CA Community






This Blog
Syndication

May 2009 - Posts

The New French Anti-piracy Law

Published: May 28 2009, 06:20 AM | no comments
by Yves Le Roux



On May 13, 2009, the French Senate's vote sealed the adoption by the Parliament of the controversial French "Création et Internet" (aka the HADOPI law) creating a punishment mechanism for copyright infringement on the internet.




The law creates a high-level authority for the diffusion of works and the protection of rights on the Internet (French acronym HADOPI). This new entity, an independent public structure, will have several missions, including promoting commercial downloading, monitoring for illegal use of works, and enforcing a "graduated response" for anyone suspected of illegal downloads.







Here's how the "graduated response" works:





Suspected offenders would receive two warnings about their illegal activities and on the third suspected offense, their Internet access would be cut off for anywhere from two months to a year, while the user keeps paying for their Internet service. They will also be put on a "three-strikes" blacklist, so that they can't sign up for service from another Internet Service Provider (ISP).










Legal experts say that HADOPI could be the first of its kind in the world, noting that the French bill also represents the first time a government has threatened to sever Internet connections in the battle against online piracy.




The law will now be reviewed by the French constitutional court before taking effect.





The French government has dedicated a website (in French only) explaining the draft law. Likewise, opponents to this law also set up a website (in English) to share information. For opponents, this law is problematic because it allows corporations to sanction online users, based on "proof" that is actually not in accordance to the standards of evidence admissible in a court of law.




It seems the vote by the French Assembly is in direct opposition to the European Parliament, which recently passed a measure prohibiting EU governments from terminating a user's Internet access without a court order. The European Parliament also adopted an amendment that said, "Internet access is a fundamental right such as the freedom of expression and the freedom to access information."




As a result, European Parliament Member Guy Bono (Socialist, France) said he would ask the European Commission to take the matter to the EU Court of Justice to carry out an infringement proceeding against France for lack of respect for European Community rules, if the French constitutional judge did not react to the law.




All of this raises some interesting discussion points:





>> The law punishes the connection owner, not necessarily the copyright violator. A whole family can be punished for suspicious behavior of a single member of a household, and WiFi hot spot owners will be responsible for the behavior of their clients.




>> Service providers see difficulties with cutting off Internet access, with many services provided as a package of phone, Internet and TV.










Do you think this type of law could spread around the world? What would the impact be for consumers?






*Image used under Creative Commons License, courtesty of William Hook.


Share this post:  
Tags: , , , , , ,
Leave a comment

 

By: Yves Le Roux
Yves Le Roux boasts nearly four decades of experience in information and network security, standardization, compliance and risk. Currently, he is CA’s GRC expert in EMEA, based in France, where he works with customers to develop strategic GRC programs and solutions. Yves is an active member of several...
Read More..

Info Governance: Strategy, Design, Implementation and Operations -- Part II: Embracing Information Management Models to Frame Your IG Projects

Published: May 28 2009, 04:35 AM | no comments
by Steven Krementz


In last week's post I provided an overview of the two primary theoretical models used by information management professionals to help design and develop their information governance (IG) projects. I then focused on Life-Cycle theory as one of the models deployed by organizations. This week I'm examining the Continuum Model.

Originally conceived by a theorist in the 1950s and subsequently refined by Frank Upward who is principal researcher in the Centre for Organisational and Social Informatics (COSI - Monash University "“ Australia), the Continuum Model challenges the traditionalist approach by presenting a theoretical and behavioral state that reflects a dynamic, more holistically structured business process environment in which business units think, design, develop and operate in an integrated time-space foundation that views information as having complex architectures, uses and contexts. It promotes an extensible value chain proposition in which the competing and complementary needs of users, departments and entire organizations are reconciled and respected. If your environment contains multiple applications and repositories, including mobile media and storage archives, you'll likely find the Continuum Model to better suit your needs.

Whereas the Life-Cycle Model stresses uniform, static activities, the Continuum Model presents a wholly different paradigm and stresses the interoperability and continuity between users, business units and information management administrators. It is structured in a manner that can be used for contemporary business, government and university purposes. Within this framework, data are multi-dimensional, meaning they exist as logical models, which can be viewed, used, analyzed, stored and shared within a complex set of contexts and structures rather than fixed objects that bear no relationship to other groups let alone the organization as a whole. Borrowing from Frank Upward's original four dimensional model, CA has adapted his framework for contemporary information governance projects and operations.

[caption id="attachment_605" align="aligncenter" width="500" caption="Click for a larger view"]

[/caption]

What is particularly compelling about this model is that it allows the community of users, administrators and legal teams to manage the information asset in a coordinated and complementary manner that stresses the asset's unique value, content, structure and context. Archiving and retention practices are crafted to meet more complex organizational and intra-departmental requirements vis-à-vis the legal and regulatory landscape. It finds its natural expression in helping to forge knowledge libraries while also framing the asset, as well as the roles and responsibilities in managing it in a robust and highly structured manner. With ever increasing eDiscovery challenges and ongoing content, data quality, email archive and records management issues, it is highly advisable to design information management strategies around this model.

As you begin or re-visit your information management projects start by framing the initiative from a model perspective. Whichever model you decide best fits your needs, will depend on the project's objectives and goals and how that strategic roadmap can be leveraged to meet your company's cultural, technological and organizational requirements.

In next week's installment, I will write about aligning your Information Management/IT vision and strategy.
Share this post:  
Tags: , , , , , , , ,
Leave a comment

 

By: Steven Krementz
Steve has more than 18 years of experience in the Information Governance industry, Steve has held numerous positions in designing and implementing state-of-the-art information governance strategies, policies, processes and programs. Steve comes to CA from Ease Technologies where he was Director, Records...
Read More..

CA Experts Presenting Five Sessions at Compliance Week Conference

Published: May 27 2009, 05:15 AM | no comments
by CA GRC Blog Admin






At next week's Compliance Week Conference 2009, June 3-5 at the Mayflower Hotel in Washington, D.C., Patricia Prince-Taggart, SVP, managing attorney and former deputy chief compliance officer, and Rob Zanella, VP of IT compliance and security at CA, will be participating in five separate sessions as part of the conference agenda. Check out our announcement to learn more.





Rob and Patricia will share insights and lessons learned based on their personal experiences overseeing compliance and risk management efforts for CA. They will address topics ranging from the effectiveness of ethics and compliance programs, to GRC best practices and techniques for leveraging IT for effective risk management. See below for the complete list of CA sessions, or to learn more about the conference and register click here.





If you plan to attend the conference, be sure to visit our booth, #6, where you can get a first-hand look at CA Governance, Risk and Compliance (GRC) Manager, recently launched with enhanced enterprise risk management capabilities. Visitors will also learn about new strategies to streamline GRC efforts, including how companies are using CA GRC Manager to enable Lean IT.




Here's a run-down of the team's sessions, all taking place on Thursday, June 4:





Addressing Effectiveness of Ethics, Compliance Programs, 10:00 am ET




CA's Patricia Prince-Taggart will join Jack Holleran, who leads Ernst & Young's Corporate Compliance practice in this session to explore ways to measure program effectiveness, with an analysis of both qualitative and quantitative measures. In addition, this session will focus on the role of auditing, monitoring and reporting, practical considerations, as well as lessons learned.




------





Assessing your GRC Capability to make it Lean, Mean and Clean, 10:00 am ET




CA's Rob Zanella will participate in a panel session led by OCEG for a discussion on how companies can use program evaluation to "lean" their GRC capability for maximum efficiency and responsiveness.




------





Your Tactics: Measuring Program Effectiveness, 11:30 am ET




In this small-group Conversation session, Ernst & Young's Holleran and CA's Prince-Taggart will talk with participants about their particular tactics, enabling attendees to compare, contrast, and share current practices regarding program effectiveness.





-----





The Role of IT in Effective Risk Management, 2:15 pm ET




This session featuring CA's Zanella and Jacob Wilkins, information security officer for Appriss will focus on how IT can help enterprise risk management (ERM) executives monitor business process execution, and manage risk through comprehensive reporting and assessment. Successful ERM strategies require proper use of personnel, processes, and information technology; ERM leaders who leverage IT to their advantage are more likely to meet their ERM and business objectives.










------





IT and ERM and Your Company, 3:45 pm ET




Following the 2:00 pm ET session, Zanella and Wilkins of Appriss will host a small-group Conversation on the challenges of implementing enterprise-wide risk management systems effectively and efficiently. Focusing on the issues of executives in the room, the session will explore the challenges that companies are encountering while attempting to meet their ERM and business objectives.







We're looking forward to another great event. See you in D.C.!


Share this post:  
Tags: , , , , , , , , , ,
Leave a comment

 

By: CA GRC Blog Admin
The CA GRC Blog Admin helps keep content fresh on the site when the bloggers are on the road and disconnected from their laptops. The Blog Admin also makes sure subscribers receive their email updates, information about comments and that blog features and widgets are working properly day and night.
Read More..

What I Learned About Risk Management from Risk Managers

Published: May 26 2009, 07:00 AM | no comments
by Sumner Blount



I attended a risk management seminar last week in Boston sponsored by RIMS (www.rims.org). They have been instrumental in promoting best practices of enterprise risk management (ERM). There was a lot of good information in the class, but the most interesting part of it was the opinions expressed by the participants during random discussions.

(By the way, I was the only "vendor" in the class, but the other participants were very willing to tolerate me in their midst. :-) )




For the most part, the participants were new risk officers, along with a few who already had risk management as part of their job responsibilities. So, topics such as "creating the risk management business case" were high on their priority list because they want to enlist support among executive management for their goals.




There were a few interesting discussions that we had. Most of the opinions expressed weren't too surprising, but it was still interesting to hear the commonality of opinion among the participants.




Here's a quick recap of what I thought were interesting discussion points.




First, there was a lot of concern related to "selling ERM" within their organization. They were experiencing a lot of skepticism about the value of an ERM program, and wanted to learn how to demonstrate its business value to key stakeholders throughout all the silos in the organization. Encountering skepticism about a particular area is pretty common in large companies, but when it's your program that the skepticism is directed towards, it brings a whole new level of importance to combating that view.




Second, there were, for all practical purposes, no formal ERM programs in any of their companies. All risk management seemed to be done in silos, with no central oversight, and generally no good visibility to total enterprise risk. Someone also mentioned a statistic that only around 20-25% of companies had formal ERM programs at the corporate level. There was discussion that this view was because of the perceived high cost of true ERM. One person said: "if you do ERM correctly, it's ten times the cost of SOX."




Next, one of their biggest drivers is the rating agencies. Companies live and die by their ratings (more so than I had thought), and so their risk activities were driven in large part by their desire to increase their credit rating.










We had a discussion relating to the use of technology in order to help with risk management. We went around the table and asked them how they managed their risk information. Here are the responses: "a risk management info system, spreadsheets, spreadsheets, spreadsheets, spreadsheets, spreadsheets, spreadsheets, spreadsheets,"¦." You get the idea. Spreadsheets was the clear winner. And, although everybody used them, nobody was happy about it. This only served to reinforce what I have seen in my travels and discussions with customers "" namely, spreadsheets are the most common way to track risk and compliance information. But, despite their ubiquity, there is often a general sense of dissatisfaction and acknowledgement that they aren't really a good solution to the management of unified risk and compliance info.




As is often the case with classes like this, the biggest benefit came from interacting with other people who were attempting to solve these problems, rather than strictly the material from the course.


Share this post:  
Tags: , , , , , , , , ,
Leave a comment

 

By: Sumner Blount
Sumner Blount has spent his 25-year career focused on the development and marketing of software products for a range of top-tier enterprise IT firms. Currently, he’s a Director in the Security business unit at CA. Previously he managed the large computer operating system development group at Digital...
Read More..

MER 2009 Recap

Published: May 22 2009, 04:46 AM | no comments
by Aimee Williams



The Information Governance team is just returning from participating at the Managing Electronic Records (MER) conference which was held at the Westin in Chicago, IL. Despite the fact that attendance was down slightly, there were some great speakers and informative forward-looking sessions. The presentations were a good mix of legal and non-legal issues, with a lean toward eDiscovery. It was especially interesting to hear Judge Facciola's keynote "“ especially when he talked about 50,000 laptops being left in the Atlanta airport and the mixed uses of computers causing complexity. I also want to point to Julie Gable and Judge Hedges talk on metadata "“ to hear attendees talk, it was one of the highlights of the conference.





On Monday night, CA held a roundtable event that was an extension to the topics being discussed at MER. It was overly populated and a huge success. Insightful and heated discussions took place on eDiscovery, records management and governing information.





The yacht club evening social was awesome as usual with great weather, amazing views and abundant networking.





Finally, CA had a chance to interview many of the industry pundits that were onsite at MER "“ look for video to come in future blog posts!


Share this post:  
Tags: , , , ,
Leave a comment

 

By: Aimee Williams
Aimee Williams is product marketing strategist for CA Records Manager, part of the Information Governance suite at CA, Inc. Aimee has specialized in Records and Information Management technologies for more than 10 years and has developed significant marketing and account management experience serving...
Read More..

More Posts Next page »