The biggest challenge in risk management is that many global organisations are growing rapidly and information is becoming more available.

Businesses want information faster and to quickly fire it off around the globe. They want to send it to their trading partners, and they also want to receive data from those partners or other stakeholders.

So information is growing in volume and is being distributed around the
organisation at a very fast rate. There has been an exponential increase over the past 10 years and now most organisations ­ and even people at home ­ have huge amounts of stored electronic data. In terms of volume and accessibility, it is getting quite complex.

Clearly, IT departments need to work very closely with legal teams, so that they understand the data that is in use in the organisation.

Legal experts have to set policies that can be interpreted by IT people so that controls and standards to manage that data can be implemented.

There has to be a good working relationship between the two disciplines, and this cannot be stressed enough. It is, of course, two-way, so legal teams have to understand the policy and the data in use in the organisation.

From an IT standpoint, it is important to communicate back to legal and explain the types of data that are in use, and the processes that data is being used for. IT controls need to be checked to ensure they are operating effectively, and legal teams need to be confident that the policy is being enforced.

IT should lead on the technical component of electronic discovery, to address where and in what systems the data can be found and to recover the information. Other IT or business professionals may well analyse the data.

However, from an incident and investigation perspective, direction needs to come from the legal team, because it is that team which will give the exact parameters of what discovery is needed.

Standards such as BS17799 which cover information security management are the core principles of managing information within an organisation. One of the things to which an organisation should pay attention is a confidentiality policy, so that how to label data and apply the appropriate security controls is clearly
understood.

A classification policy about data is absolutely fundamental and, from there on, an information security management system, IT controls and procedures can be implemented. And it is important not to forget the importance of testing.

Alessandro Moretti is a risk management expert from UBS Investment Bank, and sits on the European advisory board of IT security certification body ISC2.

This article is based on a transcript of Moretti speaking at the Computing web seminar “Do you know where your data is? How IT and legal teams can work together on data protection implications.”
www.computing.co.uk/webseminars

More stories on these topics: Security
Permalink  Comments  Forward
what do you think?
Click here for more Post your comment
Click here for more Send an email to the Computing editor at feedback@computing.co.uk
Reader comments for this story
Post your comment Post your comment   What is this?
Like this story? Spread the news by clicking a link:   Post this to Delicious del.icio.us     Post this to Digg digg this     Post this to reddit reddit!

related content
latest news
Shrek
Innovation
BulletDreamworks to revamp 3D film technology
Partnership with Intel will see hardware and software upgrade to improve film creation  08 Jul 2008
Diane Greene
Strategy
BulletVMware shares fall as founder leaves
Virtualisation specialist also warns that full-year sales will be below expectations  08 Jul 2008
House of Lords
Government
BulletLords call for e-crime shakeup
Fraud should be reported to police, not banks and consumers must have more protection, says Committee  08 Jul 2008
Click here for more More news
latest in depth
An Ogilvy & Mather ad campaign
Innovation
BulletAd firm promotes green IT rollout
Warmer datacentres and print management spearhead green push  03 Jul 2008
carbon trust
Green
BulletCarbon Trust funds datacentre simulation project to cut emissions
Open source tool in development to measure workload-based data centre carbon output  02 Jul 2008
easyjet aircraft
Transport
BulletEasyJet reviews IT processes
Cutting fuel costs and improved services high on airline’s agenda  03 Jul 2008
Click here for more More in depth

Advertising Marketplace

Sponsored links

Featured jobs

Project Manager
Leeds, United Kingdom | NHS Connecting Health
  Project Manager, Leeds, up to £53k  NHS Connecting for Health is an agency of the Department of Health supporting the NHS to deliver better, safer care to patients, by bringing in new computer systems ... more >
Business Development Executive
Hertfordshire, United Kingdom | SMART
 Business Development Executive, Hertfordshire, £20,000-£22,000 per annum OTE £34 -36k The role: An exciting opportunity has become available within a prestigious organisation with aggressive growth plans. We are looking to recruit an office based Business ... more >
Business Analyst
Slough, United Kingdom | Fiat Financial Services
  Business Analyst for growing finance company, excellent prospects and benefits, Slough Reporting to the IT Director, the role must provide an in-house business analysis capability to help drive business change.  You will support complex ... more >
Database Administrator ( DBA )
Newcastle, Tyne And Wear, United Kingdom | EDS
About EDS EDS provides a broad portfolio of business and technology solutions to help its clients worldwide improve their business performance. EDS' core portfolio comprises information-technology and business process outsourcing services, as well as information-technology ... more >
Click here for more  More job opportunities