IAPP’s web resources will go a long way toward introducing you to privacy and information security. It is imperative that you educate yourself so that you understand the fundamentals of information security and so you can ask the right questions of your IT Department. For both privacy and information security, it is also extremely important to be clear as to policies and procedures to which your organization must and will adhere. Your SharePoint properties should list your privacy policies as well as any other notices relevant to data usage or information security, and these notices should be displayed prominently
1 Comment - no search term matches found in comments.
If not, you've got far bigger problems than information security. The "open by design" principle does not mean that just anyone can edit all information; most information will be read-only and some will be less than that (i.e. see that the content exists but not the content itself)
: Logging security related events, used to identify and track external or internal attacks - Information Security Real time intrusion detection logs – Information Security Recording changes made to a system in a log – Change management The creation of an audit trail down to key stroke level – Investigations / Forensics Identifying policy violations – Information Security Optimising system and network performance – Information Technology Identifying operational trends and long term problems - Information Technology The picture doesn’t get any clearer when, as you trawl through the Internet looking for that compelling piece of guidance, law or regulation you constantly return the well meaning commentary, which I broadly paraphrase: developing specific recommendations is very difficult because there is no consensus retain activity logs for 3 to 7 years logs are required to be retained for SOX purposes retain as required by local law or regulation…… … you don’t say… But one thing is clear, amongst the myriad of descriptions and purposes attributed to computer generated logs, there is consensus on a few things across the technology industry: Logs are important – you only need to consider what they could prove or disprove They are big and getting bigger – the logs have a huge propensity to consume storage Some uses are well defined – Information Security for instance Others are less so – for instance the real potential to evidence management control So what is the answer… these logs started out for administrative purposes but are gradually (well, as gradually as the poles are melting) morphing into something else; something far more challenging and interesting to the Records Manager
However, help is at hand - a recent AIIM publication "Information Security for the Modern Enterprise" plots a route through this minefield and delivers a series of recommendations for how to start addressing these issues
Overview of Office 365, SharePoint Online and My Data A major area of concern about Office 365 is the lack of understanding about how and where the data itself is stored and what proactive measures are being taken to ensure that your data is safe. As part of our research and our...
Did I get your attention? Good. You need to pay attention to this message because it not only shows vulnerability and lack of control but reinforces the need for strong governance over records and emphasizes just how much of a positive impact moving to an all digital patient records model will...
Everyone wants information, but no one wants records. The problem with records is that they are inactive, locked in a cabinet and no longer serve a business purpose. Information is active and can go places where records cannot go, such as the cloud and to mobile. Records are tightly managed...
"Fundamentally, information governance is a business process. In order to lower risks and achieve greater efficiencies through process improvement, electronic discovery will increasingly become tightly integrated with an organization’s information governance policy, procedures, and...
In a recent study by AIIM, respondents cite their top concerns with cloud or SasS applications as content being safe from prying eyes, and storage in a legally compliant way. 1 This to me indicates information security concerns
We have Black Gold. We have Sovereign Wealth Funds. We are Rich. We also have regulations, some... Bahrain and Qatar have good financial regulations. Abu Dhabi has better health regulations. Dubai has more focus on Trade. Above all this looms the Sheikhdom who may pardon, modify or even...
8403 Colesville Rd #1100Silver Spring, MD 20910USA
Phone: (301) 587-8202Toll free: (800) 477-2446Fax: (301) 587-2711Email: hello@aiim.org
JoinBenefitsLearn More
About UsTerms of Use