In Boston Exercise, Election Hackers Bypass Voting Machines

The Security Ledger

At an exercise in Boston that imagined a cyber attack designed to disrupt an important election in a “swing state,” voting machines were not an issue. city in a key “swing” state, and things are not going as planned – at least for government.

Weekly podcast: TSB, hotel locks and NATO exercise

IT Governance

This week, we discuss TSB’s chaotic system upgrade, a security flaw in electronic hotel locks and a major NATO cyber security exercise. Hello and welcome to the IT Governance podcast for Friday, 27 April 2018. According to CCDCOE, the exercise is running from 23 to 27 April.

Steps for implementing a non-invasive data governance program

Information Management Resources

Organizations need to ensure that the exercise of data governance is non-invasive and transparent so it does not seem forceful. Data governance Data quality Data management Data ownership

Government Shutdown Leaves Americans More Vulnerable to Identity Theft, Scams

Adam Levin

citizens are more vulnerable to the effects of identity theft and scams as a result of the ongoing government shutdown. Government websites will also become a more attractive avenue for scams and phishing. Data Security Government Consumer Protection Identity Theft featured shutdown

Our Data Governance Is Broken. Let’s Reinvent It.

John Battelle's Searchblog

My current work is split between two projects: One has to do with data governance, the other political media. And second… Governance. Government – well for sure, I’d wager that’s increased given who’s been running the country these past two years. But Governance?

What Role Government?

John Battelle's Searchblog

( image ) As I begin to dig into the work of my next book, I’ve found myself thinking about politics and government far more than I anticipated. For initial thoughts and stats, see Government By Numbers: Some Interesting Insights ).

Managing Governance Policies with everteam.policy


Keeping up with the constantly changing and growing legal and compliance regulations can seem like an exercise in frustration. Governance policies related to how you use and manage data cross departments and applications, and trying to manage them all in a spreadsheet simply doesn’t make sense. Everteam.policy is a tool that allows you to capture, document and maintain retention and governance policies for your entire organization.

Demo 40

Is Artificial Intelligence the ‘Killer App’ for Data Governance?

Perficient Data & Analytics

For many years data governance was the thing that we knew we should do because it was the correct thing to do but somehow it never got the priority it should get. It was like exercising or flossing or eating vegetables (depending upon your proclivities). AI may, in fact, be the ‘killer app’ that pushes even the stodgiest of companies to embrace a data culture and improve their data governance and data quality.

Red Teaming Your Information Governance Program

Brandeis Records Manager

Devil’s advocates have long been paired with RT exercises. information governance Information Management lean red teaming records management red teaming red teaming lite red teams program managementGeorge Despres, CRM. Program Director for University Records Management, Brandeis University. The content in this blog reflects the opinions of the author, and not of Brandeis University.). About Red Teaming. Have you deliberately challenged your own program plans and procedures recently?

IT Governance for Techies


IT Governance for Techies. When they reach the role of CIO their focus needs to shift to leadership, strategy, inspiring the troops, organisation and skills, and governance. Let's try to demystify IT governance. Anonymous. Thu, 02/06/2014 - 09:35.

10 measures for good IT security governance


10 measures for good IT security governance. Often they are conducted by highly skilled international organized crime groups or foreign nation states that aim their attacks not just at government entities, but also at corporations, including those with large-scale financial and credit card assets and foreign investments, and those in the strategic resources sector. I invite you to read more on this topic in our white paper on IT Security Governance.

The Privacy Rules Changed in 2018 – What Does that Mean Going Forward?


Between GDPR in the EU, similar legislation in other countries, the controversy surrounding the way social networks handle personal information and the ongoing drumbeat of breaches and data theft, the issue of how organizations should exercise responsible care of personal information was one of the biggest stories of 2018. Modern Governance Podcast "GDPR" data privacy privacy law privacy regulations

Business Architecture and Process Modeling for Digital Transformation


Business architecture extends beyond simple modeling; it also incorporates automation to reduce manual effort, remove potential for error, and guarantee effective data governance – with visibility from strategy all the way down to data entry and the ability to trace and manage data lineage.

How Facebook and Google dodge EU data rules

Information Management Resources

The government-funded Norwegian Consumer Council issued a report showing that the tech companies’ rely on 'dark patterns' to discourage users from exercising their privacy rights. Data privacy Customer data Facebook Google

Join Our Webinar on November 16th: IGI & Preservica Address the Governance of Long-Term Digital Information


Please join the IGI and Preservica on November 16th at 11am ET for a webinar addressing The Governance & Preservation of Long-Term Digital Information. Barclay Blair, Founder and Executive Director, Information Governance Initiative (IGI). Business and government leaders are making major investments and betting their organization’s success to customize and deliver products and services on their ability to manage dynamic and complex digital information systems and flows.



So you exercise Governance by establishing controls, and make sure people comply. Theme One: Information Theme Three: Compliance Theme Two: GovernanceOnce you get information, how do you get rid of it? “Facebook, YouTube, Twitter Scramble to Remove Video of New Zealand Mosque Shooting,” The Wall Street Journal , March 16, 2019. Platforms work to remove video of massacre.

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist


GDPR on the other hand is designed to primarily enable data subjects to exercise greater degree of control over the processing of their personal information. gdpr privacy information security electronic records management information governance



Even though not a government entity (yet, anyway), Facebook attempts to stop the spread of (what Facebook thinks is false) information about vaccinations. By exercising any control over the content on the Facebook platform, does Facebook take on some additional obligations? Theme One: Information Theme Three: Compliance Theme Two: GovernanceOne of the exceptions to freedom of speech is falsely shouting fire in a crowded theater.

Cleaning house before the New Year


Interesting interplay of Governance (who’s in charge?) Europe exercises similar control, with the right to be forgotten. Theme One: Information Theme Three: Compliance Theme Two: Governance“China’s Internet Watchdog Closes Hundreds of Websites, Criticizes Tencent App,” The Wall Street Journal , January 24, 2019. China removes harmful, lewd, and vulgar information from the web, just weeks before Chinese New Year.

New broom sweeping


It’s unclear from this article whether this is just a normal change (therefore just a Governance issue, with the new CEO exercising his authority in the early days) or is somehow connected to the corruption scandal (and therefore somehow a consequence of some Compliance failure). Controls Governance Internal controls Oversight Who is in charge “Goldman Shakes Up Top Ranks In Asia,” The Wall Street Journal , October 22, 2018 B3.

Speed bump for messaging


Is that Governance or Information or both? Maybe to avoid new Indian legislation that would exercise more control over the app, which would be Governance and Compliance. Theme One: Information Theme Three: Compliance Theme Two: Governance“Facebook’s WhatsApp Fights Fake News by Curbing Message Forwarding,” The Wall Street Journal , January 22, 2019.

Which is the tail and which is the dog?


Board tries to reduce the control exercised by an 80% shareholder. Board Controls Corporation Directors Duty Governance Internal controls Investor relations Oversight Shareholders Who is in charge “CBS Board Defies Shari Redstone,” The Wall Street Journal , May 18, 2018 B1. This is going to be fun to watch (if you’re not one of the other shareholders). Interesting question on what the controlling shareholder (and the Board) can and cannot do.

French Government Secures “Right to Be Forgotten” on the Internet

Hunton Privacy

In particular, the Code covers notice to users, enabling users to exercise their rights efficiently, and limiting the retention of cookies for the purposes of behavioral advertising. In November 2009, the French Secretary of State in charge of the digital economy, Nathalie Kosciusko-Morizet, launched a wide-ranging campaign designed to secure the “right to be forgotten” on the Internet (“droit à l’oubli”).

Free Emergency Planning Workshop Series

The Texas Record

The first day will focus on emergency preparedness, and the second day will focus on response, including a wet salvage exercise. Disaster Resources News Archives Emergency Preparedness Local Governments State Agencies Training

The Unanimous Declaration of the Thirteen United States of America

Adam Shostack

That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, –That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness. government Liberty

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors


Article 28 lays out the obligation requirements that govern the relationship between data controllers and processors. information governance electronic records management privacy information security gdprThis is the 11th post in a series on privacy by Andrew Pery.


GDPR Data Subject Access Requests: How to Respond

IT Governance

Recital 63 of the GDPR states that: … a data subject should have the right of access to personal data which have been collected concerning him or her, and to exercise that right easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing.

Intelligent Information Management - Learning from CHOCOLATE?!


Automating governance and compliance. One of the exercises I developed was called "The Taxonomy of Salad". on them, I'd switch that exercise out for a much sweeter one focused on developing a taxonomy of chocolate.

King Canute revisited


Whether exercised or not? Access Compliance Controls Governance Interconnections IT Policy“Afghanistan Orders WhatsApp Blocked,” The Wall Street Journal , November 4, 2017 A9. Some providers don’t comply. King Canute ordered the tides to recede. With limited success. Does your company issue policies that just won’t work? What does it say about the person issuing the policies and what does it say about your company’s culture?

How to prepare for the California Consumer Privacy Act

Thales eSecurity

Under the CCPA publicly available information is defined as “lawfully made available from federal, state, or local government records, if any conditions associated with such information.”. 5) The right of Californians to equal service and price, even if they exercise their privacy rights.

Guest Post - Three Critical Steps for GDPR Compliance


The Article 29 Data Protection Working Party issued guidelines intended to govern the circumstances under which privacy impact assessments are required. When data subjects are prevented from exercising a right or service such as when a bank refuses a loan based on an automated screening process against a credit reference database. information governance electronic records management privacy information security gdpr

Strengthening Privacy Rights with Privacy Enhancing Technologies


gdpr privacy information security electronic records management information governance

Are you responsible for your brother? Your cousin?


Do you exercise enough control to also get liability? Board Compliance Compliance Verification Controls Duty Governance Internal controls Managers Oversight Third partiesIt’s bad enough trying to control your own employees, and those of your agents (and vendors). But how do you control the employees, agents, and vendors of your various affiliates and ventures? Do you all have the same Code of Conduct? The same policies on a whole host of sensitive matters?

MY TAKE: ‘Bashe’ attack theorizes a $200 billion ransomware raid using NSA-class cyber weapons

The Last Watchdog

A report co-sponsored by Lloyd’s of London paints a chilling scenario for how a worldwide cyberattack could trigger economic losses of some $200 billion for companies and government agencies ill-equipped to deflect a very plausible ransomware attack designed to sweep across the globe. cyber foes exploit government shutdown.



Leaving aside the political implications, one ponders not whether asking the question is a good idea but whether the Secretary of the Department of Commerce has the power to ask this question and, if so, whether that power has been properly exercised. That is the Governance question. Questions and answers are information, no doubt. But who controls what questions can be asked?

What Is Our Professional Future?

Brandeis Records Manager

A recent futurist reading binge has been an exercise in masochism, or deer-in-the-headlights simulation, or emperor’s new clothes realization. When we consider that fixed, controlled records following recordkeeping principles and information governance are typical objectives in our programs, it’s not unreasonable to get a little scared by this. Reading through Kelly’s book as a records manager or archivist is an exercise in marathon squirming. George Despres, CRM.

Catching up, again, part 4


Is that Governance, or Compliance? Two aspects here, first dealing with the use of a number derived from supposedly unbiased people to govern “your” deal, and, second, the cost of non-compliance, even if long-delayed. And does the government exercise appropriate oversight/governance given the amount of federal funds involved? Is that Information or Governance? Sure, this is Governance, but is art also Information?

Weekly podcast: Bank of England, the OPM, Patch Tuesday and Japanese minister

IT Governance

This week, we discuss a Bank of England cyber resilience exercise, the latest cyber security news from the US Office of Personnel Management, the highlights of this month’s Patch Tuesday, and a surprising admission by a Japanese cyber security minister.

Podcast Episode 113: SAP CSO Justin Somaini and Election Hacks – No Voting Machines Required!

The Security Ledger

But an exercise in Boston last week showed how hackers can compromise the vote without ever touching an election system. But an exercise in Boston last week showed how hackers can compromise the vote without ever touching an election system. That’s the scenario of an exercise that took place high above Boston last week. But what if elections could be swayed by other means – without even touching voting equipment, vote tabulation systems or government networks?

All companies need to be more transparent – it’s in everyone’s interest

Privacy Surgeon

The rules for most governments have been agreed, but no so for the private sector, which in most cases already enjoys blanket exemption from Freedom of Information laws. This was seen across Google as a positive move, particularly as it focused on government intruders. By Simon Davies.