Monday 27 February 2012

Protect Digital content before Facebook, UTube and Flickr upload



Are your uploads and blogs important to you ?

Whether you are a frequent or occasional publisher of digital content to the Web , have you considered the consequences of unauthorised use of your content ? The answer we most frequently hear is either “ I never thought of that” or “How do I do that”.

Digital content whether it be text, images, photos, audio files or video files are extremely easy to copy, modify and re-use and therefore are open to abuse. The abuse can be malicious or inadvertent and cause reputational damage and/or financial loss.  Alternatively the published content may  just be personally important to you, your organisation, your family ,friends, members, customers, suppliers and colleagues.

So if you use Social Media such as Facebook, UTube, Flickr, and LinkedIn or publish to Websites, Blogs and Forums, you should consider protecting your content. You want to know if it has been accessed and interfered with and/or re used/republished.

Regardless of security systems, abuse still occurs with published and unpublished digital content. In the event your digital content has been misused you want to have evidence firstly that you own the content and also evidence that it has been tampered with. Ultimately whether it was erroneous or malicious that your important content was used you will require this evidence to persuade the party at fault to take action and correct the issue or you may need that evidence in the worst case to seek legal redress for reputational or financial damages.

Digiprove provides an effective solution to protecting your digital content before you publish

Digiprove provides the evidence to prove you own it, prove you sent it, and prove it has been tampered with in a secure and confidential manner. Digiproves patented “Proof Engine” technology is designed to create the provenance, authenticity & integrity of any type of Digital content without the need to send your content to us, so it always remains confidential to you. A unique digital fingerprint of your digital content is created, it is certified and logged as non repudiable proof of its existence and ownership at a point in time (and location on portable devises with GPS). Your content can be validated on-line or off-line at any time to confirm it provenance and integrity.

You only pay for what you need to protect through simple on-line value for money  subscriptions. But before you buy why don’t you try our free trail you will immediately gain confidence that this simple to use system protects your important digital content. You can use our Selfprotect on-line self-service to protect content and email communications, Autoprotect to automate the whole process as a background task in a matter of minutes or Webprotect if you are a user of Wordpress.

http://www.digiprove.com/

Friday 17 February 2012

Digital Content & SOX compliance



SOX
The Sarbanes–Oxley Act of 2002 was put in place by the US government to protect investors in public companies following a series of corporate and accounting scandals perpetrated in the late 90’s and early 00’s which included Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom. These scandals, which cost investors billions of dollars when the share prices of affected companies collapsed, shook public confidence in the nation's securities markets.
Much has been written about these scandals and also SOX and what is now required of Public Companies and their stakeholders to secure societies confidence in the Markets and keep corporate officers and employees out of jail. This piece concerns itself with a specific set of challenges relating to Digital Content used in a public company or for that matter any company.

Section 404, 802 & Digital Content
Section 404 of the Act “Assessment of Internal Controls” & Section 802 “Criminal Penalties for influencing US Agency Investigation” are key sections relating to the effectiveness of the act and the actions and processes public companies must take or put in place.

In particular section 404 is concerned with the prevention and detection of fraud and error and the adequacy of controls required. The integrity, authenticity and provenance of digital content (data, text, Audio, Video etc.) must be secured and be non repudiable. We know that digital content is much easier to change than paper based content and public companies must find cost effective solutions to assure trust and confidence in their management and control of Digital content. Section 404 focuses on content authenticity and integrity

Section 802: “ Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both”. This brings home the importance of being able to identify fraudulent, malicious or even just simple errors that may be part of an audit or evidential chain and required to establish trust and confidence in digital data/content. Section 802 in addition to the focus above in section 404 also brings attention to the history and flows of the digital content.

How can public companies identify and prevent fraud or error in their digital content cost effectively?

1.       Identify & List the company’s digital assets (versions, time lines etc.)
2.       Perform a Risk analysis and identify those critical digital assets
3.       Identify those critical digital content types and forms that must be protected and controlled through their life cycle.

Sample critical Digital Assets
·         Contractual documentation
·         Policy & Procedure documents and records
·         Intellectual Property
·         Trademarks and copyright
·         Financial reports
·         HR& employee  records
·         Performance Management records
·         Software applications
·         Software logs
·         Databases
·         Recorded telephone conversations
·         Recorded conference calls(Audio/Video)
·         Images, Photographs, Videos

Identify& implement appropriate software controls as a solution to the digital content/asset protection such as Digiprove.

What are the core features that a simple software solution must have?

·         Establish the authenticity and integrity of digital content on entry into the company’s digital world whether created within that world or entering externally whether it be via an electronic communications or scanned solution. (This can be achieved by creating a unique digital fingerprint of the content and meta data such as date, time, location, ownership)
·         Maintain full confidentiality of this digital content in that it does not get sent externally outside the companies own controlled digital world to be certified.
·         Create an audit trail for the defined digital content and any actions taken on that content.
·         Be able to verify the provenance of any digital content once it has been certified and verify if it has been tampered with.

Digiprove products tick all the boxes:

Selfprotect – a simple SaaS on-line service for content and communications
Autoprotect – a simple background utility that automatically protects the identified files and folders.
Completeprotect – includes digital log event certification and audit trail along with autoprotected content. (New Product)
Signasure – enables and protects documents with all types of digital signatures (New Product)
Brokerprove – A standalone solution for SME professional service providers
Embedprotect – A software developer’s kit that enables Digiprove technology to be quickly integrated into a company’s business applications



HR Digital Content & SOX compliance



SOX
The Sarbanes–Oxley Act of 2002 was put in place by the US government to protect investors in public companies following a series of corporate and accounting scandals perpetrated in the late 90’s and early 00’s which included Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom. These scandals, which cost investors billions of dollars when the share prices of affected companies collapsed, shook public confidence in the nation's securities markets.
Much has been written about these scandals and also SOX and what is now required of Public Companies and their stakeholders to secure societies confidence in the Markets and keep corporate officers and employees out of jail. This piece concerns itself with a specific set of challenges relating to HR  Digital Content used in a public company or for that matter any company, and the role of HR in ensuring best practice for digital content relating to the management of the primary asset of the company “It’s staff”

Section 404, 301,806 & Digital Content
Section 404 of the Act “Assessment of Internal Controls”

In particular section 404 is concerned with the protection of corporate assets. HR in the context of the overall goals of SOX “To protect investors in public companies” contribute to internal controls relating to people that could create significant financial risk for the organisation including employment law litigation and fraud. Employment contract clauses such as non-disclosure, non-solicit, non-compete, IPR & confidential information protection and performance standards are all critical as are the HR processes to control and manage any exposure. Training is another area of importance such as specific job skills, health & safety, and legal obligations the integrity of the training and training records are also central to avoiding potential litigation whether it be commercial, employment law or product/professional indemnity financial exposures. Add to this that rules and policies relating to procurement, expense reporting and commissions all create potential fraud opportunities then we can see HR their processes and digital content make a significant contribution to SOX compliance.

Section 301 & 806: are also key sections where HR digital content is fundamental to compliance and in fact may produce important digital evidence for internal or external scrutiny. The sections refer to the “Whistle-blower” requirements which are usually managed by HR. Creating a trusted Whistle-blower process with integrity may involve digital content of many types including databases, documents, audio and video records. HR must ensure that the process is fair and transparent, it protects the rights of all parties and that there is avoidance of retaliation litigation risk. Not only that but once whistle-blower reports an incident everything in the system becomes potential evidence so as ediscovery finds this evidence the digital forensic chain must be secured.

How can HR in public companies identify and prevent litigation & financial risk?

1.       Identify & List the company’s HR digital assets (versions, time lines etc.)
2.       Perform a Risk analysis and identify those critical digital assets
3.       Identify those critical digital content types and forms that must be protected and controlled through their life cycle.
4.       Ensure that whistle-blowers procedures are digital and evidential friendly
5.       Put in place adequate digital evident and asset authenticity and integrity controls






Identify& implement appropriate software controls as a solution to the digital content/asset protection such as Digiprove.

What are the core features that a simple software solution must have?

·         Establish the authenticity and integrity of digital content on entry into the company’s HR digital world whether created within that world or entering externally whether it be via an electronic communications or scanned solution. (This can be achieved by creating a unique digital fingerprint of the content and meta data such as date, time, location, ownership)
·         Maintain full confidentiality of this HR digital content in that it does not get sent externally outside the companies own controlled digital world to be certified.
·         Create an audit trail for the defined HR digital content and any actions taken on that content.
·         Be able to verify the provenance of any HR digital content once it has been certified and verify if it has been tampered with.

Digiprove products tick all the boxes:

Selfprotect – a simple SaaS on-line service for content and communications
Autoprotect – a simple background utility that automatically protects the identified files and folders.
Completeprotect – includes digital log event certification and audit trail along with autoprotected content. (New Product)
Signasure – enables and protects documents with all types of digital signatures (New Product)
Brokerprove – A standalone solution for SME professional service providers
Embedprotect – A software developer’s kit that enables Digiprove technology to be quickly integrated into a company’s business applications


Monday 6 February 2012

Data Protection & Digital Content in HR: How To Draft A Policy


We know that the aim of a data protection policy is to ensure that employees are aware of their own rights, and of their obligations concerning personal data processed by their employer.  The purpose of a data protection act is to enforce compliance from employers to make sure they carry out their obligations to the employee. So, who is a data protection policy for, and what exactly can it do that benefits a HR department?

A data protection policy is not only for the benefit of full time employees. It could be used to protect contract workers, agency staff and other kinds of workers too. In the HR department, it is particularly important that employee data is protected; especially considering it’s the department that all major employment decisions go through. This kind of data requires high security and proof of authenticity.

How do we go about formulating a data protection policy?

A lot goes into designing a data protection policy, but here are a couple of points to get you started. A general data protection policy should:

·         Identify a person within the organization who will have responsibility for ensuring that the employer complies with data protection regulations. This person will usually be a senior figure in the HR department.

·         It should ensure that employees are fully aware of any data held about them, and that they understand how this data could be used and disclosed. It is normal practice that an organization will use personal data like salary and pensions, and this will be held on an electronic device. The depth of this data could go further, for example employers may keep health records for reference.

It is vital that employee data held on organizational systems can be transparent and trustworthy. That’s where Autoprotect comes in as an asset to the HR department in maintaining legitimacy of files, and supporting their data protection policy.

The above are just two points about what a data protection policy should enforce. For further information, make sure to keep your eyes on our blog.


Wednesday 1 February 2012

Socitm Seminar "Fri Feb 10th" Park Ave Hotel, Belfast

Efficiency – the tools of the trade

Park Avenue Hotel, Belfast

Friday 10th February 2012



Agenda


  9:30am           Registration

10:00am           Welcome and opening remarks
Joe Dolan, Chair SOCITM NI

10:10am           Reducing the Cost of your Telecommunications Infrastructure
- meeting your audit and governance requirements
                        Ger Connery, Sentel


10:50am           ITIL – Sustainable Efficiency, Effectiveness & Value in IT Services
            Bill Heffernan, Principal ITSM consultant SureSkills



11:20am           T E A   A N D   C O F F E E


11:40am           Implementing LEAN in a customer services environment
                        Jonathan Wilson, The Gem


12:10pm           Work of the Performance and Efficiency Delivery Unit (PEDU)
Richard Pengally, Performance and Efficiency Delivery Unit



12:30pm           Closing Remarks
Joe Dolan, Chair SOCITM NI
  
L U N C H
        
         
To reserve a place, please contact the branch secretary: Marie McCrory
To find out more about Socitm NI, please visit: http://www.socitm.net
To become a member of Socitm NI  https://www.socitm.net/forms/form/12/join_socitm