SBIT - Business & IT: digital

Showing posts with label digital. Show all posts

Friday, 1 March 2013

Why is it important to certify digital data and content?

Digital data/content is central to our daily and business life now, whether it be text, images, audio or video. With the advent of the Internet and mobile computing we are avid creators and users of digital content. As creators we are concerned with ensuring what we create whether it is an email, document or image as examples, remains and are used as we intended and are not misused in any way. As consumers of digital information we want to be able to trust in digital content we receive and use, know its source and that it is accurate and authentic. However we all know how easy it is to copy or change digital content/data either accidentally or maliciously. One of the big advantages of the digital world is that digital content/data is easy to view, copy, manipulate and process. Its strength is also its weakness. So the question is how do we protect the integrity of digital content/data we create? And how do we trust digital data and content we receive and use?

Let us consider some of the reasons we need to consider doing more than we do today:

Why we need to certify Digital Data & Content?

· Want to be able to prove ownership and copyright of digital content

· Want to know if content published on web site or issued has been tampered with

· Want users of content/data to be able to trust it

· Want to be able to prove to authorities and management that the information is in compliance with process, standards and regulations

· Want to be able to use it as irrefutable evidence of ownership and the authenticity of their original content or data as evidence in a court.

· People, Organisations and 3^rd parties make important decisions based on digital data/content, these decisions can have negative consequences so creating confidence and an audit trail for digital data can create that confidence and history

· Should there be a question, concern, audit or challenge to the integrity, authenticity and provenance of digital content/data being able to prove beyond doubt these elements will avoid issues and possibly penalties.

How can I quickly and cost effectively create an independently certified record for the provenance, authenticity and integrity of my digital content/data?

Using a service like Digiprove will quickly solve the problem, it is fast to register, use and integrate into your process and software. You can then automatically (Autoprotect), manually or at scheduled time or events ensure some or all of your digital content/data is certified.

A good solution like Digiprove will:

· Create unique digital fingerprint for each piece of content and/or data using industrial strength encryption algorithms such as SHA-256.

· Send that fingerprint to the secure independent proof engine in the cloud where it will be date, time and location stamped and combined with your metadata into a digital certificate.

· All details will be recorded in a traceable and verifiable audit file and the certificate returned to you as well as being stored.

This is in effect your insurance certificate that is fully traceable and can be verified at any time. It is your undisputable evidence that you own the exact content, at a point in time.

That’s all very well, but how do I know the integrity, authenticity and provenance of the digital content/data remains intact and as originally intended and it has not been changed?

There are two key areas that must be considered, and these are covered in the Digiprove technology.

· Verification of the integrity of digital content/data. You decide how you want to do this, it can be done manually at any time, automatically using “Autoverify” or integrated into your process-application to occur on specific events and/or at specific times with warnings highlighted should there have been a change or tampering. (Positive verification re enforces confidence and trust)

· Evidence, It’s your digital certificate and the Digiprove record that enable you to prove ownership and integrity beyond all doubt, and in the event there is an incident or case where there has been inappropriate use or tampering you have certainty as to provenance, integrity and authenticity.

Again using the insurance analysis, your certificates are the evidence you are protected, verification provides the evidence to the assessor of the circumstances that exist at a later point in time, and should there be a legal or regulatory case the authorities can trust.

For more information

Sign-up for a free 1 months trial

( https://www.digiprove.com/secure/subscribe.aspx )

Verify content

(https://www.digiprove.com/secure/DigiverifyFile.aspx )

Join entrepreneurs program and integrate Digiprove (http://protect.digiprove.com/entrepreneur-program )

Protect your Wordpress website or Blog (http://wordpress.org/extend/plugins/digiproveblog/)

Tuesday, 4 September 2012

Digital Transaction & Process integrity (Creating certification & user confidence)

Digital Transaction & Process integrity (Creating certification & user confidence)

Personal & Business people carry out many of their daily functions on-line in this digital age, but how do suppliers of on-line information and services create greater confidence in the user so they can grow their business, create deeper engagement and increase the user confidence to carry out more critical transactions with your on-line service? The answer is about creating more trust.

In the on-line world, how do we create this trust? The answer lies in ensuring there is a chain of authentic evidence in the process that delivers your service, and that the user of the service can independently verify this chain of evidence with an independent specialist in digital content assurance. OK so what does that mean for the user? On-line users of services are very familiar with the standard security processes and brands, e.g. passwords, user authentication emails, SSL, Norton, Secure payment systems such as Visa, Realex, etc. All these components go to building trust for the user. In addition some service providers go the extra mile and use more complex and expensive certified keys and encryption, though this often comes with an over-head for the user.

How can we improve that user trust & confidence?

There are three key areas that need to be addressed in a simple and cost effective manner:

1. Source Identity Integrity & Authenticity

a. Is this person, company or entity, who they represent themselves to be?

2. Content Provenance & Integrity

a. Is the content (Digital) the original, un-tampered and as issued?

3. Verification of Identity & Integrity

a. Can I confirm with one click 1 & 2 above?

For the supplier of on-line services & information whether they be process based or transaction based, the question is how can I build these characteristics into my software in a simple and cost effective manner?

For the User when using the on-line service, is it obvious and intuitive that any information and service I use on this web-site I can trust, and if I have a concern can I independently verify the provenance, Integrity & Authenticity with one click of the mouse?

How to build in trust and certification to your software?

Digiprove’s patented and certified technology is a unique way to quickly and cost effectively build in a traceable, certified and verifiable set of functionality. By use of one of the Digiprove products or quickly embedding the process using our software developers kit (SDK).

What can be achieved by embedding Digiprove in your solution?

The most important outcome is your on-line service and information is differentiated because it has independently verifiable credentials, enabled by Digiprove.

· End user customers and embedded partners have independent verification of their identity and can use the ID-V logo on their digital certificates.

· Each piece of digital content (Text, Image, Audio, Video, Data), can at any stage in the process be quickly certified by the Digiprove “Proof Engine” as an automated task. This creates an audit trail and independently verifiable certificate with the digital fingerprint, date, time and location which is undisputable evidence and proof of authenticity.

· The ability for a user or receiver of the content to either on or off-line verify the provenance, integrity and authenticity of the digital content as well as the credentials of the originator.

The bottom line is by deploying Digiprove technology any Digital Asset which has a value whether financial, reputational, brand or compliance can have that value protected.

Protecting On-Line Reputation

On-Line Reputation Management

Whether you are a business, not-for profit organisation, band, or individual your reputation and brand is important to you. We often differentiate between the on-line and off-line brand and reputation but for most they are closely connected all bit it there may be some slightly different emphasis on-line. The one common thing is that in the world of today, which is a digital world is that our reputation can be damaged in milliseconds either accidentally or maliciously. Digital technology brings huge benefits in the flexibility to create, change and mass communicate content and information, but this benefit comes with risks that have to be managed.

So what are the risks?

There are two main digital risks that expose your reputation:-

1. Identity Fraud or Theft

2. Message tampering

Identity Fraud relates to known or unknown persons or entities misrepresenting themselves as someone else, or some other entity (Band, Association, Company, Organisation). Having adopted a false identity they then communicate misinformation that, as a minimum may be misleading and disruptive and, at worst be libellous and cause serious if not fatal damage to a reputation. Regardless of the extent of the misrepresentation there is a cost to those that are misrepresented and many other related stakeholders.

Message Tampering is the situation where what is communicated and interpreted by the reader has been changed either accidentally or maliciously. The ability even for the amateur hacker to change digital content is strong, given the nature of digital content, and the professional hacker can make changes and leave no record or evidence.

The bottom line is it’s relatively easy to adopt a false identity and to change digital data, text and tweets as examples.

How can I protect my on-line reputation?

Identity Fraud

There are many solutions, Twitter for example provide an identity verification and mark for high profile individuals, however they choose who will get the benefit of this process and, it is only offered to a relatively small number of famous people/entities.

Digiprove have enabled their technology process in order that anyone can add a significant layer of protection to their identity. By becoming a paid user of Digiprove’s on-line digital content protection service your Identity will be verified using your credit card details and so long as you have a credit card in the same name as your account registration. Once you have Digiproved your content or issued a tweet from Digiprove we associate your content/ tweet with your identity. Readers of your content/tweets will be able to quickly verify you have an identity verified mark on www.digiprove.com at the click of the mouse.

Content & Tweet Tampering

In addition to ensuring your personal identity remains authentic, you are also concerned that your content/tweet is received un- tampered and the reader sees it exactly as you intended. By using the Digiprove functionality all your content/messages will be certified. This means there is a digital certificate created, which includes the unique digital fingerprint of your message, the date, time and your identity at the time you create your message. Any readers of your content whether it be documents, images, web pages etc. can verify the integrity on-line and view the certificate.

Digiprove inserts a short link into your tweet that all readers can see. By clicking on that link any reader can view the certificate details and also they can cut and paste the text should they wish and have the Digiprove proof engine confirm its integrity and authenticity, any tampering will be evident.

Monday, 30 July 2012

Selecting a cost effective, compliant Document & File management solution for financial advisors, agents and brokers ?

Selecting a cost effective, compliant Document & File management solution for financial advisors, agents and brokers ?

As I meet with financial specialist clients, whether a one person operation or a large professional practice, a common theme has emerged about the time wasted handling, processing & searching for documents. Both the professionals and the back office team lose productive time with these non-productive activities. We have quantified and costed these activities as an additional 15%-20% on your operational costs.

Searching to find the correct documents one of the team needs, which may be related to a client query or a need to reference during a client meeting out of the office, or perhaps to confirm compliance or provide a supplier with some important policy or client information, is a well understood example the industry can relate to.

Documentation is very important for your business, for your client and for 3^rd parties such as regulators and therefore is central to your business success. So what is needed is a software solution that ensures for both professionals and back office staff that Information and documents are correctly available when required, and the time spent on the actual content of the document as it relates to the stakeholder is where your focus is, and that any handling or storage is automated in a secure manner.

The challenge is often the same in a practice which uses software as well as those who are still largely paper based. Analysis suggests the problems are fundamentally the same.

· One back office person handles all processing and filing, and is the focal point for requests for information and documentation, that person can be a bottleneck in the process, always has to do the storage and retrieval and may have a system not understood by the rest of the professionals in the practice.

· Two or more back office staff handle the processing and both though competent do things slightly differently.

· It’s a “free for all” and everyone in the practice has access for storage and retrieval and things go missing, get misfiled and sometimes lost.

We all understand the challenge when a business is paper intensive and regulated. What is surprising for some is that having moved part or all of their process to the digital world that the expected benefits for doing this are not realised.

There are three digital scenarios that are most common within the financial specialist community, and only one of these scenarios can be considered effective in delivering real business benefits and bottom line results. Let us consider each scenario:-

1. Electronic Filing on our Server/PC’s: This is probably the most common scenario where some or all of the team create, update, scan and store documents using the operating systems file management tools, such as Microsoft Windows or MAC OS. Though there can be some benefit in flexibility to change and update documents, all of the above issues that were experienced in the paper world, just transfer to the digital world. Even if we just focus on back office person managing the records, they have to create the files and folders, come up with naming conventions, take decisions daily what folder and file to store a document in and the Filing system may not be readily accessible to everyone, or worse still everyone does their own thing.

2. Document & File/Record Management Systems: There are many systems available from the sophisticated, expensive enterprise systems to low cost or even free open source document management systems. These are not inherently bad systems and when set up and operated correctly they provide great quality and productivity gains. However because they are generic in that they have application in many types of businesses they have to be configured, have work flows set up, choices have to be made on types and handling of different document types. Search features will tend to be mainly key word so there is still a fair amount of wading through search results to find the right document.

3. Document & File Management for Specialists:- We believe based on our experience that the best results and biggest payback, for financial specialists who want to move to, or derive the full benefits of the digital world and go totally paperless, is to use a system such as Brokerprove which is designed specifically for advisors, agents & brokers. It has a completely pre-configured file structure and document types that are unique to your business. It handles the structure and naming of files electronically and as a result, it’s harder to make mistakes, because the filing process and system is very well defined, there is only one process and one filing system that everyone uses. Searching for documents is more refined and faster and can be completed by any of the team once they have an internet connection. Nothing can get lost even if there is an unplanned system outage as a copy of every file and folder is securely stored in the cloud.

In conclusion:- If we had a totally paper based business with all the legacy issues and costs that exist and we were to fix this system, what would we have to do.

· Define in great detail the process for receiving, handling and storing any type of document we need in the business.

· Document the process and system and then train and retrain every staff member.

· Have strict , enforced rules for checking in and out documents

· Always anticipate the specific documents needed during the day so that you have them with you when you need them and have a process to let everyone know what documents you have.

· Monitor and audit the process very regularly to ensure compliance, keep a record of non-compliances and corrective actions.

However what we are suggesting that when you move to the Digital world that all the above items are addressed automatically, pragmatically and in a way that is user friendly, this is why we recommend using a document and file management system that was designed specifically for your financial advisory business. The system provides the guides, standards, process and rules for how digital documents are managed, so it’s just becomes the way everyone does things giving more consistence, higher productivity, better stakeholder services and enhanced compliance.

Procurement check-list for a Document & Record Management System:

· A file structure specific to a financial specialists business

· An automatic file naming system that is easy to understand and manually or automatically search.

· A utility to quickly determine your record compliance status

· An un-disputable set of (e) evidence that can be independently verified by any stakeholder on or off line as to the provenance, security and integrity of any document.

· A level of digital security that ensures only authorised personnel can access and review specific documents.

· Simple secure access for any authorised individual via the internet anywhere, any time

· Confidence that there is always a secure, up-to-date back up copy of all files available.

Only Brokerprove meets all these criteria by design.

For further information

www.brokerprove.com

www.digiprove.com

info@brokerprove.com

declan@brokerprove.com

Monday, 27 February 2012

Protect Digital content before Facebook, UTube and Flickr upload

Are your uploads and blogs important to you ?

Whether you are a frequent or occasional publisher of digital content to the Web , have you considered the consequences of unauthorised use of your content ? The answer we most frequently hear is either “ I never thought of that” or “How do I do that”.

Digital content whether it be text, images, photos, audio files or video files are extremely easy to copy, modify and re-use and therefore are open to abuse. The abuse can be malicious or inadvertent and cause reputational damage and/or financial loss. Alternatively the published content may just be personally important to you, your organisation, your family ,friends, members, customers, suppliers and colleagues.

So if you use Social Media such as Facebook, UTube, Flickr, and LinkedIn or publish to Websites, Blogs and Forums, you should consider protecting your content. You want to know if it has been accessed and interfered with and/or re used/republished.

Regardless of security systems, abuse still occurs with published and unpublished digital content. In the event your digital content has been misused you want to have evidence firstly that you own the content and also evidence that it has been tampered with. Ultimately whether it was erroneous or malicious that your important content was used you will require this evidence to persuade the party at fault to take action and correct the issue or you may need that evidence in the worst case to seek legal redress for reputational or financial damages.

Digiprove provides an effective solution to protecting your digital content before you publish

Digiprove provides the evidence to prove you own it, prove you sent it, and prove it has been tampered with in a secure and confidential manner. Digiproves patented “Proof Engine” technology is designed to create the provenance, authenticity & integrity of any type of Digital content without the need to send your content to us, so it always remains confidential to you. A unique digital fingerprint of your digital content is created, it is certified and logged as non repudiable proof of its existence and ownership at a point in time (and location on portable devises with GPS). Your content can be validated on-line or off-line at any time to confirm it provenance and integrity.

You only pay for what you need to protect through simple on-line value for money subscriptions. But before you buy why don’t you try our free trail you will immediately gain confidence that this simple to use system protects your important digital content. You can use our Selfprotect on-line self-service to protect content and email communications, Autoprotect to automate the whole process as a background task in a matter of minutes or Webprotect if you are a user of Wordpress.

http://www.digiprove.com/

Friday, 17 February 2012

Digital Content & SOX compliance

SOX
The Sarbanes–Oxley Act of 2002 was put in place by the US government to protect investors in public companies following a series of corporate and accounting scandals perpetrated in the late 90’s and early 00’s which included Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom. These scandals, which cost investors billions of dollars when the share prices of affected companies collapsed, shook public confidence in the nation's securities markets.

Much has been written about these scandals and also SOX and what is now required of Public Companies and their stakeholders to secure societies confidence in the Markets and keep corporate officers and employees out of jail. This piece concerns itself with a specific set of challenges relating to Digital Content used in a public company or for that matter any company.

Section 404, 802 & Digital Content

Section 404 of the Act “Assessment of Internal Controls” & Section 802 “Criminal Penalties for influencing US Agency Investigation” are key sections relating to the effectiveness of the act and the actions and processes public companies must take or put in place.

In particular section 404 is concerned with the prevention and detection of fraud and error and the adequacy of controls required. The integrity, authenticity and provenance of digital content (data, text, Audio, Video etc.) must be secured and be non repudiable. We know that digital content is much easier to change than paper based content and public companies must find cost effective solutions to assure trust and confidence in their management and control of Digital content. Section 404 focuses on content authenticity and integrity

Section 802: “ Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both”. This brings home the importance of being able to identify fraudulent, malicious or even just simple errors that may be part of an audit or evidential chain and required to establish trust and confidence in digital data/content. Section 802 in addition to the focus above in section 404 also brings attention to the history and flows of the digital content.

How can public companies identify and prevent fraud or error in their digital content cost effectively?

1. Identify & List the company’s digital assets (versions, time lines etc.)

2. Perform a Risk analysis and identify those critical digital assets

3. Identify those critical digital content types and forms that must be protected and controlled through their life cycle.

Sample critical Digital Assets

· Contractual documentation

· Policy & Procedure documents and records

· Intellectual Property

· Trademarks and copyright

· Financial reports

· HR& employee records

· Performance Management records

· Software applications

· Software logs

· Databases

· Recorded telephone conversations

· Recorded conference calls(Audio/Video)

· Images, Photographs, Videos

Identify& implement appropriate software controls as a solution to the digital content/asset protection such as Digiprove.

What are the core features that a simple software solution must have?

· Establish the authenticity and integrity of digital content on entry into the company’s digital world whether created within that world or entering externally whether it be via an electronic communications or scanned solution. (This can be achieved by creating a unique digital fingerprint of the content and meta data such as date, time, location, ownership)

· Maintain full confidentiality of this digital content in that it does not get sent externally outside the companies own controlled digital world to be certified.

· Create an audit trail for the defined digital content and any actions taken on that content.

· Be able to verify the provenance of any digital content once it has been certified and verify if it has been tampered with.

Digiprove products tick all the boxes:

Selfprotect – a simple SaaS on-line service for content and communications

Autoprotect – a simple background utility that automatically protects the identified files and folders.

Completeprotect – includes digital log event certification and audit trail along with autoprotected content. (New Product)

Signasure – enables and protects documents with all types of digital signatures (New Product)

Brokerprove – A standalone solution for SME professional service providers

Embedprotect – A software developer’s kit that enables Digiprove technology to be quickly integrated into a company’s business applications

http://www.digiprove.com/

http://www.broherprove.com/

HR Digital Content & SOX compliance

Much has been written about these scandals and also SOX and what is now required of Public Companies and their stakeholders to secure societies confidence in the Markets and keep corporate officers and employees out of jail. This piece concerns itself with a specific set of challenges relating to HR Digital Content used in a public company or for that matter any company, and the role of HR in ensuring best practice for digital content relating to the management of the primary asset of the company “It’s staff”

Section 404, 301,806 & Digital Content

Section 404 of the Act “Assessment of Internal Controls”

In particular section 404 is concerned with the protection of corporate assets. HR in the context of the overall goals of SOX “To protect investors in public companies” contribute to internal controls relating to people that could create significant financial risk for the organisation including employment law litigation and fraud. Employment contract clauses such as non-disclosure, non-solicit, non-compete, IPR & confidential information protection and performance standards are all critical as are the HR processes to control and manage any exposure. Training is another area of importance such as specific job skills, health & safety, and legal obligations the integrity of the training and training records are also central to avoiding potential litigation whether it be commercial, employment law or product/professional indemnity financial exposures. Add to this that rules and policies relating to procurement, expense reporting and commissions all create potential fraud opportunities then we can see HR their processes and digital content make a significant contribution to SOX compliance.

Section 301 & 806: are also key sections where HR digital content is fundamental to compliance and in fact may produce important digital evidence for internal or external scrutiny. The sections refer to the “Whistle-blower” requirements which are usually managed by HR. Creating a trusted Whistle-blower process with integrity may involve digital content of many types including databases, documents, audio and video records. HR must ensure that the process is fair and transparent, it protects the rights of all parties and that there is avoidance of retaliation litigation risk. Not only that but once whistle-blower reports an incident everything in the system becomes potential evidence so as ediscovery finds this evidence the digital forensic chain must be secured.

How can HR in public companies identify and prevent litigation & financial risk?

1. Identify & List the company’s HR digital assets (versions, time lines etc.)

2. Perform a Risk analysis and identify those critical digital assets

3. Identify those critical digital content types and forms that must be protected and controlled through their life cycle.

4. Ensure that whistle-blowers procedures are digital and evidential friendly

5. Put in place adequate digital evident and asset authenticity and integrity controls

Identify& implement appropriate software controls as a solution to the digital content/asset protection such as Digiprove.

What are the core features that a simple software solution must have?

· Establish the authenticity and integrity of digital content on entry into the company’s HR digital world whether created within that world or entering externally whether it be via an electronic communications or scanned solution. (This can be achieved by creating a unique digital fingerprint of the content and meta data such as date, time, location, ownership)

· Maintain full confidentiality of this HR digital content in that it does not get sent externally outside the companies own controlled digital world to be certified.

· Create an audit trail for the defined HR digital content and any actions taken on that content.

· Be able to verify the provenance of any HR digital content once it has been certified and verify if it has been tampered with.