Details
Information Governance
Concepts, Strategies and Best PracticesWiley CIO 2. Aufl.
|
76,99 € |
|
| Verlag: | Wiley |
| Format: | |
| Veröffentl.: | 26.11.2019 |
| ISBN/EAN: | 9781119491415 |
| Sprache: | englisch |
| Anzahl Seiten: | 544 |
DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.
Beschreibungen
<p><b>The essential guide to effective IG strategy and practice</b></p> <p><i>Information Governance</i> is a highly practical and deeply informative handbook for the implementation of effective Information Governance (IG) procedures and strategies. A critical facet of any mid- to large-sized company, this “super-discipline” has expanded to cover the management and output of information across the entire organization; from email, social media, and cloud computing to electronic records and documents, the IG umbrella now covers nearly every aspect of your business. As more and more everyday business is conducted electronically, the need for robust internal management and compliance grows accordingly. This book offers big-picture guidance on effective IG, with particular emphasis on document and records management best practices.</p> <p>Step-by-step strategy development guidance is backed by expert insight and crucial advice from a leading authority in the field. This new second edition has been updated to align with the latest practices and regulations, providing an up-to-date understanding of critical IG concepts and practices.</p> <ul> <li>Explore the many controls and strategies under the IG umbrella</li> <li>Understand why a dedicated IG function is needed in today’s organizations</li> <li>Adopt accepted best practices that manage risk in the use of electronic documents and data</li> </ul> <ul> <li>Learn how IG and IT technologies are used to control, monitor, and enforce information access and security policy</li> </ul> <p>IG strategy must cover legal demands and external regulatory requirements as well as internal governance objectives; integrating such a broad spectrum of demands into workable policy requires a deep understanding of key concepts and technologies, as well as a clear familiarity with the most current iterations of various requirements. <i>Information Governance</i> distills the best of IG into a primer for effective action. </p>
<p>Preface xvii</p> <p>Acknowledgments xix</p> <p><b>Part One—Information Governance Concepts, Definitions, and Principles 1</b></p> <p><b>Chapter 1 The Information Governance Imperative 3</b></p> <p>Early Development of IG 4</p> <p>Big Data Impact 5</p> <p>Defining Information Governance 7</p> <p>IG is Not a Project, But an Ongoing Program 9</p> <p>Why IG is Good Business 9</p> <p>Failures in Information Governance 11</p> <p>Form IG Policies, Then Apply Technology for Enforcement 14</p> <p><b>Chapter 2 Information Governance, IT Governance, Data Governance: What’s the Difference? 19</b></p> <p>Data Governance 19</p> <p>Data Governance Strategy Tips 20</p> <p>IT Governance 21</p> <p>IT Governance Frameworks 22</p> <p>Information Governance 25</p> <p>Impact of a Successful IG Program 25</p> <p>Summing Up the Differences 26</p> <p><b>Chapter 3 Information Governance Principles 29</b></p> <p>The Sedona Conference<sup>®</sup> Commentary on Information Governance 29</p> <p>Smallwood IG Principles 30</p> <p>Accountability is Key 34</p> <p>Generally Accepted Recordkeeping Principles<sup>®</sup> 35<br /><i>Contributed by Charmaine Brooks</i></p> <p>Assessment and Improvement Roadmap 42</p> <p>Information Security Principles 45</p> <p>Privacy Principles 45</p> <p>Who Should Determine IG Policies? 48</p> <p><b>Part Two—Information Governance Risk Assessment and Strategic Planning 53</b></p> <p><b>Chapter 4 Information Asset Risk Planning and Management 55</b></p> <p>The Information Risk Planning Process 56</p> <p>Create a Risk Profile 59</p> <p>Information Risk Planning and Management Summary 65</p> <p><b>Chapter 5 Strategic Planning and Best Practices for Information Governance 69</b></p> <p>Crucial Executive Sponsor Role 70</p> <p>Evolving Role of the Executive Sponsor 71</p> <p>Building Your IG Team 72</p> <p>Assigning IG Team Roles and Responsibilities 72</p> <p>Align Your IG Plan with Organizational Strategic Plans 73</p> <p>Survey and Evaluate External Factors 75</p> <p>Formulating the IG Strategic Plan 81</p> <p><b>Chapter 6 Information Governance Policy Development 87</b></p> <p>The Sedona Conference IG Principles 87</p> <p>A Brief Review of Generally Accepted Recordkeeping Principles<sup>®</sup> 88</p> <p>IG Reference Model 88</p> <p>Best Practices Considerations 91</p> <p>Standards Considerations 92</p> <p>Benefits and Risks of Standards 93</p> <p>Key Standards Relevant to IG Efforts 93</p> <p>Major National and Regional ERM Standards 98</p> <p>Making Your Best Practices and Standards Selections to Inform Your IG Framework 105</p> <p>Roles and Responsibilities 105</p> <p>Program Communications and Training 106</p> <p>Program Controls, Monitoring, Auditing, and Enforcement 107</p> <p><b>Part Three—Information Governance Key Impact Areas 113</b></p> <p><b>Chapter 7 Information Governance for Business Units 115</b></p> <p>Start with Business Objective Alignment 115</p> <p>Which Business Units are the Best Candidates to Pilot an IG Program? 117</p> <p>What is Infonomics? 117</p> <p>How to Begin an IG Program 118</p> <p>Business Considerations for an IG Program 119<br /><i>By Barclay T. Blair</i></p> <p>Changing Information Environment 119</p> <p>Calculating Information Costs 121</p> <p>Big Data Opportunities and Challenges 122</p> <p>Full Cost Accounting for Information 123</p> <p>Calculating the Cost of Owning Unstructured Information 124</p> <p>The Path to Information Value 127</p> <p>Challenging the Culture 129</p> <p>New Information Models 129</p> <p>Future State: What Will the IG-Enabled Organization Look Like? 130</p> <p>Moving Forward 132</p> <p><b>Chapter 8 Information Governance and Legal Functions 135<br /></b><i>Robert Smallwood with Randy Kahn, Esq., and Barry Murphy</i></p> <p>Introduction to E-Discovery: The Revised 2006 and 2015 Federal Rules of Civil Procedure Changed Everything 135</p> <p>Big Data Impact 137</p> <p>More Details on the Revised FRCP Rules 138</p> <p>Landmark E-Discovery Case: <i>Zubulake v. UBS Warburg </i>139</p> <p>E-Discovery Techniques 140</p> <p>E-Discovery Reference Model 140</p> <p>The Intersection of IG and E-Discovery 143<br /><i>By Barry Murphy</i></p> <p>Building on Legal Hold Programs to Launch Defensible Disposition 146<br /><i>By Barry Murphy</i></p> <p>Destructive Retention of E-Mail 147</p> <p>Newer Technologies That Can Assist in E-Discovery 147</p> <p>Defensible Disposal: The Only Real Way to Manage Terabytes and Petabytes 151<br /><i>By Randy Kahn, Esq.</i></p> <p><b>Chapter 9 Information Governance and Records and Information Management Functions 161</b></p> <p>Records Management Business Rationale 163</p> <p>Why is Records Management So Challenging? 165</p> <p>Benefits of Electronic Records Management 166</p> <p>Additional Intangible Benefits 167</p> <p>Inventorying E-Records 168</p> <p>RM Intersection with Data Privacy Management 169<br /><i>By Teresa Schoch</i></p> <p>Generally Accepted Recordkeeping Principles<sup>®</sup> 171</p> <p>E-Records Inventory Challenges 172</p> <p>Records Inventory Purposes 172</p> <p>Records Inventorying Steps 173</p> <p>Appraising the Value of Records 184</p> <p>Ensuring Adoption and Compliance of RM Policy 184</p> <p>Sample Information Asset Survey Questions 190</p> <p>General Principles of a Retention Scheduling 191</p> <p>Developing a Records Retention Schedule 192</p> <p>Why are Retention Schedules Needed? 193</p> <p>What Records Do You Have to Schedule? Inventory and Classification 195</p> <p>Rationale for Records Groupings 196</p> <p>Records Series Identification and Classification 197</p> <p>Retention of E-Mail Records 197</p> <p>How Long Should You Keep Old E-Mails? 199</p> <p>Destructive Retention of E-Mail 199</p> <p>Legal Requirements and Compliance Research 200</p> <p>Event-Based Retention Scheduling for Disposition of E-Records 201</p> <p>Prerequisites for Event-Based Disposition 202</p> <p>Final Disposition and Closure Criteria 203</p> <p>Retaining Transitory Records 204</p> <p>Implementation of the Retention Schedule and Disposal of Records 204</p> <p>Ongoing Maintenance of the Retention Schedule 205</p> <p>Audit to Manage Compliance with the Retention Schedule 206</p> <p><b>Chapter 10 Information Governance and Information Technology Functions 211</b></p> <p>Data Governance 213</p> <p>Steps to Governing Data Effectively 214</p> <p>Data Governance Framework 215</p> <p>Information Management 216</p> <p>IT Governance 220</p> <p>IG Best Practices for Database Security and Compliance 223</p> <p>Tying It All Together 225</p> <p><b>Chapter 11 Information Governance and Privacy and Security Functions 229</b></p> <p>Information Privacy 229<br /><i>By Andrew Ysasi</i></p> <p>Generally Accepted Privacy Principles 231</p> <p>Fair Information Practices (FIPS) 232</p> <p>OCED Privacy Principles 233</p> <p>Madrid Resolution 2009 234</p> <p>EU General Data Protection Regulation 235</p> <p>GDPR: A Look at Its First Year 237<br /><i>By Mark Driskill</i></p> <p>Privacy Programs 239</p> <p>Privacy in the United States 240</p> <p>Privacy Laws 244</p> <p>Cybersecurity 245</p> <p>Cyberattacks Proliferate 246</p> <p>Insider Threat: Malicious or Not 247</p> <p>Information Security Assessments and Awareness Training 248<br /><i>By Baird Brueseke</i></p> <p>Cybersecurity Considerations and Approaches 253<br /><i>By Robert Smallwood</i></p> <p>Defense in Depth 254</p> <p>Controlling Access Using Identity Access Management 254</p> <p>Enforcing IG: Protect Files with Rules and Permissions 255</p> <p>Challenge of Securing Confidential E-Documents 256</p> <p>Apply Better Technology for Better Enforcement in the Extended Enterprise 257</p> <p>E-Mail Encryption 259</p> <p>Secure Communications Using Record-Free E-Mail 260</p> <p>Digital Signatures 261</p> <p>Document Encryption 262</p> <p>Data Loss Prevention (DLP) Technology 262</p> <p>Missing Piece: Information Rights Management (IRM) 265</p> <p>Embedded Protection 268</p> <p>Hybrid Approach: Combining DLP and IRM Technologies 270</p> <p>Securing Trade Secrets After Layoffs and Terminations 270</p> <p>Persistently Protecting Blueprints and CAD Documents 271</p> <p>Securing Internal Price Lists 272</p> <p>Approaches for Securing Data Once It Leaves the Organization 272</p> <p>Document Labeling 274</p> <p>Document Analytics 275</p> <p>Confidential Stream Messaging 275</p> <p><b>Part Four—Information Governance for Delivery Platforms 283</b></p> <p><b>Chapter 12 Information Governance for E-Mail and Instant Messaging 285</b></p> <p>Employees Regularly Expose Organizations to E-Mail Risk 286</p> <p>E-Mail Polices Should Be Realistic and Technology Agnostic 287</p> <p>E-Record Retention: Fundamentally a Legal Issue 287</p> <p>Preserve E-Mail Integrity and Admissibility with Automatic Archiving 288</p> <p>Instant Messaging 291</p> <p>Best Practices for Business IM Use 292</p> <p>Technology to Monitor IM 293</p> <p>Tips for Safer IM 294</p> <p>Team and Channel Messaging Solutions Emerge 294</p> <p><b>Chapter 13 Information Governance for Social Media 299<br /></b><i>Dr. Patricia Franks and Robert Smallwood</i></p> <p>Types of Social Media in Web 2.0 299</p> <p>Additional Social Media Categories 303</p> <p>Social Media in the Enterprise 304</p> <p>Key Ways Social Media is Different from E-Mail and Instant Messaging 305</p> <p>Biggest Risks of Social Media 306</p> <p>Legal Risks of Social Media Posts 307</p> <p>Tools to Archive Social Media 309</p> <p>IG Considerations for Social Media 311</p> <p>Key Social Media Policy Guidelines 312</p> <p>Records Management and Litigation Considerations for Social Media 313</p> <p>Emerging Best Practices for Managing Social Media Records 315</p> <p><b>Chapter 14 Information Governance for Mobile Devices 319</b></p> <p>Current Trends in Mobile Computing 322</p> <p>Security Risks of Mobile Computing 323</p> <p>Securing Mobile Data 324</p> <p>Mobile Device Management (MDM) 324</p> <p>IG for Mobile Computing 325</p> <p>Building Security into Mobile Applications 326</p> <p>Best Practices to Secure Mobile Applications 330</p> <p>Developing Mobile Device Policies 330</p> <p><b>Chapter 15 Information Governance for Cloud Computing 335<br /></b><i>Monica Crocker and Robert Smallwood</i></p> <p>Defining Cloud Computing 336</p> <p>Key Characteristics of Cloud Computing 337</p> <p>What Cloud Computing Really Means 338</p> <p>Cloud Deployment Models 339</p> <p>Benefits of the Cloud 340</p> <p>Security Threats with Cloud Computing 341</p> <p>Managing Documents and Records in the Cloud 351</p> <p>IG Guidelines for Cloud Computing Solutions 351</p> <p>IG for SharePoint and Office365 352<br /><i>By Robert Bogue</i></p> <p><b>Chapter 16 Leveraging and Governing Emerging Technologies 357</b></p> <p>Data Analytics 357</p> <p>Descriptive Analytics 358</p> <p>Diagnostic Analytics 358</p> <p>Predictive Analytics 358</p> <p>Prescriptive Analytics 359</p> <p>Which Type of Analytics is Best? 359</p> <p>Artificial Intelligence 363</p> <p>The Role of Artificial Intelligence in IG 363</p> <p>Blockchain: A New Approach with Clear Advantages 366<br /><i>By Darra Hoffman</i></p> <p>Breaking Down the Definition of Blockchain 366</p> <p>The Internet of Things: IG Challenges 372</p> <p>IoT as a System of Contracts 375</p> <p>IoT Basic Risks and IG Issues 376</p> <p>IoT E-Discovery Issues 377</p> <p>Why IoT Trustworthiness is a Journey and <i>Not </i>a Project 380<br /><i>By Bassam Zarkout</i></p> <p>Governing the IoT Data 381</p> <p>IoT Trustworthiness 382</p> <p>Information Governance Versus IoT Trustworthiness 384</p> <p>IoT Trustworthiness Journey 385</p> <p>Conclusion 386</p> <p><b>Part Five—Long-Term Program Issues 391</b></p> <p><b>Chapter 17 Long-Term Digital Preservation 393<br /></b><i>Charles M. Dollar and Lori J. Ashley</i></p> <p>Defining Long-Term Digital Preservation 393</p> <p>Key Factors in Long-Term Digital Preservation 394</p> <p>Threats to Preserving Records 396</p> <p>Digital Preservation Standards 397</p> <p>PREMIS Preservation Metadata Standard 404</p> <p>Recommended Open Standard Technology–Neutral Formats 405</p> <p>Digital Preservation Requirements 409</p> <p>Long-Term Digital Preservation Capability Maturity Model<sup>®</sup> 409</p> <p>Scope of the Capability Maturity Model 412</p> <p>Digital Preservation Capability Performance Metrics 416</p> <p>Digital Preservation Strategies and Techniques 417</p> <p>Evolving Marketplace 419</p> <p>Looking Forward 420</p> <p>Conclusion 421</p> <p><b>Chapter 18 Maintaining an Information Governance Program and Culture of Compliance 425</b></p> <p>Monitoring and Accountability 425</p> <p>Change Management—Required 426<br /><i>By Monica Crocker</i></p> <p>Continuous Process Improvement 429</p> <p>Why Continuous Improvement is Needed 430</p> <p><b>Appendix A Information Organization and Classification: Taxonomies and Metadata 433<br /></b><i>Barb Blackburn, CRM, with Robert Smallwood; edited by Seth Earley</i></p> <p>Importance of Navigation and Classification 435</p> <p>When is a New Taxonomy Needed? 435</p> <p>Taxonomies Improve Search Results 436</p> <p>Metadata and Taxonomy 437</p> <p>Metadata Governance, Standards, and Strategies 438</p> <p>Types of Metadata 440</p> <p>Core Metadata Issues 441</p> <p>International Metadata Standards and Guidance 442</p> <p>Records Grouping Rationale 446</p> <p>Business Classification Scheme, File Plans, and Taxonomy 446</p> <p>Classification and Taxonomy 447</p> <p>Prebuilt Versus Custom Taxonomies 448</p> <p>Thesaurus Use in Taxonomies 449</p> <p>Taxonomy Types 449</p> <p>Business Process Analysis 453</p> <p>Taxonomy Testing: A Necessary Step 457</p> <p>Taxonomy Maintenance 457</p> <p>Social Tagging and Folksonomies 458</p> <p><b>Appendix B Laws and Major Regulations Related to Records Management 463</b></p> <p>United States 463</p> <p>Gramm-Leach-Bliley Act 463</p> <p>Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA) 463</p> <p>PATRIOT Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001) 464</p> <p>Sarbanes-Oxley Act (SOX) 464</p> <p>SEC Rule 17A-4 464</p> <p>CFR Title 47, Part 42—Telecommunications 464</p> <p>CFR Title 21, Part 11—Pharmaceuticals 464</p> <p>US Federal Authority on Archives and Records: National Archives and Records Administration (NARA) 465</p> <p>US Code of Federal Regulations 465</p> <p>Canada 466</p> <p>United Kingdom 468</p> <p>Australia 469</p> <p>Identifying Records Management Requirements in Other Legislation 471</p> <p><b>Appendix C Laws and Major Regulations Related to Privacy 475</b></p> <p>United States 475</p> <p>European Union General Data Protection Regulation (GDPR) 476</p> <p>Major Privacy Laws Worldwide, by Country 478</p> <p>Glossary 481</p> <p>About the Author 499</p> <p>About the Major Contributors 501</p> <p>Index 505</p>
<P><B>ROBERT F. SMALLWOOD, MBA, CIP, IGP, </B>is founder of the Institute for Information Governance, a specialty training and consulting practice, and CEO, Publisher, and co-founder of <i>Information Governance World </i>magazine. Some of his past research and consulting clients include Abbott Labs, Kirkwood and Ellis LLP, NASA, Novartis Pharmaceuticals, and Verizon. He is the author of <i>Managing Electronic Records: Methods, Best Practices, and Technologies </i>and<i> Safeguarding Critical E-Documents, </i>both from Wiley<i>.</i>
<p>There has been a “perfect storm” of sorts that fueled concerns for information privacy, data protection, and regulatory compliance. The 2018 EU General Data Protection Regulation (GDPR), amidst the drumbeat of colossal data breaches and major privacy violations, ignited a wave of increased activity in the field of information governance (IG). In today’s environment, it is vital that business managers have a clear understanding of the methods and best practices used to control and secure information, and the opportunities to leverage information asset value. That requires an effective IG program. <p>The revised and updated <i>Second Edition</i> of <i>Information Governance</i> offers an important guide that reviews the basic concepts of IG, defines what it is (and what it is not), explains how to justify and implement an IG program, and explores ways to secure and control information while maximizing its value using infonomics principles. <p>The discipline of IG covers a range of components: privacy, cybersecurity, e-discovery and law, records management, compliance, information technology, risk management, business operations, and more. Filled with illustrative examples and written in clear language, <i>Information Governance</i> addresses the many aspects of IG with actionable strategies and proven best practices. <p>Written by a noted expert in the field with contributions from a number of industry pioneers and experts, <i>Information Governance</i> explains how to plan and manage a cohesive and effective IG program. The contributors offer guidance and insights for managing IG programs from a variety of perspectives. The risks inherent in managing information are considered, and the book explores how to apply IG to a number of platforms including email, social media, mobile devices, and cloud computing, as well as governing newer technologies such as the Internet of Things (IoT), artificial intelligence (AI), and blockchain. <p>The author offers insight for implementing and maintaining an effective IG program and includes recommendations for fostering a culture of compliance. In addition, the book contains important information on major regulations related to privacy, data protection, and records management. It also shows how to break down traditional information silos using a cross-functional approach, and what IG looks like in the Legal, IT, Privacy and Security, and Records Management functions which support business operations.
Diese Produkte könnten Sie auch interessieren:
