox wanted to expand the range of emotions that users could express beyond just "liking" something. This would become the "Reactions" feature, allowing responses like love, haha, wow, sad, and angry. The change took over a year to develop and test before being publicly launched.
Mrs. G, a 55 year old Hispanic female, presents to the office for he.docxaudeleypearl
Mrs. G, a 55 year old Hispanic female, presents to the office for her annual exam. She reports that lately she has been very fatigued and just does not seem to have any energy. This has been occurring for 3 months. She is also gaining weight since menopause last year. She joined a gym and forces herself to go twice a week, where she walks on the treadmill at least 30 minutes but she has not lost any weight, in fact she has gained 3 pounds. She doesn’t understand what she is doing wrong. She states that exercise seems to make her even more hungry and thirsty, which is not helping her weight loss. She wants get a complete physical and to discuss why she is so tired and get some weight loss advice. She also states she thinks her bladder has fallen because she has to go to the bathroom more often, recently she is waking up twice a night to urinate and seems to be urinating more frequently during the day. This has been occurring for about 3 months too. This is irritating to her, but she is able to fall immediately back to sleep.
Current medications:
Tylenol 500 mg 2 tabs daily for knee pain. Daily multivitamin
PMH:
Has left knee arthritis. Had chick pox and mumps as a child. Vaccinations up to
date.
GYN hx:
G2 P1. 1 SAB, 1 living child, full term, wt 9lbs 2 oz. LMP 15months ago. No history of abnormal Pap smear.
FH:
parents alive, well, child alive, well. No siblings. Mother has HTN and father has high cholesterol.
SH:
works from home part time as a planning coordinator. Married. No tobacco history, 1-2 glasses wine on weekends. No illicit drug use
Allergies
: NKDA, allergic to cats and pollen. No latex allergy
Vital signs
: BP 129/80; pulse 76, regular; respiration 16, regular
Height 5’2.5”, weight 185 pounds
General:
obese female in no acute distress. Alert, oriented and cooperative.
Skin
: warm dry and intact. No lesions noted
HEENT:
head normocephalic. Hair thick and distribution throughout scalp. Eyes without exudate, sclera white. Wears contacts. Tympanic membranes gray and intact with light reflex noted. Pinna and tragus nontender. Nares patent without exudate. Oropharynx moist without erythema. Teeth in good repair, no cavities noted. Neck supple. Anterior cervical lymph nontender to palpation. No lymphadenopathy. Thyroid midline, small and firm without palpable masses.
CV
: S1 and S2 RRR without murmurs or rubs
Lungs
: Clear to auscultation bilaterally, respirations unlabored.
Abdomen
- soft, round, nontender with positive bowel sounds present; no organomegaly; no abdominal bruits. No CVAT.
Labwork:
CBC
:
WBC 6,000/mm3 Hgb 12.5 gm/dl Hct 41% RBC 4.6 million MCV 88 fl MCHC
34 g/dl RDW 13.8%
UA:
pH 5, SpGr 1.013, Leukocyte esterase negative, nitrites negative, 1+ glucose; small protein; negative for ketones
CMP:
Sodium 139
Potassium 4.3
Chloride 100
CO2 29
Glucose 95
BUN 12
Creatinine 0.7
GFR est non-AA 92 mL/min/1.73 GFR est AA 101 mL/min/1.73 Calcium 9.5
Total protein 7.6 Bilirubin, total 0.6 Alkaline.
More Related Content
Similar to Research Paper Sentence OutlineResearch Question How e-commer.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxmalbert5
Risk and Threat Assessment Report
Anthony Wolf
BSA/ 520
May 11th, 2020
Jeffery McDonough
Running head: RISK AND THREAT ASSESSMENT REPORT
1
RISK AND THREAT ASSESMENT REPORT
2
Risk and Threat Assessment Report
The rise of innovation and technological advancement has affected the aspects of technology in different ways. Improvement of software and operating systems gives hackers a reason to strive and develop more complex forms of overweighing security measures on those applications. Traditional application security best practices and secure coding are often recommended in protecting different applications against runtime attacks.
Runtime application self-protection is an emerging application in the protection of software applications, data, and databases. The increase in attacks has triggered the development of security technology that is linked or build into an application runtime environment. Besides, database deployment is safeguarded by run time application self-protection that can control the execution of applications, detecting, and preventing real-time attacks. The threats and risks associated with operating systems, networks, and software systems are significant concerns to users.
The internet has changed how people do their businesses. With the growth of e-commerce and other online transactions, there has been a subsequent increase in internet risk threats that are commonly occasioned by hacking and malware attacks. There are different types of e-commerce threats and might be accidental, deliberately done by perpetrators, or occur due to human error. The most prevalent threats are money theft, unprotected services, credit card fraud, hacking, data misuse, and phishing attacks. Heats associated with online transactions can be prevented or reduced by keeping the credit cards safe. Consumers/customers should be advised to avoid carrying their credit cards in their wallets since they increase the chances of misplacement. Each buyer should be cautious when using their you’re their online credit information.
The advancement in technology has seen an increase in online transactions. The practice of doing business transactions via the internet is called e-commerce. Their growth has subsequently lead to the rise in internet risk threats that are commonly occasioned by hacking and malware attacks. E-commerce is the activity of conducting transactions via the internet. Internet transactions can be drawn on various technologies, including internet marketing, electronic data exchanges, automated data collection systems, electronic fund transfer, and mobile commerce.
Online transaction threats occur by using the internet for unfair means with the aim of fraud, security breach, and stealing. The use of electronic payment systems has a substantial risk of fraud. It uses the identity of a customer to authorize a payment like security questions and passwords. If someone accesses a customer's password, he will gain access to his accounts and.
Running head mobile application security1mobile application se.docxtodd581
Running head: mobile application security 1
mobile application security 8
Project Report On Mobile Application Security
ISOL534 Application Security
Submitted By
Guided By Dr. Suanu Bliss Wikina
Contents
Executive Summary……………………………………………………………………...3
Introduction………………………………………………………………………..……..4
Types of Mobile Applications……………………………………………………..……..5
Importance of Mobile Application Security…………………………………..………..7
Recommendations for Using Mobile Applications……………………………..………9
Top Three Best Mobile Security Applications…………………………………..…….10
Conclusion………………………………………………………………………………12
References……………………………………………………………………………….13
Executive Summary
This report is about the mobile application security and importance to have installed the mobile application security in the mobile gadgets like the Smartphones or the tablet computers. The use of mobile gadgets have increased in the recent past and it has also brought danger to our personal information as well which are generally saved in our mobiles like the credit card information, contacts, business particulars, etc. Therefore, the importance of mobile application security shall be discussed in detail in the report so that ho we can save our personal data from the external threats in the shape of malwares.
Keywords: Types of Mobile Applications, Importance of Mobile Application Security, Recommendations for using Mobile Applications, Best Mobile Security Applications.
Introduction:
The mobile applications play an important role in our daily life and they are helpful in managing our day to day needs like online banking, chatting to other friends and family, share of online information including photos, banking transactions, codes, etc. However, we are not aware of one thing and that is threats in the shape of malware. The malware are the online threats that can put your personal information and data on risk and you may suffer in various manners like monetary losses, bad repute, etc.
The mobile applications allow users to have mini computers in their mobile phones and enjoy the services. The smart phones allows many built-in applications in their mobile phones which are basic in nature like calculator, calendar, camera, libraries, etc. and the users may download unlimited applications in their mobile phones like emails, video recorders, MP3 players, Medical apps, online organizational applications for sale & purchase of good online, banking applications and most importantly the games. The main advantage is that you can avail functions of such applications without any computer at anywhere with the help of mobile phone and internet.
The previous approach for developing applications were for the desktop computers and laptops but now the trend has changed and the developers are following the approach “Mobile-First” and they are developing such applications that can easily be downloaded on the mobile phones. It is also reported that about 197 Billion different mobile applications are .
Running head mobile application security1mobile application se.docxglendar3
Running head: mobile application security 1
mobile application security 8
Project Report On Mobile Application Security
ISOL534 Application Security
Submitted By
Guided By Dr. Suanu Bliss Wikina
Contents
Executive Summary……………………………………………………………………...3
Introduction………………………………………………………………………..……..4
Types of Mobile Applications……………………………………………………..……..5
Importance of Mobile Application Security…………………………………..………..7
Recommendations for Using Mobile Applications……………………………..………9
Top Three Best Mobile Security Applications…………………………………..…….10
Conclusion………………………………………………………………………………12
References……………………………………………………………………………….13
Executive Summary
This report is about the mobile application security and importance to have installed the mobile application security in the mobile gadgets like the Smartphones or the tablet computers. The use of mobile gadgets have increased in the recent past and it has also brought danger to our personal information as well which are generally saved in our mobiles like the credit card information, contacts, business particulars, etc. Therefore, the importance of mobile application security shall be discussed in detail in the report so that ho we can save our personal data from the external threats in the shape of malwares.
Keywords: Types of Mobile Applications, Importance of Mobile Application Security, Recommendations for using Mobile Applications, Best Mobile Security Applications.
Introduction:
The mobile applications play an important role in our daily life and they are helpful in managing our day to day needs like online banking, chatting to other friends and family, share of online information including photos, banking transactions, codes, etc. However, we are not aware of one thing and that is threats in the shape of malware. The malware are the online threats that can put your personal information and data on risk and you may suffer in various manners like monetary losses, bad repute, etc.
The mobile applications allow users to have mini computers in their mobile phones and enjoy the services. The smart phones allows many built-in applications in their mobile phones which are basic in nature like calculator, calendar, camera, libraries, etc. and the users may download unlimited applications in their mobile phones like emails, video recorders, MP3 players, Medical apps, online organizational applications for sale & purchase of good online, banking applications and most importantly the games. The main advantage is that you can avail functions of such applications without any computer at anywhere with the help of mobile phone and internet.
The previous approach for developing applications were for the desktop computers and laptops but now the trend has changed and the developers are following the approach “Mobile-First” and they are developing such applications that can easily be downloaded on the mobile phones. It is also reported that about 197 Billion different mobile applications are .
This document is a seminar report submitted by Nupur Roy to the Department of Information Technology at International Institute of Information Technology in Bhubaneswar, India in January 2014. The report explores the topic of spyware, including its definition, types, how it operates, impact, and countermeasures. It contains chapters on introduction, overview, motivation, objectives, details about spyware and different types, how spyware operates to track information, impact of spyware, ways to counter spyware, and legal implications.
Looking to understand how hackers and other attackers use cyber technology to attack your network and your executives? This slide set provides an overview and details the anatomy of a cyber attack, and the strategies you can use to manage and mitigate risk.
We Are Instructor Led Online Training Hub.Get access to the world’s best learning experience at our online learning community where millions of learners learn cutting-edge skills to advance their careers, improve their lives, and pursue the work they love. We provide a diverse range of courses, tutorials, resume formats, projects based on real business challenges, and job support to help individuals get started with their professional career.
This document discusses cyber crimes and how to secure computers from cyber threats. It is divided into several sections that cover the definition of cyber crimes, types of cyber crimes such as against persons and property, and types of hackers such as black hats and white hats. The document also provides tips for securing computers, including choosing a secure operating system, internet browser, and security software like firewalls, antivirus programs, and using safe internet practices.
Deep Learning based Threat / Intrusion detection systemAffine Analytics
The document describes a proposed intrusion/threat detection system with the following key components:
1. A feature engineering module to extract relevant features from organizational data like employee information and online activities.
2. A text processing and topic modeling module to analyze communications data and identify confidential information.
3. An internal threat detection system using deep learning to detect threats in real-time with a risk score and predefined response policies.
4. An external threat detection system using signatures and anomaly detection to enforce actions against external threats.
Understanding the term hacking as any unconventional way of interacting with some system it is easy to conclude that there are enormous number of people who hacked or tried to hack someone or something. The article, as result of author research, analyses hacking from different points of view, including hacker's point of view as well as the defender's point of view. Here are discussed questions like: Who are the hackers? Why do people hack? Law aspects of hacking, as well as some economic issues connected with hacking. At the end, some questions about victim protection are discussed together with the weakness that hackers can use for their own protection. The aim of the article is to make readers familiar with the possible risks of hacker's attacks on the mobile phones and on possible attacks in the announced food of the internet of things (next IoT) devices
Hyena has built-in security, user authentication, and automated upgrades, among other features. Hyena has built-in security, user authentication, and automated upgrades, among other features. This is probably all you need to create a secure mobile app from scratch. The Hyena app includes security cover for DIY apps, enterprise apps, business apps, in-house employee apps, and more.
The document discusses security risks to networks from both internal and external threats. It notes that internal threats from employees may pose an even greater risk than external hackers. The document advocates for a layered security approach using technologies like firewalls, antivirus software, web filtering, intrusion detection, and AI tools to automate tasks and improve security efficiency while reducing demands on IT staff. It provides examples of real security incidents caused by disgruntled or negligent employees accessing inappropriate content or leaking sensitive information.
Final Year Projects Computer Science (Information security) -2015Syed Ubaid Ali Jafri
Final Year Project Ideas for Computer Science Students, These Projects helps students to enhance their Expertise in the area of Information Security + they would be able to understand the concept of Information Security
This presentation is intended for an experienced audience knowledgeable about MS Office, internet, networks, Windows operating systems, and general PC troubleshooting. Attendees should understand common IT security issues like viruses, spyware, malware, and botnets as well as remedies for these issues. The presentation will be delivered by Mishra and comments from the audience are welcome.
The document discusses the need for information security professionals and provides an overview of information security. It describes how connecting to the internet exposes computers to risks from malicious actors. It then covers key topics in information security including identity theft, malware, patch management failures, and distributed denial of service attacks. The document concludes by recommending best practices for protecting digital assets such as using antivirus software, firewalls, and keeping systems updated with the latest patches.
Meltdown and Spectre Haunt the World’s Computers”In early Janua.docxroushhsiu
“Meltdown and Spectre Haunt the World’s Computers”
In early January 2018, computer users all over the world were shocked to learn that nearly every computer chip manufactured in the last 20 years contained fundamental security flaws that make it possible for attackers to obtain access to data that were thought to be completely protected. Security researchers had discovered the flaws in late 2017. The flaws arise from features built into the chips that help them run faster. The vulnerability enables a malicious program to gain access to data it should never be able to see.
There are two specific variations of these flaws, called Meltdown and Spectre. Meltdown was so named because it “melts” security boundaries normally enforced by hardware. By exploiting Meltdown, an attacker can use a program running on a computer to gain access to data from all over that machine that the program shouldn’t normally be able to see, including data belonging to other programs and data to which only administrators should have access. (A system administrator is responsible for the upkeep, configuration, and reliable operation of computer systems.) Meltdown only affects specific kinds of Intel chips produced since 1995.
Spectre is not manufacturer-specific and affects nearly all modern processors. It requires more intimate knowledge of the victim program’s inner workings. Spectre’s name comes from speculative execution, in which a chip is able to start work on predicted future operations in order to work faster. In this case, the system is tricked into incorrectly anticipating application behavior. The name also suggests that Spectre will be much more difficult to neutralize. Other attacks in the same family will no doubt be discovered, and Spectre will be haunting us for some time.
With both Meltdown and Spectre, an attacker can make a program reveal some of its own data that should have been kept secret. For example, Spectre could harness JavaScript code on a website to trick a web browser into revealing user and password information. Meltdown could be exploited to view data owned by other users and also virtual servers hosted on the same hardware, which is especially dangerous for cloud computing host computers. The most worrisome aspect of Meltdown and Spectre is that security vulnerabilities are not from flawed software but from the fundamental design of hardware platforms beneath the software.
There is no evidence that Spectre and Meltdown have been exploited, but this would be difficult to detect. Moreover, the security flaws are so fundamental and widespread that they could become catastrophic, especially for cloud computing services where many users share machines. According to researchers at global security software firm McAfee, these vulnerabilities are especially attractive to malicious actors because the attack surface is so unprecedented and the impacts of leaking highly sensitive data are so harmful. According to Forester, performance of laptops, des.
This document analyzes data from the Shodan search engine to summarize exposed cyber assets in the top 10 largest US cities by population. It finds that while New York City has a larger population than Houston, Houston has over 3 times as many exposed assets. The majority of exposed devices run embedded Linux and are connected via Ethernet/modem. Common exposed device types include firewalls, webcams, wireless access points, printers, routers, and phones. The document aims to increase awareness of exposed devices and associated security risks.
Digital Security and safety for journalistsantoniokisembo
This document provides information on digital security and privacy. It discusses the different types of digital data traces people leave behind everyday through online activities. These can include personal content, metadata, behavioral data, and derived data inferred about individuals. The document also outlines strategies for maintaining privacy, such as using encryption and open source tools for email, chat, file sharing and document collaboration. Key questions are presented to evaluate different digital tools and their security practices.
Similar to Research Paper Sentence OutlineResearch Question How e-commer.docx (17)
Mr. Bush, a 45-year-old middle school teacher arrives at the emergen.docxaudeleypearl
Mr. Bush, a 45-year-old middle school teacher arrives at the emergency department by EMS ground transport after he experienced severe mid-sternal chest pain at work. On arrival to the ED:
a. What priority interventions would you initiate?
b. What information would you require to definitively determine what was causing Mr. Bush’s chest pain?
.
Movie Project Presentation Movie TroyInclude Architecture i.docxaudeleypearl
Movie Project Presentation: Movie: Troy
Include: Architecture in the movie. Historical research to figure out if the movie did a good job of representing the art historical past of not. Anything in the movie that are related to art or art history. And provide its outline and bibliography (any website source is acceptable as well)
.
Motivation and Retention Discuss the specific strategies you pl.docxaudeleypearl
Motivation and Retention
Discuss the specific strategies you plan to use to motivate individuals from your priority
population to participate in your program and continue working on their behavior change.
You can refer to information you obtained from the Potential Participant Interviews. You
also can search the literature for strategies that have been successfully used in similar
situations; be sure to cite references in APA format.
.
Mother of the Year In recognition of superlative paren.docxaudeleypearl
The document discusses Facebook's decision in 2015 to change the "like" button on the platform. It describes how Chris Cox, Facebook's chief product officer, led discussions about overhauling the button. The like button had become a blunt tool, and Cox wanted to expand the range of emotions that users could express beyond just "liking" something. This would become the "Reactions" feature, allowing responses like love, haha, wow, sad, and angry. The change took over a year to develop and test before being publicly launched.
Mrs. G, a 55 year old Hispanic female, presents to the office for he.docxaudeleypearl
Mrs. G, a 55 year old Hispanic female, presents to the office for her annual exam. She reports that lately she has been very fatigued and just does not seem to have any energy. This has been occurring for 3 months. She is also gaining weight since menopause last year. She joined a gym and forces herself to go twice a week, where she walks on the treadmill at least 30 minutes but she has not lost any weight, in fact she has gained 3 pounds. She doesn’t understand what she is doing wrong. She states that exercise seems to make her even more hungry and thirsty, which is not helping her weight loss. She wants get a complete physical and to discuss why she is so tired and get some weight loss advice. She also states she thinks her bladder has fallen because she has to go to the bathroom more often, recently she is waking up twice a night to urinate and seems to be urinating more frequently during the day. This has been occurring for about 3 months too. This is irritating to her, but she is able to fall immediately back to sleep.
Current medications:
Tylenol 500 mg 2 tabs daily for knee pain. Daily multivitamin
PMH:
Has left knee arthritis. Had chick pox and mumps as a child. Vaccinations up to
date.
GYN hx:
G2 P1. 1 SAB, 1 living child, full term, wt 9lbs 2 oz. LMP 15months ago. No history of abnormal Pap smear.
FH:
parents alive, well, child alive, well. No siblings. Mother has HTN and father has high cholesterol.
SH:
works from home part time as a planning coordinator. Married. No tobacco history, 1-2 glasses wine on weekends. No illicit drug use
Allergies
: NKDA, allergic to cats and pollen. No latex allergy
Vital signs
: BP 129/80; pulse 76, regular; respiration 16, regular
Height 5’2.5”, weight 185 pounds
General:
obese female in no acute distress. Alert, oriented and cooperative.
Skin
: warm dry and intact. No lesions noted
HEENT:
head normocephalic. Hair thick and distribution throughout scalp. Eyes without exudate, sclera white. Wears contacts. Tympanic membranes gray and intact with light reflex noted. Pinna and tragus nontender. Nares patent without exudate. Oropharynx moist without erythema. Teeth in good repair, no cavities noted. Neck supple. Anterior cervical lymph nontender to palpation. No lymphadenopathy. Thyroid midline, small and firm without palpable masses.
CV
: S1 and S2 RRR without murmurs or rubs
Lungs
: Clear to auscultation bilaterally, respirations unlabored.
Abdomen
- soft, round, nontender with positive bowel sounds present; no organomegaly; no abdominal bruits. No CVAT.
Labwork:
CBC
:
WBC 6,000/mm3 Hgb 12.5 gm/dl Hct 41% RBC 4.6 million MCV 88 fl MCHC
34 g/dl RDW 13.8%
UA:
pH 5, SpGr 1.013, Leukocyte esterase negative, nitrites negative, 1+ glucose; small protein; negative for ketones
CMP:
Sodium 139
Potassium 4.3
Chloride 100
CO2 29
Glucose 95
BUN 12
Creatinine 0.7
GFR est non-AA 92 mL/min/1.73 GFR est AA 101 mL/min/1.73 Calcium 9.5
Total protein 7.6 Bilirubin, total 0.6 Alkaline.
Mr. Rivera is a 72-year-old patient with end stage COPD who is in th.docxaudeleypearl
Mr. Rivera is a 72-year-old patient with end stage COPD who is in the care of Hospice. He has a history of smoking, hypertension, obesity, and type 2 Diabetes. He is on Oxygen 2L per nasal cannula around the clock. His wife and 2 adult children help with his care. Develop a concept map for Mr. Rivera. Consider the patients Ethnic background (he and his family are from Mexico) and family dynamics. Please use the
concept map
form provided.
.
Mr. B, a 40-year-old avid long-distance runner previously in goo.docxaudeleypearl
Mr. B, a 40-year-old avid long-distance runner previously in good health, presented to his primary provider for a yearly physical examination, during which a suspicious-looking mole was noticed on the back of his left arm, just proximal to the elbow. He reported that he has had that mole for several years, but thinks that it may have gotten larger over the past two years. Mr. B reported that he has noticed itchiness in the area of this mole over the past few weeks. He had multiple other moles on his back, arms, and legs, none of which looked suspicious. Upon further questioning, Mr. B reported that his aunt died in her late forties of skin cancer, but he knew no other details about her illness. The patient is a computer programmer who spends most of the work week indoors. On weekends, however, he typically goes for a 5-mile run and spends much of his afternoons gardening. He has a light complexion, blonde hair, and reports that he sunburns easily but uses protective sunscreen only sporadically.
Physical exam revealed: Head, neck, thorax, and abdominal exams were normal, with the exception of a hard, enlarged, non-tender mass felt in the left axillary region. In addition, a 1.6 x 2.8 cm mole was noted on the dorsal upper left arm. The lesion had an appearance suggestive of a melanoma. It was surgically excised with 3 mm margins using a local anesthetic and sent to the pathology laboratory for histologic analysis. The biopsy came back Stage II melanoma.
1. How is Stage II melanoma treated and according to the research how effective is this treatment?
250 words.
.
Moving members of the organization through the change process ca.docxaudeleypearl
Moving members of the organization through the change process can be quite difficult. As leaders take on this challenge of shifting practice from the current state to the future, they face the obstacles of confidence and competence experienced by staff. Change leaders understand the importance of recognizing their moral purpose and helping others to do the same. Effective leaders foster moral purpose by building relationships, considering other’s perspectives, demonstrating respect, connecting others, and examining progress (Fullan & Quinn, 2016). For this Discussion, you will clarify your own moral perspective and how it will impact the elements of focusing direction.
To prepare:
· Review the Adams and Miskell article. Reflect on the measures taken in building capacity throughout the organization.
· Review Fullan and Quinn’s elements of Focusing Direction in Chapter 2. Reflect on aspects needed to build capacity as a leader.
· Analyze the two case examples used to illustrate focused direction in Chapter 2.
· Clarify your own moral purpose, combining your personal values, persistence, emotional intelligence, and resilience.
A brief summary clarifying your own moral imperative.
· Using the guiding questions in Chapter 2 on page 19, explain your moral imperative and how you can use your strengths to foster moral imperative in others.
· Based on Fullan’s information on change leadership, in which areas do you feel you have strong leadership skills? Which areas do you feel you need to continue to develop?
Learning Resources
Required Readings
Fullan, M., & Quinn, J. (2016).
Coherence: The right drivers in action for schools, districts, and systems
. Thousand Oaks, CA: Corwin.
Chapter 2, “Focusing Direction” (pp. 17–46)
Florian, L. (Ed.). (2014).
The SAGE handbook of special education
(2nd ed.). London, England: Sage Publications Ltd.
Chapter 23, “Researching Inclusive Classroom Practices: The Framework for Participation” (389–404)
Chapter 31, “Assessment for Learning and the Journey Towards Inclusion” (pp. 523–536)
Adams, C.M., & Miskell, R.C. (2016). Teacher trust in district administration: A promising line of inquiry. Journal of Leadership for Effective and Equitable Organizations, 1-32. DOI: 10.1177/0013161X1665220
Choi, J. H., Meisenheimer, J. M., McCart, A. B., & Sailor, W. (2016). Improving learning for all students through equity-based inclusive reform practices effectiveness of a fully integrated school-wide model on student reading and math achievement. Remedial and Special Education, doi:10.1177/0741932516644054
Sailor, W. S., & McCart, A. B. (2014). Stars in alignment. Research and Practice for Persons with Severe Disabilities, 39(1), 55-64. doi: 10.1177/1540796914534622
Required Media
Grand City Community
Laureate Education (Producer) (2016c).
Tracking data
[Video file]. Baltimore, MD: Author.
Go to the Grand City Community and click into
Grand City School District Administration Offices
. Revie.
Mr. Friend is acrime analystwith the SantaCruz, Califo.docxaudeleypearl
Mr. Friend is a
crime analyst
with the Santa
Cruz, California,
Police
Department.
Predictive Policing: Using Technology to Reduce Crime
By Zach Friend, M.P.P.
4/9/2013
Nationwide law enforcement agencies face the problem
of doing more with less. Departments slash budgets
and implement furloughs, while management struggles
to meet the public safety needs of the community. The
Santa Cruz, California, Police Department handles the
same issues with increasing property crimes and
service calls and diminishing staff. Unable to hire more
officers, the department searched for a nontraditional
solution.
In late 2010 researchers published a paper that the
department believed might hold the answer. They
proposed that it was possible to predict certain crimes,
much like scientists forecast earthquake aftershocks.
An “aftercrime” often follows an initial crime. The time and location of previous criminal activity helps to
determine future offenses. These researchers developed an algorithm (mathematical procedure) that
calculates future crime locations.1
Equalizing Resources
The Santa Cruz Police Department has 94 sworn officers and serves a population of 60,000. A
university, amusement park, and beach push the seasonal population to 150,000. Department personnel
contacted a Santa Clara University professor to apply the algorithm, hoping that leveraging technology
would improve their efforts. The police chief indicated that the department could not hire more officers.
He felt that the program could allocate dwindling resources more efficiently.
Santa Cruz police envisioned deploying officers by shift to the most targeted locations in the city. The
predictive policing model helped to alert officers to targeted locations in real time, a significant
improvement over traditional tactics.
Making it Work
The algorithm is a culmination of anthropological and criminological behavior research. It uses complex
mathematics to estimate crime and predict future hot spots. Researchers based these studies on
In Depth
Featured Articles
- IAFIS Identifies Suspect from 1978 Murder Case
- Predictive Policing: Using Technology to Reduce
Crime
- Legal Digest Part 1 - Part 2
Search Warrant Execution: When Does Detention Rise to
Custody?
- Perspective
Public Safety Consolidation: Does it Make Sense?
- Leadership Spotlight
Leadership Lessons from Home
Archive
- Web and Print
Departments
- Bulletin Notes - Bulletin Honors
- ViCAP Alerts - Unusual Weapons
- Bulletin Reports
Topics in the News
See previous LEB content on:
- Hostage Situations - Crisis Management
- School Violence - Psychopathy
About LEB
- History - Author Guidelines (pdf)
- Editorial Staff - Editorial Release Form (pdf)
Patch Call
Known locally as the
“Gateway to the Summit,”
which references the city’s
proximity to the Bechtel Family
National Scout Reserve. More
The patch of the Miamisburg,
Ohio, Police Department
prominently displays the city
seal surroun.
Mr. E is a pleasant, 70-year-old, black, maleSource Self, rel.docxaudeleypearl
Mr. E is a pleasant, 70-year-old, black, male
Source: Self, reliable source
Subjective:
Chief complaint:
“I urinate frequently.”
HPI:
Patient states that he has had an increase in urination for the past several years, which seems to be worsening over the past year. He estimates that he urinates clear/light yellow urine approximately every 1.5-2 hours while awake and is up 2-4 times at night to urinate. He states some urgency and hesitancy with urination and feeling of incomplete voiding. He denies any pain or blood. Denies any head trauma. Denies any increase in thirst or hunger. He denies any unintentional weight loss.
Allergies
: NKA
Current Mediations
:
Multivitamin, daily
Aspirin, 81 mg, daily
Olmesartan, 20 mg daily
Atorvastatin, 10 mg daily
Diphenhydramine, 50 mg, at night
Pertinent History:
Hypertension, hyperlipidemia, insomnia
Health Maintenance. Immunizations:
Immunizations up to date
Family History:
No cancer, cardiac, pulmonary or autoimmune disease in immediate family members
Social History:
Patient lives alone. He drinks one cup of caffeinated coffee each morning at the local diner. He denies any nicotine, alcohol or drug use.
ROS:
Incorporated into HPI
Objective:
VS
– BP: 118/68, HR: 86, RR: 16, Temp 97.6, oxygenation 100%, weight: 195 lbs, height: 70 inches.
Mr. E is alert, awake, oriented x 3. Patient is clean and dressed appropriate for age.
Cardiac: No cardiomegaly or thrills; regular rate and rhythm, no murmur or gallop
Respiratory: Clear to auscultation
Abdomen: Bowel sounds positive. Soft, nontender, nondistended, no hepatomegaly
Neuro: CN 2-12 intact
Renal/prostate: Prostate enlarged, non-tender. No asymmetry or nodules palpated
Labs:
Test Name
Result
Units
Reference Range
Color
Yellow
Yellow
Clarity
Clear
Clear
Bilirubin
Negative
Negative
Specific Gravity
1.011
1.003-1.030
Blood
Negative
Negative
pH
7.5
4.5-8.0
Nitrite
Negative
Negative
Leukocyte esterase
Negative
Negative
Glucose
Negative
mg/dL
Negative
Ketones
Negative
mg/dL
Negative
Protein
Negative
mg/dL
Negative
WBC
Negative
/hpf
Negative
RBC
Negative
/hpf
Negative
Lab
Pt’s Result
Range
Units
Sodium
137
136-145
mmol/L
Potassium
4.7
3.5-5.1
mmol/L
Chloride
102
98-107
mmol/L
CO2
30
21-32
mmol/L
Glucose
92
70-99
mg/dL
BUN
7
6-25
mg/dL
Creat
1.6
.8-1.3
mg/dL
GFR
50
>60
Calcium
9.6
8.2-10.2
mg/dL
Total Protein
8.0
6.4-8.2
g/dL
Albumin
4.5
3.2-4.7
g/dL
Bilirubin
1.1
<1.1
mg/dL
Alkaline Phosphatase
94
26-137
U/L
AST
25
0-37
U/L
ALT
55
15-65
U/L
Pt’s results
Normal Range
Units
WBC
9.9
3.4 - 10.8
x10E3/uL
RBC
4.0
3.77 - 5.28
x10E6/uL
Hemoglobin
11.5
11.1 - 15.9
g/dL
H.
Motor Milestones occur in a predictable developmental progression in.docxaudeleypearl
Motor Milestones occur in a predictable developmental progression in young children. They begin with reflexive movements that develop into voluntary movement patterns. For the motor milestone of independent walking, there are many precursor reflexes that must first integrate and beginning movement patterns that must be learned. Explain the motor progression of walking in a child, starting with the integration of primitive reflexes to the basic motor skills needed for a child to walk independently. Discuss at which time frame each milestone occurs from birth to walking (12-18 months of age). What are some reasons why a child could be delayed in walking? At what age is a child considered delayed in walking and in need of intervention? What interventions are available to children who are having difficulty walking? Please be sure to use APA citations for all sources used to formulate your answers.
.
Most women experience their closest friendships with those of th.docxaudeleypearl
Most women experience their closest friendships with those of the same sex. Men have suffered more of a stigma in terms of sharing deep bonds with other men. Open affection and connection is not actively encouraged among men. Recent changes in society might impact this, especially with the advent of the meterosexual male. “The meterosexual male is less interested in blood lines, traditions, family, class, gender, than in choosing who they want to be and who they want to be with” (Vernon, 2010, p. 204).
In this week’s reading material, the following philosophers discuss their views on this topic: Simone de Beauvoir, Thomas Aquinas, MacIntyre, Friedman, Hunt, and Foucault. Make sure to incorporate their views as you answer each discussion question. Think about how their views may be similar or different from your own. In at least 250 words total, please answer each of the following, drawing upon your reading materials and your personal insight:
To what extent do you think women still have a better opportunity to forge deeper friendships than men? What needs to change to level the friendship playing field for men, if anything?
How is the role of the meterosexual man helping to forge a new pathway for male friendships?
.
Most patients with mental health disorders are not aggressive. Howev.docxaudeleypearl
Most patients with mental health disorders are not aggressive. However, it is important for nurses to be able to know the signs and symptoms associated with the five phases of aggression, and to appropriately apply nursing interventions to assist in treating aggressive patients. Please read the case study below and answer the four questions related to it.
Aggression Case Study
Christopher, who is 14 years of age, was recently admitted to the hospital for schizophrenia. He has a history of aggressive behavior and states that the devil is telling him to kill all adults because they want to hurt him. Christopher has a history of recidivism and noncompliance with his medications. One day on the unit, the nurse observes Christopher displaying hypervigilant behaviors, pacing back and forth down the hallway, and speaking to himself under his breath. As the nurse runs over to Christopher to talk, he sees that his bedroom door is open and runs into his room and shuts the door. The nurse responds by attempting to open the door, but Christopher keeps pulling the door shut and tells the nurse that if the nurse comes in the room he will choke the nurse. The nurse responds by calling other staff to assist with the situation.
1. What phase of the aggression cycle is Christopher in at the beginning of this scenario? What phase is he in at the end the scenario? (State the evidence that supports your answers).
2. What interventions could have been implemented to prevent Christopher from escalating at the beginning of the scenario?
3. What interventions should the nurse take to deescalate the situation when Christopher is refusing to open his door?
4. If a restrictive intervention (restraint/seclusion) is used, what are some important steps for the nurse to remember?
SCHOLAR NURSING ARTICLE>>>APA FORMAT>>>
.
Most of our class readings and discussions to date have dealt wi.docxaudeleypearl
Most of our class readings and discussions to date have dealt with the issue of ethics and ethical behavior. Various philosophers have made contributions to jurisprudence including how to apply ethical principles (codes of conduct?) to ethical dilemma.
Your task is to watch the Netflix documentary ‘The Social Dilemma.’ If you cannot currently access Netflix it offers a free trial opportunity, which you can cancel after viewing the documentary. Should this not be an option for whatever reason, then please email me and we will create an alternative ethics question.
DUE DATE: Tuesday, Sept. 29, 2020 by noon
SEND YOUR NO MORE THAN 5 PAGE DOUBLE SPACED RESPONSE TO MY EMAIL ADDRESS. LATE PAPERS SUBJECT TO DOWNGRADING
As critics have written, the documentary showcases ways our minds are twisted and twirled by social media companies like Facebook, Twitter, and Google through their platforms and search engines, and the why of what they are doing, and what must be done to stop it.
After watching the movie, respond to the following questions in the order given. Use full sentences and paragraphs, and start off each section by stating the question you are answering. Be succinct.
What are the critical ethical issues identified?
What concerns are raised over the polarization of society and promulgation of fake news?
What is the “attention-extraction model” of software design and why worry?
What is “surveillance capitalism?”
Do you agree that social media warps your perceptions of reality?
Who has the power and control over these social media platforms – software designers, artificial intelligence (Ai), CEOs of media platforms, users, government?
Are social media platforms capable of self-regulation to address the political and ethical issues raised or not? If not, then should government regulate?
What other actions can be taken to address the basic concern of living in a world “…where no one believes what’s true.”
.
Most people agree we live in stressful times. Does stress and re.docxaudeleypearl
Stress may contribute to illness according to some research cited in textbooks. The question asks whether stress and reactions to stress can lead to health issues, and opinions should be supported by evidence from course materials. References in APA format are required.
Most of the ethical prescriptions of normative moral philosophy .docxaudeleypearl
Most of the ethical prescriptions of normative moral philosophy tend to fall into one of the following three categories: deontology, consequentialism, and virtue ethics. These categories in turn put an emphasis on different normative standards for judging what constitutes right and wrong actions.
Moral psychologists and behavioral economists such as Jonathan Haidt and Dan Ariely take a different approach: focusing not on some normative ethical framework for moral judgment, but rather on the psychological foundations of moral intuition and on the limitations that our human frailty places on real-world honesty, decency, and ethical commitments.
In this context, write a short essay (minimum 400 words) on what you see as the most important differences between the traditional normative philosophical approaches and the more recent empirical approach of moral psychology when it comes to ethics. As part of your answer also make sure that you discuss the implications of these differences.
Deadline reminder:
this assignment is
due on June 14th
. Any assignments submitted after that date will lose 5 points (i.e., 20% of the maximum score of 25 points) for each day that they are submitted late. Accordingly, after June 14th, any submissions would be worth zero points and at that time the assignment inbox will close.
.
Most healthcare organizations in the country are implementing qualit.docxaudeleypearl
Most healthcare organizations in the country are implementing quality improvement programs to save lives, enhance customer satisfaction, and reduce the cost of healthcare services. Limited human and material resources often undermine such efforts. Zenith Hospital in a rural community has 200 beds. Postsurgical patients tend to contract infections at the surgical site, requiring extended hospitalization. Mr. Jones—75 years old—was admitted to Zenith Hospital for inguinal hernia repairs. He was also hypertensive, with a compromised immune system. Two days after surgery, he acquired an infection at the surgical site, with elevated temperature, and then he developed septicemia. His condition worsened, and he was moved to isolation in the intensive care unit (ICU). A day after transfer to the ICU, he went into ventricular arrhythmia and was placed on a respirator and cardiac monitoring machine. Intravenous fluids, antibiotics, and antipyretics could not bring the fever down, and blood analysis continued to deteriorate.
The hospital infection control unit got involved. The team confirmed that postsurgical infections were on the increase, but the hospital was unable to identify the sources of infection. The surgery unit and surgical team held meetings to understand possible sources of infection. The team leader had earlier reported to management that they needed to hire more surgical nurses, arguing that nurses in the unit were overworked, had to go on leave, and often worked long hours without break.
Mr. Jones’ family members were angry and wanted to know the source of his infection, why he was on the respirator in isolation, and why his temperature was not coming down. Unfortunately, his condition continued to deteriorate. His daughter invited the family’s legal representative to find out what was happening to her father and to commence legal proceedings.
Then, the healthcare manager received information that two other patients were showing signs of postsurgical infection. The healthcare manager and care providers acknowledged the serious quality issues at Zenith Hospital, particularly in the surgical unit. The healthcare manager wrote to the Chairman of the Hospital Board, seeking approval to implement a quality improvement program. The Board held an emergency meeting and approved the manager’s request. The healthcare manager has invited you to support the organization in this process.
Please address the following questions in your response:
What are successful approaches for gaining a shared understanding of the problem?
How can effective communication be implemented?
What is a qualitative approach that helps in identifying the quality problem?
What tools can provide insight into understanding the problem?
In quality improvement, what does appreciative inquiry help do?
What is a benefit of testing solutions before implementation?
What is a challenge that is inherent in the application of the plan, do, study, act (PDSA) method?
What .
More work is necessary on how to efficiently model uncertainty in ML.docxaudeleypearl
More work is necessary on how to efficiently model uncertainty in ML and NLP, as well as how to represent uncertainty resulting from big data analytics.
Pages - 4
Excluding the required cover page and reference page.
APA format 7 with an introduction, a body content, and a conclusion.
No Plagiarism
.
Mortgage-Backed Securities and the Financial CrisisKelly Finn.docxaudeleypearl
Mortgage-Backed Securities and the Financial Crisis
Kelly Finn
FNCE 4302
Mortgage-Backed Securities (MBS) are “pass-through” bundles of housing debt sold as investment vehicles
A mortgage-backed security, MBS, is a type of asset-backed security that pays investors regular payments, similar to a bond. It gets the title as a “pass-through” because the security involves several entities in the origination and securitization process (where the asset is identified, and where it is used as a base to create a new investment instrument people can profit off of).
Key Players involved in the MBS Process
[Mortgage] Lenders: banks who sell mortgages to GSE’s
GSE: Government Sponsored Entities created by the US Government to make owning property more accessible to Americans
1938: Fannie Mae (FNMA): Federal National Mortgage Assoc.
1970: Freddie Mac (FHLMC): Federal Home Loan Mortgage Corp.
Increase mortgage borrowing
Introduce competitor to Fannie Mae
1970: Ginnie Mae (GNMA): Government National Mortgage Assoc.
US Government: Treasury: implicit commitment of providing support in case of trouble
The several entities involved in the process make MBS a “pass-through”. Here we have 3 main entities that we’ll call “Key Players” for the purpose of this presentation which aims to provide you with a basic and simple explanation of MBS and their role in the financial crisis.
GSE’s created by the US Government in 1938
Part of FDR’s New Plan during Great Depression
Purpose: make owning property more accessible to more Americans
GSE (ex. Fannie Mae) buys mortgages (debt) from banks, & then pools mortgages into little bundles investors can buy (securitization)
Bank’s mortgage is exchanged with GSE’s cash
Created liquid secondary market for mortgages
Result:
1) Bank has more cash to lend out to people
2) Now all who want to a house (expensive) can get the money needed to buy one!
Where MBS came from & when
Yay for combatting homelessness and increasing quality of life for the common American!
Thanks Uncle Sam!
MBS have been around for a long time. Officially in the US, they have their origins in government. During the Great Depression in the 1930s, President Franklin Delano Roosevelt signed into creation Fannie Mae that was brought about to help ease American citizen’s difficulty in becoming homeowners. The sole purpose of a GSE thus was to not make profit, but to promote citizen welfare in regards to housing. Seeing that it was created by regulatory government powers, it earned the title of Government Sponsored Entity, which we will abbreviate as GSE. 2 other GSE’s in housing were created in later decades like Freddie Mae, to further stimulate the mortgage market alongside Fannie, and Ginnie which did a similar thing but only for certain groups of people (Veterans, etc) and to a much smaller scale.
How MBS works: Kelly is a homeowner looking to borrow a lot of money
*The Lender, who issued Kelly the mor.
Moral Development Lawrence Kohlberg developed six stages to mora.docxaudeleypearl
Moral Development:
Lawrence Kohlberg developed six stages to moral behavior in children and adults. Punishment and obedience orientation, interpersonal concordance, law and order orientation, social contract orientation, and universal ethics orientation. All or even just one of these stages will make a good topic for your research paper or you could just do the research paper on Kohlberg.
.
Main Java[All of the Base Concepts}.docxadhitya5119
This is part 1 of my Java Learning Journey. This Contains Custom methods, classes, constructors, packages, multithreading , try- catch block, finally block and more.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
বাংলাদেশের অর্থনৈতিক সমীক্ষা ২০২৪ [Bangladesh Economic Review 2024 Bangla.pdf] কম্পিউটার , ট্যাব ও স্মার্ট ফোন ভার্সন সহ সম্পূর্ণ বাংলা ই-বুক বা pdf বই " সুচিপত্র ...বুকমার্ক মেনু 🔖 ও হাইপার লিংক মেনু 📝👆 যুক্ত ..
আমাদের সবার জন্য খুব খুব গুরুত্বপূর্ণ একটি বই ..বিসিএস, ব্যাংক, ইউনিভার্সিটি ভর্তি ও যে কোন প্রতিযোগিতা মূলক পরীক্ষার জন্য এর খুব ইম্পরট্যান্ট একটি বিষয় ...তাছাড়া বাংলাদেশের সাম্প্রতিক যে কোন ডাটা বা তথ্য এই বইতে পাবেন ...
তাই একজন নাগরিক হিসাবে এই তথ্য গুলো আপনার জানা প্রয়োজন ...।
বিসিএস ও ব্যাংক এর লিখিত পরীক্ষা ...+এছাড়া মাধ্যমিক ও উচ্চমাধ্যমিকের স্টুডেন্টদের জন্য অনেক কাজে আসবে ...
This presentation includes basic of PCOS their pathology and treatment and also Ayurveda correlation of PCOS and Ayurvedic line of treatment mentioned in classics.
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
it describes the bony anatomy including the femoral head , acetabulum, labrum . also discusses the capsule , ligaments . muscle that act on the hip joint and the range of motion are outlined. factors affecting hip joint stability and weight transmission through the joint are summarized.
Research Paper Sentence OutlineResearch Question How e-commer.docx
1. Research Paper Sentence Outline::
Research Question: How e-commerce companies address
privacy in its policies?
Purpose: The purpose of this assignment is to prepare you for
the dissertation process by creating a sentence outline for a
research paper.
Description: The topic of your sentence outline is your research
paper topic. After completing this week's Learning Activities,
develop a sentence outline.
Deliverable: Prepare a Microsoft Word document that includes
the following headings and one full sentence in each section:
· Title Page
· Abstract
· Introduction
· Literature review
· Research Method
· Results
· Discussion
· Conclusion
John Fulcher
CYB/110
Playbook / Runbook Part 2 – Social Network Security
John W. Fulcher
University of Phoenix Online
CYB/110
2. Question 3
The scenario that happened involved the Win32/Virut malware
that was notorious and wreaked havoc on one machine in the
company (Microsoft). The malware was detected and stopped
before it spread to any other computer on the network. It
operates by modifying the software executables on the
computers and spreads by targeting every software executable
that opens and writes its code that introduces a backdoor that
allows hackers to access the system from remote servers. The
malware is introduced when an infected executable is run on the
machine and once it has been installed along with the innocent-
looking software, it copies itself to every other executable as
soon as it is opened, meaning that it does not spread if no
executable file is run. This, in turn, means that any software
that is yet to be run is safe.
Upon realizing the corruption, which was done when an online
scan using ESET antivirus was conducted, every executable was
closed down (ESET). This allowed for antivirus to effectively
isolate any executable affected and list it. Indeed, the
executables were listed and it turned out that 7 executables had
been affected already, these were immediately quarantined.
Some of the software affected were office word and operating
system executables. To effectively deal with the threat, I
restored the quarantined files so that I could cleanly uninstall
the software. After the uninstallation, the online scan was run
again, since it was not vulnerable to infection through the
3. executable corruption. This time around, every identified threat
was removed and an operating system disc used to repair the
corrupted operating system files. Finally, the ESET antivirus
was installed so that such threats can be prevented before
happening to reduce the extent of the damage. The affected
software was then reinstalled and the system scanned with the
offline antivirus and scheduled to automatically scan every day
(Koret and Bachaalany).
Employees must be guided not to share the following
information online:
· Usernames
· Office address
· Their medical history and records
· Their work experiences
· The place they have lived in
· Family member’s identity
· Date of births
· Personal information regarding bank detail or similar data
(Norton).
If employees put this data online, their personal information can
be misused and they may face an issue which can be severe.
Employees also need to be trained to interact securely while
they use the internet. They must take care of the confidential
information while sharing it in an email because if the emails
are not protected, company data may be at high risk. If they
have to share any document or attachment with the management,
they need to develop a special code or a password to safeguard
the sensitive and confidential information. Employees need to
frequently change the passwords because the similar passwords
for longer periods can be misused and easily hacked. While
interacting online, they should not download any programs or
need not install the unnecessary and untrusted applications
because they can be a serious threat to their devices and the
data kept in their devices may become at stake. They must
develop passwords which are a mix of numeric and text to
4. strengthen the security. When it comes to emails, they should
not be downloading any emails from unknown sources and must
also not click on the unknown links because they make give a
security shock. Safe browser must be used and the antivirus
should be updated (Kaspersky).
For the enhanced email security, employees must develop
separate email accounts for the official use and their passwords
must be updated and complex. No large or unnecessary
attachment needs to be downloaded because they may contain
malware. Email security features must be known to the
employees. Using public Wi-Fi to send and receive emails is not
recommended because there is a high risk of data to be stolen
on public Wi-Fi. All those attachments which are of no use must
be blocked. If an email has too many recipients, it should also
be blocked. So, email communication must be protected (Tolly).
Following is the list of items that company employees should
never share on the social media:
· Representation of the company with unauthentic statements
· Not talking about intellectual property rights
· Not disclosing any confidential information
· Not giving statements without having proper knowledge
· Taking in a negative tone about the competitor
· Posting any controversial thing
· Talking about job roles
· Posting office stories
· Posting any accounts information
· Talking in a hatred manner toward other people (Workable).
Works Cited
ESET. Free Virus Scan | Online Virus Scan from ESET. 2018.
Web. 19 June 2018.
<https://www.eset.com/us/home/online-scanner/>.
Kaspersky. Top 10 Internet Safety Rules & What Not to Do
Online. n.d.
https://usa.kaspersky.com/resource-center/preemptive-
safety/top-10-internet-safety-rules-and-what-not-to-do-online.
5. 30 August 2019.
Koret, Joxean and Elias Bachaalany. The Antivirus Hacker's
Handbook. 1st. Hoboken: Wiley,
2015. Print.
Microsoft. Virus: Win32/Virut.BN. 15 September 2017. Web.
19 June 2018.
<https://www.microsoft.com/en-us/wdsi/threats/malware-
encyclopedia-description?Name=Virus:Win32/Virut.BN>.
Norton. What personal information should you safeguard? n.d.
https://us.norton.com/internetsecurity-privacy-what-personal-
information-should-you-safeguard.html. 30 August 2019.
Tolly, Kevin. Implementing the top 6 email security best
practices for employees. 26 April 2019.
https://searchsecurity.techtarget.com/tip/Implementing-the-top-
6-email-security-best-practices-for-employees. 30 August 2019.
Workable. Employee social media policy sample. n.d.
https://resources.workable.com/social-
media-company-policy#. 30 August 2019.
INFORMATION
GOVERNANCE
Founded in 1807, John Wiley & Sons is the oldest independent
publishing company in
the United States. With offi ces in North America, Europe,
Asia, and Australia, Wiley
is globally committed to developing and marketing print and
electronic products and
6. services for our customers’ professional and personal
knowledge and understanding.
The Wiley CIO series provides information, tools, and insights
to IT executives
and managers. The products in this series cover a wide range of
topics that supply
strategic and implementation guidance on the latest technology
trends, leadership, and
emerging best practices.
Titles in the Wiley CIO series include:
The Agile Architecture Revolution: How Cloud Computing,
REST-Based SOA, and
Mobile Computing Are Changing Enterprise IT by Jason
BloombergT
Big Data, Big Analytics: Emerging Business Intelligence and
Analytic Trends for Today’s
Businesses by Michael Minelli, Michele Chambers, and Ambiga
Dhiraj
The Chief Information Offi cer’s Body of Knowledge: People,
Process, and Technology by
Dean Lane
CIO Best Practices: Enabling Strategic Value with Information
Technology (Second
Edition) by Joe Stenzel, Randy Betancourt, Gary Cokins, Alyssa
Farrell, Bill
Flemming, Michael H. Hugos, Jonathan Hujsak, and Karl
Schubert
The CIO Playbook: Strategies and Best Practices for IT Leaders
to Deliver Value by
7. Nicholas R. Colisto
Enterprise Performance Management Done Right: An Operating
System for Your
Organization by Ron Dimon
Executive’s Guide to Virtual Worlds: How Avatars Are
Transforming Your Business and
Your Brand by Lonnie Bensond
IT Leadership Manual: Roadmap to Becoming a Trusted
Business Partner by Alan R. r
Guibord
Managing Electronic Records: Methods, Best Practices, and
Technologies by Robert F. s
Smallwood
On Top of the Cloud: How CIOs Leverage New Technologies to
Drive Change and Build
Value Across the Enterprise by Hunter Muller
Straight to the Top: CIO Leadership in a Mobile, Social, and
Cloud-based World (Second
Edition) by Gregory S. Smith
Strategic IT: Best Practices for Managers and Executives by
Arthur M. Langer ands
Lyle Yorks
Transforming IT Culture: How to Use Social Intelligence,
Human Factors, and
Collaboration to Create an IT Department That Outperforms by
Frank Wanders
Unleashing the Power of IT: Bringing People, Business, and
9. retrieval system, or transmitted in any form
or by any means, electronic, mechanical, photocopying,
recording, scanning, or otherwise, except as
permitted under Section 107 or 108 of the 1976 United States
Copyright Act, without either the prior
written permission of the Publisher, or authorization through
payment of the appropriate per-copy fee
to the Copyright Clearance Center, Inc., 222 Rosewood Drive,
Danvers, MA 01923, (978) 750-8400, fax
(978) 646-8600, or on the Web at www.copyright.com. Requests
to the Publisher for permission should
be addressed to the Permissions Department, John Wiley &
Sons, Inc., 111 River Street, Hoboken, NJ
07030, (201) 748-6011, fax (201) 748-6008, or online at
http://www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: While the publisher
and author have used their best
efforts in preparing this book, they make no representations or
warranties with respect to the accuracy
or completeness of the contents of this book and specifi cally
disclaim any implied warranties of
merchantability or fi tness for a particular purpose. No
warranty may be created or extended by sales
representatives or written sales materials. The advice and
strategies contained herein may not be suitable
for your situation. You should consult with a professional
where appropriate. Neither the publisher nor
author shall be liable for any loss of profi t or any other
commercial damages, including but not limited to
special, incidental, consequential, or other damages.
For general information on our other products and services or
for technical support, please contact our
Customer Care Department within the United States at (800)
762-2974, outside the United States at (317)
10. 572-3993 or fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and
by print-on-demand. Some material included
with standard print versions of this book may not be included in
e-books or in print-on-demand. If this book
refers to media such as a CD or DVD that is not included in the
version you purchased, you may download this
material at http://booksupport.wiley.com. For more information
about Wiley products, visit www.wiley.com.
Library of Congress Cataloging-in-Publication Data:
Smallwood, Robert F., 1959-
Information governance : concepts, strategies, and best
practices / Robert F. Smallwood.
pages cm. — (Wiley CIO series)
ISBN 978-1-118-21830-3 (cloth); ISBN 978-1-118-41949-6
(ebk); ISBN 978-1-118-42101-7 (ebk)
1. Information technology—Management. 2. Management
information systems. 3. Electronic
records—Management. I. Title.
HD30.2.S617 2014
658.4’038—dc23
2013045072
Printed in the United States of America
10 9 8 7 6 5 4 3 2 1
http://www.copyright.com
http://www.wiley.com/go/permissions
http://booksupport.wiley.com
11. http://www.wiley.com
For my sons
and the next generation of tech-savvy managers
vii
CONTENTS
PREFACE xv
ACKNOWLEDGMENTS xvii
PA RT O N E — Information Governance Concepts,
Defi nitions, and Principles 1p
C H A P T E R 1 The Onslaught of Big Data and the
Information Governance
Imperative 3
Defi ning Information Governance 5
IG Is Not a Project, But an Ongoing Program 7
Why IG Is Good Business 7
Failures in Information Governance 8
Form IG Policies, Then Apply Technology for Enforcement 10
12. Notes 12
C H A P T E R 2 Information Governance, IT Governance, Data
Governance: What’s the Difference? 15
Data Governance 15
IT Governance 17
Information Governance 20
Impact of a Successful IG Program 20
Summing Up the Differences 21
Notes 22
C H A P T E R 3 Information Governance Principles 25
Accountability Is Key 27
Generally Accepted Recordkeeping Principles® 27
Contributed by Charmaine Brooks, CRM
Assessment and Improvement Roadmap 34
Who Should Determine IG Policies? 35
Notes 38
PA RT T W O — Information Governance Risk Assessment
and Strategic Planning 41g g
C H A P T E R 4 Information Risk Planning and Management
43
13. Step 1: Survey and Determine Legal and Regulatory
Applicability
and Requirements 43
viii CONTENTS
Step 2: Specify IG Requirements to Achieve Compliance 46
Step 3: Create a Risk Profi le 46
Step 4: Perform Risk Analysis and Assessment 48
Step 5: Develop an Information Risk Mitigation Plan 49
Step 6: Develop Metrics and Measure Results 50
Step 7: Execute Your Risk Mitigation Plan 50
Step 8: Audit the Information Risk Mitigation Program 51
Notes 51
C H A P T E R 5 Strategic Planning and Best Practices for
Information Governance 53
Crucial Executive Sponsor Role 54
Evolving Role of the Executive Sponsor 55
Building Your IG Team 56
Assigning IG Team Roles and Responsibilities 56
Align Your IG Plan with Organizational Strategic Plans 57
14. Survey and Evaluate External Factors 58
Formulating the IG Strategic Plan 65
Notes 69
C H A P T E R 6 Information Governance Policy Development
71
A Brief Review of Generally Accepted Recordkeeping
Principles® 71
IG Reference Model 72
Best Practices Considerations 75
Standards Considerations 76
Benefi ts and Risks of Standards 76
Key Standards Relevant to IG Efforts 77
Major National and Regional ERM Standards 81
Making Your Best Practices and Standards Selections to Inform
Your IG Framework 87
Roles and Responsibilities 88
Program Communications and Training 89
Program Controls, Monitoring, Auditing and Enforcement 89
Notes 91
15. PA RT T H R E E — Information Governance Key
Impact Areas Based on the IG Reference Model 95p
C H A P T E R 7 Business Considerations for a Successful IG
Program 97
By Barclay T. Blair
Changing Information Environment 97
CONTENTS ix
Calculating Information Costs 99
Big Data Opportunities and Challenges 100
Full Cost Accounting for Information 101
Calculating the Cost of Owning Unstructured Information 102
The Path to Information Value 105
Challenging the Culture 107
New Information Models 107
Future State: What Will the IG-Enabled Organization Look
Like? 110
Moving Forward 111
Notes 113
C H A P T E R 8 Information Governance and Legal Functions
16. 115
By Robert Smallwood with Randy Kahn, Esq., and Barry
Murphy
Introduction to e-Discovery: The Revised 2006 Federal Rules of
Civil Procedure Changed Everything 115
Big Data Impact 117
More Details on the Revised FRCP Rules 117
Landmark E-Discovery Case: Zubulake v. UBS Warburg 119
E-Discovery Techniques 119
E-Discovery Reference Model 119
The Intersection of IG and E-Discovery 122
By Barry Murphy
Building on Legal Hold Programs to Launch Defensible
Disposition 125
By Barry Murphy
Destructive Retention of E-Mail 126
Newer Technologies That Can Assist in E-Discovery 126
Defensible Disposal: The Only Real Way To Manage Terabytes
and Petabytes 130
By Randy Kahn, Esq.
Retention Policies and Schedules 137
By Robert Smallwood, edited by Paula Lederman, MLS
17. Notes 144
C H A P T E R 9 Information Governance and Records and
Information Management Functions 147
Records Management Business Rationale 149
Why Is Records Management So Challenging? 150
Benefi ts of Electronic Records Management 152
Additional Intangible Benefi ts 153
Inventorying E-Records 154
Generally Accepted Recordkeeping Principles® 155
E-Records Inventory Challenges 155
x CONTENTS
Records Inventory Purposes 156
Records Inventorying Steps 157
Ensuring Adoption and Compliance of RM Policy 168
General Principles of a Retention Scheduling 169
Developing a Records Retention Schedule 170
Why Are Retention Schedules Needed? 171
What Records Do You Have to Schedule? Inventory and Classifi
18. cation 173
Rationale for Records Groupings 174
Records Series Identifi cation and Classifi cation 174
Retention of E-Mail Records 175
How Long Should You Keep Old E-Mails? 176
Destructive Retention of E-Mail 177
Legal Requirements and Compliance Research 178
Event-Based Retention Scheduling for Disposition of E-Records
179
Prerequisites for Event-Based Disposition 180
Final Disposition and Closure Criteria 181
Retaining Transitory Records 182
Implementation of the Retention Schedule and Disposal of
Records 182
Ongoing Maintenance of the Retention Schedule 183
Audit to Manage Compliance with the Retention Schedule 183
Notes 186
C H A P T E R 10 Information Governance and Information
Technology Functions 189
Data Governance 191
19. Steps to Governing Data Effectively 192
Data Governance Framework 193
Information Management 194
IT Governance 196
IG Best Practices for Database Security and Compliance 202
Tying It All Together 204
Notes 205
C H A P T E R 11 Information Governance and Privacy and
Security Functions 207
Cyberattacks Proliferate 207
Insider Threat: Malicious or Not 208
Privacy Laws 210
Defense in Depth 212
Controlling Access Using Identity Access Management 212
Enforcing IG: Protect Files with Rules and Permissions 213
CONTENTS xi
Challenge of Securing Confi dential E-Documents 213
20. Apply Better Technology for Better Enforcement in the
Extended Enterprise 215
E-Mail Encryption 217
Secure Communications Using Record-Free E-Mail 217
Digital Signatures 218
Document Encryption 219
Data Loss Prevention (DLP) Technology 220
Missing Piece: Information Rights Management (IRM) 222
Embedded Protection 226
Hybrid Approach: Combining DLP and IRM Technologies 227
Securing Trade Secrets after Layoffs and Terminations 228
Persistently Protecting Blueprints and CAD Documents 228
Securing Internal Price Lists 229
Approaches for Securing Data Once It Leaves the Organization
230
Document Labeling 231
Document Analytics 232
Confi dential Stream Messaging 233
Notes 236
21. PA RT F O U R — Information Governance for
Delivery Platforms 239y
C H A P T E R 12 Information Governance for E-Mail and
Instant Messaging 241
Employees Regularly Expose Organizations to E-Mail Risk 242
E-Mail Polices Should Be Realistic and Technology Agnostic
243
E-Record Retention: Fundamentally a Legal Issue 243
Preserve E-Mail Integrity and Admissibility with Automatic
Archiving 244
Instant Messaging 247
Best Practices for Business IM Use 247
Technology to Monitor IM 249
Tips for Safer IM 249
Notes 251
C H A P T E R 13 Information Governance for Social Media
253
By Patricia Franks, Ph.D, CRM, and Robert Smallwood
Types of Social Media in Web 2.0 253
Additional Social Media Categories 255
Social Media in the Enterprise 256
22. Key Ways Social Media Is Different from E-Mail and Instant
Messaging 257
Biggest Risks of Social Media 257
Legal Risks of Social Media Posts 259
xii CONTENTS
Tools to Archive Social Media 261
IG Considerations for Social Media 262
Key Social Media Policy Guidelines 263
Records Management and Litigation Considerations for Social
Media 264
Emerging Best Practices for Managing Social Media Records
267
Notes 269
C H A P T E R 14 Information Governance for Mobile Devices
271
Current Trends in Mobile Computing 273
Security Risks of Mobile Computing 274
Securing Mobile Data 274
Mobile Device Management 275
23. IG for Mobile Computing 276
Building Security into Mobile Applications 277
Best Practices to Secure Mobile Applications 280
Developing Mobile Device Policies 281
Notes 283
C H A P T E R 15 Information Governance for Cloud
Computing 285
By Monica Crocker CRM, PMP, CIP, and Robert Smallwood
Defi ning Cloud Computing 286
Key Characteristics of Cloud Computing 287
What Cloud Computing Really Means 288
Cloud Deployment Models 289
Security Threats with Cloud Computing 290
Benefi ts of the Cloud 298
Managing Documents and Records in the Cloud 299
IG Guidelines for Cloud Computing
Solution
24. s 300
Notes 301
C H A P T E R 16 SharePoint Information Governance 303
By Monica Crocker, CRM, PMP, CIP, edited by Robert
Smallwood
Process Change, People Change 304
Where to Begin the Planning Process 306
Policy Considerations 310
Roles and Responsibilities 311
Establish Processes 312
Training Plan 313
Communication Plan 313
Note 314
25. CONTENTS xiii
PA RT F I V E — Long-Term Program Issues 315g g
C H A P T E R 17 Long-Term Digital Preservation 317
By Charles M. Dollar and Lori J. Ashley
Defi ning Long-Term Digital Preservation 317
Key Factors in Long-Term Digital Preservation 318
Threats to Preserving Records 320
Digital Preservation Standards 321
PREMIS Preservation Metadata Standard 328
Recommended Open Standard Technology-Neutral Formats 329
Digital Preservation Requirements 333
Long-Term Digital Preservation Capability Maturity Model®
26. 334
Scope of the Capability Maturity Model 336
Digital Preservation Capability Performance Metrics 341
Digital Preservation Strategies and Techniques 341
Evolving Marketplace 344
Looking Forward 344
Notes 346
C H A P T E R 18 Maintaining an Information Governance
Program
and Culture of Compliance 349
Monitoring and Accountability 349
Staffi ng Continuity Plan 350
Continuous Process Improvement 351
Why Continuous Improvement Is Needed 351
27. Notes 353
A P P E N D I X A Information Organization and Classifi
cation:
Taxonomies and Metadata 355
By Barb Blackburn, CRM, with Robert Smallwood; edited by
Seth Earley
Importance of Navigation and Classifi cation 357
When Is a New Taxonomy Needed? 358
Taxonomies Improve Search Results 358
Metadata and Taxonomy 359
Metadata Governance, Standards, and Strategies 360
Types of Metadata 362
Core Metadata Issues 363
International Metadata Standards and Guidance 364
28. Records Grouping Rationale 368
Business Classifi cation Scheme, File Plans, and Taxonomy 368
Classifi cation and Taxonomy 369
xiv CONTENTS
Prebuilt versus Custom Taxonomies 370
Thesaurus Use in Taxonomies 371
Taxonomy Types 371
Business Process Analysis 377
Taxonomy Testing: A Necessary Step 379
Taxonomy Maintenance 380
Social Tagging and Folksonomies 381
29. Notes 383
A P P E N D I X B Laws and Major Regulations Related to
Records Management 385
United States 385
Canada 387
By Ken Chasse, J.D., LL.M.
United Kingdom 389
Australia 391
Notes 394
A P P E N D I X C Laws and Major Regulations
Related to Privacy 397
United States 397
Major Privacy Laws Worldwide, by Country 398
Notes 400
30. GLOSSARY 401
ABOUT THE AUTHOR 417
ABOUT THE MAJOR CONTRIBUTORS 419
INDEX 421
xv
PREFACE
I
nformation governance (IG) has emerged as a key concern for
business executives
and managers in today’s environment of Big Data, increasing
information risks, co-
lossal leaks, and greater compliance and legal demands. But few
seem to have a clear
understanding of what IG is; that is, how you defi ne what it is
and is not, and how to
implement it. This book clarifi es and codifi es these defi
31. nitions and provides key in-
sights as to how to implement and gain value from IG programs.
Based on exhaustive
research, and with the contributions of a number of industry
pioneers and experts, this
book lays out IG as a complete discipline in and of itself for the
fi rst time.
IG is a super-discipline that includes components of several
key fi elds: law, records
management, information technology (IT), risk management,
privacy and security,
and business operations. This unique blend calls for a new breed
of information pro-
fessional who is competent across these established and quite
complex fi elds. Training
and education are key to IG success, and this book provides the
essential underpinning
for organizations to train a new generation of IG professionals.
Those who are practicing professionals in the component fi
elds of IG will fi nd
the book useful in expanding their knowledge from traditional fi
elds to the emerging
tenets of IG. Attorneys, records and compliance managers, risk
32. managers, IT manag-
ers, and security and privacy professionals will fi nd this book a
particularly valuable
resource.
The book strives to offer clear IG concepts, actionable
strategies, and proven best
practices in an understandable and digestible way; a concerted
effort was made to
simplify language and to offer examples. There are summaries
of key points through-
out and at the end of each chapter to help the reader retain
major points. The text
is organized into fi ve parts: (1) Information Governance
Concepts, Defi nitions, and
Principles; (2) IG Risk Assessment and Strategic Planning; (3)
IG Key Impact Areas;
(4) IG for Delivery Platforms; and (5) Long-Term Program
Issues. Also included are
appendices with detailed information on taxonomy and metadata
design and on re-
cords management and privacy legislation.
One thing that is sure is that the complex fi eld of IG is
evolving. It will continue
33. to change and solidify. But help is here: No other book offers
the kind of compre-
hensive coverage of IG contained within these pages.
Leveraging the critical advice
provided here will smooth your path to understanding and
implementing successful
IG programs.
Robert F. Smallwood
xvii
ACKNOWLEDGMENTS
I
would like to sincerely thank my colleagues for their support
and generous contribu-
tion of their expertise and time, which made this pioneering text
possible.
34. Many thanks to Lori Ashley, Barb Blackburn, Barclay Blair,
Charmaine Brooks,
Ken Chasse, Monica Crocker, Charles M. Dollar, Seth Earley,
Dr. Patricia Franks,
Randy Kahn, Paula Lederman, and Barry Murphy.
I am truly honored to include their work and owe them a great
debt of gratitude.
PA RT O N E
Information
Governance
Concepts,
Defi nitions, and
Principles
3
35. The Onslaught
of Big Data and
the Information
Governance Imperative
C H A P T E R 1
T
he value of information in business is rising, and business
leaders are more and
more viewing the ability to govern, manage, and harvest
information as critical
to success. Raw data is now being increasingly viewed as an
asset that can be
leveraged, just like fi nancial or human capital.1 Some have
called this new age of “Big
Data” the “industrial revolution of data.”
According to the research group Gartner, Inc., Big Data is defi
ned as “high-volume,
high-velocity and high-variety information assets that demand
cost-effective, inno-
vative forms of information processing for enhanced insight and
36. decision making.” 2
A practical defi nition should also include the idea that the
amount of data—both struc-
tured (in databases) and unstructured (e.g., e-mail, scanned
documents) is so mas-
sive that it cannot be processed using today’s database tools and
analytic software
techniques. 3
In today’s information overload era of Big Data—characterized
by massive growth
in business data volumes and velocity—the ability to distill key
insights from enor-
mous amounts of data is a major business differentiator and
source of sustainable com-
petitive advantage. In fact, a recent report by the World
Economic Forum stated that
data is a new asset class and personal data is “the new oil.” 4
And we are generating more
than we can manage effectively with current methods and tools.
The Big Data numbers are overwhelming: Estimates and
projections vary, but it
has been stated that 90 percent of the data existing worldwide
today was created in the
37. last two years 5 and that every two days more information is
generated than was from
the dawn of civilization until 2003. 6 This trend will
continue: The global market for
Big Data technology and services is projected to grow at a
compound annual rate of
27 percent through 2017, about six times faster than the general
information and com-
munications technology (ICT) market. 7
Many more comparisons and statistics are available, and all
demonstrate the
incredible and continued growth of data.
Certainly, there are new and emerging opportunities arising
from the accu-
mulation and analysis of all that data we are busy generating
and collecting. New
enterprises are springing up to capitalize on data mining and
business intelligence
opportunities. The U.S. federal government joined in,
announcing $200 million in
Big Data research programs in 2012.8
38. 4 INFORMATION GOVERNANCE
Big Data values massive accumulation of data, whereas in
business, e-discovery
realities and potential legal liabilities dictate that data be culled
to only that
which has clear business value.
But established organizations, especially larger ones, are being
crushed by this
onslaught of Big Data: It is just too expensive to keep all the
information that is being
generated, and unneeded information is a sort of irrelevant
sludge for decision makers
to wade through. They have diffi culty knowing which
information is an accurate and
meaningful “wheat” and which is simply irrelevant “chaff.”
This means they do not
have the precise information they need to base good business
decisions upon.
And all that Big Data piling up has real costs: The burden of
massive stores of
information has increased storage management costs
39. dramatically, caused overloaded
systems to fail, and increased legal discovery costs. 9 Further,
the longer that data is
kept, the more likely that it will need to be migrated to newer
computing platforms,
driving up conversion costs; and legally, there is the risk that
somewhere in that
mountain of data an organization stores is a piece of
information that represents a
signifi cant legal liability.10
This is where the worlds of Big Data and business collide . For
Big Data proponents,
more data is always better, and there is no perceived downside
to accumulation of mas-
sive amounts of data. In the business world, though, the
realities of legal e-discovery
mean the opposite is true. 11 To reduce risk, liability, and
costs, it is critical for unneeded
information to be disposed of in a systematic, methodical, and
“legally defensible” (jus-
tifi able in legal proceedings) way, when it no longer has legal,
regulatory, or business
value. And there also is the high-value benefi t of basing
decisions on better, cleaner
40. data, which can come about only through rigid, enforced
information governance
(IG) policies that reduce information glut.
Organizations are struggling to reduce and right-size their
information footprint
by discarding superfl uous and redundant data, e-documents,
and information. But the
critical issue is devising policies, methods, and processes and
then deploying information technol-
ogy (IT) to sort through which information is valuable and
which no longer has business value
and can be discarded.
IT, IG, risk, compliance, and legal representatives in
organizations have a clear
sense that most of the information stored is unneeded, raises
costs, and poses risks.
According to a survey taken at a recent Compliance,
Governance and Oversight
Counsel summit, respondents estimated that approximately 25
percent of information
stored in organizations has real business value, while 5 percent
must be kept as busi-
ness records and about 1 percent is retained due to a litigation
41. hold. “This means that
The onslaught of Big Data necessitates that information
governance (IG) be
implemented to discard unneeded data in a legally defensible
way.
THE ONSLAUGHT OF BIG DATA AND THE INFORMATION
GOVERNANCE IMPERATIVE 5
[about] 69 percent of information in most companies has no
business, legal, or regulatory value.
Companies that are able to dispose of this data debris return
more profi t to sharehold-
ers, can leverage more of their IT budgets for strategic
investments, and can avoid
excess expense in legal and regulatory response” (emphasis
added). 12
With a smaller information footprint , organizations can more
easily fi nd what they tt
need and derive business value from it.13 They must eliminate
the data debris regularly
42. and consistently, and to do this, processes and systems must be
in place to cull valuable
information and discard the data debris daily. An IG program
sets the framework to
accomplish this.
The business environment has also underscored the need for
IG. According to
Ted Friedman at Gartner, “The recent global fi nancial crisis
has put information gov-
ernance in the spotlight. . . . [It] is a priority of IT and business
leaders as a result of
various pressures, including regulatory compliance mandates
and the urgent need for
improved decision-making.” 14
And IG mastery is critical for executives: Gartner predicts that
by 2016, one in fi ve chief
information offi cers in regulated industries will be fi red from
their jobs for failed IG initiatives. s 15
Defi ning Information Governance
IG is a sort of super discipline that has emerged as a result of
new and tightened legislation
43. governing businesses, external threats such as hacking and data
breaches, and the recog-
nition that multiple overlapping disciplines were needed to
address today’s information
management challenges in an increasingly regulated and
litigated business environment.16
IG is a subset of corporate governance, and includes key
concepts from re-
cords management, content management, IT and data
governance, information se-
curity, data privacy, risk management, litigation readiness,
regulatory compliance,
long-term digital preservation , and even business intelligence.
This also means
that it includes related technology and discipline subcategories,
such as document
management, enterprise search, knowledge management, and
business continuity/
disaster recovery.
Only about one quarter of information organizations are
managing has real
business value.
44. With a smaller information footprint, it is easier for
organizations to fi nd the
information they need and derive business value from it.
IG is a subset of corporate governance.
6 INFORMATION GOVERNANCE
IG is a sort of superdiscipline that encompasses a variety
of key concepts from
a variety of related disciplines.
Practicing good IG is the essential foundation for building
legally defensible
disposition practices to discard unneeded information and to
secure confi dential in-
formation, which may include trade secrets, strategic plans,
price lists, blueprints, or
personally identifi able information (PII) subject to privacy
laws; it provides the basis
for consistent, reliable methods for managing data, e-
documents, and records.
45. Having trusted and reliable records, reports, data, and databases
enables managers
to make key decisions with confi dence.17 And accessing that
information and business
intelligence in a timely fashion can yield a long-term
sustainable competitive advan-
tage, creating more agile enterprises.
To do this, organizations must standardize and systematize
their handling of in-
formation. They must analyze and optimize how information is
accessed, controlled,
managed, shared, stored, preserved, and audited. They must
have complete, current,
and relevant policies, processes, and technologies to manage
and control information,
including who is able to access what information , and when,
to meet external legal
and regulatory demands and internal governance policy
requirements. In short, IG is
about information control and compliance.
IG is a subset of corporate governance, which has been around
as long as corpora-
tions have existed. IG is a rather new multidisciplinary fi eld
46. that is still being defi ned,
but has gained traction increasingly over the past decade. The
focus on IG comes not
only from compliance, legal, and records management
functionaries but also from ex-
ecutives who understand they are accountable for the
governance of information and
that theft or erosion of information assets has real costs and
consequences.
“Information governance” is an all-encompassing term for how
an organization
manages the totality of its information.
According to the Association of Records Managers and
Administrators
(ARMA), IG is “a strategic framework composed of standards,
processes, roles, and
metrics that hold organizations and individuals accountable to
create, organize, secure,
maintain, use, and dispose of information in ways that align
with and contribute to the
organization’s goals.”18
IG includes the set of policies, processes, and controls to
47. manage information in compliance
with external regulatory requirements and internal governance
frameworks . Specifi c policiess
apply to specifi c data and document types, records series, and
other business informa-
tion, such as e-mail and reports.
Stated differently, IG is “a quality-control discipline for
managing, using, improv-
ing, and protecting information.” 19
Practicing good IG is the essential foundation for building
legally defensible
disposition practices to discard unneeded information.
THE ONSLAUGHT OF BIG DATA AND THE INFORMATION
GOVERNANCE IMPERATIVE 7
IG is “a strategic framework composed of standards,
processes, roles, and
metrics, that hold organizations and individuals accountable to
create, orga-
nize, secure, maintain, use, and dispose of information in ways
48. that align with
and contribute to the organization’s goals.” 20
Fleshing out the defi nition further: “Information governance is
policy-based man-
agement of information designed to lower costs, reduce risk,
and ensure compliance
with legal, regulatory standards, and/or corporate
governance.”21 IG necessarily in-
corporates not just policies but information technologies to
audit and enforce those
policies. The IG team must be cognizant of information
lifecycle issues and be able
to apply the proper retention and disposition policies, including
digital preservation
where records need to be maintained for long periods.
IG Is Not a Project, But an Ongoing Program
IG is an ongoing program , not a one-time project. IG provides
an umbrella to manage
and control information output and communications. Since
technologies change so
quickly, it is necessary to have overarching policies that can
manage the various IT
49. platforms that an organization may use.
Compare it to a workplace safety program; every time a new
location, team member,
piece of equipment, or toxic substance is acquired by the
organization, the workplace
safety program should dictate how that is handled. If it does
not, the workplace safety
policies/procedures/training that are part of the workplace
safety program need to be
updated. Regular reviews are conducted to ensure the program
is being followed and ad-
justments are made based on the fi ndings. The effort never
ends. s 22 The same is true for IG.
IG is not only a tactical program to meet regulatory,
compliance, and litigation
demands. It can be strategic , in that it is the necessary
underpinning for developing a c
management strategy that maximizes knowledge worker
productivity while minimiz-
ing risk and costs.
Why IG Is Good Business
50. IG is a tough sell. It can be diffi cult to make the business case
for IG, unless there has been
some major compliance sanction, fi ne, legal loss, or colossal
data breach. In fact, the largest
IG is how an organization maintains security, complies
with regulations, and
meets ethical standards when managing information.
IG is a multidisciplinary program that requires an ongoing
effort.
8 INFORMATION GOVERNANCE
impediment to IG adoption is simply identifying its benefi ts
and costs, according to the Economist
Intelligence Unit. Sure, the enterprise needs better control over
its information, but how
much better? At what cost? What is the payback period and the
return on investment? 23
It is challenging to make the business case for IG, yet making
that case is funda-
51. mental to getting IG efforts off the ground.
Here are eight reasons why IG makes good business sense, from
IG thought
leader Barclay Blair:
1. We can’t keep everything forever. IG makes sense
because it enables organiza-
tions to get rid of unnecessary information in a defensible
manner. Organi-
zations need a sensible way to dispose of information in order
to reduce the
cost and complexity of the IT environment. Having unnecessary
informa-
tion around only makes it more diffi cult and expensive to
harness informa-
tion that has value.
2. We can’t throw everything away. IG makes sense because
organizations can’t
keep everything forever, nor can they throw everything away.
We need
information—the right information, in the right place, at the
right time.
Only IG provides the framework to make good decisions about
52. what infor-
mation to keep.
3. E-discovery. IG makes sense because it reduces the cost
and pain of discov-
ery. Proactively managing information reduces the volume of
information
exposed to e-discovery and simplifi es the task of fi nding and
producing
responsive information.
4. Your employees are screaming for it—just listen. IG
makes sense because it
helps knowledge workers separate “signal” from “noise” in their
informa-
tion fl ows. By helping organizations focus on the most valuable
informa-
tion, IG improves information delivery and improves
productivity.
5. It ain’t gonna get any easier. IG makes sense because
it is a proven way for
organizations to respond to new laws and technologies that
create new re-
quirements and challenges. The problem of IG will not get
53. easier over
time, so organizations should get started now.
6. The courts will come looking for IG. IG makes sense
because courts and regu-
lators will closely examine your IG program. Falling short can
lead to fi nes,
sanctions, loss of cases, and other outcomes that have negative
business and
fi nancial consequences.
7. Manage risk: IG is a big one. Organizations need to do
a better job of identi-
fying and managing risk. The risk of information management
failures is a
critical risk that IG helps to mitigate.
8. E-mail: Reason enough. IG makes sense because it helps
organizations take con-
trol of e-mail. Solving e-mail should be a top priority for every
organization. 24
Failures in Information Governance
The failure to implement and enforce IG can lead to
54. vulnerabilities that can have dire
consequences. The theft of confi dential U.S. National Security
Agency documents
THE ONSLAUGHT OF BIG DATA AND THE INFORMATION
GOVERNANCE IMPERATIVE 9
by Edward Snowden in 2013 could have been prevented by
properly enforced IG.
Also, Ford Motor Company is reported to have suffered a loss
estimated at $50 to
$100 million as a result of the theft of confi dential documents
by one of its own em-
ployees. A former product engineer who had access to
thousands of trade secret docu-
ments and designs sold them to a competing Chinese car
manufacturer. A strong IG
program would have controlled and tracked access and
prevented the theft while pro-
tecting valuable intellectual property. 25
Law enforcement agencies have also suffered from poor IG. In
a rather frivolous
55. case in 2013 that highlighted the lack of policy enforcement for
the mobile environ-
ment, it was reported that U.S. agents from the Federal Bureau
of Investigation used
government-issued mobile phones to send explicit text messages
and nude photographs
to coworkers. The incidents did not have a serious impact but
did compromise the
agency and its integrity, and “adversely affected the daily
activities of several squads.” 26
Proper mobile communications policies were obviously not
developed and enforced.
IG is also about information security and privacy, and serious
thought must be
given when creating policies to safeguard personal, classifi ed
or confi dential informa-
tion. Schemes to compromise or steal information can be quite
deceptive and devious,
masked by standard operating procedures—if proper IG controls
and monitoring are
not in place. To wit: Granting remote access to confi dential
information assets for
key personnel is common. Granting medical leave is also
common. But a deceptive
56. and dishonest employee could feign a medical leave while
downloading volumes of
confi dential information assets for a competitor—and that is
exactly what happened at
Accenture, a global consulting fi rm. During a fraudulent
medical leave, an employee
was allowed access to Accenture’s Knowledge Exchange (KX),
a detailed knowledge
base containing previous proposals, expert reports, cost-
estimating guidelines, and
case studies. This activity could have been prevented by
monitoring and analytics that
would have shown an inordinate amount of downloads—
especially for an “ailing” em-
ployee. The employee then went to work for a direct competitor
and continued to
download the confi dential information from Accenture,
estimated to be as many as
1,000 critical documents. While the online access to KX was
secure, the use of the
electronic documents could have been restricted even after the
documents were down-r
loaded, if IG measures were in place and newer technologies
(such as information
rights management [IRM] software) were deployed to secure
57. them directly and main-
tain that security remotely. With IRM, software security
protections can be employed
to seal the e-documents and control their use—even after they
leave the organization.
More details on IRM technology and its capabilities is presented
later in this book.
Other recent high-profi le data and document leakage cases
revealing information
security weaknesses that could have been prevented by a robust
IG program include:
■ Huawei Technologies, the largest networking and mobile
communications
company in China, was sued by U.S.-based Motorola for
allegedly conspiring
to steal trade secrets through former Motorola employees.
Ford’s loss from stolen documents in a single case of
intellectual property (IP)
theft was estimated at $50 to $100 million.
58. 10 INFORMATION GOVERNANCE
■ MI6, the U.K. equivalent of the U.S. Central Intelligence
Agency, learned that
one of its agents in military intelligence attempted to sell confi
dential docu-
ments to the intelligence services of the Netherlands for £2
million GBP
($3 million USD).
And breaches of personal information revealing failures in
privacy protection
abound; here are just a few:
■ Health information of 1,600 cardiology patients at Texas
Children’s Hospital
was compromised when a doctor’s laptop was stolen. The
information includ-
ed personal and demographic information about the patients,
including their
names, dates of birth, diagnoses, and treatment histories. 27
■ U.K. medics lost the personal records of nearly 12,000
National Health Service
patients in just eight months. Also, a hospital worker was
59. suspended after it was
discovered he had sent a fi le containing pay-slip details for
every member of
staff to his home e-mail account. 28
■ Personal information about more than 600 patients of the
Fraser Health
Authority in British Columbia, Canada, was stored on a laptop
stolen from
Burnaby General Hospital.
■ In December 2013, Target stores in the U.S. reported that
as many as 110 million
customer records had been breached in a massive attack that
lasted weeks.
The list of breaches and IG failures could go on and on, more
than fi lling the
pages of this book. It is clear that it is occurring and that it will
continue. IG controls to
safeguard confi dential information assets and protect privacy
cannot rely solely on the trustwor-
thiness of employees and basic security measures. Up-to-date
IG policies and enforcement
efforts and newer technology sets are needed, with active,
60. consistent monitoring and
program adjustments to continue to improve.
Executives and senior managers can no longer avoid the issue,
as it is abundantly
clear that the threat is real and the costs of taking such
avoidable risks can be high. A
single security breach is an IG failure and can cost the entire
business. According to
Debra Logan of Gartner, “When organizations suffer high-profi
le data losses, espe-
cially involving violations of the privacy of citizens or
consumers, they suffer serious
reputational damage and often incur fi nes or other sanctions. IT
leaders will have to
take at least part of the blame for these incidents.” 29
Form IG Policies, Then Apply Technology for Enforcement
Typically, some policies governing the use and control of
information and records
may have been established for fi nancial and compliance
reports, and perhaps e-mail,
but they are often incomplete and out-of-date and have not been
adjusted for changes
61. in the business environment, such as new technology platforms
(e.g., Web 2.0, social
IG controls to safeguard confi dential information assets
and protect privacy can-
not rely solely on the trustworthiness of employees and basic
security measures.
THE ONSLAUGHT OF BIG DATA AND THE INFORMATION
GOVERNANCE IMPERATIVE 11
media), changing laws (e.g., U.S. Federal Rules of Civil
Procedure 2006 changes), and
additional regulations.
Further adding to the challenge is the rapid proliferation of
mobile devices like
tablets, phablets, and smartphones used in business—
information can be more easily
lost or stolen—so IG efforts must be made to preserve and
protect the enterprise’s
information assets.
62. Proper IG requires that policies are fl exible enough not to
hinder the proper fl ow
of information in the heat of the business battle yet strict
enough to control and audit
for misuse, policy violations, or security breaches. This is a
continuous iterative policy-
making process that must be monitored and fi ne-tuned. Even
with the absolute best
efforts, some policies will miss the mark and need to be
reviewed and adjusted.
Getting started with IG awareness is the crucial fi rst step. It
may have popped up on an
executive’s radar at one point or another and an effort might
have been made, but many
organizations leave these policies on the shelf and do not revise
them on a regular basis.
IG is the necessary underpinning for a legally defensible
disposition program that
discards data debris and helps narrow the search for meaningful
information on which
to base business decisions. IG is also necessary to protect and
preserve critical infor-
mation assets. An IG strategy should aim to minimize exposure
63. to risk, at a reasonable
cost level, while maximizing productivity and improving the
quality of information
delivered to knowledge users.
But a reactive, tactical project approach is not the way to go
about it—haphazardly t
swatting at technological, legal, and regulatory fl ies. A
proactive, strategic program,
with a clear, accountable sponsor, an ongoing plan, and regular
review process, is the
only way to continuously adjust IG policies to keep them
current so that they best
serve the organization’s needs.
Some organizations have created formal governance bodies to
establish strat-
egies, policies, and procedures surrounding the distribution of
information inside
and outside the enterprise. These governance bodies, steering
committees, or teams
should include members from many different functional areas,
since proper IG ne-
cessitates input from a variety of stakeholders. Representatives
from IT, records man-
64. agement, corporate or agency archiving, risk management,
compliance, operations,
human resources, security, legal, fi nance, and perhaps
knowledge management are
typically a part of IG teams. Often these efforts are jump-started
and organized by
an executive sponsor who utilizes third-party consulting
resources that specialize in
IG efforts, especially considering the newness of IG and its
emerging best practices.
So in this era of ever-growing Big Data, leveraging IG policies
to focus on re-
taining the information that has real business value, while
discarding the majority of
information that has no value and carries associated increased
costs and risks, is criti-
cal to success for modern enterprises. This must be
accomplished in a systematic,
consistent, and legally defensible manner by implementing a
formal IG program.
Other crucial elements of an IG program are the steps taken to
secure confi dential
information by enforcing and monitoring policies using the
appropriate information
65. technologies.
Getting started with IG awareness is the crucial fi rst step.
12 INFORMATION GOVERNANCE
CHAPTER SUMMARY: KEY POINTS
■ The onslaught of Big Data necessitates that IG be
implemented to discard
unneeded data in a legally defensible way.
■ Big Data values massive accumulation of data, whereas in
business, e-discovery
realities and potential legal liabilities dictate that data be culled
to only that
which has clear business value.
■ Only about one quarter of the information organizations are
managing has
real business value.
■ With a smaller information footprint, it is easier for
66. organizations to fi nd the
information they need and derive business value from it.
■ IG is a subset of corporate governance and encompasses the
policies and
leveraged technologies meant to manage what corporate
information is re-
tained, where, and for how long, and also how it is retained.
■ IG is a sort of super discipline that encompasses a variety
of key concepts
from a variety of related and overlapping disciplines.
■ Practicing good IG is the essential foundation for building
legally defensible
disposition practices to discard unneeded information.
■ According to ARMA, IG is “a strategic framework
composed of standards,
processes, roles, and metrics that hold organizations and
individuals account-
able to create, organize, secure, maintain, use, and dispose of
information in
ways that align with and contribute to the organization’s goals.”
30
67. ■ IG is how an organization maintains security, complies with
regulations and
laws, and meets ethical standards when managing information.
■ IG is a multidisciplinary program that requires an ongoing
effort and active
participation of a broad cross-section of functional groups and
stakeholders.
■ IG controls to safeguard confi dential information assets
and protect privacy
cannot rely solely on the trustworthiness of employees and basic
security
measures.
■ Getting started with IG awareness is the crucial fi rst step.
Notes
1. The Economist, “Data, Data Everywhere,” February 25,
2010, www.economist.com/node/15557443
2. Gartner, Inc., “IT Glossary: Big Data,”
www.gartner.com/it-glossary/big-data/ (accessed April 15,
2013).
68. 3. Webopedia, “Big Data,”
www.webopedia.com/TERM/B/big_data.html (accessed April
15, 2013).
http://www.economist.com/node/15557443
http://www.gartner.com/it-glossary/big-data/
http://www.webopedia.com/TERM/B/big_data.html
THE ONSLAUGHT OF BIG DATA AND THE INFORMATION
GOVERNANCE IMPERATIVE 13
4. World Economic Forum, “Personal Data:The Emergence of
a New Asset Class”(January 2011), http://
www3.weforum.org/docs/WEF_ITTC_PersonalDataNewAsset_R
eport_2011.pdf
5. Deidra Paknad, “Defensible Disposal: You Can’t Keep All
Your Data Forever,” July 17, 2012, www
.forbes.com/sites/ciocentral/2012/07/17/defensible-disposal-
you-cant-keep-all-your-data-forever/
6. Susan Karlin, “Earth’s Nervous System: Looking at
Humanity Through Big Data,” www.fastcocreate
.com/1681986/earth-s-nervous-system-looking-at-humanity-
69. through-big-data#1(accessed March 5,
2013).
7. IDC Press Release, December 18, ,2013,
http://www.idc.com/getdoc.jsp?containerId=prUS24542113
New IDC Worldwide Big Data Technology and Services
Forecast Shows Market Expected to Grow to
$32.4 Billion in 2017
8. Steve Lohr, “How Big Data Became So Big,” New York
Times, August 11, 2012, www.nytimes.
com/2012/08/12/business/how-big-data-became-so-big-
unboxed.html?_r=2&smid=tw-share&
9. Kahn Consulting, “Information Governance Brief,”
sponsored by IBM, www.delve.us/downloads/
Brief-Defensible-Disposal.pdf (accessed March 4, 2013).
10. Barclay T. Blair, “Girding for Battle,” Law Technology
News, October 1, 2012, www.law.com/jsp/lawtech-
nologynews/PubArticleLTN.jsp?id=1202572459732&thepage=1
11. Ibid.
12. Paknad, “Defensible Disposal.”
13. Randolph A. Kahn,
70. https://twitter.com/InfoParkingLot/status/273791612172259329,
November 28, 2012.
14. Gartner Press Release, “Gartner Says Master Data
Management Is Critical to Achieving Effective
Information Governance,”
www.gartner.com/newsroom/id/1898914, January 19, 2012
15. Ibid.
16. Monica Crocker, e-mail to author, June 21, 2012.
17. Economist Intelligence Unit, “The Future of Information
Governance,” www.emc.com/leadership/
business-view/future-information-governance.htm (accessed
November 14, 2013).
18. ARMA International, Glossary of Records and Information
Management Terms , 4th ed., 2012, TR 22–2012.s
19. Arvind Krishna, “Three Steps to Trusting Your Data in
2011,” IT Business Edge , posted March 9, 2011,
www.itbusinessedge.com/guest-opinions/three-steps-trusting-
your-data-2011 . (accessed November
14, 2013).
20. ARMA International, Glossary of Records and Information
Management Terms , 4th ed., 2012, TR 22–2012.s
71. 21. Laura DuBoisand Vivian Tero, “Practical Information
Governance: Balancing Cost, Risk, and Pro-
ductivity,” IDC White Paper (August 2010),
www.emc.com/collateral/analyst-reports/idc-practical-
information-governance-ar.pdf
22. Monica Crocker, e-mail to author, June 21, 2012.
23. Barclay T. Blair, Making the Case for Information
Governance: Ten Reasons IG Makes Sense , ViaLumina
Ltd, 2010. Online at http://barclaytblair.com/making-the-case-
for-ig-ebook/ (accessed November 14,
2013).
24. Barclay T. Blair, “8 Reasons Why Information Governance
(IG) Makes Sense,” June 29, 2009, www.
digitallandfi ll.org/2009/06/8-reasons-why-information-
governance-ig-makes-sense.html
25. Peter Abatan, “Corporate and Industrial Espionage to Rise
in 2011,” Enterprise Digital Rights Man-
agement,
http://enterprisedrm.tumblr.com/post/2742811887/corporate-
espionage-to-rise-in-2011 .
72. (accessed November 14, 2013).
26. BBC News, “FBI Staff Disciplined for Sex Texts and Nude
Pictures,” February 22, 2013, www.bbc.
co.uk/news/world-us-canada-21546135
27. Todd Ackerman, “Laptop Theft Puts Texas Children’s
Patient Info at Risk,” Houston Chronicle , July 30, 2009, e
www.chron.com/news/houston-texas/article/Laptop-theft-puts-
Texas-Children-s-patient-info-1589473.
php . (accessed March 2, 2012).
28. Jonny Greatrex, “Bungling West Midlands Medics Lose
12,000 Private Patient Records,” Sunday Mer-
cury, September 5, 2010,
www.sundaymercury.net/news/sundaymercuryexclusives/2010/0
9/05/bun-
gling-west-midlands-medics-lose-12–000-private-patient-
records-66331–27203177/ (accessed March
2, 2012).
29. Gartner Press Release, “Gartner Says Master Data
Management Is Critical to Achieving Effective
Information Governance.”
73. 30. ARMA International, Glossary of Records and Information
Management Terms. s
http://www3.weforum.org/docs/WEF_ITTC_PersonalDataNewA
sset_Report_2011.pdf
http://www3.weforum.org/docs/WEF_ITTC_PersonalDataNewA
sset_Report_2011.pdf
http://www.fastcocreate.com/1681986/earth-s-nervous-system-
looking-at-humanity-through-big-data#1
http://www.idc.com/getdoc.jsp?containerId=prUS24542113
http://www.nytimes.com/2012/08/12/business/how-big-data-
became-so-big-unboxed.html?_r=2&smid=tw-share&
http://www.delve.us/downloads/Brief-Defensible-Disposal.pdf
http://www.law.com/jsp/lawtech-
nologynews/PubArticleLTN.jsp?id=1202572459732&thepage=1
http://www.law.com/jsp/lawtech-
nologynews/PubArticleLTN.jsp?id=1202572459732&thepage=1
http://www.law.com/jsp/lawtech-
nologynews/PubArticleLTN.jsp?id=1202572459732&thepage=1
https://twitter.com/InfoParkingLot/status/273791612172259329
http://www.gartner.com/newsroom/id/1898914
http://www.emc.com/leadership/business-view/future-
information-governance.htm
http://www.itbusinessedge.com/guest-opinions/three-steps-
trusting-your-data-2011
76. C H A P T E R 2
T
here has been a great deal of confusion around the term
information gover-
nance (IG) and how it is distinct from other similar industry
terms, such as
information technology (IT) governance and data governance .
They are all
a subset of corporate governance, and in the above sequence,
become increasingly
more granular in their approach. Data governance is a part of
broader IT governance,
which is also a part of even broader information governance.
The few texts that exist
have compounded the confusion by offering a limited defi nition
of IG, or sometimes
offering a defi nition of IG that is just plain incorrect , often
confusing it with simple datat
governance.
So in this chapter we spell out the differences and include
examples in hopes of
clarifying what the meaning of each term is and how they are
77. related.
Data Governance
Data governance involves processes and controls to ensure that
information at the data
level—raw alphanumeric characters that the organization is
gathering and inputting—
is true and accurate, and unique (not redundant). It involves
data cleansing ( or data
scrubbing) to strip out corrupted, inaccurate, or extraneous data
and gg de-duplication,
to eliminate redundant occurrences of data.
Data governance focuses on information quality from the
ground up at the lowest
or root level, so that subsequent reports, analyses, and
conclusions are based on clean,
reliable, trusted data (or records) in database tables. Data
governance is the most rudi-
mentary level at which to implement information governance.
Data governance efforts
seek to ensure that formal management controls—systems,
processes, and accountable
employees who are stewards and custodians of the data—are
78. implemented to govern
critical data assets to improve data quality and to avoid negative
downstream effects of
poor data. The biggest negative consequence of poor or
inaccurate data is poorly and
inaccurately based decisions.
16 INFORMATION GOVERNANCE
Data governance is a newer, hybrid quality control discipline
that includes
elements of data quality, data management, IG policy
development, business process
improvement, and compliance and risk management.
Data Governance Strategy Tips
Everyone in an organization wants good-quality data to work
with. But it is not so
easy to implement a data governance program. First of all, data
is at such a low level
that executives and board members are typically unaware of the
details of the “smoky
79. back room” of data collection: cleansing, normalization, and
input. So it is diffi cult to
gain an executive sponsor and funding to initiate the effort. 1
And if a data governance
program does move forward, there are challenges in getting
business users to adhere
to new policies. This is a crucial point, since much of the data
is being generated by
business units. But there are some general guidelines that can
help improve a data
governance program’s chances for success:
■ Identify a measureable impact. A data governance program
must be able to dem-
onstrate business value, or it will not get the executive
sponsorship and funding
it needs to move forward. A readiness assessment should
capture the current
state of data quality and whether an enterprise or business unit
level effort
is warranted. Other key issues include: Can the organization
save hard costs
by implementing data governance? Can it reach more customers
or increase
revenue generated from existing customers?2
80. ■ Assign accountability for data quality to business units, not
IT. Typically, IT has had
responsibility for data quality, yet it is mostly not under that
department’s con-
trol, since most of the data is being generated in the business
units. A pointed
effort must be made to push responsibility and ownership for
data to the busi-
ness units that create and use the data.
■ Recognize the uniqueness of data as an asset. Unlike other
assets, such as people,
factories, equipment, and even cash, data is largely unseen, out
of sight, and
intangible. It changes daily. It spreads throughout business
units. It is copied
and deleted. Data growth can spiral out of control, obscuring
the data that has
true business value. So data has to be treated differently, and its
unique qualities
must be considered.
■ Forget the past; implement a going-forward strategy. It is a
signifi cantly greater
81. task to try to improve data governance across the enterprise for
existing data.
Remember, you may be trying to fi x decades of bad behavior,
mismanagement,
and lack of governance. Taking an incremental approach with an
eye to the
future provides for a clean starting point and can substantially
reduce the pain
required to implement. A proven best practice is to implement a
from-this-
point-on strategy where new data governance policies for
handling data are
implemented beginning on a certain date.
Data governance uses techniques like data cleansing and de-
duplication to
improve data quality and reduce redundancies.
INFORMATION GOVERNANCE, IT GOVERNANCE, DATA
GOVERNANCE 17
Good data governance ensures that downstream negative
effects of poor data
82. are avoided and that subsequent reports, analyses, and
conclusions are based
on reliable, trusted data.
■ Manage the change. Educate, educate, educate. People must
be trained to under-
stand why the data governance program is being implemented
and how it will
benefi t the business. The new policies represent a cultural
change, and people
need supportive program messages and training in order to make
the shift. 3
IT Governance
IT governance is the primary way that stakeholders can ensure
that investments in IT create
business value and contribute toward meeting business
objectives.4 This strategic align-
ment of IT with the business is challenging yet essential. IT
governance programs
go further and aim to “improve IT performance, deliver
optimum business value and
ensure regulatory compliance.” 5
83. Although the CIO typically has line responsibility for
implementing IT gover-
nance, the CEO and board of directors must receive reports and
updates to discharge
their responsibilities for IT governance and to see that the
program is functioning well
and providing business benefi ts.
Typically, in past decades, board members did not get involved
in overseeing IT
governance. But today it is a critical and unavoidable
responsibility. According to the
IT Governance Institute’s Board Briefi ng on IT Governance ,
“IT governance is the re-
sponsibility of the board of directors and executive
management. It is an integral part
of enterprise governance and consists of the leadership and
organizational structures
and processes that ensure that the organization’s IT sustains and
extends the organiza-
tion’s strategies and objectives.” 6
The focus is on the actual software development and
maintenance activities of the
IT department or function, and IT governance efforts focus on
84. making IT effi cient
and effective. That means minimizing costs by following proven
software develop-
ment methodologies and best practices, principles of data
governance and information
quality, and project management best practices while aligning
IT efforts with the busi-
ness objectives of the organization.
IT Governance Frameworks
Several IT governance frameworks can be used as a guide to
implementing an IT
governance program. (They are introduced in this chapter in a
cursory way; detailed
discussions of them are best suited to books focused solely on
IT governance.)
IT governance seeks to align business objectives with IT
strategy to deliver
business value.
18 INFORMATION GOVERNANCE
85. Although frameworks and guidance like CobiT® and ITIL
have been widely
adopted, there is no absolute standard IT governance
framework; the combination
that works best for an organization depends on business factors,
corporate culture, IT
maturity, and staffi ng capability. The level of implementation
of these frameworks will
also vary by organization.
CobiT®
CobiT (Control Objectives for Information and related
Technology) is a process-T
based IT governance framework that represents a consensus of
experts worldwide.
Codeveloped by the IT Governance Institute and ISACA
(previously known as the
Information Systems Audit and Control Association), CobiT
addresses business
risks, control requirements, compliance, and technical issues. 7
CobiT offers IT controls that:
■ Cut IT risks while gaining business value from IT under an
86. umbrella of a glob-
ally accepted framework.
■ Assist in meeting regulatory compliance requirements.
■ Utilize a structured approach for improved reporting and
management deci-
sion making.
■ Provide solutions to control assessments and project
implementations to im-
prove IT and information asset control. 8
CobiT consists of detailed descriptions of processes required in
IT and also tools
to measure progress toward maturity of the IT governance
program. It is industry
agnostic and can be applied across all vertical industry sectors,
and it continues to be
revised and refi ned. 9
CobiT is broken out into three basic organizational levels and
their responsibili-
ties: (1) board of directors and executive management; (2) IT
and business manage-
87. ment; and (3) line-level governance, and security and control
knowledge workers. 10
The CobiT model draws on the traditional “plan, build, run,
monitor” paradigm of
traditional IT management, only with variations in semantics.
The CobiT framework
is divided into four IT domains—(1) plan and organize, (2)
acquire and implement, (3)
deliver and support, and (4) monitor and evaluate—which
contain 34 IT processes and
210 control objectives. Specifi c goals and metrics are assigned,
and responsibilities and
accountabilities are delineated.
The CobiT framework maps to the international information
security standard,
ISO 17799, and is also compatible with IT Infrastructure
Library (ITIL) and other y
“accepted practices” in IT development and operations.11
ValIT®
ValIT is a newer value-oriented framework that is compatible
with and complemen-
tary to CobiT. Its principles and best practices focus is on
88. leveraging IT investments
to gain maximum value. Forty key ValIT essential management
practices (analogous to
CobiT’s control objectives) support three main processes: value
governance, portfolio
management, and investment management. ValIT and CobiT
“provide a full frame-
work and supporting tool set” to help managers develop policies
to manage business
risks and deliver business value while addressing technical
issues and meeting control
objectives in a structured, methodic way. 12
INFORMATION GOVERNANCE, IT GOVERNANCE, DATA
GOVERNANCE 19
ITIL
ITIL (Information Technology Infrastructure Library) is a set
of process-oriented
best practices and guidance originally developed in the United
Kingdom to standard-
ize delivery of IT service management. ITIL is applicable to
both the private and
89. public sectors and is the “most widely accepted approach to IT
service management
in the world.”13 As with other IT governance frameworks,
ITIL provides essential
guidance for delivering business value through IT, and it
“provides guidance to or-
ganizations on how to use IT as a tool to facilitate
business change, transformation
and growth.”14
ITIL best practices form the foundation for ISO/IEC 20000
(previously BS15000),
the International Service Management Standard for
organizational certifi cation and
compliance. 15 ITIL 2011 is the latest revision (as of this
printing), and it consists of fi ve
core published volumes that map the IT service cycle in a
systematic way:
1. ITIL Service Strategy
2. ITIL Service Design
3. ITIL Service Transition
4. ITIL Service Operation
5. ITIL Continual Service Improvement 16
90. ISO 38500
ISO/IEC 38500:2008 is an international standard that provides
high-level principles
and guidance for senior executives and directors, and those
advising them, for the
effective and effi cient use of IT. 17 Based primarily on AS
8015, the Australian IT gov-
ernance standard, it “applies to the governance of management
processes” that are
performed at the IT service level, but the guidance assists
executives in monitoring IT
and ethically discharging their duties with respect to legal and
regulatory compliance
of IT activities.
The ISO 38500 standard comprises three main sections:
1. Scope, Application and Objectives
2. Framework for Good Corporate Governance of IT
3. Guidance for Corporate Governance of IT
CobiT is process-oriented and has been widely adopted as an
IT governance
framework. ValIT is value-oriented and compatible and
complementary with
91. CobiT, yet focuses on value delivery.
ITIL is the “most widely accepted approach to IT service
management in the
world.”
20 INFORMATION GOVERNANCE
It is largely derived from AS 8015, the guiding principles of
which were:
■ Establish responsibilities
■ Plan to best support the organization
■ Acquire validly
■ Ensure performance when required
■ Ensure conformance with rules
■ Ensure respect for human factors
The standard also has relationships with other major ISO
standards, and embraces
the same methods and approaches. 18
Information Governance
92. Corporate governance is the highest level of governance in an
organization, and a
key aspect of it is IG. IG processes are higher level than the
details of IT governance
and much higher than data governance, but both data and IT
governance can be (and
should be) a part of an overall IG program. The IG approach to
governance focuses
not on detailed IT or data capture and quality processes but
rather on controlling the
information that is generated by IT and offi ce systems. d
IG efforts seek to manage and control information assets to
lower risk, ensure com-
pliance with regulations, and improve information quality and
accessibility while imple-
menting information security measures to protect and preserve
information that has busi-
ness value.19 (See Chapter 1 for more detailed defi nitions.)
Impact of a Successful IG Program
When making the business case for IG and articulating its
benefi ts, it is useful to focus
93. on its central impact. Putting cost-benefi t numbers to this may
be diffi cult, unless you
ISO 38500 is an international standard that provides high-
level principles and
guidance for senior executives and directors responsible for IT
governance.
IG is how an organization maintains security, complies with
regulations and
laws, and meets ethical standards when managing information.
INFORMATION GOVERNANCE, IT GOVERNANCE, DATA
GOVERNANCE 21
also consider the worst-case scenario of loss or misuse of
corporate or agency records.
What is losing the next big lawsuit worth? How much are confi
dential merger and
acquisition documents worth? How much are customer records
worth? Frequently,
executives and managers do not understand the value of IG until
it is a crisis, an ex-
94. pensive legal battle is lost, heavy fi nes are imposed for
noncompliance, or executives
go to jail.
There are some key outputs from implementing an IG program.
A successful IG
program should enable organizations to:
■ Use common terms across the enterprise. This means that
departments must agree
on how they are going to classify document types, which
requires a cross-
functional effort. With common enterprise terms, searches for
information
are more productive and complete. This normalization process
begins with
developing a standardized corporate taxonomy, which defi nes
the terms (and
substitute terms in a custom corporate thesaurus), document
types, and their
relationships in a hierarchy.
■ Map information creation and usage. This effort can be
buttressed with the use of
technology tools such as data loss prevention , which can be
95. used to discover
the fl ow of information within and outside of the enterprise.
You must fi rst
determine who is accessing which information when and
where it is going. Then
you can monitor and analyze these information fl ows. The goal
is to stop the
erosion or misuse of information assets and to stem data
breaches with moni-
toring and security technology.
■ Obtain “information confi dence” —that is, the assurance
that information has ”
integrity, validity, accuracy, and quality; this means being able
to prove that the
information is reliable and that its access, use, and storage meet
compliance and
legal demands.
■ Harvest and leverage information. Using techniques and
tools like data min-
ing and business intelligence, new insights may be gained that
provide an
enterprise with a sustainable competitive advantage over the
long term,
96. since managers will have more and better information as a basis
for busi-
ness decisions.21
Summing Up the Differences
IG consists of the overarching polices and processes to
optimize and leverage informa-
tion while keeping it secure and meeting legal and privacy
obligations in alignment
with stated organizational business objectives.
IT governance consists of following established frameworks
and best practices to
gain the most leverage and benefi t out of IT investments and
support accomplishment
of business objectives.
Data governance consists of the processes, methods, and
techniques to ensure that
data is of high quality, reliable, and unique (not duplicated), so
that downstream uses
in reports and databases are more trusted and accurate.
97. 22 INFORMATION GOVERNANCE
Notes
1. “New Trends and Best Practices for Data Governance
Success,” SeachDataManagement.com eBook,
http://viewer.media.bitpipe.com/1216309501_94/1288990195_9
46/Talend_sDM_SO_32247_EB-
ook_1104.pdf, accessed March 11, 2013.
2. Ibid.
3. Ibid.
4. M.N. Kooper, R. Maes, and E.E.O. RoosLindgreen, “On
the Governance of Information: Introducing
a New Concept of Governance to Support the Management of
Information,” International Journal of
Information Management 31 (2011): 195–120,
http://dl.acm.org/citation.cfm?id=2297895 . (accessed t
November 14, 2013).
5. Nick Robinson, “The Many Faces of IT Governance:
Crafting an IT Governance Architecture,”
ISACA Journal 1 (2007), www.isaca.org/Journal/Past-
98. Issues/2007/Volume-1/Pages/The-Many-Faces-l
of-IT-Governance-Crafting-an-IT-Governance-Architecture.aspx
6. Bryn Phillips, “IT Governance for CEOs and Members of
the Board,” 2012, p.18.
7. Ibid., p.26.
8. IBM Global Business Services/Public Sector, “Control
Objectives for Information and related Tech-
nology (CobiT®) Internationally Accepted Gold Standard for IT
Controls & Governance,” http://
www-304.ibm.com/industries/publicsector/fi
leserve?contentid=187551(accessed March 11, 2013).
CHAPTER SUMMARY: KEY POINTS
■ Data governance uses techniques like data cleansing and
de-duplication to
improve data quality and reduce redundancies.
■ Good data governance ensures that downstream negative
effects of poor
data are avoided and that subsequent reports, analyses, and
conclusions are
based on reliable, trusted data.
99. ■ IT governance seeks to align business objectives with IT
strategy to deliver
business value.
■ CobiT is processoriented and has been widely adopted as an
IT governance
framework. ValIT is valueoriented and compatible and
complementary with
CobiT yet focuses on value delivery.
■ The CobiT framework maps to the international information
security stan-
dard ISO 17799 and is also compatible with ITIL (IT
Infrastructure Library).
■ ITIL is the “most widely accepted approach to IT service
management in the
world.”
■ ISO 38500 is an international standard that provides high-
level principles and
guidance for senior executives and directors responsible for IT
governance.
100. ■ Information governance is how an organization maintains
security, complies
with regulations and laws, and meets ethical standards when
managing
information.
http://viewer.media.bitpipe.com/1216309501_94/1288990195_9
46/Talend_sDM_SO_32247_EB-ook_1104.pdf
http://viewer.media.bitpipe.com/1216309501_94/1288990195_9
46/Talend_sDM_SO_32247_EB-ook_1104.pdf
http://viewer.media.bitpipe.com/1216309501_94/1288990195_9
46/Talend_sDM_SO_32247_EB-ook_1104.pdf
http://dl.acm.org/citation.cfm?id=2297895
http://www.isaca.org/Journal/Past-Issues/2007/Volume-
1/Pages/The-Many-Faces-of-IT-Governance-Crafting-an-IT-
Governance-Architecture.aspx
http://www.isaca.org/Journal/Past-Issues/2007/Volume-
1/Pages/The-Many-Faces-of-IT-Governance-Crafting-an-IT-
Governance-Architecture.aspx
http://www.isaca.org/Journal/Past-Issues/2007/Volume-
1/Pages/The-Many-Faces-of-IT-Governance-Crafting-an-IT-
Governance-Architecture.aspx
http://www-
304.ibm.com/industries/publicsector/fileserve?contentid=18755
1
101. http://www-
304.ibm.com/industries/publicsector/fileserve?contentid=18755
1
INFORMATION GOVERNANCE, IT GOVERNANCE, DATA
GOVERNANCE 23
9. Phillips, “IT Governance for CEOs and Members of the
Board.”
10. IBM Global Business Services/Public Sector, “Control
Objectives for Information and related Tech-
nology (CobiT®) Internationally Accepted Gold Standard for IT
Controls & Governance.”
11. Ibid.
12. Ibid.
13. www.itil-offi cialsite.com/ (accessed March 12, 2013).
14. ITIL, “What Is ITIL?” www.itil-offi
cialsite.com/AboutITIL/WhatisITIL.aspx(accessed March 12,
2013).
15. Ibid.
16. Ibid.
17. “ISO/IEC 38500:2008 “Corporate Governance of
Information Technology” www.iso.org/iso/
102. catalogue_detail?csnumber=51639(accessed November 14,
2013).
18. ISO 38500 www.38500.org/ (accessed March 12, 2013).
19. www.naa.gov.au/records-
management/agency/digital/digital-continuity/principles/
(accessed November 14,
2013).
20. ARMA International, Glossary of Records and
Information Management Terms , 4th ed. TR 22–2012 (from s
ARMA.org).
21. Arvind Krishna, “Three Steps to Trusting Your Data in
2011,” CTO Edge , March 9, 2011, www.ctoedge
.com/content/three-steps-trusting-your-data-2011
http://www.itil-officialsite.com/
http://www.itil-officialsite.com/AboutITIL/WhatisITIL.aspx
http://www.iso.org/iso/catalogue_detail?csnumber=51639
http://www.38500.org/
http://www.naa.gov.au/records-
management/agency/digital/digital-continuity/principles/
http://www.ctoedge.com/content/three-steps-trusting-your-data-
104. successful if it does not
have an accountable, responsible executive sponsor. The
sponsor must drive
the effort, clear obstacles for the IG team or committee,
communicate the
goals and business objectives that the IG program addresses,
and keep upper
management informed on progress.
2. Information policy development and communication. Clear
policies must be es-
tablished for the access and use of information, and those
policies must be
communicated regularly and crisply to employees. Policies for
the use of e-
mail, instant messaging, social media, cloud computing, mobile
computing,
and posting to blogs and internal sites must be developed in
consultation
with stakeholders and communicated clearly. This includes
letting employees
know what the consequences of violating IG policies are, as
well as its value.
3. Information integrity. This area considers the consistency
105. of methods used to
create, retain, preserve, distribute, and track information.
Adhering to good
IG practices include data governance techniques and
technologies to ensure
quality data. Information integrity means there is the assurance
that informa-
tion is accurate, correct, and authentic. IG efforts to improve
data quality
and information integrity include de-duplicating (removing
redundant data)
and maintaining only unique data to reduce risk, storage costs,
and informa-
tion technology (IT) labor costs while providing accurate,
trusted information
for decision makers. Supporting technologies must enforce
policies to meet
legal standards of admissibility and preserve the integrity of
information to
guard against claims that it has been altered, tampered with, or
deleted (called
“ spoliation ”). Audit trails must be kept and monitored to
ensure compliance
with IG policies to assure information integrity. 1
107. of the information, and semantically links related information.
Information
must be standardized in form and format. Tools such as
document labeling
can assist in identifying and classifying documents. Metadata
associated with
documents and records must be standardized and kept up-to-
date. Good IG
means good metadata management and utilizing metadata
standards that are
appropriate to the organization.
5. Information security. This means securing information in
its three states: at rest,
in motion, and in use. It means implementing measures to
protect information
from damage, theft, or alteration by malicious outsiders and
insiders as well
as nonmalicious (accidental) actions that may compromise
information. For
instance, an employee may lose a laptop with confi dential
information, but
if proper IG policies are enforced using security-related
information tech-
nologies, the information can be secured. This can be done by
108. access control
methods, data or document encryption, deploying information
rights manage-
ment software, using remote digital shredding capabilities, and
implement-
ing enhanced auditing procedures. Information privacy is
closely related to
information security and is critical when dealing with
personally identifi able
information (PII).n
6. Information accessibility. Accessibility is vital not only in
the short term but also
over time using long-term digital preservation (LTDP)
techniques when
appropriate (generally if information is needed for over fi ve
years). Accessibil-
ity must be balanced with information security concerns.
Information acces-
sibility includes making the information as simple as possible to
locate and
access, which involves not only the user interface but also
enterprise search
principles, technologies, and tools. It also includes basic access
controls, such
109. as password management, identity and access management , and
delivering t
information to a variety of hardware devices.
7. Information control. Document management and report
management software
must be deployed to control the access to, creation, updating,
and printing
of documents and reports. When documents or reports are
declared records,
they must be assigned to the proper retention and disposition
schedule to be
retained for as long as the records are needed to comply with
legal retention
periods and regulatory requirements. Also, information that may
be needed or
requested in legal proceedings is safeguarded through a legal
hold process.
8. Information governance monitoring and auditing. To
ensure that guidelines and
policies are being followed and to measure employee
compliance levels, in-
formation access and use must be monitored. To guard against
claims of spo-
110. liation, use of e-mail, social media, cloud computing, and report
generation
should be logged in real time and maintained as an audit record.
Technology
tools such as document analytics can track how many
documents or reports
users access and print and how long they spend doing so.
9. Stakeholder consultation. Those who work most closely to
information are the
ones who best know why it is needed and how to manage it, so
business units
must be consulted in IG policy development. The IT department
understands
INFORMATION GOVERNANCE PRINCIPLES 27
its capabilities and technology plans and can best speak to those
points. Le-
gal issues must always be deferred to the in-house council or
legal team. A
cross-functional collaboration is needed for IG policies to hit
the mark and
111. be effective. The result is not only more secure information but
also better
information to base decisions on and closer adherence to
regulatory and legal
demands. 2
10. Continuous improvement. IG programs are not one-time
projects but rather
ongoing programs that must be reviewed periodically and
adjusted to account
for gaps or shortcomings as well as changes in the business
environment, tech-
nology usage, or business strategy.
Accountability Is Key
According to Debra Logan at Gartner Group, none of the
proffered defi nitions of IG in-
cludes “any notion of coercion, but rather ties governance to
accountability [emphasis added]
that is designed to encourage the right behavior. . . . The word
that matters most is
accountability .” The root of many problems with managing
information is the “fact that
there is no accountability for information as such.” 3
112. Establishing policies, procedures, processes, and controls to
ensure the quality, in-
tegrity, accuracy, and security of business records are the
fundamental steps needed to
reduce the organization’s risk and cost structure for managing
these records. Then it is
essential that IG efforts are supported by IT. The auditing,
testing, maintenance, and im-
provement of IG is enhanced by using electronic records
management (ERM) software
along with other complementary technology sets, such as workfl
ow and business process
management suite (BPMS) software and digital signatures.
Generally Accepted Recordkeeping Principles ®
Contributed by Charmaine Brooks, CRM
A major part of an IG program is managing formal business
records. Although they
account for only about 7 to 9 percent of the total information
that an organization
holds, they are the most critically important subset to manage,
as there are serious
compliance and legal ramifi cations to not doing so.
113. Principles of successful IG programs are emerging. They
include executive
sponsorship, information classifi cation, integrity, security,
accessibility, control,
monitoring, auditing, policy development, and continuous
improvement.
Accountability is a key aspect of IG.
28 INFORMATION GOVERNANCE
Records and recordkeeping are inextricably linked with any
organized business
activity. Through the information that an organization uses and
records, creates, or
receives in the normal course of business, it knows what has
been done and by whom.
This allows the organization to effectively demonstrate
compliance with applicable
standards, laws, and regulations as well as plan what it will do
in the future to meet its
mission and strategic objectives.
114. Standards and principles of recordkeeping have been developed
by records and
information management (RIM) practitioners to establish
benchmarks for how or-t
ganizations of all types and sizes can build and sustain
compliant, defensible records
management (RM) programs. t
The Principles
In 2009 ARMA International published a set of eight Generally
Accepted Recordkeep-
ing Principles,® known as The Principles 4 (or sometimes
GAR Principles), to foster
awareness of good recordkeeping practices. These principles
and associated metrics
provide an IG framework that can support continuous
improvement.
The eight Generally Accepted Recordkeeping Principles are:
1. Accountability. A senior executive (or person of
comparable authority) oversees
the recordkeeping program and delegates program responsibility
115. to appro-
priate individuals. The organization adopts policies and
procedures to guide
personnel, and ensure the program can be audited.
2. Transparency. The processes and activities of an
organization’s recordkeeping
program are documented in a manner that is open and verifi able
and is avail-
able to all personnel and appropriate interested parties.
3. Integrity. A recordkeeping program shall be constructed so
the records and
information generated or managed by or for the organization
have a reason-
able and suitable guarantee of authenticity and reliability.
4. Protection. A recordkeeping program shall be constructed
to ensure a reason-
able level of protection to records and information that are
private, confi den-
tial, privileged, secret, or essential to business continuity.
5. Compliance. The recordkeeping program shall be
constructed to comply with ap-
116. plicable laws and other binding authorities, as well as the
organization’s policies.
6. Availability. An organization shall maintain records in a
manner that ensures
timely, effi cient, and accurate retrieval of needed information.
7. Retention. An organization shall maintain its records and
information for an
appropriate time, taking into account legal, regulatory, fi scal,
operational, and
historical requirements.
8. Disposition. An organization shall provide secure and
appropriate disposition
for records that are no longer required to be maintained by
applicable laws
and the organization’s policies. 5
The Generally Accepted Recordkeeping Principles consist of
eight principles
that provide an IG framework that can support continuous
improvement.
117. INFORMATION GOVERNANCE PRINCIPLES 29
The Principles apply to all sizes of organizations, in all types
of industries, in both
the private and public sectors, and can be used to establish
consistent practices across
business units. The Principles are an IG maturity model, and it
is used as a preliminary
evaluation of recordkeeping programs and practices.
Interest in and the application of The Principles for assessing
an organization’s
recordkeeping practices have steadily increased since their
establishment in 2009. The
Principles form an accountability framework that includes the
processes, roles, stan-
dards, and metrics that ensure the effective and effi cient use of
records and informa-
tion in support of an organization’s goals and business
objectives.
As shown in Table 3.1 , the Generally Accepted
Recordkeeping Principles matu-
rity model associates characteristics that are typical in fi ve