Digest: September 2014 – What to Do When a Data Breach Occurs | And A Data Breach WIll Occur


2014 ACE Events
IAITAM 2014 Fall ACE update:
IAITAM has moved the profession of IT Asset Management forward for over twelve years with excellent education and networking events.  To continue to help in your IT Asset Management efforts, IAITAM is offering a September Special:

Save 20% on Membership as well as one other item of your choice!

Remember:  This offer is not available online, call IAITAM HQ to take advantage: +1.330.628.3012.  Offer not valid on previous purchases, certification exams, onsite expenses or special pricing; offer cannot be combined with any other offer; all invoices associated with this offer must be paid in full by September 30, 2014.

Did you know that the Fall ACE schedule was posted and this year’s content in this writer’s opinion is the best yet starting with three very stimulating workshops:

• Mobility Plans that Work – Avoiding Mobile “Gotchas” in your Implementation Plan – November 4th
• 2 Expert-lead licensing discussions

o Microsoft,  Adobe and general licensing – November 4th
o IBM, Oracle and general licensing – November 5th
o New for 2014 – each workshop and several presentations will be presented twice so that you will be able to attend without missing out on other educational opportunities

Be sure to register now on the IAITAM website for the IAITAM 2014 Fall ACE at Kalahari Resorts in Sandusky Ohio, USA and Tame your ITAM Jungle!

And if like some, you’re puzzled by the return to Ohio, be sure to watch the “Why Ohio” video for a host of ACE amenities and area-wide attractions on the IAITAM Homepage.  See why, like other outstanding personalities and experts in their field, it’s the place to be this Fall!

For questions or additional information on this or any IAITAM ACE event, reach out to your IAITAM Member Service representative today at info@iaitam.org or call +1.330.628.3012.

Or, if you can’t attend this fall and are working on the 2015 budget, register now for the Spring 2015 ACE in San Diego, April 28- 30, 2015!
Member IMUG’s
The IAITAM ACE IMUG session will be held for all those in attendance in Sandusky at the Fall ACE and not broadcast live.  Look at what’s forthcoming in the Scoop.IT newsletters.

• September 16th – Sherry Irwin of Technology Asset Management – presents – Lifecycle Contract Management – A Key Component of IT Asset Management
• September 23rd – John Emmit of Flexera Software – presents – Software virtualization
• October events will be posted soon.  The Scoop.iT site will have additional details.
• Be sure to join IAITAM’s Jenny Schuchert, Larry Shoup and Lynne Weiss (with a very special guest) as they host the annual IMUG at the ACE session.  The IMUG this year will be presented twice so that you won’t miss out.  Remember though, you must be present for this event.  We have a fun and informative session planned for the IMUG!

Go out to the IAITAM website to listen in to previous month’s recordings at this webpage (you must first log into the site with your Member ID): Strategic Information for IT Asset Managers

IAITAM Members can register for one or all and participate in none or all monthly.  For questions or to suggest a speaker or topic for the IMUGs, please email imug@iaitam.org.
IMUG Monthly Article:

What to Do When a Data Breach Occurs
And A Data Breach Will Occur
It’s time for organizations to realize that IT can barricade and protect data with firewalls, plug-ins and honeypots until everyone in IT is blue in the face – but if a skilled hacker wants in; they will get in.  However, that should not discourage IT from taking action and, for IT Asset Management (ITAM), there are proactive and reactive steps that an IT Asset Manager can take to help prevent many data breach attempts and mitigate the damage of those that are successful.
The proactive steps are the most well-known and consist of organizations putting security protocols in place to prevent unauthorized access.  Ignoring security protocols is like leaving the keys of the car on the driver’s seat of an unlocked car.  The specialists primarily responsible for this effort are the IT security department of your organization, but they cannot work alone.  IT security requires multidisciplinary support including ITAM.  IT Asset Managers should work closely with IT security on data protection, guiding them on what data protection points are priorities and also consulting them about data protection policies when applied to ITAM processes.  IT Asset Managers have a unique, broad view of the organization’s environment without common limitations such as financial status (capitalized or not), location (in a data center or not) or point in the asset’s lifecycle.  The scope of ITAM offers unique knowledge, from awareness of critical data locations to assistance with maximizing budget efficiency.
The data security reactive steps focus on damage control, risk mitigation and data integrity.  The reactive approach should not be viewed as a byproduct of an unprepared program but as a necessary transition of thought processes if/when a breach should occur.  These essential plans minimize organizational response time and limit the time an organization is vulnerable.
The first task is to form an incident response team that includes members from executive management, IT, HR, public relations, legal and operations.  The IT Asset Manager may be a member of the team or serve as a resource to the team.  The potential for ITAM to contribute is best understood by discussing what is required for this team and how well it fits with ITAM responsibilities:

• The roles and responsibilities for this team have to be clear to be effective, especially since the organization is relying not only on their specific area knowledge but also on their understanding the “big picture” for the organization.
• Communication procedures need to be established including training and practice.  During a breach, this task includes communicating to employees outside of the response team that a breach has occurred and what the plan of action is.  Preparing and training in this manner will ensure that the incident response team is ready to act if a data breach occurs.
• The incident response team needs to test to ensure that the procedures shut down open data breaches, identify lost data, notify the correct people, track where the data has gone, assess the risk the lost data represents to the organization and handle any public relation issues that might arise.  Because of the importance to the organization, simulating a data breach is recommended followed by executing an internal audit of the team’s response to the breach and identifying strengths and weaknesses.  (Victory is won by those who have prepared to be victors.)

Data breaches have become inevitable.  However, an organization’s response to the breach is the differentiator that protects organizational data.  It is not simply a case of finding the holes and shutting them down.  Reducing the risk from data loss, data theft, malware, Trojans, etc. requires an internal, coordinated response that includes policies, processes and documentation.    Protecting the organization’s data takes the contributions of many, including the IT Asset Manager.

“What to do When a Data Breach Occurs” CIO Insight, August 20, 2014, http://www.cioinsight.com/security/what-to-do-when-a-data-breach-occurs.html/

This Month’s Featured Sponsors:

Arrow Electronics, Inc.: Arrow Value Recovery provides global IT asset disposition (ITAD), remarketing and reverse supply chain services that protect its clients’ brands and uncover opportunities for greater efficiency and value capture at the end of the IT product lifecycle. Arrow Value Recovery is a division of Arrow Electronics, a Fortune 150 company and a global provider of products, services and solutions to industrial and commercial users of electronic components and enterprise computing solutions.  http://arrowvaluerecovery.com

Universal Recycling Technologies, LLC: Universal Recycling Technologies, LLC (URT) is a national electronics and universal waste recycling company headquartered in Janesville, Wisconsin. URT provides end-of-life recycling (de-manufacturing), universal waste recycling, asset recovery services, and commodities and logistics management services to major market segments including original equipment manufacturers (OEM), retailers, municipalities, Fortune 500 organizations, small businesses and consumers. Since 2007, the company has been privately owned by Hendricks Holding Company, Inc.  www.universalrecyclers.com

Golden Ratio, Inc.: Golden Ratio is a Consulting firm that specializes in the People, Processes, and Technology needed to manage IT Infrastructure and related practices. They seek to build strong, long term trusted advisor relationships and assist their clients with Process Consulting, Project Implementation, and Organizational Change Management in the Areas of Software Asset Management (SAM), IT Asset Management (ITAM), IT Service Management (ITSM), and IT Financial Management (ITFM). Golden Ratio is a partner of both Microsoft and HP. As a Microsoft SAM Silver Competency Partner they can assist with all aspects of your Microsoft licensing needs, from Compliance to Optimization. With HP, they have an exceptionally deep expertise in the former Peregrine products now part of the HP BTO Toolset: Asset Manager, Connect-It, and DDMI.  http://goldenratioinc.com/


The International Association of IT Asset Managers (IAITAM) is the largest organization providing education, certification and thought leadership to the management of IT as a business. IT Asset Management is the management of hardware, software, mobile and other technology to maximize the value to the organization.