In Boston Exercise, Election Hackers Bypass Voting Machines

The Security Ledger

At an exercise in Boston that imagined a cyber attack designed to disrupt an important election in a “swing state,” voting machines were not an issue. city in a key “swing” state, and things are not going as planned – at least for government.

Weekly podcast: TSB, hotel locks and NATO exercise

IT Governance

This week, we discuss TSB’s chaotic system upgrade, a security flaw in electronic hotel locks and a major NATO cyber security exercise. Hello and welcome to the IT Governance podcast for Friday, 27 April 2018. According to CCDCOE, the exercise is running from 23 to 27 April.

Government Shutdown Leaves Americans More Vulnerable to Identity Theft, Scams

Adam Levin

citizens are more vulnerable to the effects of identity theft and scams as a result of the ongoing government shutdown. Government websites will also become a more attractive avenue for scams and phishing. Data Security Government Consumer Protection Identity Theft featured shutdown

Our Data Governance Is Broken. Let’s Reinvent It.

John Battelle's Searchblog

My current work is split between two projects: One has to do with data governance, the other political media. And second… Governance. Government – well for sure, I’d wager that’s increased given who’s been running the country these past two years. But Governance?

Steps for implementing a non-invasive data governance program

Information Management Resources

Organizations need to ensure that the exercise of data governance is non-invasive and transparent so it does not seem forceful. Data governance Data quality Data management Data ownership

What Role Government?

John Battelle's Searchblog

( image ) As I begin to dig into the work of my next book, I’ve found myself thinking about politics and government far more than I anticipated. For initial thoughts and stats, see Government By Numbers: Some Interesting Insights ).

Setting the standards in cybersecurity, part I: governance


Setting the standards in cybersecurity, part I: governance. In this first of a three-part blog series, I explore the role of cybersecurity standards in the larger IT governance context. Cybersecurity Standards in the IT Governance Hierarchy.

Is Artificial Intelligence the ‘Killer App’ for Data Governance?

Perficient Data & Analytics

For many years data governance was the thing that we knew we should do because it was the correct thing to do but somehow it never got the priority it should get. It was like exercising or flossing or eating vegetables (depending upon your proclivities). AI may, in fact, be the ‘killer app’ that pushes even the stodgiest of companies to embrace a data culture and improve their data governance and data quality.

Red Teaming Your Information Governance Program

Brandeis Records Manager

Devil’s advocates have long been paired with RT exercises. information governance Information Management lean red teaming records management red teaming red teaming lite red teams program managementGeorge Despres, CRM. Program Director for University Records Management, Brandeis University. The content in this blog reflects the opinions of the author, and not of Brandeis University.). About Red Teaming. Have you deliberately challenged your own program plans and procedures recently?

IT Governance for Techies


IT Governance for Techies. When they reach the role of CIO their focus needs to shift to leadership, strategy, inspiring the troops, organisation and skills, and governance. Let's try to demystify IT governance. Anonymous. Thu, 02/06/2014 - 09:35.

10 measures for good IT security governance


10 measures for good IT security governance. Often they are conducted by highly skilled international organized crime groups or foreign nation states that aim their attacks not just at government entities, but also at corporations, including those with large-scale financial and credit card assets and foreign investments, and those in the strategic resources sector. I invite you to read more on this topic in our white paper on IT Security Governance.

Risk 40

Business Architecture and Process Modeling for Digital Transformation


Business architecture extends beyond simple modeling; it also incorporates automation to reduce manual effort, remove potential for error, and guarantee effective data governance – with visibility from strategy all the way down to data entry and the ability to trace and manage data lineage.

How to Prepare for the Brazil Data Protection Law


Although the president of Brazil initially vetoed the establishment of a data protection authority to enforce the new law, the Brazilian government has since OK’d the creation of one.

B2B 56

The Privacy Rules Changed in 2018 – What Does that Mean Going Forward?


Between GDPR in the EU, similar legislation in other countries, the controversy surrounding the way social networks handle personal information and the ongoing drumbeat of breaches and data theft, the issue of how organizations should exercise responsible care of personal information was one of the biggest stories of 2018. Modern Governance Podcast "GDPR" data privacy privacy law privacy regulations

Join Our Webinar on November 16th: IGI & Preservica Address the Governance of Long-Term Digital Information


Please join the IGI and Preservica on November 16th at 11am ET for a webinar addressing The Governance & Preservation of Long-Term Digital Information. Barclay Blair, Founder and Executive Director, Information Governance Initiative (IGI). Business and government leaders are making major investments and betting their organization’s success to customize and deliver products and services on their ability to manage dynamic and complex digital information systems and flows.

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist


GDPR on the other hand is designed to primarily enable data subjects to exercise greater degree of control over the processing of their personal information. gdpr privacy information security electronic records management information governance



So you exercise Governance by establishing controls, and make sure people comply. Theme One: Information Theme Three: Compliance Theme Two: GovernanceOnce you get information, how do you get rid of it? “Facebook, YouTube, Twitter Scramble to Remove Video of New Zealand Mosque Shooting,” The Wall Street Journal , March 16, 2019. Platforms work to remove video of massacre.

IT 28



Even though not a government entity (yet, anyway), Facebook attempts to stop the spread of (what Facebook thinks is false) information about vaccinations. By exercising any control over the content on the Facebook platform, does Facebook take on some additional obligations? Theme One: Information Theme Three: Compliance Theme Two: GovernanceOne of the exceptions to freedom of speech is falsely shouting fire in a crowded theater.

IT 28

Cleaning house before the New Year


Interesting interplay of Governance (who’s in charge?) Europe exercises similar control, with the right to be forgotten. Theme One: Information Theme Three: Compliance Theme Two: Governance“China’s Internet Watchdog Closes Hundreds of Websites, Criticizes Tencent App,” The Wall Street Journal , January 24, 2019. China removes harmful, lewd, and vulgar information from the web, just weeks before Chinese New Year.

How Facebook and Google dodge EU data rules

Information Management Resources

The government-funded Norwegian Consumer Council issued a report showing that the tech companies’ rely on 'dark patterns' to discourage users from exercising their privacy rights. Data privacy Customer data Facebook Google

New broom sweeping


It’s unclear from this article whether this is just a normal change (therefore just a Governance issue, with the new CEO exercising his authority in the early days) or is somehow connected to the corruption scandal (and therefore somehow a consequence of some Compliance failure). Controls Governance Internal controls Oversight Who is in charge “Goldman Shakes Up Top Ranks In Asia,” The Wall Street Journal , October 22, 2018 B3.

Which is the tail and which is the dog?


Board tries to reduce the control exercised by an 80% shareholder. Board Controls Corporation Directors Duty Governance Internal controls Investor relations Oversight Shareholders Who is in charge “CBS Board Defies Shari Redstone,” The Wall Street Journal , May 18, 2018 B1. This is going to be fun to watch (if you’re not one of the other shareholders). Interesting question on what the controlling shareholder (and the Board) can and cannot do.

French Government Secures “Right to Be Forgotten” on the Internet

Hunton Privacy

In particular, the Code covers notice to users, enabling users to exercise their rights efficiently, and limiting the retention of cookies for the purposes of behavioral advertising. In November 2009, the French Secretary of State in charge of the digital economy, Nathalie Kosciusko-Morizet, launched a wide-ranging campaign designed to secure the “right to be forgotten” on the Internet (“droit à l’oubli”).

Speed bump for messaging


Is that Governance or Information or both? Maybe to avoid new Indian legislation that would exercise more control over the app, which would be Governance and Compliance. Theme One: Information Theme Three: Compliance Theme Two: Governance“Facebook’s WhatsApp Fights Fake News by Curbing Message Forwarding,” The Wall Street Journal , January 22, 2019.

IT 28

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors


Article 28 lays out the obligation requirements that govern the relationship between data controllers and processors. information governance electronic records management privacy information security gdprThis is the 11th post in a series on privacy by Andrew Pery.


Free Emergency Planning Workshop Series

The Texas Record

The first day will focus on emergency preparedness, and the second day will focus on response, including a wet salvage exercise. Disaster Resources News Archives Emergency Preparedness Local Governments State Agencies Training

SHARED INTEL: What it takes to preserve business continuity, recover quickly from a cyber disaster

The Last Watchdog

Here’s a scenario for how AD is factoring into ransomware attacks: The attacker gets a toehold inside the network by phishing an employee login , or via a targeted credential stuffing exercise, or through cross-site scripting. To pay or not to pay?

King Canute revisited


Whether exercised or not? Access Compliance Controls Governance Interconnections IT Policy“Afghanistan Orders WhatsApp Blocked,” The Wall Street Journal , November 4, 2017 A9. Some providers don’t comply. King Canute ordered the tides to recede. With limited success. Does your company issue policies that just won’t work? What does it say about the person issuing the policies and what does it say about your company’s culture?

The Unanimous Declaration of the Thirteen United States of America

Adam Shostack

That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, –That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness. government Liberty

Intelligent Information Management - Learning from CHOCOLATE?!


Automating governance and compliance. One of the exercises I developed was called "The Taxonomy of Salad". on them, I'd switch that exercise out for a much sweeter one focused on developing a taxonomy of chocolate.

US Secretary of State Mike Pompeo warns Italy over 5G Chinese equipment supply

Security Affairs

Once again US is warning its allies over Chinese 5G technology, but the Italian Government explained that its special powers over 5G supply deals would mitigate any risk. In September, Italy has exercised special powers in relation to the purchase of goods and services.

Guest Post - Three Critical Steps for GDPR Compliance


The Article 29 Data Protection Working Party issued guidelines intended to govern the circumstances under which privacy impact assessments are required. When data subjects are prevented from exercising a right or service such as when a bank refuses a loan based on an automated screening process against a credit reference database. information governance electronic records management privacy information security gdpr

MY TAKE: ‘Bashe’ attack theorizes a $200 billion ransomware raid using NSA-class cyber weapons

The Last Watchdog

A report co-sponsored by Lloyd’s of London paints a chilling scenario for how a worldwide cyberattack could trigger economic losses of some $200 billion for companies and government agencies ill-equipped to deflect a very plausible ransomware attack designed to sweep across the globe. cyber foes exploit government shutdown.

Are you responsible for your brother? Your cousin?


Do you exercise enough control to also get liability? Board Compliance Compliance Verification Controls Duty Governance Internal controls Managers Oversight Third partiesIt’s bad enough trying to control your own employees, and those of your agents (and vendors). But how do you control the employees, agents, and vendors of your various affiliates and ventures? Do you all have the same Code of Conduct? The same policies on a whole host of sensitive matters?

IT 28

How to prepare for the California Consumer Privacy Act

Thales eSecurity

Under the CCPA publicly available information is defined as “lawfully made available from federal, state, or local government records, if any conditions associated with such information.”. 5) The right of Californians to equal service and price, even if they exercise their privacy rights.

Strengthening Privacy Rights with Privacy Enhancing Technologies


gdpr privacy information security electronic records management information governance

GDPR Data Subject Access Requests: How to Respond

IT Governance

Recital 63 of the GDPR states that: … a data subject should have the right of access to personal data which have been collected concerning him or her, and to exercise that right easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing.

Insights about the first five years of Right to be Forgotten requests at Google


is a landmark European ruling that governs the delisting of personal information from search results. Removing legal history comprised 21% of all delisting requests (19% target news sites and 2% government-related sites). Right to be Forgotten” (RTBF).

Paper 62

What Is Our Professional Future?

Brandeis Records Manager

A recent futurist reading binge has been an exercise in masochism, or deer-in-the-headlights simulation, or emperor’s new clothes realization. When we consider that fixed, controlled records following recordkeeping principles and information governance are typical objectives in our programs, it’s not unreasonable to get a little scared by this. Reading through Kelly’s book as a records manager or archivist is an exercise in marathon squirming. George Despres, CRM.

Weekly podcast: Bank of England, the OPM, Patch Tuesday and Japanese minister

IT Governance

This week, we discuss a Bank of England cyber resilience exercise, the latest cyber security news from the US Office of Personnel Management, the highlights of this month’s Patch Tuesday, and a surprising admission by a Japanese cyber security minister.