The Next Big Thing
Posts about next generation technologies and their effect on business.

Risk management is not about having zero risk… it is an opportunity for innovation

risk.pngRisk management is about balancing the risks against the costs to protect.

 

PwC and CSO magazine recently released the 2013 State of Cybercrime Survey, which states that while cybercrime threats are on the rise, current attempts to counter them remain insufficient.

 

“Cybersecurity is more than an IT challenge—it’s a business imperative. New technologies, well-funded and determined adversaries, and interconnected business ecosystems have combined to increase your exposure to cyberattacks.”

 

It states that:

Businesses that are adapting are:

  • Reconsidering the scope of the challenge to include your business ecosystems
  • Re-evaluating ownership and accountability for cybersecurity
  • Understanding the motive, means and methods of your adversaries
  • Prioritizing and protecting the information that really matters most to your business
  • Collaborating and sharing information in order to have the best available knowledge about the ever changing threats”

Showing that many organizations do weigh the risks and find the costs (from a business disruption and budget point of view) are higher than their expected incident costs -- risk management is not making sure you have no risk. Risk management, when done properly, will accept risk when the alternative is worse than avoiding the risk. This kind of conflict is an opportunity for innovation.

 

Advances are not made by convincing management about solving problems the old way. They come from defining solutions that are less disruptive or expensive and resolve the conflict between cost and risk. Addressing security concerns is really an innovation driver.

US Nationwide Emergency Alert System Test on November 9th 2011

eas.pngWhether it’s a fire or flood, an earthquake or hurricane, being prepared and staying informed are the keys to getting through an emergency situation safely. With that in mind there is an upcoming nationwide test of the U.S. Emergency Alert System (EAS). 

 

Be prepared…

On Wednesday, November 9 at 2:00 p.m. Eastern Time, the Federal Emergency Management Agency (FEMA), the Federal Communications Commission (FCC) and the National Oceanic and Atmospheric Administration (NOAA), will conduct a nationwide test of the Emergency Alert System (EAS).

 

All digital, cable and satellite television and broadcast radio services across the country will be simultaneously interrupted for approximately 30 seconds, after which regular programming will resume.

 

Stay informed…

This is the first national-level test of the EAS that has ever been conducted and will be similar to the local emergency tests, issued by the National Weather Service and state/local officials, used to send alerts and warnings.

 

So remember, if you find yourself within earshot of a radio or TV on November 9th, at home or in your car – and hear an emergency message broadcast on every TV and radio channel – it’s just a test.

 

Visit the FEMA: Nationwide EAS Test website for more information about the test.

 

Businesses should think of this as a reminder to test their own disaster preparedness.

New HP security focused family of products and offerings

Organizations are under increasing pressure to secure their infrastructure while continuing to enable employees and clients to exchange information. Cloud techniques are pushing this need to a whole other level then the capabilities designed into most environments. Managing the risks associated with this are taking new skills as well, since the rise of mobility, cyber threats, and social media and the associated conflicts of expectations are demanding innovative approaches.

 

The days of perimeter based (locked down) security are over. Today’s enterprise must be as fluid as the clients served. Sharing information whenever, wherever and on whichever device they choose. This new fluidity requires a complete approach to security to enable interaction while driving operational effectiveness and reducing business risk.

 

Most enterprises support a patchwork of unrelated products, applications and uncoordinated processes. Security is scattered, with a lack of coordination between people, processes, and technology.  This makes for a fragile environment that is difficult to adjust. It is necessary to actively understand the current state of risk management, security, and breaches.

 

Yesterday, HP unveiled an expanded and integrated Enterprise Security approach.

 

security approach.png

 

They focus first on providing workshops and other approaches to assess the security capabilities in the existing environment.

 

With that current situation analysis in hand there are a range of tools and services to help organizations either transform themselves or consume security transformation services as required.

 

The enterprise services organization also provides a wide range of services to help manage their security environment.

 

Finally, there is an Secure Boardroom approach to provide visibility between and across the enterprise security environment.

 

Don't expect HP's investments to stop there though.

 security ecosystem.png

 

HP’s depth related to security is quite a bit broader and deeper than most organizations realize. There are thousands of people available across the globe, partners to help as well and numerous research activities currently underway in HP’s various labs to address future needs.

Cyber Risk means Cyber Defense

security.pngI’ve mentioned before the paradox of IT – the fact that there is an expectation of innovation as well as risk management; organizations need to plan their cyber defense.  I recently came across a document for those interested in The Financial Management of Cyber Riskan implementation framework for CFOs.

 

The document was created by the American National Standards Institute (ANSI).

 

“The 76-page document offers a pragmatic action plan that addresses cybersecurity from an enterprise-wide perspective. Developed by a task force of more than sixty industry and government experts, The Financial Management of Cyber Risk: An Implementation Framework for CFOs has been funded and managed by the private sector and is offered as a free resource on cyber risk mitigation for organizations across the country.”

 

It consists of frameworks for:

  1. Understanding and Managing the Economic Aspects of Financial Cyber Risk
  2. Managing the Human Element
  3. Managing Legal and Compliance Issues
  4. Operations and Technology
  5. Managing External Communications and Crisis Management
  6. Analyzing Financial Risk Transfer and Insurance

How are you handling the paradox of IT?

Search
Follow Us
About the Author(s)
  • Steve Simske is an HP Fellow and Director in the Printing and Content Delivery Lab in Hewlett-Packard Labs, and is the Director and Chief Technologist for the HP Labs Security Printing and Imaging program.
Labels