Girl on print - Business thinking behind the Printing World - All Commentshttp://community.printweek.com/blogs/girl_on_print/default.aspxenCommunityServer 2007 SP2 (Build: 20611.960)re: Keeping a lid on secure datahttp://community.printweek.com/blogs/girl_on_print/archive/2007/12/07/keeping-a-lid-on-secure-data.aspx#309Sat, 08 Dec 2007 15:39:35 GMT27ca137d-e3f4-4a9a-9635-81050c58a66e:309Francis Trist<p>The Law of The Land defines responsibilities for the care of data. The Data Protection Act clearly charges organisations that hold personal infomation with its protection.</p> <p>This is a simple requirement yet one that leaves many bewildered - often because of the acronym you refer to - &quot;IT&quot;.</p> <p>Information Security (IS to give you another acronym) does not implicitly involve IT neither do the controls required to manage it per se.</p> <p>What is evidenced by the recent Revenue and customs fiasco is several failings in procedure, notably:</p> <p>1 - Had any consideration been given to the consequences of the loss of data of this type and of this order of magnitude? - i.e. was this loss a known risk and was the impact appreciated?</p> <p>2 - Had any consideration been given as to how such a risk might be mitigated? - i.e. accepting the need to make this data available to the Audit Office, how might it be done securely?</p> <p>3 - Had due consideration been given to the purpose of the request for data on this scale?</p> <p>If we assume that the answer to any of the above questions is &quot;yes&quot;, then what communication of process and procedure had been made to those charged with the task and was the effectiveness of any such procedures tested?</p> <p>If we again assume that such tests were made, were the findings fed back in to the review of process?</p> <p>These few considerations encapsulate the good practice that is promoted by adherence to accepted standards of working - such as those provided for by ISO27001, the international standard on Information Security.</p> <p>Whilst in the modern age IT will almost always be involved in data-related processes, it only does so as a mechanism to hold, process and communicate the information in question. In other words, IT considerations are relatively low-level within IS management. </p> <p>Successful IS management requires an objective understanding of the potential threats to the data held; a commercial valuation of the consequences of that data being disclosed, lost or corrupted; a commitment to mitigate such threats and a means of monitoring the effectiveness of such mitigation.</p> <p>Information Security has already become an implicit component within Industry in many parts of the world. We seem to be lagging rather a long way behind in the UK.</p> <img src="http://community.printweek.com/aggbug.aspx?PostID=309" width="1" height="1">re: News in print is here to stayhttp://community.printweek.com/blogs/girl_on_print/archive/2007/10/19/news-in-print-is-here-to-stay.aspx#263Tue, 20 Nov 2007 16:37:08 GMT27ca137d-e3f4-4a9a-9635-81050c58a66e:263will pollard<p>Print and online are not mutually exclusive. Amazon are promoting a digital reader but expect to sell more hard copy as well, probably from the same authors.</p> <p>RIT have a project around 'print in the mix' as if print needs to make a case as one option of many.</p> <p>Could there be space here for this sort of approach? this is a blog after all.</p> <img src="http://community.printweek.com/aggbug.aspx?PostID=263" width="1" height="1">