The plan needs to embrace regulatory requirements and privacy as well as security, and where privacy and security imperatives conflict, the business owner should make the call, and the security officer should help to implement it.
"Finding the right balance is often led by some of the international standards like BS799 and HIPPA [a wide ranging set of policies around the health-care industry], if you're in the health-care field. So for any industry there's most likely industry policies that they should be looking at, industry regulations that they should be adhering to, both country-wide and international ones. Companies which do business inside and outside Australia need to ensure policy conformance all over the world," Patterson says.
When it comes to document integrity, Patterson says there have been a number of great advances in the area of encryption lately, so that encryption is now inexpensive and widely available and should become a standard tool in every IT shop, certainly for company-sensitive documents. "Encryption is not just used to keep a document secret for a while; it can be used to maintain the integrity of a document. You can put in a signature, you can put in a date and time stamp, you can encrypt the whole package, so that if anybody else changes it even one bit in the future you know that it has been tampered with," he says.
Kevin Shaw, who heads the Asia-Pacific region of Deloitte Touche Tohmatsu's security services group, points out that when documents are collated through the use of Web forms, those Web forms take the data and put it back into databases in a format that is broken down into two rows.
"What happens is that at a later stage if something happens and you have to reconstitute that document, say with legal proceedings on the go, you reconstitute that document and in some constituencies they will say that document has been stored not in context. So the document's validity from the point of the time that it was reconstituted is not the same as from when it was created," Shaw says.
"By using encryption technologies you can still break it down into the rows and tables and databases, and when it gets put back together again, the hash function in the encryption technology makes sure it's exactly the same document that was first collected. So from a legal perspective they say we're fine, we're happy that document has been stored in context."
As Time Goes By
However, there are some difficulties with digital signatures when it comes to document protection. Surety is a US-based data integrity services company that focuses on helping companies in industries that have been highly regulated for many years, and which have requirements to maintain records for long periods of time. Through the use of patented, proprietary technology, Surety can verify the authenticity of a document: who created it, precisely when and precisely what was created, indefinitely.
Klaff says this ability is proving to be of growing importance particularly in the US where companies are now required to retain documents for much longer times than previously. "The issue that we're tackling is the issue of: How do you know that the data has integrity 10 or 20 years from now?" he says. "Particularly if you're using a digital signature, there still is a problem with document life exceeding the life of the key, so we have a patent on extending the validity of that key to meet the life of that document."
Klaff warns there is "a complexity" in managing digital signatures once they expire, with organisations periodically facing the massive task of re-signing vast numbers of electronic records that have been accumulated over the years. Surety thinks public key infrastructure (PKI) is a "wonderful technology" but Klaff warns the problem many organisations face from a regulatory standpoint is the need to manage that key infrastructure.
"You have to trust the people that manage [the infrastructure] and you have to trust the people who have access to your data, and that's a problem," he says. "We take the trust out of the equation because we're not built on keys or certificates; we're built on mathematical algorithms."
Shaw says when it comes to identity management, CIOs have an important role to play in the education of the employees within the organisation. "That's the way to get around the 'people peril' absolutely," he says. "We've noticed on some of the engagements that we've been doing where budget restrictions start to bite, unfortunately that's where clients tend to do the first budget cuts - in their education/evangelisation of the project."
- +
Ticked Off at Tick the Box Mentality 04 February, 2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?
- +
Adobe launches hosted services, adds Flash to Acrobat 03 June, 2008 09:02:44
Adobe to launch Web site offering users free hosted services for document creation, sharing and storageAdobe this week is set to unveil the next version of its Adobe Acrobat software, which adds support for the company's Flash multimedia technology. The company also plans to launch a new Web site offering users free hosted services for document creation, sharing and storage.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Solve Exchange Mailbox Storage Issues Once and for All
CRM your salespeople will love
Taking On Demand CRM Integration to the Next Level
Know thy self: Reduce costs, secure data and ensure compliance with identity management
Gaining Competitive Advantage Through Enterprise Planning
Strategies for Eliminating .PST Files
Achieving the impossible: Unlimited application scalability
Discover the advantages of an open architecture multi-vendor network solution
- White PaperYour organisation may well have devised and implemented an Acceptable Use Policy (AUP) some time ago in order to guard against the risks of inappropriate use of computer systems by your workers, but are you confident that your AUP remains 'fit for purpose'? Read on to discover how you can enhance the effectiveness of your AUP.
- White PaperJoin industry expert Martin Tuip to discover best practice strategy for the archival and removal of .PST files using email archiving. Learn how to ensure long-term email records are there when needed, and reduce the risk to your business and clients.
- White PaperJoin industry expert Bob Spurzem and Chuck Arconi of Fox Hollow to discover how to reduce Exchange total storage and keep it at a manageable level. Learn how Exchange storage growth can be contained without sacrificing security and accessibility.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
Chris Hoff on Virtualization and Cloud Computing 20 November, 2008 10:55:00
Chris Hoff, chief security architect for the systems and technology division at Unisys and an advisor on the Skybox Security customer advisory board, is one of the biggest critics of virtualization security out there. Not because it isn't important - but rather because it is vital and needs to mature rapidly. - +
Cybersecurity is focus of new start-up incubator 20 November, 2008 07:19:00
Texas uni announces the Institute for Cyber Security.The University of Texas at San Antonio Tuesday announced a technology incubator aimed at fostering IT security-based start-ups within the state. - +
Dilip Sarangan on Physical Security M&A 20 November, 2008 11:18:00
Dilip Sarangan tracks physical security companies for Frost & Sullivan. He expects the industry's "need to have" products to weather the economic storm well, with the big players (now including IBM and Cisco) looking for value-priced acquisitions. - +
International Challenges in PCI Security 20 November, 2008 09:15:00
In a country that's seen many regulatory compliance challenges this decade, the headaches of PCI security tend to be analyzed from a largely American perspective. - +
PCI council sharpens oversight of security auditors 19 November, 2008 10:53:00
Quality assurance plan targets security assessors and scanning vendorsThe PCI Security Standards Council Monday unveiled a plan to sharpen oversight of the hundreds of security-service providers now authorized to evaluate merchant networks under the organization's Payment Card Industry data standards.
Vignette Announces 2008 Excellence Awards 21 November, 2008 10:50:00
PGP and Ponemon Institute Unveil Inaugural Australian Data Breach Study 2008 20 November, 2008 17:34:00
Symantec Cloud Services Transform Data Centre Operations Through Proactive Management 20 November, 2008 12:06:00
Verizon Business Offers Tips to Building a Successful Unified Communications and Collaboration Plan 20 November, 2008 12:04:00
AARNet Brings 4K Digital Cinema to Australia: First 4K HD Video Signal delivered into Australia by AARNet 20 November, 2008 12:02:00
|
||
|
||
|
|
||
|
Best Practice in Building an Integrated Information Management Strategy
Discover the business value that creating an integrated information platform can bring. Learn how to provide consistent, accurate information to all stakeholders within your business network. Integrate vital data from disparate sources and deliver a trusted information foundation. Read on to uncover the stepping-stones to your new information management strategy.
Buying Guides
Buying Guides
