Case Study: How IU Health Manages Vendor Security Risk

Data Breach Today

What are some of the most important aspects in managing vendor security risk when taking on third-parties to handle sensitive data? Mitch Parker, CISO of Indiana University Health, explains the critical steps his organization is taking in its approach to vendor risk

Risk 125

The Data Breach Case Study & Protection Guide

Record Nations

What Happened Even the tiniest serious gap can pose serious risks. The post The Data Breach Case Study & Protection Guide appeared first on Record Nations. Even the tiniest security gap can lead to a data breach. After a $5.5 million settlement, Nationwide Insurance’s breach serves as just one example of the growing number of data breaches each year—making it all the more important you have protections in place.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

How (not) to schedule electronic messages: a case study/cautionary tale

The Schedule

This is a case where “better to ask forgiveness than permission” definitely does not apply. The text archiving plan presented at that December committee meeting, to me, risked committing some of the same mistake. Welcome to RIM Month!

Vital documents: How one biopharma company protected theirs against water damage

TAB OnRecord

Download our case study for a complete list of solutions » 1.0 Manage risk Physical filing Storage systems Case Study filing systems mobile shelving records management Sprinklers

eRecords 2018: “A Case Study in Data Mapping – Are You Ready for a New Norm?”

The Texas Record

Privacy – Confidential Information; Risk; PCI; PII. Before taking on this project, apply the lessons learned from KPMG case study so you do not encounter the same issues that slowed them down.

New Case Study: Learn How Information Governance Provides an Essential Foundation for Digital Transformation

IGI

The final entry in our series of Snapshot IG case studies shows us what we can learn from Anne’s journey as she leverages her initial work on e-discovery to build a comprehensive and integrated IG program at her healthcare organization. You can read this use case and others here. About IGI Snapshots IG Snapshots are compact case studies drawn from IGI’s interviews and discussions with our community of IG practitioners.

Today We are Launching a new Series of Information Governance Case Studies

IGI

We are pleased to bring the IGI community another series of case studies about how professionals like you are tackling IG. IG Snapshots are compact case studies drawn from IGI’s interviews and discussions with our community of IG practitioners. IG has a significant impact on legal and reputational risk as well as corporate and competitive strategy.

Download Our Newest Comprehensive Case Study on Les Schwab

IGI

This case study reveals a typical but complex IG problem: managing the relationships among key IG players, incl uding: Outside law firms that play a central role in approving, blocking, and/or advising on key IG decisions (like information retention and preservation). Risk-focused departments like legal and audit that own key IG decisions. Click here to access the case study in the IGI Community.

This is the old ChiefTech blog.: Case Study: Success at Ernst & Young's Center for Business Knowledge

ChiefTech

Sunday, 20 May 2007 Case Study: Success at Ernst & Young's Center for Business Knowledge I wrote this case study, Online Collaboration Tools, Knowledge Managers, and a Cooperative Culture , in 2003 while working at Ernst & Young in Sydney, Australia, as the Ernst & Young Online Program Manager for Asia. This is the old ChiefTech blog. Nice of you to drop in and visit. However, you need to come over and see my new blog at chieftech.com.au. ©2005-2009.

Paper 44

Opening the House Foreign Affairs Committee web archive

Archive-It

When congressional transitions of power happen, born-digital political history is especially at risk. Case Studiesby Mark G. Bilby, Senior Assistant Librarian, California State University, Fullerton.

Partner in the news: Freedom of the Press Foundation archives online journalism at risk

Archive-It

Archive-It Partner News Case Studies PressBy Karl-Rainer Blumenthal. It’s comforting to know that with the help of Freedom of Press and Archive-It, the internet never forgets. So ends a thorough report by Wired ’s Louise Matsakis on the news that the Freedom of the Press Foundation would work with Archive-It to archive the websites of alternative news outlets before new owners can change or remove their contents.

Archiving the Web @EBRPL: Creating and following a web collecting policy in a public library

Archive-It

By waiting for permission, the risk increases that sites will be updated or taken down, and it was impossible to expect the one archivist conducting all web archiving activities to also contact and interact with potentially hundreds of creators.

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

Related: Atrium Health breach highlights third-party risks. Mike Jordan, senior director of the Shared Assessments Program, a Santa Fe, NM-based intel-sharing and training consortium focused on third-party risks, points out that at least one of the banks that had data exposed in this latest huge data leak wasn’t even a customer of the allegedly culpable contractor. Third-party cyber risks are likely to persist at the current scale for a while longer.

Risk 121

Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials

Elie

In this paper, we present the first longitudinal measurement study of the underground ecosystem fueling credential theft and assess the risk it poses to millions of users. Drawing upon Google as a case study, we find 7–25% of exposed passwords match a victim’s Google account. Beyond these risk metrics, we delve into the global reach of the miscreants involved in credential theft and the blackhat tools they rely on.

How Information Sharing Helped Curtail WannaCry Harm

Data Breach Today

The latest ISMG Security Reports leads with a top DHS cybersecurity leader, Jeanette Manfra, providing a case study on how information sharing helped mitigate the WannaCry attack in the U.S. Also, the SEC mulls toughening its cyber risk reporting requirements

This is the old ChiefTech blog.: Another Web 2.0 service model risk blown away - Google and Postini

ChiefTech

service model risk blown away - Google and Postini I noticed in this case study about a law firms decision to pick Google Apps for email and collaboration over Microsoft Exchange or IBM Lotus Domino , that they mention Google has acquired a company called Postini (actually back last year ). This is the old ChiefTech blog. Nice of you to drop in and visit. However, you need to come over and see my new blog at chieftech.com.au. ©2005-2009. ©2005-2009.

MER 2019 – CALL FOR PRESENTERS

IG Guru

We are looking for presentations on solutions to the IG challenges created by new and emerging technologies, the latest legal and regulatory developments that affect IG programs and professionals, practical advice and guidance on traditional IG challenges, and relevant case studies […].

FOIA 52

Essential guidance to prevent business continuity disasters

IT Governance

A range of internal and external risks could negatively impact your organisation and interfere with the normal running of your business. It is critical that your organisation understands and effectively prepares for these risks to ensure its survival.

This is the old ChiefTech blog.: An interview with Barney Twinkletoes from Santa about Enterprise Web 2.0

ChiefTech

and a number of interesting case studies have appeared. I can tell you, it was pretty exciting but at the same time we felt it was a do or die situation where we had to come up with some really useful ideas that wouldnt risk our core operations. This is the old ChiefTech blog. Nice of you to drop in and visit. However, you need to come over and see my new blog at chieftech.com.au. ©2005-2009. ©2005-2009.

This is the old ChiefTech blog.: Is the term "wiki" no longer useful?

ChiefTech

However, its well worth reading Ray Simss analysis of these slides and also another wiki case study, Avenue A | Razorfish. I particularly concur with his comment about " overloading of wiki risks making the term no longer useful as descriptor of an editable web page, but rather confused as a general descriptor for an enterprise 2.0 This is the old ChiefTech blog. Nice of you to drop in and visit. However, you need to come over and see my new blog at chieftech.com.au. ©2005-2009.

Centre Discusses the Risk-Based Approach to Privacy and APEC-EU Interoperability at IAPP Brussels

Hunton Privacy

At the International Association of Privacy Professionals’ (“IAPP’s”) recent Europe Data Protection Congress in Brussels, the Centre for Information Policy Leadership at Hunton & Williams (the “Centre”) led two panels on the risk-based approach to privacy as a tool for implementing existing privacy principles more effectively and on codes of conduct as a means for creating interoperability between different privacy regimes.

New Webinar: The latest IG Insights from Practitioners in the Trenches

IGI

We are pleased to share with you a webinar examining our new series of five case studies about how professionals like you are tackling IG. IG Snapshots are compact case studies drawn from IGI’s interviews and discussions with our community of IG practitioners. IG has a significant impact on legal and reputational risk as well as corporate and competitive strategy.

Risk 20

More Companies Are Investing in IG to Drive Business Value-Find out How in Our New Snapshot

IGI

Our just-published IG case study tells a powerful story about how IG is driving into organizations that are not traditionally thought of as “regulated” nor driven by risk. You can read this use case and others here. IG Snapshots are compact case studies drawn from IGI’s interviews and discussions with our community of IG practitioners. IG has a significant impact on legal and reputational risk as well as corporate and competitive strategy.

Risk 20

Think Analytics for IG Is a Future Technology? Think Again: The Future Is Here.

IGI

Content analytics is a way forward, as our case study makes clear. You can find this use case and others here. IG Snapshots are compact case studies drawn from IGI’s interviews and discussions with our community of IG practitioners. IG has a significant impact on legal and reputational risk as well as corporate and competitive strategy.

Risk 20

Estimating the Cost of Internet Insecurity

Schneier on Security

Studies are all over the map. A methodical study by RAND is the best work I've seen at trying to put a number on this. They then ran a set of case studies to show the model's functionality and to compare the results against those in the existing literature.

Risk 103

Malicious PDF Analysis

Security Affairs

” Let’s go to our case study: I received a scan request for a PDF file that was reported to support an antivirus vendor, and it replied that the file was not malicious. The team needed evidence to prove the risk involved in the file.

How to become an ISO 27001 lead implementer

IT Governance

You’ll be given a combination of theoretical study and hands-on work, including group discussions, practical exercises and case studies. If you have some knowledge of ISO 27001 and want to further your career, you should consider becoming an ISO 27001 lead implementer.

Risk 71

Zurich refuses to pay Mondelez for NotPetya damages because it’s ‘an act of war’

Security Affairs

” This decision is a case study, both companies are facing an unprecedented court case. The case, lodged in Illinois court (2018-L-011008) is being watched keenly as a result. .

Q&A: The troubling implications of normalizing encryption backdoors — for government use

The Last Watchdog

They assert that the risk of encryption backdoors ultimately being used by criminals, or worse than that, by a dictator to support a totalitarian regime, far outweighs any incremental security benefits. In this case it’s an encryption key. Is someone’s life at risk? Venafi: Cambridge Analytica is just an amazing case study of what can happen when machines can actually pull all this information together, and the massive power of that.

Can I really rely on my entire workforce to support a recovery?

IT Governance

Clark ( www.bcm-consultancy.com ), editor of January’s book of the month, In Hindsight – A compendium of Business Continuity case studies , which focuses on business continuity and disaster recovery. Admittedly, not often and organisational risk assessments are likely to reflect that.

Risk 77

Book reviews: a call to arms for open licensing

CILIP

Nearly all the case studies in the second half of the book are UK-based and most deal with digitisation projects; the two exceptions are the accounts from the British Library (open metadata) and the University of Edinburgh (open educational resources).

Successful Information Governance when the Bosses Just Don't Care

AIIM

Risk and Compliance - In the age of GDPR , where every week brings another data breach, organizations have a duty to their customers to safeguard information, especially personal data, and to be able to demonstrate their effective handling of information. In all cases, case studies and stories can really help make the case. This will help the organization achieve its objectives while reducing its risks, and that's a story senior management will want to hear.

Destroying Barriers to Destruction

InfoGoTo

While there’s a case to be made that more destruction is occurring because of new business demands, I’m not confident that much will have changed in the intervening two years since the last survey. A CEO of a global tech company recently told me that it’s his mission to define the minimum amount of data his business requires for ML and AI in order to contain costs and reduce exposure of data to privacy and security risk.

NHS is still assessing the cost of WannaCry one year later

Security Affairs

The report includes a case study related a “large NHS mental health trust” that was protected with Advanced Threat Protection that allowed to repeal a phishing email attack with a weaponized excel spreadsheet attachment. a variety of security risks and threats across the organization. The UK’s Department of Health and Social Care provided an update on the efforts to secure the NHS IT infrastructure, with a focus on WannaCry overall costs.

Summary – “Blockchain Technology and Recordkeeping”

ARMA International

The chapters respond to, and are structured according to, an initial set of questions from the AIEF’s call for proposals for a study on blockchain, records, and information management. Does it impose new challenges or risks for the execution of those archival functions?

Wednesday’s Relativity Fest Sessions: eDiscovery Trends

eDiscovery Daily

Here is one of the eDiscovery-related sessions for today (it’s a short day): 9:00 AM – 10:00 AM: LIE230322 – e-Discovery Law and Practice: Case Studies in Cooperation.

Can Enterprises execute a GRC Movement?

Security Affairs

The only place I can say more risk = more gain would be in the entrepreneurship space…because in the enterprise cyber security kingdom, it is just the opposite! The need of the hour in the organization is the identify and mitigate risks that will seriously prohibit the growth of the business.

Risk 101

Privacy and Cybersecurity May 2019 Events

HL Chronicle of Data Protection

Bret Cohen will speak on the Privacy Bar Section Forum panels, “Working Across Borders: Partnering and Vetting,” and “Case Study: How Working Across Borders Worked for Me,” during the 2019 IAPP Global Summit. Bret Cohen , Lillian Hardy , Paul Otto , and Nathan Salminen will discuss types of hacks and how to mitigate risk in the webinar, “Hacking 101: How it works and how to mitigate risk.” Please join us for our May events. May 1.

Understanding the differences between ISO 27001 and ISO 27002

IT Governance

This blog explains why that’s the case, helping you understand how each standard works and the differences between them. To meet these requirements, organisations must: Assemble a project team and initiate the project; Conduct a gap analysis; Scope the ISMS; Initiate high-level policy development; Perform a risk assessment; Select and apply controls; Develop risk documentation; Conduct staff awareness training; Assess, review and conduct an internal audit; and.

What Should Be The Core Competencies For Cybersecurity For C-Suite

Cyber Info Veritas

Cybersecurity: A Business Strategic Risk For many organizations, cybersecurity is a long way from being a core competency. Now, more and more businesses are elevating their cybersecurity from a mere IT issue to a strategic business risk.