Risk
7/1/2008
11:32 AM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

Mishandling Information Overload A Security and Legal Risk

Small and midsize businesses generate digital information a furious rate -- same as bigger business (and individuals, for that matter.) What to save and what to toss -- and the consequences of either -- looms large among security, business, compliance and fiduciary concerns. A new slideshow offers some interesting and provocative takes on taking out (and keeping in) the digital trash.

Small and midsize businesses generate digital information a furious rate -- same as bigger business (and individuals, for that matter.) What to save and what to toss -- and the consequences of either -- looms large among security, business, compliance and fiduciary concerns. A new slideshow offers some interesting and provocative takes on taking out (and keeping in) the digital trash.The presentation -- "What's In Your Digital Landfill?" -- is brief, informal and, as its close shows (and you've no doubt already guessed), aimed at getting you take a look at an information management network.

Aimed, in fact, is a pretty appropriate word: the presentation comes from content management organization AIIM (Association for Image and Information Management) whose pedigree in the topic goes back to the 1940s, when it was created as the National Microfilm Association.

In the course of about four dozen slides, the Digital Landfill presentation hits both electronic information management and the security/legal issues surrounding it pretty hard. Among the statistics offered:

About 30 percent of all digital information is business-generated.

64 percent of businesses feel confident/competent in how they handle paper records -- only 34 percent feel they same about their digital records.

Only 13 percent of businesses have company-wide e-mail policies.

And so on.

As noted earlier, not a lot of deep substance here, but enough thought-provokers (and reminders of the legal vulnerabilities poor info-management can expose your business to) to make it worth the couple of minutes it takes to watch the presentation.

The sell-section at the end is brief and refreshingly soft: AIIM is hyping a new network, Information Zen devoted to information and content-management questions and discussions.

Here's a bMighty take on information management from earlier this year.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-4403
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.ph...

CVE-2012-2930
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers...

CVE-2012-2932
Published: 2015-04-24
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the (1) selitems[] parameter in a copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/...

CVE-2012-5451
Published: 2015-04-24
Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service (tvMobiliService service crash) via a long string in a (1) GET or (2) HEAD request to TCP port 30888.

CVE-2015-0297
Published: 2015-04-24
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methos via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.