Disruptionware is defined by the Institute for Critical Infrastructure Technology (ICIT) as a new and “emerging category of malware designed to suspend operations within a victim organization through the compromise of the availability, integrity and confidentiality of the systems, networks and data belonging to the target.” New forms of disruptionware can be a more crippling form of cyber-attack than other more “garden-variety” malware and ransomware attacks. This is the case since, as the ICIT notes, disruptionware not only attempts to encrypt and deny users access to their data, but works as a “layered attack” designed to “disrupt operations and production in manufacturing or industrial environments (as well as infrastructure) in order to achieve some other strategic goal.”
The Office of Management and Budget (OMB) has issued a recent memorandum that moves the federal government forward in embracing the importance of the “governance” of data.
The Sedona Conference® has released the Final Version of its Commentary on Information Governance, Second Edition (April 2019). The Second Edition of this Commentary again sets out 11 principles of information governance that provide a strategic framework for senior management to make decisions with respect to all information within an enterprise. However, the latest Commentary has been revised to incorporate changes and advances in technology and law, including on privacy, that have occurred over the past four years, and in particular in an expanded set of footnotes it includes updated references to publications of The Sedona Conference that have been issued in the intervening years since 2014.
A spotlight has been placed on the need for a chief data officer (CDO) in public sector agencies through both recent legislation and recommendations made in other recent reports and initiatives.
The Sedona Conference® has released a Public Comment Version of its Commentary on Information Governance, Second Edition. The latest edition of this Commentary sets out 11 principles of information governance that provide a strategic framework for senior management to make decisions with respect to all information within an enterprise and accounts for changes and advances in technology and law that have occurred over the past four years. It also incorporates guidance on information governance contained in The Sedona Principles, Third Edition, which we discussed in a previous blog post. As defined in this Commentary, information governance “means an organization’s coordinated, interdisciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information value.” The Commentary recognizes that information governance encompasses a variety of disciplines, including traditional records and information management, data privacy, information security, and e-discovery.
The highly-anticipated enforcement date of May 25th has come and gone, but the opportunity to use information governance (IG) to bolster your organization’s compliance with the EU General Data Protection Regulation (GDPR) still exists.