• Nonlinear finite element analysis of shells: Part I
  • Media | PIQUR Therapeutics AG
  • Racial Segregation in the American South: Jim Crow …

When it comes to segregation of duties, small business best practices can protect company assets. Get tips for segregating duties for SMBs.

Information security - Wikipedia

Caste system in India - Wikipedia

We released a Best Practices Executive Summary in July 2015 that is available to the public

To integrate the preceding discussions, following are four key threat/vulnerability pairings that drive risks associated with retention/preservation and disposition of social media content. The pairings are interrelated and overlapping, and relate to the various use cases for social media and social media content.
Arguably, this is the most encompassing and problematic aspect of social media content management. Uncertain storage service levels and volatile content (file) formats pose threats to the integrity and availability of the organization’s social media content. Consequently, agencies with long-term retention and preservation of social media content – for operational, analytical, historical and/or legal/compliance reasons, are likely to be vulnerable to storage service gaps, content loss and technical obsolesce.
Social media providers may not provide sufficient access to meta-data associated with content stored on their platforms. Meta-data allows the user to ascertain key bits of information about content, including authorship, dates of creation/modification, file structure/format details, etc. (New South Wales Government, 2012).

Some native social media platforms may lack robust access/reporting tools that enable searching and content analysis over the course of time (New South Wales Government, 2012). Combined with the volatility of social media storage services/formats and the potential issues with access to meta-data, this lack of capacity may prove to be a threat to the availability of content.
This is a much narrower concern pertaining to the organization’s ability to delineate, in precise and definitive terms, the nature and scope of social media content under its direct custody, possession and control. In basic terms, this ability helps to shape the limits of the organization’s responsibility with regard to discovery and content production in legal matters (The Sedona Conference 2012). Threats in this area, which can implicate confidentiality and integrity concerns, stem from social media platforms that do not provide stable long term storage with easily accessible meta-data and flexible searching tools that enable agencies to establish content ownership boundaries. The threat is most relevant to agencies that operate in tightly regulated and/or litigious environments.


Armed with functionally-anchored value classifications and risk assessments of social media content, agencies can begin to construct the security-related controls required to address appropriate long term retention and preservation controls, and work to link the controls with broader information security program frameworks. In line with this thought, the following discussion outlines several tentative measures, which can be integrated with core information security framework elements such as governance, logical controls, back-up processes and disaster recovery/continuity of operations programs.
As discussed, retention/disposition policies are key elements in the organization’s governance framework for information management, compliance and security. These polices are formal, documented directives that are based on retention/disposition schedules and aligned processes approved by the State Records Committee.

Why Arabs Lose Wars :: Middle East Quarterly


Social media are online systems that provide for interactive and collaborative communications and access to a wide range of digital data types (content), ranging from textual messages and hyperlinks, to graphics/pictures and audio/video files (Laudon & Laudon, 2014). Richman (2010) notes that with regard to organizational uses, social media can be employed for general communications, support/sponsorship of causes, contests; research, outreach, customer service, and community building.

More broadly, social media platforms enable users to create and share information on topics of mutual interest for entertainment, collaboration, professional/personal networking, status reporting, publications, personal/business transactions, and other interactions (Cavazza, 2012; Office of the Auditor General, 2013). Saxena (2013) outlines several of the basic features of social media that set the stage for both individual and organizational use: provisioning of web spaces for uploading content; allocation of web addresses to the end user; capacity to build profiles (demographic data used to identify the end users and to connect with others); interactive communications links for information sharing; facilities for real time content uploading to the social media platform; and generation of meta-data for posts to the platform such as data/time stamps and content format information.

Examples of social media platforms include: microblogs like Twitter and Tumblr that allow for posting and sharing of quick updates and multi-media files; video sharing platforms like YouTube; wikis such as Wikipedia for collaboratively developed documents and knowledge repositories; and interactive communication platforms such as Facebook, Google+, LinkedIn, Pinterest, and Quora (Cavazza, 2012).

There is growing evidence that social media are becoming important information assets, which both public and private sector agencies use for line-of-business activities, business intelligence, research and legal purposes (Bullas, 2013; National Archives and Records Administration, 2013). For this reason, and by logical extension, social media and the content generated by these platforms are fit to be included in information security programs and records management regimes. These programs/regimes apply security controls and protections, as well as retention/disposition controls to information assets based on their relative value to the organization (Layton. 2007).

To a large degree, because social media/social media content are digitally produced and stored within networked computing environments, many of the key principles and techniques associated with organizational information security regimes can be applied to the social space (Layton, 2007; Peltier, 2014). In this connection then, agencies have at their disposal many of the most important conceptual underpinnings for securing social media content. Notwithstanding this, there are still looming issues on this front for which guidance is lacking – particularly in the area of retention and preservation of social media content that has long term value. Generally, social media platforms and services are: Cloud-based; provided by third-parties (enterprise products like Microsoft’s Yammer are exceptions); employ multiple data formats (rich media); and are impacted by regular technical and contractual changes that can affect the scope of services and underlying data management approaches/architectures (New South Wales Government, 2012; The Sedona Conference 2012; National Archives and Records Administration, 2013).

 

De Atkine Middle East Quarterly December 1999


For permanent records that are no longer needed by the agency or office custodians for administrative, legal or fiscal purposes, move the content to a designated folder(s) in accordance with the file plan for the records involved and that resides on a network storage device or content management system.


4.3.2.4 Implement and administer an annual e-mail system sustainability assessment

The agency’s chief information technology manager, lead records management authority or chief administrative officer should conduct a sustainability assessment each year to review the ongoing viability of the agency’s e-mail system, including its vault/journal platform and content management facility. When applicable, review of upgrade options. Consideration of content migration strategies is also part of the assessment. The baseline requirements for the assessment can be found in the New Jersey Records Manual, .

Under Framework 2, success in handling e-mail records with long-term and permanent retention periods includes procedures and preferably, an automated system, which collectively enable the agency to use Electronic File plan classifications to flag in-bound and out-bound communications for segregation and long-term/permanent retention/management on the vault/journal platform, a network drive or more advanced content management system.

In all cases, the long-term/permanent storage platform should allow the agency to search and retrieve all stored content by multiple tags or indexes – e.g., sender/receiver, subject, date sent/received, message body (searchable text in message body), etc. The platform should also have sufficient features to prevent unauthorized access, use or modification of stored content. The platform must allow access to authorized end-users and support searching/retrieval for OPRA and litigation hold purposes.

If the agency opts for less than real time vaulting/journaling, it should develop and distribute a directive that prohibits the deletion of any e-mail content prior to the last completed vaulting/journaling job run, and establish a communications plan that ensures all employees are aware of the last completed archive job run date.

To mitigate storage costs, agencies may opt to implement tiered storage arrangements for their e-mail vault/journal platform – moving content from online storage, to secondary disk storage and then to tape or other off-line media.