Regulations and new legal statues have created a convergence of information security and legal issues. Effective governance strategy execution must include business drivers of legal and security factors to be successful. "Plausible Deniability" is now extinct.
Plausible deniability is the term given to the creation of loose and informal chains of command in government. In the case that assassinations, false flag or black ops or any other illegal or otherwise disrespectable and unpopular activities become public, high-ranking officials may deny any connection to or awareness of such act, or the agents used to carry out such act.
In politics and espionage, deniability refers to the ability of a "powerful player" or actor to avoid "blowback" by secretly arranging for an action to be taken on their behalf by a third party - ostensibly unconnected with the major player.
More generally, "plausible deniability" can also apply to any act which leaves little or no evidence of wrongdoing or abuse. Examples of this are the use of electricity or pain-compliance holds as a means of torture or punishment, leaving little or no tangible signs that the abuse ever took place.
Digital Forensic Services are specifically designed to perform efficient and effective enterprise computer investigations to address these concerns with best practices technology. This enables corporations to manage and retain control of these investigations while substantially reducing cost. In the context of E-Discovery, courts require that best practices are employed and that counsel take affirmative steps to monitor compliance and ensure all relevant data is located and preserved.
And as we approach the eve of Halloween there are all kinds of "Tricks and Treats" going on at the corporate digital battle front. Executives from most organizations are trying to keep their eye on those employees and places that are deemed significant risks to the organization and at the same time, cover their tracks. The HP scandal is still fresh on their minds.
The Privileged Executive
Her trick
The privileged executive feels responsible for every aspect of the organization, and compelled to control it. She wants to know everything about every department and project; demands root access to systems and applications, and sufficient rights to act on others’ behalf -- including sending email using other employees’ accounts. Naturally, she objects to logging of her own activities while demanding stringent audit of everyone else.
Your treat
Forward articles on prosecution of executives for insider trading, misusing data, and SOX violations, particularly ones that detail how malfeasance got pinned on the corner office because of too much access. Follow up a few days after each prying event by hinting to IT that it ought to look into apparent audit discrepancies, and suggesting to internal auditors they ought to look into IT control logs. Send monthly updates about how you’re working hard to make sure the execs aren’t exposed to excess risk; make plausible deniability your mantra.
New York state courts' are coming of age with respect to electronic discovery while U.S. federal courts already know the nuances associated with e-discovery. Notwithstanding the lack of a CPLR(Civil Practice Law Rules) or court rule specifically electronic disclosure, the recent court decisions reflect the courts' appreciation of:
(i) the search, production, de-duplication and privilege review costs that may be incurred by a party in addressing e-discovery requests and the importance in fairly determining who should bear such expense, including counsel's time in reviewing electronic documents for privilege,
(ii) the legal and business burden on the party producing electronic documents, taking into account, among other things, the purpose for which backup tapes were made and issues relating to their restoration,
(iii) a party's claimed relevance of and need for the requested electronically stored materials,
(iv) the process utilized by the producing party to identify, search for and gather electronic materials,
(v) the likelihood of whether yet-to-be searched for electronic materials actually exist and, if so, would they be duplicative of documents already produced,
(vi) a party's "true" justification for seeking and/or objecting to producing electronic documents, and
(vii) both sides to a dispute having the opportunity to retain appropriate expert forensic computer experts prior to a court ruling on e-discovery issues.
Digital Forensics in E-Discovery is evolving at the pace of lightning and many large organizations are already well entrenched. However, one thing is for certain. Corporate Plausible Deniability is almost certainly on the way to extinction.
operational risk
No comments:
Post a Comment