Management How hard can it be? Mark Rogers, Enterprise Architecture Team, IP Australia

Slides:

Advertisements

Similar presentations

Business Partnership Model Aligning HR Service with organisation strategy.

Advertisements

Network Systems Sales LLC

LeadManager™- Internet Marketing Lead Management Solution May, 2009.

© May not be reproduced without permission of Financial Ombudsman Service Ltd 1 what is “information risk” and what should we be doing about it? Christina.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Security Controls – What Works

Developing a Records & Information Retention & Disposition Program:

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

1 Pertemuan 9 Network Security and E-Commerce Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi: >

Internet Security PA Turnpike Commission. Internet Security Practices, rule #1: Be distrustful when using the Internet!

Sophos anti-virus and anti-spam for business OARNET October 13, 2004.

A Guide to Getting Started

Karolina Muszyńska Based on

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Class 3 Data and Business MIS 2000 Updated: January 2014.

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.

[Name / Title] [Date] Effective Threat Protection Strategies.

1 “Once we can deal with customers electronically, - then what?” A presentation to the RMAA, 30 May 2001 Mark Rogers, Director, Information Policy & Strategy.

1 EDMS 101 Speaker: Monica Crocker, DHS EDMS Coordinator Overview of current project(s) Objective of this section: This session outlines EDMS fundamentals.

Good Digital Records Don’t Just ‘Happen’ Embedding Digital Recordkeeping as an Organic Component of Business Processes and Systems Adrian Cunningham, National.

RESPONSIBLE USE POLICY. UNCW Information Security Awareness Program RESPONSIBLE USE OF EDPE PURPOSE.

G17: Recordkeeping for Business Activities Carried out by Contractors Patrick Power, Manager Government Recordkeeping Programme Archives New Zealand.

Surveillance Equipment For Internet Activities It is a Internet activities surveillance equipment designed for sniffer package from networking, converter.

Communication. Contents Methods Motivation and communication Effective communication Barriers to effective communication How to improve communication.

Information Systems Security Computer System Life Cycle Security.

Maintain Ethical Conduct

PPD & CLRC's response to the (IS) Security Threat Gareth Smith PPD/CG Christmas Lectures 2002.

BUSINESS B1 Information Security.

Feasibility Study of a Wiki Collaboration Platform for Systematic Review Eileen Erinoff AHRQ Annual Meeting September 15, 2009.

2 nd International Summer School Risks and Challenges of the Network Society Karlstad University and HumanIT Theme: Service Provider Responsibility for.

fact sheet (07/03/2007) 1 ARE ARCHIVING SOLUTIONS RECORDKEEPING SOLUTIONS? 7 th March 2007 Stephen Clarke Government Recordkeeping Programme.

The Internet 8th Edition Tutorial 2 Basic Communication on the Internet: .

Spam Act 2003 Consumer Education and Awareness. About the ACA Independent government regulator Ensures industry compliance with legislation (Telecommunications.

OBJECT ORIENTED SYSTEM ANALYSIS AND DESIGN. COURSE OUTLINE The world of the Information Systems Analyst Approaches to System Development The Analyst as.

Electronic Records Management: A Checklist for Success Jesse Wilkins April 15, 2009.

What is a Business Analyst? A Business Analyst is someone who works as a liaison among stakeholders in order to elicit, analyze, communicate and validate.

KMS Products By Justin Saunders. Overview This presentation will discuss the following: –A list of KMS products selected for review –The typical components.

Electronic Marketing: Integrating Electronic Resources into the Marketing Process, 2e 11/5/2015  2004 Joel Reedy and Shauna Schullo Electronic Marketing.

G53SEC 1 Coursework Specification. G53SEC Coursework Option 1: Spam Detection and Categorisation 2.

Peter Coroneos Chief Executive Internet Industry Association (IIA) AVAR Conference Sydney November 7, 2003.

Guide - Recordkeeping for business activities carried out by contractors Natalie Dewson Senior Advisor Government Recordkeeping Programme Archives New.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Management ’06 : Best Practice & Compliance in the Public Sector Controlling the Inbox Dr Keith Nicholson Alfred McAlpine Business Services Information.

Electronic Safety and Soundness in Colombia Financial Sector Policy Global Dialogue Series #19 Milton Quiroga

Records and the Law Jan Liebaers Cayman Islands National Archive.

Scott Charney Cybercrime and Risk Management PwC.

Managing Records: Good government, Better business. FOI Presentations to Boards & Committees Cayman Islands National Archive November 2008.

Security Awareness – Essential Part of Security Management Ilze Murane.

IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.

Managing Electronic Mail ( ) Audrey Terry KDLA.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Class 3 Data and Business MIS 2000 Updated: Jan

Slide 1 Management '06 Managing for the benefit of better knowledge Nick Povey - Head of Information Management UK Civil Aviation Authority.

Good Practices to Reduce Forced and/or Child Labor in Supply Chains Part 2.

@ulccwww.ulcc.ac.uk IRMS Cymru October 2015 From EDRMS to digital archive: a wish-list for ways to preserve digital records.

1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.

Malicious Yahoo! Xtra attack: minimising customer impact.

1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.

What you will learn “How to go online and be successful” The Landscape The Website Getting Found Managing Your Customers Automation.

Place image here INFORMATION MANAGEMENT Cloud Computing and Enterprise Information Management March 2010 Jim Cuff VP Strategy, Iron Mountain Digital.

6/13/2015 Visit the Sponsor tables to enter their end of day raffles. Turn in your completed Event Evaluation form at the end of the day in the Registration.

BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 7 EMPLOYMENT CONTRACTS & CODES OF CONDUCT.

The Challenges of Digital Preservation in a Changing Environment Andrew Pitt Pfizer eArchive Service Team Global Records Management Services DPC Digital.

Ethical dilemmas arising from information management strategies used by organisations Ethics & Information Systems.

Your Office 365 Journey Prepare, Migrate, and Operate with Barracuda

WSU IT Risk Assessment Process

HP ProCurve Alliance + Dr Carl Windsor CISSP Major Account Manager

Protect data in core business applications

Presentation transcript:

Management How hard can it be? Mark Rogers, Enterprise Architecture Team, IP Australia (02)

is Pervasive 2001 est.12 Billion s/day 2006 est.171 Billion s/day Industry est % are spam ~1 in 600 have a virus At IP Australia ~10 Million inward s p.a.62% were spam ~2 Million outward s p.a. ~2 Million internal s p.a. (how many are work related?)

On Balance …. Pros Pervasive and popular Easy to use Asynchronous, and usually “immediate” (but don’t count on it) Cons Spam & Scams, Viruses, Spoofing ….. Not as secure as people assume Accounts usually personal not roles-based Sloppy habits & poor etiquette common

Key Legislative Requirements (C’wealth) Privacy Act 1988 Telecommunications (Interception) Act 1979 Evidence Act 1995 Spam Act 2003 Electronic Transactions Act 1999 For APS Public Service Act 1999 (Code of Conduct) Archives Act 1983

Major Areas of Risk for Organisations for External threats (unsolicited and/or malicious) Inappropriate channel (security/privacy risk) Poor recordkeeping Staff behaviours Time wasting Offensive material Webmail? Personal holdings/ large holdings (see also recordkeeping) Large attachments/ multiple addressees/ attachment formats Inefficient practices/ Etiquette Style/ language Undocumented “back doors”

Chunking the Problem – External Threats Anti-spam appliance (+ process for monitoring) Virus protection (at multiple levels) Policy & process for monitoring & improving Security Advisory Management process Targeted Reviews Staff education & awareness about risks, threats & desired behaviours

Chunking the Problem – Inappropriate Channel Business Model? Whose risk is it to accept? Analysis of business risks & transaction types Policy & E-business Rules Secure channels? (eg. Fedlink) Connecting with business process – how? (eg automated capture, roles-based accounts) Staff and Customer education & awareness-raising of risks, threats & desired behaviours Perception management eg re government security markings We can discourage “risky” customer s, BUT…. If the customer is prepared to accept the risk, will you accept their ed transaction?

Chunking the Problem - Poor Recordkeeping Policy (Appropriate use, process, business rules, naming…) Process – WIIFM? - making the easy option the right option Automating capture into business systems Electronic Recordkeeping Solution Limiting options for local work-arounds (personal account quotas, auto-delete) User education & awareness How would you know? (surveys, analysis)

Chunking the Problem – Staff Behaviours Topic means many different things……..eg. Familiarity with the tools Etiquette, formality, style Reply to All with attachments vs. Snipping & responding to a limited audience Links vs attachments Personal use Threats & risks, policies, business practices, recordkeeping & staff obligations Education & awareness raising

Impact of Quotas on Recordkeeping

Technical Solutions Vendors have management solutions which simplify many aspects: BUT… Are often used as a stopgap for deficient/ non-existent business processes Technical solutions still require configuration and don’t eliminate having to think through requirements, outcomes and priorities. eg. Does it matter if records are separate from other records? How long to store s as records? Are they all the same value? Can you define rules that automatically categorise s for different retention periods? Does it matter if you store them all for the same period? What is required of the users? Is it a “natural” behaviour?