By Ramsés Gallego, CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, COBIT, Six Sigma Black Belt Certified, international vice president of ISACA
Ramsés Gallego looks at how the European Commission’s new cookie rules are changing the security landscape for Webmasters, IT departments and anyone involved in the editing and maintenance of a Web portal.
Regardless of whether you are a Web designer, IT administrator or not-so-humble end user of the World Wide Web, the chances are that the new European Commission’s rules on cookies – which became law in late May of this year – will have changed your outlook on the Internet.
The new cookie privacy rules are the result of revisions to the EU Privacy and Electronic Communications Directive (2002), which was revised by the Citizen’s Rights Directive (2009) and implemented in the UK through the Privacy and Electronic Communications Regulations (2011).
There are some exceptions to the legislation, but they are very few and far between.
This is a substantial change from the previous regime under which cookies were dropped onto a user’s computer, unless the user had specifically `opted out’ for the site concerned.
The law change – which has been overseen in the UK by the Information Commissioner’s Office – has been implemented to provide greater privacy for Internet users, and controls what data that a Web site operator can drop on to a visitor’s computer.
Although the new legislation is still in its early days of deployment – and the ICO has not yet begun `discussions’ with any sites for failing to abide by the new rules – my observations are that implementing the directive has not been an easy task for most IT professionals, whilst few Internet users – except those within the IT function – are fully aware of the new requirements and what they mean.
The UK’s ICO has issued some helpful guidance notes centering on the need for sites to perform a cookie audit, a user-impact assessment and an action plan. Most automated `Web site in a box’ services have also launched an EU cookie facility for their clients.
Welcome to the world of geo-location
Geo-location is a discipline that is firmly on the modern Internet-aware business agenda, as it can bring tremendous marketing rewards to the site concerned, in the form of geo-marketing activities, targeted messages and the like.
It’s worth noting that the new cookie legislation presents a number of risks to portals that use geo-location technology – and many business have discovered that the risks can potentially outweigh the rewards, mainly because their site is now required to interpret a lot of the data on the user `in the clear,’ including location, time and Web-browsing habits.
In view of this, it is clear that most organisations now need to be cautious when embracing mobility and all the features that come with it – as well as including mobile devices within their corporate security strategy and integrating those devices within their business asset management programme.
The issue that is of most concern, we have observed, is that a growing number of mobile devices have corporate information stored on them and are used for enterprise activities.
The new EU cookie directive obliges service providers to explicitly indicate that the browsing session on a given set of Web pages is being tracked/recorded.
As European legislation watchers will be aware, the new rules are clearly in place for the foreseeable future and its implications – and resulting implementations – pose a number of difficulties from both a security and governance perspective.
ISACA believes that implementing – and continuing to meet the provisions of the EU cookie directive – on a secure and effective basis is the logical way forward, as the data involved is both high-risk and personal.
Sensitive data that could be leaked typically includes information on gender, age and other attributes that could allow your `digital persona’ to fall into the wrong hands, including those of Internet marketers.
This leads us neatly into the privacy aspect of the new legislation – largely as a result of the Internet, most Web users have fewer barriers and fewer secrets than they did just a few years ago.
Many Web users, in fact, think that is now cool to post where we are, what we are doing, with whom, when and even why.
In fact, according to an April 2012 survey conducted by ISACA, 32% of individuals in the US are using location-based services more now than they did 12 months ago.
Against this backdrop, it is clear that organisations need to address how they are gathering location-based information and what they do with it.
This business security process is about defining a security posture around classification of information, data collection practices, etc., that can identify a person’s present location-and equally important, past and future locations. Organisations must clearly indicate the methods of collection, the retention policies, and when-and how-the information will be destroyed.
Failure to comply is not an option
A failure to comply with the new EU cookie directive will certainly have ramifications for a business in terms costs – as well as the obvious legal and reputational consequences.
And, whilst the financial implications can leave a big impact, it should be clear that the cost of reputational damage is likely to be far greater.
ISACA believes that the concept of privacy – when dealing with personal information – centres on the individual’s trust in an organisation and its information systems.
It is this trust that allows us – as individuals – to make a judgement call on whether we are happy to release the kind of information that we do to that organisation.
Unfortunately, we have seen several examples recently with recognised brands suffering data/information breaches. Based on the fallout from these breaches, it should be clear to any manager that companies must communicate the technical and organisational mechanisms they have in place to protect user information-such as encryption, processes and procedures.
How to comply with the Directive
It should now be clear that businesses using geo-location applications and methods of data collection have a responsibility to behave ethically and protect consumers’ information and rights.
And – whilst there are clear differences in how the US, Europe and other regions of the world treat the explicit consent of their Internet user – businesses around the world should provide opportunities to opt-in – not by default, but with an explicit consent from the user.
Businesses also need to include geo-location data as one of the priorities within their audit governance strategy. The definition of governance, by the way, is “setting strategic direction, and achieving corporate goals, working out that risks are managed and that resources are used responsibly.”
ISACA, which believes that the governance of geo-location data should be addressed using these facets of the definition – can offer a lot of assistance in the helping to develop the planning progress that form a central plank of an company’s governance strategy.
Now available as a free download at www.isaca.org/cobit , COBIT 5 is created for business and IT professionals alike.
Its guidance helps enterprises to bridge the gap between IT control requirements, technical issues and business risks.
Recently, ISACA published COBIT 5 for Information Security, which provides additional guidance on the enablers within the COBIT framework and equips security professionals with the knowledge they need to use COBIT for more effective delivery of business value.
The bottom line is that, when it is properly governed, geo-location technology is a tool that can be very effective for both consumers and businesses, and the EU cookie directive will, in the end, protect both of these parties.
About the Author
Ramsés Gallego is international vice president of ISACA and also is a member of ISACA’s Guidance and Practices Committee, the CISM Certification Committee and the CGEIT Certification Committee.
He is also the author of ISACA white papers on geo-location, virtualisation and sustainability and CISM Director for the ISACA Barcelona Chapter.
He also served on the planning committee of the inaugural ISACA World Congress and chaired the planning committee for ISACA’s Information Security and Risk Management Conference in Europe.
Gallego is also security strategist at Quest Software, where he defines the vision of the security discipline and oversees the deployment of services. With a background in business administration (MBA) and law, Gallego has more than 15 years of security experience with expertise in the risk management and governance areas.
Before joining Quest Software, he worked at CA Technologies (formerly known as Computer Associates) for eight years, was regional manager for SurfControl in Spain and Portugal, and most recently was chief strategy officer of the Security and Risk Management practice at Entelgy,
Using COBIT 5 to protect sensitive data in an automated world
COBIT 5: A Business Framework for the Governance and Management of Enterprise IT
COBIT 5 – Use It Effectively
Staff training crucial for SME recovery post-COVID
- 47% of UK’s top performing SMEs provide regular, formalised training for all staff
- Despite this, 15% of small businesses report to never training staff
- New findings come as part of an independent, holistic study into small business success, commissioned by Allica Bank to support British businesses
A new study, commissioned by business bank, Allica Bank, shows that the practice of regular training correlates strongly with high performance in SMEs and will be vital to businesses’ prospects of a swift recovery post-COVID. The study analysed data from over 1,000 companies and ranked their success on a scale that evaluated factors including productivity, growth, consistency and outlook.
Post-pandemic, many businesses will be focussing on day-to-day survival; it might be easy to forget long-term planning, of which staff training is a key component. Allica Bank’s findings indicate that small businesses should incorporate training programmes into their recovery strategy to ensure long-term viability. Training will improve morale, retention and boost the company’s credibility.
The study showed that routine staff training is a common characteristic among the most successful SMEs. 47% of the 100 highest scorers on the SME Performance Index provided training for employees at least on a quarterly basis. However, nearly half of all small businesses (46%) only provide training once a year or less, inadvertently hindering their growth and success prospects.
Frequency of training also differed across sectors. 34% of legal businesses provide training for staff once a month compared to just 6% in the hospitality and leisure sector. Whilst there will always be sector-specific disparities, firms in all industries can benefit from boosting and improving their training programmes.
Chris Weller, Chief Commercial Officer, Allica Bank, said:
“With so many concerns and barriers for small businesses to navigate in the immediate term, it can be difficult for managers to focus on the training and development of their teams. However, if COVID has taught us anything, it is that adaptability and resilience are invaluable.
“The provision of regular training not only builds these characteristics into teams but serves to maintain a sense of value and togetherness that will boost morale, aide retention and improve performance – all of which contribute to the ongoing success of a business.”
“There is no one-size-fits-all approach to training, but it’s vital for business longevity that staff are supported with a formalised programme of some description. Customers will respond well to a company whose employees demonstrate enthusiasm and competence. Employees also need to feel that their skills are constantly being improved and expanding. These skills will contribute to the success of a company and this will feed through to the bottom line.”
Allica Bank’s SME Guide to Success identified six ‘rules to success’ that were more likely to be displayed by top-performing SMEs compared to their counterparts. The full report contains a wealth of additional data and insight into each of these topics.
As part of its mission to empower small businesses, Allica Bank is making the findings freely available and running a series of free online workshops with relevant partner organisations for businesses to attend.
Aliya Vigor-Robertson, CEO, JourneyHR, the expert partner for Allica Bank’s training workshop, adds:
“Staff need direction and the knowledge that they are advancing in their career to stay motivated and engaged at work. An unmotivated, disengaged team is no recipe for long-term success and will ultimately hamper a business. Team members that lack tangible support from above are less likely to identify with their role and its duties, which is a completely natural reaction.
“Regular staff training is a key component of tangible support and will make the team feel secure in their career development. A happy team with purpose and direction will contribute to a thriving business”
What Is Globalization
What is globalization? Globalization, or inter-connectedness, is the ever-growing process of integration and interaction among countries, individuals, businesses, and even governments all over the world. Globalization has rapidly accelerated in recent years because of advances in communication and transportation technology. This allows us to be able to get from one country to another quickly and easily. This also allows us to communicate freely use the Internet to connect with our friends and families around the world.
So what is globalization and why is it important? Globalization will benefit many people around the world who are looking to travel more freely, save money on their monthly expenditure, be able to meet new friends and relatives from different parts of the world, learn more about a new culture, and take part in trade and commerce.
Globalization will benefit all of us because there will be more opportunities for everyone to participate in global markets. People in different countries have access to resources, information, and products they wouldn’t have otherwise been able to afford. There are also many opportunities for people to work at home.
Globalization is not just an economic boon, but it can also benefit all of us in other ways. As globalization continues, the boundaries between individuals, states, and countries will become less porous. There will be fewer political conflicts in the world, less violence, and a greater sense of cooperation, tolerance, and peace. These are all positive impacts of globalization.
However, globalization has also created some negative effects as well. It has caused people from one country to move to another to take advantage of globalization. This is also leading to some negative consequences such as a reduction of jobs in some countries. The effects of globalization also include increased competition and unemployment in many countries. Due to this decrease in jobs, wages are dropping.
The only way we can stop globalization is to make sure that we know what it is and what its benefits are. We must understand globalization and its impact on our lives and make sure we are ready to accept the changes that it may bring. if it is inevitable in the future.
The key is to be educated about globalization. There are plenty of books, websites, and television shows that explain how globalization is impacting us and the rest of the world. Globalization is not always bad, but we must be careful not to lose sight of its positives.
In the end, globalization is here to stay, so we must learn to live with it and embrace its benefits. We cannot fight it and try to fight it off, but we must learn to deal with it. And we can do that by educating ourselves. Globalization is here to stay for the long term but we must learn to adapt to it and learn how to live with it.
Globalization can be beneficial for all of us, but it has also caused many problems in the past. There were many cases of unfair trade practices and there was the rise of unfair labor practices. Some people argue that globalization has also reduced the pay of most Americans. So while globalization is definitely not all bad, we should understand that the benefits of globalization are not unlimited. and that we must be willing to give it some limitations and accept some sacrifices.
The biggest benefit of globalization is the ability for all of us to communicate with each other easily. The ability to connect with other people across borders makes it possible to share ideas, information, and knowledge. Since we can communicate with each other, the chances of getting a good price for our goods or services goes up dramatically. and it also allows us to save money by buying in bulk. This also translates to more savings on our end.
As mentioned earlier, globalization has brought about a change in the way people work and live because people are no longer tied down by jobs. They now have the freedom to travel and do what they enjoy.
As globalization continues, there will always be some people who are unhappy with globalization and are afraid to open their eyes to new opportunities that are available to them. But that is okay; this is part of the process of globalization.
What Is Microsoft Teams
Microsoft Teams is an application and web-based collaboration tool that combines chat, videos, online collaboration, document storage, and collaboration with other applications. The service integrates well with the Microsoft Office 365 business solution and features numerous extensions that can integrate well with other non-Microsoft products, like SharePoint. There are many different versions of Microsoft Teams but here are some of the basic functions that all versions offer.
Teams also offers a variety of options for people to create and customize their own groups. This feature provides a way for people to organize their teams within Microsoft Teams. For example, there may be teams for business projects and then another group for personal tasks or social tasks. There are also different types of teams which include teams for social, personal and business.
Microsoft Teams allows users to make lists of files and documents and view them from different perspectives such as in the document viewer or from another Microsoft Teams project. This feature is called “project pane”, and it shows a summary of each of the files in the project. There are also sections for all files in the project that you can see in the “Files” pane.
Microsoft Teams gives users the ability to share information and collaborate on these shared items. A user can create a document that has other people add comments or attach files and then save the document to a list so that other people can view the document in a Microsoft Teams document viewer.
Another feature of Teams is the ability for you to invite other team members to work with you. A user can join a team and then invite other team members to collaborate with the team members who join the team. You can also invite team members to join a new team. When a team member joins a new team, they will be automatically added to your existing teams and the teams will merge together.
Microsoft Teams provides a number of different ways for you to collaborate with others and see the files and documents of others. These include groups and threads in the main document viewer. You can search your files using the search box in the document viewer and you can share your documents with others by email.
Microsoft Teams provides users with a variety of different tools to help you organize and manage your teams. You can assign members to specific teams, assign permissions to members, create custom groups, organize tasks and events, and organize files and documents into groups.
Microsoft Teams can help you build a team and create a collaboration culture that you want to create at your organization. You can use this tool to build effective teams and increase productivity and improve your relationships within the organization. Microsoft Teams offers a variety of options to help you get started and become more productive quickly and easily.
Teams are created easily. If you have several departments within your organization and need to create a team for each department you can do this easily. Teams are made easy and you can get your teams up and running quickly.
One of the best features of Microsoft Teams is the ability to invite people from around the world and let them work with the same documents and projects. You can have the documents and projects organized and shared in the same way throughout the entire organization, regardless of what country they were created in. You can create a similar project in the same language that they were created in and share it with other employees in the organization.
One of the most amazing features of Microsoft Teams is the ability to have multiple team members edit and view the documents and files in the same way. With Microsoft Teams you can have a document and have people edit the same document at the same time without any problems. The changes that you make can also be seen by other team members and can be modified by them without ever needing to send the document again.
Microsoft Teams is the perfect tool for building a powerful and effective collaboration culture. You can share documents and files in the same way that the rest of the organization can view the information.
Return to Work Doesn’t Mean Business as Usual When it Comes to Travel and Expense
By Rob Harrison, MD UK & Ireland, SAP Concur The last few months have been an exercise in adaptability for...
Why technology is key to the future of auditing
By Piers Wilson, Head of Product Management at Huntsman Security The Financial Reporting Council (FRC), which is responsible for corporate governance,...
Staff training crucial for SME recovery post-COVID
47% of UK’s top performing SMEs provide regular, formalised training for all staff Despite this, 15% of small businesses report to...
What Is Globalization
What is globalization? Globalization, or inter-connectedness, is the ever-growing process of integration and interaction among countries, individuals, businesses, and even...
What Is Microsoft Teams
Microsoft Teams is an application and web-based collaboration tool that combines chat, videos, online collaboration, document storage, and collaboration with...
What Is Capitalism
What is capitalism? Is it a great economic system or just another economic system that is not so great? Well,...
How To Start A Youtube Channel
How to Start a YouTube Channel For Your Business: Do you have a blog or website? If you do, it’s...
What is URL
A Uniform Resource Locater, colloquially known as a URL, is an identification to a certain web resource, a directory or...
What Is Seo
Search engine optimization, also known as SEO, is the process of increasing the quantity and quality of site traffic from...
How Much Rent Can I Afford.
How much rent is too much to pay? Sometimes, apartment complexes look at an annual income that’s over forty times...