INFORMATION GOVERNANCE -- CONTENTS -- PREFACE -- ACKNOWLEDGMENTS -- PART ONE-Information Governance Concepts, Definitions, and Principles -- CHAPTER 1 The Onslaught of Big Data and the Information Governance Imperative -- Defining Information Governance -- IG Is Not a Project, But an Ongoing Program -- Why IG Is Good Business -- Failures in Information Governance -- Form IG Policies, Then Apply Technology for Enforcement -- Notes -- CHAPTER 2 Information Governance, IT Governance, Data Governance: What's the Difference? -- Data Governance -- Data Governance Strategy Tips -- IT Governance -- IT Governance Frameworks -- Information Governance -- Impact of a Successful IG Program -- Summing Up the Differences -- Notes -- CHAPTER 3 Information Governance Principles -- Accountability Is Key -- Generally Accepted Recordkeeping Principles® -- The Principles -- Assessment and Improvement Roadmap -- Who Should Determine IG Policies? -- Notes -- PART TWO-Information Governance Risk Assessment and Strategic Planning -- CHAPTER 4 Information Risk Planning and Management -- Step 1: Survey and Determine Legal and Regulatory Applicability and Requirements -- Step 2: Specify IG Requirements to Achieve Compliance -- Step 3: Create a Risk Profile -- Step 4: Perform Risk Analysis and Assessment -- Step 5: Develop an Information Risk Mitigation Plan -- Step 6: Develop Metrics and Measure Results -- Step 7: Execute Your Risk Mitigation Plan -- Step 8: Audit the Information Risk Mitigation Program -- Notes -- CHAPTER 5 Strategic Planning and Best Practices for Information Governance -- Crucial Executive Sponsor Role -- Evolving Role of the Executive Sponsor -- Building Your IG Team -- Assigning IG Team Roles and Responsibilities -- Align Your IG Plan with Organizational Strategic Plans -- Survey and Evaluate External Factors -- Analyze IT Trends.

Survey Business Conditions and the Economic Environment -- Analyze Relevant Legal, Regulatory, and Political Factors -- Survey and Determine Industry Best Practices -- Formulating the IG Strategic Plan -- Synthesize Gathered Information and Fuse It into IG Strategy -- Develop Actionable Plans to Support Organizational Goals and Objectives -- Create New IG Driving Programs to Support Business Goals and Objectives -- Draft the IG Strategic Plan and Gain Input from a Broader Group of Stakeholders -- Get Buy-in and Sign-off and Execute the Plan -- Notes -- CHAPTER 6 Information Governance Policy Development -- A Brief Review of Generally Accepted Recordkeeping Principles® -- IG Reference Model -- Interpreting the IGRM Diagram -- Center -- How the IGRM Complements the Generally Accepted Recordkeeping Principles -- Best Practices Considerations -- Standards Considerations -- Benefits and Risks of Standards -- Key Standards Relevant to IG Efforts -- Risk Management -- Information Security and Governance -- Records and E-Records Management -- Major National and Regional ERM Standards -- United States E-Records Standard -- Canadian Standards and Legal Considerations for Electronic Records Management -- U.K. and European Standards -- Australian ERM and Records Management Standards -- Long-Term Digital Preservation -- Business Continuity Management -- Making Your Best Practices and Standards Selections to Inform Your IG Framework -- Roles and Responsibilities -- Program Communications and Training -- Program Controls, Monitoring, Auditing and Enforcement -- Notes -- PART THREE-Information Governance Key Impact Areas Based on the IG Reference Model -- CHAPTER 7 Business Considerations for a Successful IG Program -- Changing Information Environment -- Calculating Information Costs -- Big Data Opportunities and Challenges -- Full Cost Accounting for Information.

Calculating the Cost of Owning Unstructured Information -- Sources of Cost -- The Path to Information Value -- Challenging the Culture -- New Information Models -- Information Calorie -- Information Cap-and-Trade -- Future State: What Will the IG-Enabled Organization Look Like? -- Moving Forward -- Notes -- CHAPTER 8 Information Governance and Legal Functions -- Introduction to e-Discovery: The Revised 2006 Federal Rules of Civil Procedure Changed Everything -- Big Data Impact -- More Details on the Revised FRCP Rules -- Landmark E-Discovery Case: Zubulake v. UBS Warburg -- E-Discovery Techniques -- E-Discovery Reference Model -- The Intersection of IG and E-Discovery -- Legal Hold Process -- How to Kick-Start Legal Hold Notification -- IG and E-Discovery Readiness -- Building on Legal Hold Programs to Launch Defensible Disposition -- Destructive Retention of E-mail -- Newer Technologies That Can Assist in E-Discovery -- Predictive Coding -- Technology-Assisted Review -- Defensible Disposal: The Only Real Way To Manage Terabytes and Petabytes -- Growth of Information -- Volumes Now Impact Effectiveness -- How Did This Happen? -- What Is Defensible Disposition, and How Will It Help? -- New Technologies-New Information Custodians -- Why Users Cannot, Will Not-and Should Not-Make the Hard Choices -- Technology Is Essential to Manage Digital Records Properly -- Auto-Classification and Analytics Technologies -- Can Technology Classify Information? -- Moving Ahead by Cleaning Up the Past -- Defensibility Is the Desired End State -- Perfection Is Not -- Business Case around Defensible Disposition -- Defensible Disposition Summary -- Retention Policies and Schedules -- Meeting Legal Limitation Periods -- Legal Requirements and Compliance Research -- What Is a Records Retention Schedule? -- Benefits of a Retention Schedule -- Notes.

CHAPTER 9 Information Governance and Records and Information Management Functions -- Records Management Business Rationale -- Why Is Records Management So Challenging? -- Benefits of Electronic Records Management -- Additional Intangible Benefits -- Inventorying E-Records -- Generally Accepted Recordkeeping Principles® -- E-Records Inventory Challenges -- Records Inventory Purposes -- Records Inventorying Steps -- Goals of the Inventory Project -- Scoping the Inventory -- Management Support: Executive Sponsor -- Information/Elements for Collection -- Creating a Records Inventory Survey Form -- Who Should Conduct the Inventory? -- Determine Where Records Are Located -- Conduct the Inventory -- Analyze and Verify the Results -- Ensuring Adoption and Compliance of RM Policy -- General Principles of a Retention Scheduling -- Developing a Records Retention Schedule -- Why Are Retention Schedules Needed? -- Information Included on Retention Schedules -- Steps in Developing a Records Retention Schedule -- What Records Do You Have to Schedule? Inventory and Classification -- Rationale for Records Groupings -- Records Series Identification and classification -- Retention of E-Mail Records -- How Long Should You Keep Old E-Mails? -- Destructive Retention of E-Mail -- Long-Term Archival Records -- Meeting Legal Limitation Periods -- Legal Requirements and Compliance Research -- Event-Based Retention Scheduling for Disposition of E-Records -- Prerequisites for Event-Based Disposition -- Final Disposition and Closure Criteria -- Retention Periods: Online versus Offl ine -- Closure Dates -- Retaining Records Indefinitely -- Retaining Transitory Records -- Implementation of the Retention Schedule and Disposal of Records -- Getting Acceptance and Formal Sign-off of the Retention Schedule -- Disposition Timing: Records Disposal.

Automating Retention/Disposal Actions -- Disposal Date Changes -- Proving Record Destruction -- Ongoing Maintenance of the Retention Schedule -- Audit to Manage Compliance with the Retention Schedule -- Notes -- CHAPTER 10 Information Governance and Information Technology Functions -- Data Governance -- Steps to Governing Data Effectively -- Data Governance Framework -- Information Management -- IT Governance -- IT Governance Frameworks -- CobiT® -- COBIT 5 -- ValIT® -- ValIT Integrated with CobiT 5 -- ITIL -- ISO 38500 -- IG Best Practices for Database Security and Compliance -- Tying It All Together -- Notes -- CHAPTER 11 Information Governance and Privacy and Security Functions -- Cyberattacks Proliferate -- Insider Threat: Malicious or Not -- Countering the Insider Threat -- Malicious Insider -- Nonmalicious Insider -- Solution -- Privacy Laws -- Redaction -- Limitations of Perimeter Security -- Defense in Depth -- Controlling Access Using Identity Access Management -- Enforcing IG: Protect Files with Rules and Permissions -- Challenge of Securing Confidential E-Documents -- Protecting Confidential E-Documents: Limitations of Repository-Based Approaches -- Apply Better Technology for Better Enforcement in the Extended Enterprise -- Protecting E-Documents in the Extended Enterprise -- Basic Security for the Microsoft Windows Office Desktop -- Where Do Deleted Files Go? -- Lock Down: Stop All External Access to Confidential E-Documents -- Secure Printing -- Serious Security Issues with Large Print Files of Confidential Data -- E-Mail Encryption -- Secure Communications Using Record-Free E-Mail -- Digital Signatures -- Document Encryption -- Data Loss Prevention (DLP) Technology -- Promise of DLP -- What DLP Does Well (and Not So Well) -- Basic DLP Methods -- Data Loss Prevention: Limitations -- Missing Piece: Information Rights Management (IRM).

Key IRM Characteristics.