INDEX
- 3G/4G interoperability, 322
- Accounting business-unit taxonomy, 454f
- Actionable plans, development, 82
- Active Directory Federation Services (ADFS), 354
- Administration, decentralization, 267
- Administrative metadata, 440
- Adverse events, financial/operational impact (determination), 58
- Adverse inference, 139
- Agent-based solutions, usage, 264
- Agreed-on trigger events, automated capture, 203
- Amazon Machine Learning, 363
- American Institute of Certified Public Accountants (AICPA), 45
- American National Standards Institute (ANSI), 93, 449
- American Recovery and Reinvestment Act, 241
- Analytics, 357, 359–363
- Anonymous social networks, usage, 302
- Anthem, Inc., IG failure, 12–13
- Anticipation (executive sponsor purpose), 70
- Anti-virus (mobile computing trend), 323
- Apple iOS, usage, 326
- Application programming interface (API), 218, 345
- Applications catalogue, 188–189
- Approval (executive sponsor purpose), 70
- Archival information package (AIP), 398–403
- Archival storage, 398, 415
- Archive
- Archives Act, 469
- ArchivesSocial, 310
- Archiving technology, 289
- ARMA International, 88, 118, 171, 198
- GAR Principles, 91
- Artificial intelligence as a service (AIaaS), 363
- AS 8015, principles, 96
- Asia-Pacific Economic Cooperation (APEC), 243–244
- Asia, privacy, 243–244
- Asset management, 95
- Associates in Psychiatry and Psychology (APP), IG failure, 11
- Audience, identification, 441
- Auditing, 267
- Auditor, usage, 150
- Australasian Digital Recordkeeping Initiative (ADRI), 96
- Australia
- Australian ERM standards, 101–102
- Australian Government Locator Service (AGLS), 102
- Australian Information Commissioner Act, 470
- Australian records standards, development, 102
- Australian standards, 102
- Authentication, authorization, and audit (AAA) controls, 342
- Auto-categorization analytics software, implementation, 116
- Auto-classification, 155, 157, 365, 434
- Automatic archiving, usage, 288–291
- Automation, 126
- Availability (GAR Principle component), 35, 40, 88
- Azure Active Directory service, 354
- Backups, 11
- Backward compatibility, 418
- Barnhart, Brent, 300
- Best practices, 15, 91–92, 315–316, 330
- Better Business Bureau, 232
- Big Data, 75, 216, 358, 372
- Blogs, 308, 314
- Blue Pill root technique, 346
- Blueprints, protection, 271–272
- Botnets, impact, 344
- Brand equity, preservation/protection, 116
- Breaches, 56
- Bring-your-own-device (BYOD), 324–325, 331, 340, 349
- British Standards Institute (BSI), 92–93, 449
- Broadcast Wave Format (BWF), 409
- Broad network access, 337
- Brown, Jerry, 243
- Budget (executive sponsor purpose), 70
- Build and maintain (Navy Yard rebirth phase), 127, 128
- Business, 76–77, 196, 212, 276, 397
- California Consumer Privacy Act (CCPA), 3, 14, 161, 242–243
- Canada, records management (laws/regulations), 466
- Canada Revenue Agency, 99, 466
- Canadian Institute of Chartered Accountants (CICA), 45
- Canadian Records Retention Database (excerpt), 201f
- Capture, 39
- Center for Internet Security (CIS), 250–251, 349–350
- Certificate authority (CA), certificate issuance, 261
- Certification and accreditation (C&A) report, 348
- Certification checklists, 93
- Certified Ethical Hacker (CEH), 252
- Certified Information Privacy Manager (CIPM), 239
- Change management (CM), 21, 33, 396, 426–429
- Channel messaging, solutions, 294–295
- Chief Information Governance Officer (CIGO), impact, 106, 425
- Chief Information Security Officer (CISO), 64
- Chief knowledge officer (CKO), 72
- Children's Online Privacy Protection Act (COPPA), 242
- Chipotle Mexican Grill, IG failure, 11–12
- Choice/consent (GAPP criterion), 46
- CIS Top 20, 62t, 116
- Civil litigation, requirements, 164
- Classification, 162, 435
- micro-classification, avoidance, 185
- Clean (Navy Yard rebirth phase), 127
- Clinton, Hillary (email usage), 288
- Closure, 203–204
- CloudBurst, 346
- Cloud computing, 165, 336–341
- Cloud connection, insecure points, 344–345
- Cloud Controls Matrix (Cloud Security Alliance), 250
- Cloud deployment models, 339
- Cloud file storage, 340
- Cloud Machine Learning, 363
- Cloud Security Alliance, 341
- Cloud services, 344
- Code of Federal Regulations (CFR), 58, 200–201, 464–465
- Collection
- Community cloud, 339
- Community government business-unit taxonomy, 452f
- Complexity fees, 124
- Compliance, 95, 126, 165, 270
- Compliance, Governance and Oversight Council (CGOC), 6, 79, 88, 118, 137
- Component obsolescence, 396
- Computer-aided design (CAD), 266, 271–272
- Computer-assisted review, 135
- Computer systems, failure, 396
- Conceptual data modeling approach, 219
- Confidential data, large print files (security issues), 258–259
- Confidential documents, theft, 13
- Confidential e-documents, challenge, 256–257
- Confidentiality Integrity Availability (CIA) triad, 45
- Confidentiality National Health Service (NHS), code of practice, 245
- Confidential stream messaging, 275–276
- Consensus mechanism, 367
- Consultative Committee for Space Data Systems, OAIS development, 397
- Consumer review networks, usage, 301
- ContentandCode, 304
- Content control, 316
- models, 315
- Content, impact, 195
- Content management principles, 315–316
- Content services, 163
- Contextual enforcement, 273
- Continuous improvement, 33–34, 430
- Continuous process improvement (CPI), 429
- Controlled vocabulary, 436
- Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM), 242
- Control Objectives for Information and (related) Technology (COBIT®), 22–23, 220–221
- Corporate governance, 8
- Corporate memory, preservation, 167
- Corporate objectives, 115, 116
- Corporate-owned, personally enabled (COPE) devices, 349
- Cost factors, 125f
- Cost sources, 125–126
- Council of Information Auto-Classification, “Information Explosion,” 152
- Covered Entities (CE), 240
- Credit card information (PCI), 30
- Crimes Act, 471
- Cross-functional communications, promotion, 315
- Cross-functional IG council, establishment, 78, 92
- Cross-functional IG team, creation, 145
- Cross-functional mobile strategy team, formation, 331
- Cross-mapping scheme, 446
- Culture, establishment, 145
- Current state capabilities, 410
- Customer relationship management (CRM), usage, 327
- Custom taxonomies, prebuilt taxonomies (contrast), 448–449
- CyberArk, 248
- Cyberattacks, proliferation, 246
- Cybersecurity, 116, 245, 376
- Cyber-security process, accountability, 56
- Dashboards, usage, 124
- Da Silva Moore v Publicis Groupe, 155
- Data
- access, right, 477
- analytics, 357–358
- architecture, 217–218
- asset, uniqueness (recognition), 21
- breach, 214, 477
- categories, 219f
- cleansing/scrubbing, 20, 213
- debris, deletion, 79–80, 92
- growth, 152–154
- information, value (loss), 79–80
- integration (data modeling approach), 219
- management, 398
- map, 195
- modeling, 218–219, 218f
- portability, 477
- privacy, 169–171, 190
- protected data, data security design pattern, 273
- protection, 26, 190, 225, 478
- quality, 215, 233
- securing, approaches, 272–274
- stewardship, 20
- type, 236
- value, computation, 214
- Database activity monitoring (DAM), usage, 224–225
- Data Controller (DC), 239
- Data governance, 19–21, 213–215
- Data Governance Institute (DGI) data governance framework, 215, 216f
- Data loss prevention (DLP), 26, 130, 224, 263–265
- Data Protection Act, 172, 245
- Data Protection Officer, 478
- Data quality, 21, 79
- Decentralized architecture, 367
- Decision-based processes, 181
- Decision making
- De-duplication, 20, 213
- Deep learning, 363
- Defense in depth, 254
- Defensibility, end state, 156–157
- Defensible deletion, 145
- Defensible disposal, 151
- Defensible disposition, 135, 146, 153, 157
- Deleted files, location, 258
- Deposit agreements, 402
- Descriptive analytics, 357, 358
- Descriptive metadata, 440
- Design and Implementation of Recordkeeping Systems (DIRKS), 96, 171
- Device
- Diagnostic analytics, 357, 358
- Digital content, indexing, 155
- Digital information assets, preservation, 81, 92
- Digital preservation, 393
- Digital records, 98, 155
- Digital repository, 414–415, 419–420
- Digital signatures, 34, 261–262
- Digital subject access request (dSAR), 26
- Digitization, 126
- Direct observation, usage, 180
- Disaster recovery (DR), 7
- Discard (disposition method), 41
- Disclosure (third parties) (GAPP criterion), 47
- Discovery
- Economic environment, survey, 76–77
- E-discovery, 10, 125, 135
- assistance, technologies (usage), 147–151
- collection, 63, 365
- costs, 74, 124
- dangers, 378
- Federal Rules of Civil Procedure, 135–137
- information governance (IG), 143–146, 143t–144t
- issues, 377–380
- legal case, 139
- life cycle, 144
- plan, development/execution, 143
- planning, guidelines, 142–143
- process, steps, 140
- readiness, 145–146
- review, 365
- techniques, 140
- usage, 146
- Elastic Compute Cloud service, usage, 34
- Electronically stored information (ESI), 136, 140, 164, 199
- Electronic Code of Federal Regulations (e-CFR), 201
- Electronic Communications Privacy Act (ECPA), 244–245
- Electronic content, migration, 400
- Electronic document and records management systems (EDRMS), 97, 101, 447
- Electronic records
- Electronic Records as Documentary Evidence (CAN/CGSB-72.34-2017), 99
- Electronic records management (ERM), 31, 80, 161, 433, 438
- agreed-on trigger events, automated capture, 203
- Australian ERM, 101–102
- benefits, 166–167
- Canadian standards, 99–100
- importance, 173
- intangible benefits, 167–168
- legal considerations, 99–100
- retention/disposition capabilities, 203
- software, usage, 34
- system, acquisition/implementation, 174
- system/application, 314
- usage, 80
- Electronic records management systems (ERMS), 101
- Electronic Transactions Act, 471
- E-mails, 287
- archiving, 289
- bucket approach, 291
- destructive retention, 80, 147, 199–200, 290–291, 921
- documentation, 198
- encryption, 259, 273
- information governance, usage, 285
- integrity/admissibility (preservation), automatic archiving (usage), 288–291
- messages, 80, 92, 197
- records, 197–199, 290
- retention period, 147, 199
- risk, organizations (employee exposure), 286
- social media, contrast, 305
- Embedded protection, 268–270
- Emerging technologies, leveraging/governing, 357
- Empirical metrics, 401
- Employees
- Emulation, 418
- Encryption, 92, 269, 342
- Endpoint management, unification, 325
- Enforcement, technology application, 14–15
- Enterprise content management (ECM), 33, 256–257
- Enterprise data, 219, 273
- Enterprise file synch and share (EFSS), 33
- Enterprise information security practices, direct connection, 56
- Enterprise mobility management (EMM), 321, 325, 350
- Enterprise resource planning (ERP) database, 120
- Enterprise, social media (usage), 304–305
- Environmental Protection Agency (EPA), 167
- Environmental security, 95
- Equity value, protection, 56
- E-records
- Etsy, Dan, 129
- European Broadcasting Tech 3285: 2011 Broadcast Wave Format, 409
- European Research Cluster on the Internet of Things, 374
- European Union (EU) General Data Protection Regulation (GDPR), 3, 31, 235–239, 476–478
- Event-based disposition, prerequisites, 202–203
- Evidence Act, 100, 466–467, 471
- Evidence-based practice (EBP) protocols, AI assistance, 365
- Executive sponsors
- Expectation management (executive sponsor purpose), 70
- Expense report, 437
- Extended enterprise, 257–259
- Extensibility, 444
- eXtensible Markup Language (XML), 400, 405, 407
- External factors, survey/evaluation, 75–81
- Extract, Transform, and Load (ETL) capabilities, 219
- Extraterritorial applicability, 476
- Facebook, social media site, 300, 309
- Facet-driven mechanism, 149–150
- Faceted search, usage, 445
- Faceted taxonomies, 452
- Fair and Accurate Credit Transaction Act, 240
- Fair Credit Reporting Act (FCRA), 240
- Fair Information Practices (FIPS), 232–233
- Federal Bureau of Investigation, IG failure, 13
- Federal Deposit Insurance Corp. (FDIC), 330
- Federal Information Security Management Act, 348
- Federal Rules of Civil Procedure (FRCP), 14, 135–137, 164, 380
- Federal Trade Commission (FTC), 240
- Federal Wiretap Act, 244
- File analysis classification and remediation (FACR), 361, 365
- Files
- Filtering technologies, 148
- Final disposition criteria, 203–304
- Financial Institution Privacy Protection Act, 463
- Financial Management and Accountability Act, 471
- Firefox browser, usage, 309
- Flexibility, decrease, 93
- Flynn, Nancy, 275
- Folksonomies, 458
- Food and Drug Administration (FDA), records inspection, 464
- Ford Motor Company, IG failure, 13
- Formal IG Program Charter, creation, 78, 92
- Freedom of Information Act (FOIA), 172, 191, 193, 245, 469–470
- Free-text metadata field, option, 458
- Full cost accounting (FCA), 123–124
- Full disk encryption (FDE), 260, 269
- Fully managed devices, 349
- Functional taxonomy, implementation, 116
- Function records, 197
- Future costs, 124
- Geithner, Timothy, 288
- General and administrative costs, 124
- Generally Accepted Privacy Principles (GAPP), 45, 231–232
- criteria, 46–48
- Generation Gmail entry, 304
- Global Aerospace, Inc., Et al. v. Landow Aviation, LP, et al., 148
- Global Information Locator Service (GILS), 444–445
- Global positioning systems (GPS), 322
- “Going forward” strategy, implementation, 21
- Goodgle Android, apps (usage), 328
- Governance, risk management, and compliance (GRC), 77
- Government oversight, increase, 163–164
- Gramm-Leach-Bliley Act (GLBA), 463
- Graphics image format (GIF), compression algorithms, 408
- Gruman, Galen, 337
- IBM Watson, 363
- Identity access management, usage, 254–255
- Identity and access management (IAM), 254
- Imaging (disposition method), 41
- Implementation frameworks, 93
- Indirect costs, 124
- Individual participation principle, 234
- Industrial Internet Consortium (IIC), 382
- Industry
- Infonomics, 10, 117, 244
- Infonomics (Laney), 4, 30, 117, 214
- Information
- accessibility, 32
- baseline, 130
- breaches, 342
- cap-and-trade system, 130
- classification, technology (usage), 155–156
- confidence, obtaining, 26
- control, 32–33
- costs, calculation, 121–122
- creation/usage, mapping, 26
- custodians, 154
- delivery platforms, changes, 165
- effectiveness, impact, 152
- environment, changes, 119–121
- footprint, 6
- full cost accounting, 123–124
- growth, 151–152
- harvesting/leveraging, 26
- integrity, 31
- life cycle, 90
- loss, 341–342
- management, 80, 151–158, 216–219
- models, 129–130
- monetization, 26
- organization/classification, 31–32, 433
- privacy, 32, 229–231
- quality, 213–214
- retrieval, 150
- safeguarding, 167
- search/access/collaboration, 126
- security expert, hiring, 330
- stakeholder, participation, 29
- systems, acquisition/development/maintenance, 95
- units (tracking/trading), internal accounting system (creation), 130
- value, 117, 127–129, 145
- Information and communication technologies (ICT), 75
- Information Asset Register (IAR), 185–189
- Information asset risk planning
- Information assets
- Information governance (IG), 25, 94–96, 115, 142
- accountability, importance, 34
- approach, customization, 212
- artificial intelligence, role, 363–366
- awareness, 164
- best practices, 69, 78–80, 91–92, 223–225
- business case, 212
- business conditions, survey, 76–77
- challenges, 372–375
- common terms, usage, 26
- continuous improvement, 33–34
- debt, increase, 382
- decisions, 30
- defining, 7–9
- development, 4–5
- economic environment, survey, 76–77
- E-discovery, relationship, 143–146
- efforts, standards (relevance), 93–98
- enforcement, 255–256
- executive sponsor role, importance, 70–71
- executive sponsorship, 33
- external factors, survey/evaluation, 75–81
- failures, 11–14
- formal IG Program Charter, creation, 78, 92
- framework, best practices/standards selections (impact), 105
- framework/maturity model, usage, 79, 92
- functions, 211, 229
- good business, 9–10
- guidelines, 351–352, 434
- IG-enabled organization, appearance, 130–132
- impact, 135
- imperative, 3
- importance, 361
- industry best practices, survey/determination, 77–80
- input, gaining, 83
- IoT trustworthiness, contrast, 384
- issues, 376–377
- IT governance/data governance, differences, 19
- legal functions, 135
- legal hold process, 144
- legal/regulatory/political factors, analysis, 77
- monitoring/accountability, 425–426
- monitoring/auditing, 33
- ongoing program, 9, 78–79
- plan, organizational strategic plan (alignment), 73–75
- policies, 14–15, 48–49, 80, 87, 92, 394
- principles, 29
- process, steps, 128t
- proof of concept, e-discovery (usage), 146
- requirements, 165
- RIM functions, relationship, 161
- Sedona Conference® Commentary, 29–30, 87
- Smallwood information governance principles, 30–34
- strategic plan, 81–83
- strategic planning, 69
- strategy, information (synthesis/fusion), 81–82
- team, 72–73
- threats/concerns, 348–349
- usage, 285, 299, 319, 335
- Information Governance for Healthcare Professionals, 118
- Information Governance Framework (IGF), 380
- Information Governance Process Maturity Model (IGPMM), 79, 89, 119
- Information governance (IG) program, 3
- analytics, role, 360
- auditing, effectiveness, 80, 92
- best practices, 92
- business considerations, 119
- conformance/performance, measurement, 80
- creation, 82–83
- efforts, 211
- elements, 80
- establishment, 29
- guidelines, 30–34
- impact, 25–26
- implementation, 29, 142
- independence, 29
- information stakeholder participation, 29
- initiation, 118
- maintenance, 425
- objectives, 115, 116
- organizational strategy, development, 78
- piloting, business unit candidates, 117
- SAT, impact, 249
- strategic objectives, 29
- Information risk planning process, 56–59
- Information Technology Infrastructure Library (ITIL), 22, 24, 222–223
- Inherited metadata, 438
- Innovation, security (contrast), 328–330
- In-person interviews, conducting, 179
- Insider threats, 247–248, 343
- Instant messaging (IM), 63, 291–292
- Institute for Security and Open Methodologies (ISECOM), 251–252
- Intangible benefits (ERM), 167–168
- Integration, data modeling steps, 218f
- Integrity (GAR Principle component), 35, 39, 88
- Intellectual entities, 404
- Intellectual property (IP), 153, 247
- Internal accounting system, creation, 130
- Internal price lists, securing, 272
- Internal Revenue Service (IRS), Elastic Compute Cloud service (usage), 348
- International Association of Privacy Professionals (IAPP), 45–46, 239
- International Council on Archives (ICA), 96
- International Data Corporation (IDC), 151
- International metadata standards/guidance, 442–446
- International Organization of Standardization (ISO), 93, 161, 394, 449
- Internet-based applications, integration, 304
- Internet-based networks, usage, 302
- Internet of Things (IoT), 75, 231, 357
- challenges, 379–380
- contracts system, 375
- cybersecurity, 376
- data, 381–382
- definitions, 373
- Detect Derive Decide Do (4 Ds), 380
- devices, 325, 378
- E-discovery issues, 377–380
- growth, 373
- information governance (IG), 372–377
- privacy, 376
- publicity, 376
- risks, 376–377
- states, 383
- trustworthiness, 380–386
- Internet of Things European Research Cluster (IERC), IoT definition, 373
- Interoperability support, 93
- Interviewees, selection, 181
- Interviews, 182, 182f–183f
- Inventory
- Irish Data Protection Commission (DPC), 238
- ISO13008:2012 (Information and documentation), 98
- ISO 14721:2012 (Space Data and Information Transfer Systems), 103
- ISO14721:2012 “Space Data and Information Transfer Systems,” 103
- ISO 14721/ISO 16363, 413–415
- ISO 15489 Records Management, 102
- definitions/relevance, 442
- ISO 16175, 97
- ISO 16363:2012 (Space Data and Information Transfer Systems), 103, 401–403
- ISO 19005-1:2005 “Document Management,” 102
- ISO 19005 (PDF/A) Document Management, 406–407
- ISO 22301:2012 (Societal Security), 104
- ISO 28500: 2009—WebARChive, 409
- ISO 30300:2011 (Information and Documentation), 97
- ISO 38500, 24–25, 95–96, 223
- ISO/IEC 13818: 2000 Motion Picture Expert Group, 409
- ISO/IEC 15444:2000—Joint Photographic Engineers Group, 408
- ISO/IEC 15498: 2004 Information Technology-Computer Graphics, 408
- ISO/IEC20000, 222
- ISO/IEC 27001:2013, 94–95
- ISO Technical Specification 23081-1:2006 Information and Documentation, 442–443
- ISO/TR 13028:2010 (Information and documentation), 98
- ISO/TR 18128:2014, 94
- ISO TR 18492 (2005) (Long-Term Preservation of Electronic Document Based Information), 103, 400–401
- Laney, Doug, 4, 30, 117, 214, 357
- Laptops, IG (usage), 326
- Layoffs, trade secrets (securing), 270–271
- Legacy electronic records, acquisition, 418
- Legal costs, 124
- Legal hold notification (LHN), 31–33
- Legal hold process, 144
- Legal hold programs, building, 146
- Legal review team, 150
- Leming, Briton Reynold, 186, 189
- Leverage technology, 143
- Library of Congress subject headings (LCSH), 449, 450f
- Lightweight directory access protocol (LDAP), 268
- LinkedIn, social media site, 300, 309
- Linux Foundation, 369
- Litigation, 117, 153
- Logan, Debra, 34, 211
- Logical data modeling approach, 219
- Long-term archival records, 200
- Long-term business planning, 402
- Long-Term Digital Preservation (LTDP), 7, 32, 39, 102–104
- Long-Term Digital Preservation Capability Maturity Model (CMM)
- scope, 412–416
- Madrid Resolution 2009, 234–235
- Malicious insider, 247
- Malware, impact, 344
- Management (GAPP criterion), 46
- Management location, 120
- Management systems for records (MSR), 97
- Manning, Bradley (Chelsea), 307
- Many-to-many associations, 437
- Marketing professionals, tools (usage), 300t–301t
- Masking, deployment, 225
- Master Data Management (MDM), 211, 213, 216–217, 225
- Meaning-based search, usage, 148
- Meaningful use, benefits, 365
- Media renewal, 400
- Medicare reimbursements, 365
- Metadata, 433, 436
- Metrics
- Micro-classification, avoidance, 185
- Micro-electromechanical systems (MEMS), 372, 374
- Microsoft Active Directory (AD), 268
- Microsoft Cognitive Services, 363
- Microsoft Windows Office Desktop, security, 257–258
- Migration, 126, 418
- refreshment/replication/repackage/transformation, 399
- Mission-critical process protection, 104
- Mission statement, 401
- Mitigation efforts (risk reduction measurement), metrics (determination), 63–64
- Mobile applications
- Mobile guide, CIS controls, 349–350
- Mobile strategy, goals (clarification), 331
- Mobile threat defense (MTD), 350
- Model Contract Clauses (MCCs), 478
- Model Requirements for Management of Electronic Records (MoReq2), 101
- Monetize (Navy Yard rebirth phase), 127, 128–129
- Monitoring/auditing tools, deployment, 224–225
- Monitoring/enforcement (GAPP criterion), 48
- MoReq2010, MoReq2 requirements unbundling, 101
- Motion Picture Expert Group (MPEG-2), 409
- Multitenancy, issues, 345–346
- National Association of Realtors, 369
- National Association of Securities Dealers (NASD), 266, 463
- National Cultural AudioVisual Archives (NCAA), 420
- National Institute of Standards and Technology (NIST), 93, 336, 339
- Cybersecurity Framework, 250
- National Security Agency (NSA), 246
- Natural disaster, impact, 396
- Navigation, importance, 435
- Naylor, David, 363
- Near-preservation-ready formats, electronic records (acquisition/transformation), 417–418
- Neighbors, knowledge, 347–348
- Nerney, Chris, 306
- Netbooks, IG (usage), 326
- Net neutrality, 231
- Network infrastructure, storage (relationship), 126
- NextRequest, 311
- NHS Care Record Guarantee for England, 245
- Noncompliance fines/sanctions, 57
- Non-Invasive Data Governance (Seiner), 19
- Nonmalicious insider, 248
- Non-record information, categorization/scheduling, 32–33
- Notice (GAPP criterion), 46
- Noto, Anthony, 307
- Offensive Security Certified Profession (OSCP), 252–253
- Office365, IG (usage), 352–354
- Office for Civil Rights (OCR), 240
- Office of the Australian Information Commissioner (OAIC), 470
- On-demand self-service, 337
- One-to-many associations, 437
- Open access period, 469
- Open Archival Information System (OAIS), 397
- Open Archival Initiative Protocol for Metadata Harvesting (OAI-PMH), 443
- Open Archives Initiative Protocol for Metadata Harvesting (OAI-PMH), 443
- Openness principle, 234
- Open-Source Security Testing Methodology Manual, 251–252
- Open standard technology-neutral formats, 400, 405–409, 406t, 414
- Open Web Application Security Project (OWASP), 252
- Operating systems (OS), 319, 346
- Operational technology (OT), 374
- Operations management, 95
- Opt-in/opt-out jurisdiction, 230
- Organisation for Economic Co-operation and Development (OECD) privacy principles, 233–234
- Organizational “defense in depth,” 56
- Organizational goals/objectives (support), actionable plans (development), 82
- Organizational infrastructure, 401–402
- Organizational strategic plans, IG plan (alignment), 73–75
- Organizational strategy, development, 78
- Organizations
- PageFreezer, cloud storage, 310
- Password protection, 325
- Pattern search, usage, 148
- Payment Card Industry Data Secured Standard (PCI-DSS), 270
- Peck, Andrew, 155
- Penetration testing (pen test), 252–253
- Perimeter security, limitations, 253–254
- Personal archiving, 80, 92, 289
- Personal data, usage, 186–187, 235–236
- Personal digital assistants (PDAs), 337
- Personal information, divulging, 294
- Personally identifiable information (PII), 12, 30, 190, 229–230, 243
- Phishing, 285
- Physical data modeling approach, 219
- Physical security, 95
- Planning/control (executive sponsor purpose), 70
- Policy
- Portable computers, IG (usage), 326
- Portable Document Format (PDF), 407
- Portable storage devices, IG (usage), 326
- Prebuilt taxonomies, custom taxonomies (contrast), 448–449
- Predictive analytics, 357, 358
- Predictive coding, 74, 135
- Preservation description information (PDI), 398, 399
- PREservation Metadata Information Strategies (PREMIS)
- Primary Trustworthy Digital Repository Authorisation Body (PTAB), 420
- Prime directive, 466
- Principle of Least Privilege (POLP), 45
- Privacy, 45–48, 56, 229–232, 478
- Asia, privacy, 243–244
- infonomics, relationship, 244
- information privacy, 32, 229–231
- IoT, 376
- laws, 244–245, 475, 478–480
- OECD privacy principles, 233–234
- organizational “defense in depth,” 56
- process, accountability, 56
- programs, 239
- regulations, 475
- requirements, measurement/enforcement, 56
- United States privacy, 240–244
- Privacy Act, 470
- Privacy Awareness Training (PAT), 107, 130
- Privacy compliance, 10
- Private cloud, 339
- Privileged access, verification, 225
- Probability, determination, 55
- Productivity gains/losses, 124
- Program communications/training, 106–107
- Program controls, monitoring/auditing/enforcement, 107
- Programs/service staff, interview, 181
- Progress (measurement), metrics (usage), 116
- Project Management Book of Knowledge (PMBOK), 23
- PRONON program, 406
- Propagation-based mechanism, 150
- Protected health information (PHI), 30, 230, 240, 324
- Protected process/data, data security design pattern, 273
- Protection (GAR Principle component), 35, 39, 88
- Provenance, 189
- Public cloud, 339
- Public health initiatives, AI contribution, 365
- Public key infrastructure (PKI), usage, 368
- Public Record Office (PRO), 101
- Public Records Act, 245
- Public social media solutions, 309–310
- Purge (disposition method), 42
- Purpose specification principle, 233
- Push-button applications (mobile computing trend), 323
- Radio frequency identification (RFID), 322
- Rallo, Artemi, 235
- Ransomware, 56–57, 214
- Ransomware-as-a-service, 57
- Really simple syndication (RSS), 299
- Records
- appraisal, 40, 184
- classification, 195, 447
- creation/growth, control, 167
- creators/owners, 413
- destruction, proving, 205
- disposal, 204–205
- documents, contrast, 442
- findability, improvement, 80
- grouping rationale, 196, 446
- identification, 315
- integrity, 39
- inventory/classification, 195–196
- location, determination, 179
- preservation, threats, 396–397
- producers/stakeholders, proactive engagement, 419
- provenance, 195
- record-free e-mail, usage, 260
- scheduling, decisions, 195–196
- series, 196–197
- storage, centralized policies/systems (absence), 153
- taxonomy, 447
- threshold determinations, 314
- value, appraisal, 184
- Records inventory
- Records management (RM), 96–98, 351
- business rationale, 163–164
- challenges, 165–166, 305
- data privacy management, relationship, 169–171
- functionality, 316, 349
- issues, 335
- laws/regulations, 463
- micro-classification, avoidance, 185
- policies/procedures, access, 38
- policy, adoption/compliance, 184–189
- processes, 88
- programs, 35, 88
- requirements, identification, 471–472
- space, 161
- standards, 101–102
- strategy, 153
- technologies, assimilation, 167
- Records Management NHS Code of Practice, 245
- Records retention
- Reference data management (data modeling approach), 219
- Relationships, understanding, 186
- Repository-based approaches, limitations, 256–257
- Resource pooling, 337–338
- Responsibility assignment matrix (RACI matrix), 105–106
- Responsible, accountable, consulted, informed (RACI) matrix, 64
- Retention, 162, 188
- automation, 205
- capabilities, 203
- compliance research, 200–201
- event-based retention scheduling, 201–202
- GAR Principle component, 36, 40, 88
- legal limitation periods, 200
- legal requirements, 200–201
- periods, 203–204
- policy, extension, 143
- records retention schedule, development, 192
- schedule, 204–207, 315
- scheduling, principles, 191–192
- Retention schedules, 193–195
- Return on investment (ROI), 10, 146, 157, 304, 306
- Risk
- adverse findings, reduction, 63
- assessment, 62t, 65, 214–215
- avoidance, 315
- events, materialization (likelihood), 58–59
- identification, 55, 65
- levels, evaluation, 65
- management, 10, 94
- map, 60
- mitigation, 61–62, 64–65
- probabilities, evaluation, 65
- profile, creation, 59–61
- recognition, 145
- reductions (measurement), metrics (determination), 63–64
- Sarbanes-Oxley Act (SOX), 163–164, 289, 464
- Scalable Vector Graphics (SVG): 2003—W3C Internet Engineering Task Force, 408
- Scotland, Parliament (acts), 468
- Search capabilities, 316
- Search results (improvement), taxonomies (impact), 436–437
- Secure communications, record-free e-mail (usage), 260
- Secure printing, 258
- Secure sockets layer (SSL), 325
- Securities and Exchange Commission (SEC)
- Security
- benefits, 166
- building, 326–329
- classifications, 186
- concerns, 165
- e-document security, provision, 80
- enterprise information security practices, direct connection, 56
- functions, 229
- information security, 32
- innovation, contrast, 328–330
- issues, 258–259, 378–379
- mobile computing trend, 322–323
- perimeter security, limitations, 253–254
- policy, 95
- processes, integration/automation, 225
- risk management, 403
- safeguards principle, 233
- Security Information Event Monitoring (SIEM), usage, 249
- Security Technical Implementation Guides (STIGs), 224
- Sedona Conference®, 29–30, 87, 313
- Seiner, Robert, 19
- Senior records officer (SRO), 72–73
- Sensitive data, encryption, 330
- Service-level agreements (SLAs), 346
- Service-oriented architecture, 338
- SHA128 hashing process, 354
- SharePoint, capabilities, 275
- SharePoint, IG, 352–354
- Sharing economy networks, usage, 302
- Short Message Service (SMS), 320
- Short-term business planning, 402
- Shred (disposition method), 41
- Smallwood information governance principles, 30–34
- Smarsh, 310–311
- Smartphones
- Smishing, 320
- SnapChat applications, 377
- Snowden, Edward, 246, 307
- Social Care Record Guarantee for England, 245, 276
- Social engineering, 321
- Social media, 165
- archiving, 309–311, 310t
- categories, 300t–301t, 303
- e-mail/IM, contrast, 305
- IG framework, 311
- information governance, 299, 311
- litigation considerations, 313–315
- management software, 310t
- planning stage, records (identification), 315
- policy, 306, 312
- posts, legal risks, 307–308
- publication process, establishment, 315
- public social media solutions, 309–310
- records management, 313–316
- risks, 306306–
- technology, leverage, 304–305
- tools, usage, 302t, 303t
- types, 299–302
- usage, 304–305
- Social shopping networks, usage, 301
- Social tagging, 434, 458
- Software development life cycle (SDLC), 330
- Software tools, usage, 180
- Solid state drives (SSDs), 396
- mobile computing trend, 322
- Standard General Markup Language (SGML), 407
- Standard industry classification (SIC) codes, 219
- Standards
- Standards Council of Canada, 93
- State government regulatory agency functional taxonomy, 453f
- Steering committee, establishment, 78, 92
- Storage
- Tablets, IG (usage), 326
- Tagged image file format (TIFF), 400, 407
- Taxonomy (taxonomies), 162, 433, 446–447
- accounting business-unit taxonomy, 454f
- community government business-unit taxonomy, 452f
- faceted taxonomies, 452
- maintenance, 457–458
- metadata, 437–438, 437f, 454f
- necessity, 435–436
- prebuilt taxonomies, custom taxonomies (contrast), 448–449
- records grouping, 446
- records retention schedule, mapping, 447f
- state government regulatory agency functional taxonomy, 453f
- structure, metadata (application), 438f
- testing, 457
- thesaurus use, 449
- types, 449–453
- Teisch, Rachel, 376
- Terminations, trade secret (securing), 270–271
- Territorial scope, increase, 476
- Text analytics, 148–149
- Text mining, 434, 445–446
- The National Archives (TNA), 101
- Theoretical basis, impact, 93
- Thesaurus, 438
- Thin clients, 269, 273
- Thin device, data security design pattern, 273
- Third-party disclosure (GAPP criterion), 47
- Third-party possession, 273
- Threat identification/assessment, 104
- Threat, recovery planning, 104
- Topic records, 197
- Total cost of ownership (TCO), 123–124
- Trade secrets, securing, 270–271
- Transaction, e-mail documentation, 198
- Transitory records, retention, 204
- Transparency (GAR Principle component), 35, 38, 88
- Trigger events, 202–203
- Trump, Ivanka (personal e-mail account), 288
- Twitter, social media site, 300, 309
- Unified end-user commuting management (UEM) platforms, 325
- United Kingdom
- United States
- WebARChive (WARC), 409
- Web sites/applications, 299
- Whole disk encryption (WDE), 326
- Winner, Reality Leigh, 307
- Workflow, 148–149
- Workplace, personal archiving (absence), 289
- Worldwide Interoperability for Microwave Access (WiMax) (mobile computing trend), 322
- World Wide Web Consortium (W3C) Internet Engineering Group, 407
- Written records management plan, 173
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.