Information Governance and Security
Protecting and Managing Your Company's Proprietary Information
John G. Iannarelli
Michael OShaughnessy
Table of Contents
Copyright
Acquiring Editor: Brian Romer
Editorial Project Manager: Keira Bunn
Project Manager: Priya Kumaraguruparan
Designer: Alan Studholme
Butterworth Heinemann is an imprint of Elsevier
The Boulevard, Langford Lane, Kidlington, Oxford OX5 1GB, UK
225 Wyman Street, Waltham, MA 02451, USA
Copyright 2015 Elsevier Inc. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary.
Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.
Library of Congress Cataloging-in-Publication Data
Iannarelli, John.
Information governance and security : protecting and managing your companys proprietary information / John Iannarelli, Michael OShaughnessy.
pages cm
Includes index.
1. Knowledge management. I. OShaughnessy, Michael. II. Title.
HD30.2.I2336 2014
658.4038--dc23
2014027431
British Library Cataloging-in-Publication Data
A catalogue record for this book is available from the British Library
ISBN: 978-0-12-800247-6
For information on all Butterworth-Heinemann publications visit our website at http://store.elsevier.com/
Dedication
To the men and women of the FBI, the finest law enforcement agency in the world.
John G. Iannarelli
To my wife, Karen, for all of your love and support.
Michael OShaughnessy
About the Authors
John G. Iannarelli has been an agent with the Federal Bureau of Investigation for twenty years, specializing in cyber investigations. He has been assigned to Detroit, San Diego, Washington, and Phoenix, where he currently serves as the assistant special agent in charge, the FBIs number two position in Arizona.
In 2012, Mr. Iannarelli received an honorary doctorate of computer science for his contributions to the field of cyber investigations. He has presented at national and international gatherings, including presentations to Fortune 500 companies, law enforcement agencies, and the Vatican. He is the author of several books, including his recently released Why Teens Fail and What to Fix , a guide to protecting children from Internet dangers.
Previously Mr. Iannarelli served as a San Diego police officer. He is an attorney admitted to the bars of California, Maryland, and the District of Columbia.
Since 2009, Michael OShaughnessy has served as the president of Guardian Pro, a collaboration of highly qualified and uniquely experienced individuals dedicated to the mission of protecting the private sector. As the founder of Guardian Pro, Mr. OShaughnessy brings a heavy technical and security background and the vision to grow a company focused on educating the public and corporations, and changing the landscape of technical security awareness and knowledge.
Prior to Guardian Pro, he worked at a computer forensics company from 2004 to 2009. There he oversaw the growth of the company from 10 to 108 employees and saw revenues increase from 2 million to more than 24 million dollars. The company expanded services outside of forensics to include consulting, litigation support, and electronic discovery.
He began his career with United Airlines and spent eighteen years in operational, strategic, and security management. He served as international manager at Chicago and Miami, operations chief in Chicago, and security manager at Washington, DC, and Glasgow, Scotland, as well as general manager in Utah and Arizona.
Survey and Disclaimer
Unless otherwise noted, all comments offered by business representatives in this book are based on responses to an October 2013 information governance survey conducted by the authors. Fifty individuals representing small, medium, and large businesses throughout the United States responded to the survey.
Although John G. Iannarelli is a special agent with the Federal Bureau of Investigation (FBI), this work is based solely on the authors own views and research, and does not in any way represent the official position of the FBI. Any references to the FBI are the result of the authors research and have been adapted from public sources.
Foreword
Toward the end of my thirty-year career in law enforcement, I served as the assistant director of the Federal Bureau of Investigations (FBI) Cyber Division, overseeing criminal cyber investigations worldwide. After retiring from the FBI, I have subsequently served as the director of security for two major corporations with responsibility for thousands of employees, hundreds of facilities, and numerous sophisticated technologies. In my professional experiencehaving been witness to more losses of proprietary and personal information than I could possibly countone of the common themes in each of these incidents was the failure to have an adequate information governance plan to guard against and mitigate such incidents.
For most companies and individuals, protecting against the loss of proprietary and personal information is nothing more than ensuring that a firewall is in place. Sadly though, this does little to protect against todays threats to information security. Individuals and companies alike need to be proactive against the growing threats and need to take their information governance planning seriously. It appears that everyone is aware of the potential for a computer intrusion, but little efforts are directed toward any of the threats from within, whether they are nefarious or unintentional.
