risk

ASSESSING YOUR ORGANIZATION’S CYBER SECURITY: THINK YOU’RE UP TO IT?

By |March 11th, 2015|Categories: Risk Assessment|Tags: , , , , , , , , , |Comments Off on ASSESSING YOUR ORGANIZATION’S CYBER SECURITY: THINK YOU’RE UP TO IT?

The Enron debacle will forevermore be a parable about delusional self-auditing. In much the same way, Cyber Security should never be assessed using internal staff and mechanisms, the ramifications of missing something are simply too great.

According to Cenzic ‘s Application Vulnerability Trends Report: 2014, “While the majority of corporations have the important security building blocks, such as firewalls and intrusion protection systems needed for their security infrastructure, not enough organizations have comprehensive tools and practices in place for securing applications.” Faced with a worldwide shortage of Cyber Security professionals (Cyber Security has only recently become a discipline one may major in!), and companies unable to afford the overhead necessary for the requisite training, this situation is not surprising. Bad news for you. Good news for hackers.

Still think you can go it alone? Do you really understand the sheer magnitude of possible vulnerabilities? Here’s a sobering thought: Everything on the network is hackable. Everything—from your corporate computers to a 3rd party vendor to your employees’ Smartphones. Add to this the risky behaviors employees can engage in—sharing passwords, inappropriate web browsing, copying sensitive data onto mobile devices—and you’ve got exposure. Lots of it.

An objective Cyber Security assessment can assist with evaluation and establishment of controls to:

Implement an information risk management program
Ensure network security is adequate, including boundary and internal
Guide user education and awareness
Verify malware protection and prevention
Deal with secure configuration and patch management for devices (network, servers, PCs)
Manage user access and privileges
Handle incident management
Assist with home and mobile working

If you feel you aren’t ready to tackle all the items above, you should at least undertake a basic evaluation to consider only the most foundational building blocks for cyber security.

In a survey of its 3,400 global members,
[ Read More ]

Read More

Hackers Aren’t Waiting. Why Are You?

By |February 11th, 2015|Categories: security|Tags: , , , |Comments Off on Hackers Aren’t Waiting. Why Are You?

Hackers Aren’t Waiting. Why Are You?

Why is Cyber/Computer Security so far down on your to-do list? If your reasons are any of the following, you might want to reconsider your priorities.

Let’s address each of these points in turn.

They can’t find you.  On a recent episode of 60 Minutes, Dave DeWalt, CEO of cyber security company FireEye, asserted that 97% of all companies are being breached. Ninety-Seven percent. So, unless you truly live off the grid, you have likely had a breach already. The real question is how bad is the damage?

They can’t find your valuables.  These criminals are very sophisticated and have the knowledge, tools and patience to find your sensitive data and exploit it.  Hacking has evolved from the lone geek making mischief to an actual profession and, as Lance Cottrell, Chief Scientist at Ntrepid and expert on security and privacy writes, “In most breaches, it turns out the hacker has been inside the network for months.”

Your valuables aren’t worth it.  Wrong again. They aren’t always interested in your data; often they are interested in your financial partner, investor, supplier and customer. Anything sensitive they can sell or make profit from.

You have other priorities.  You will always have other priorities. But believe me, if the hackers come—and they will—you will have to deal with the fallout and that will become your new priority.  With several methodologies at hackers’ disposal such as viruses, malware, botnets and ransomware, cleaning up the damage will be more involved than you think.

You don’t know where to start. Improving your security begins with having a prioritized list of actions based on risks to your company.  A risk assessment will accomplish that and, at the same time, help you raise
[ Read More ]

Read More

Change And The Big Bang Theory

By |November 6th, 2014|Categories: Change|Tags: , , , , |Comments Off on Change And The Big Bang Theory

It’s a hectic world out there with technological advances, competitive challenges, and government regulations (just to name a few variables) coming at organizations at breakneck speed. In response, leaders and managers are becoming more worried about failing than they are about learning and improving their organizations’ capabilities. As such, we are finding that even the most forward-thinking organizations are increasingly choosing to hunker down and solidify their positions, as if they can stave off trouble by maintaining the status quo.

The truth is change is coming to a theater near you and soon, but how it comes is entirely up to you. That is the measure of control you do possess. Change can come incrementally or manifest itself as the Big Bang!, and the latter will be much more disruptive than the former, we promise you.

Very often in our line of work we’ll hear someone in IT / IS or Corporate services say, Thank goodness that project is finally finished, as if one particularly pesky piece of business is behind them and it’s smooth sailing ahead. Well, no. If you don’t want to go through the Big Bang! experience (otherwise known as when the wheels fall off), this is not the mindset you should cultivate. Each and every day we at TAG spend considerable energy helping organizations become comfortable with the concept of incremental or continuous improvement. Why? Because if you’re constantly improving, you rarely suddenly arrive at the Big Bang! crossroad.

You can either be the Changer or the Changed, but it is better to be the actor than the acted upon. Change will not be denied. If you choose internal stasis through passivity or inertia, external agents will force you to change because the
[ Read More ]

Read More

Cutting Your Project Portfolio Down to Size

By |July 10th, 2014|Categories: Planning|Tags: , , , , , , |Comments Off on Cutting Your Project Portfolio Down to Size

That big project portfolio of yours is your biggest headache. It’s true. If you are like most companies, your portfolio has grown to an unwieldy size, which means you have way too many projects competing for the same resources. Here’s what to do.

First, inventory ALL projects and activities that require any kind of IT resources, making sure to include non-obvious ones like SMEs and user training time. According to Gartner, 60% of IT’s budget is spent on operational, “keep the light on” activities, so it is important that these are included to ensure correct allocation of project resources. Projects that pull resources from core operations can create business risk.

Second, decide who will comprise a governance committee, i.e., who will make decisions concerning the portfolio. This should be a mix of IT and business leaders with the authority to make decisions for the organization. The governance committee will determine which projects should continue, which should be delayed, and which should be terminated. These decisions will be made based on determining which projects have the potential to create the most value for the company. Each project in the portfolio should align with business goals and be ranked on the strength of its business case outlining benefits, costs and risk. Keep this simple, but also be on the lookout for project interdependencies. You certainly don’t want a critical project bungled because it relied on deliverables from another project that was killed or delayed.

The importance of strong governance in the portfolio process cannot be overstated. Projects that are nice but not essential drain away resources that could be used more productively. Focus on cutting unnecessary demand and don’t start new projects until you know for certain that
[ Read More ]

Read More

Terminate the time guzzler: Inefficient meetings

By |November 15th, 2011|Categories: time|Tags: , , , , , |Comments Off on Terminate the time guzzler: Inefficient meetings

Are you a big fan of impromptu meetings via Skype, Instant Messaging or other technology? These meetings seem to be laser focused because the meeting originator contacts you for a specific reason and has some targeted questions already at hand. Therefore, your ad hoc meeting has a clear-cut purpose, and resolution and closure is fast and painless.

So, how do you take this paradigm and apply it to the biggest time guzzler in most people’s day—the inefficient meeting?

Here’s how. Every meeting should have an agenda and specific objectives. This information should be communicated to participants well in advance so they arrive prepared. Your meeting should also be run by a facilitator who brings well-formed questions to the table; these are considered time-management “gold.” Every item on your agenda should have specific, corresponding questions that are used to elicit information and move you on to the next item. For example, if your project has the agenda item Risk Planning, some questions might include:

An interesting thing occurs when the objectives and agenda are clear, the participants come prepared, and the facilitator keeps the discussion reined-in through the use of thoughtful questions: meeting objectives are met and meetings are adjourned on-time or early. Participants think, Wow! We finished everything on the agenda and I’ve even got some spare time to put back into my day…I love it. As the meeting owner or facilitator, you might even find participants actually look forward to your meetings as the most productive time of their workday. How cool is that?

– See more at: http://www.transaccelgroup.com/blog/2011/11/15/terminate-the-time-guzzler-inefficient-meetings-2/#sthash.A0bkSWDv.dpuf

Read More

Mark that project APPROVED…

By |October 17th, 2011|Categories: Planning|Tags: , , , , , , , , |Comments Off on Mark that project APPROVED…

Today, every company is pursuing more projects than it can successfully handle, and that puts your project at risk of not getting the approval it needs to move forward. So, what can you do to make sure that a governance committee review doesn’t leave you and your project on the outside looking-in? Follow these steps to give your project an advantage over other projects in the queue for review.

 

Understand and communicate the business case for your project.
This starts with understanding the business strategy and business drivers that prompted your project in the first place. If you don’t understand what the business is trying to accomplish, you have very little chance of your project hitting the mark.Once the business strategy and drivers are clear, identify very specifically—and quantitatively where possible—exactly how your project will provide benefit relative to the business drivers and business strategy.

Work with key people in the business area to develop and review the business case to ensure that it is sound and strong.

Creating a solid, strong business case is the most important factor in not only getting the project approved, but also in ensuring that the project team clearly understands what is to be accomplished, why, and how it will help the business.
Identify resourcing needs by role.
Resources, especially people, are always in high demand, and you need to be very clear about the resources that your project will require (people, facilities, equipment, etc.). Clearly identify your resource needs by being specific. Assuming that your request for two technical analysts you will get you what you actually need might be a mistake. Having the right skills, expertise and individuals detailed on a project can greatly improve the probability of project success.
Identify project interdependencies.
As
[ Read More ]

Read More

October: Conscious Planning

By |October 4th, 2011|Categories: Planning|Tags: , , , , , , , , , |Comments Off on October: Conscious Planning

October is probably the most grueling month of the IT planning cycle, given the exorbitant amount of time expended in meetings. Each department—Sales, Marketing, R&D and Manufacturing—will meet with its IT counterpart to plan next year’s projects. These meetings should be dialogue-driven events that result in a shared understanding of anticipated business drivers over the next 12-18 months, current market conditions, emerging trends, and specific strategies to capitalize on opportunities. In preparation for these meetings, it would also be helpful for IT to conduct a SWOT analysis (strengths/weaknesses/opportunities/threats) comparing your company to 3 or 4 competitors. Not only will this assessment point out technical strengths and weaknesses, but it is always wise to know what the competition is up to.

Unfortunately, October is also a time of enormous pressure, as both IT and the Business push hard to achieve MBO deliverables before the end of the year. Too often, the competing time constraints of completing existing projects while planning new ones causes Business to default on the planning side, leaving IT to design new projects on its own. This lack of input from Business leads to “silo” thinking: “We know what they [the Business] really want or need.”

Now, in a perfect world, Business would remain engaged with the IT Account Manager—the one who not only has the best vantage point from which to understand and articulate Business’s needs, but is also well-equipped to offer ideas and solutions to address those needs holistically (end-to-end) rather than piecemeal. But, if Business opts out and IT can’t get it back to the table, or IT believes it actually can do the planning on its own, the next step needs to be the creation of a business case, or
[ Read More ]

Read More