#179 – FUTURE OF DIGITAL TRANSFORMATION – GREG CARROLL

Featured

team-carroll-150x150Senior management have to come to grips with the fact that Digital Transformation is not an Event but rather the operating environment of 21st century business.

Like music, photos, TV, and data, once something becomes digital it becomes a consumable and moves from the domain of the specialised expert to a public commodity.  As with Blockbuster, Borders, Capital Records, and newspapers, businesses based on non-digital product are the hand-crafted hobbies of the 21st century.  Craft markets will exist into the future but they are generally not profitable and rather a labour of love. Continue reading

#86 – IMPROVING CYBERSECURITY AND THE CHALLENGE OF IMPLEMENTING THE NIST FRAMEWORK – ANDREA STROUD

apqc

Andrea Stroud_APQC PIC

 

 

 

In an earlier blog post, Ed Perkins, the developer of the Certified Enterprise Risk Manager® – Cyber Security™ certificate, described the current cybersecurity landscape for industry and provided an overview of the U.S. National Institute of Standards and Technology (NIST) Cybersecurity Framework. In this second half of APQC’s conversation with Perkins, he discusses how organizations can use the Cybersecurity Framework to address risk. Continue reading

#86 – WHAT SHOULD COMPANIES CONSIDER ABOUT POTENTIAL CYBERSECURITY RISKS? = BECKY PARTIDA

apqcrpartida_LThumb

 

 

 

APQC recently spoke with Ed Perkins, the developer of the Certified Enterprise Risk Manager® – Cyber Security™ certificate, about the current state of cybersecurity and the introduction of the U.S. National Institute of Standards and Technology (NIST)Cybersecurity Framework. This post presents the first half of the interview, in which Perkins describes the cybersecurity landscape and introduces the NIST framework. Continue reading

#71 – ISO 27001: INTRODUCTION AND THE ROAD TO CERTIFICATION – VINCENT PALERMO

Publicly announced breaches of secured information are so common today that they almost seem routine. Last year, in the United States alone, financial companies like JPMorgan Chase and retailers such as Target and Home Depot were victimized by information system hackers that allegedly gained access to the confidential data of millions of businesses and consumers. Continue reading

#69 -CYBER SECURITY VULNERABILITIES – MARK BERNARD

Mark BernardI wrote the following article to help clarify CyberSecurity Threats and vulnerabilities, so that we can facilitate better risk assessment. This assessment of software vulnerabilities was based on data pulled from the Common Vulnerability and Exposure database. For added context below I included statistics from Q1 RedSocks Report on Malware. It’s apparent that the CVE only registers a small percentage of the overall vulnerabilities. This report supports the need for ongoing vulnerability management, however there is an equally important emphasis on regular security testing and integration with product development and change management. Continue reading

#64 – ARE THE FEDS MANDATING ERM? YES. – GREG HUTCHINS

Greg Hutchins pixOffice of Management and Budget (OMB) is requiring US agencies and departments to manage risks at the enterprise level.

Why?

Ebola?  Wars?  Shootings?  Civil unrest?  Global warming?  Droughts?  You name it.  The unexpected is happening – all to often.  The unexpected has become the expected.  Not only in the US – but the world over in government and the private sector. Continue reading

#56 – WHAT IS A FRIEND? – CAROLYN TURBYFILL

Turby13In my personal experience, people have very different definitions for “friend” and “acquaintance”.

Having lived and worked in countries with military dictatorships, dangerous social, religious and political unrest,  I have what I called a “Third World” definition of a friend.   My definition of a friend is someone you can trust with your life and the lives of your friends and family.

This kind of friendship includes not doing things that can cause other people to be threatened or harmed to get to you, or who you may harm by revealing or even insinuating a confidence.  I have lived in places where people write out a “Statement of Conscience” – which represents what they believe and stand for that can be used to counter anything they may be coerced into saying through threats or torture. Continue reading

#50 – BLACKMAIL & BOUNTIES & BITCOIN – OH MY! – Dr. Carolyn Turbyfill

Do you have an old Hotmail account lying around?   What would you do if:

Dr. Carolyn Turbyfill

Dr. Carolyn Turbyfill

  • Someone took control of an account belonging to you – using public information to answer the security questions that allow you to reset a password.
  • Used your compromised account to break into other more sensitive accounts – your business, bank, etc.
  • Then blackmailed you for $20,000 with the threat of selling your identity and accounts to ‘fraudsters’ who ‘would ruin your life’? Continue reading

#41 – THE NEW CYBER WARFARE & ISO 27001 – EDWARD HUMPHREYS

Cyber threats continue to plague governments and businesses around the world. These threats are on the rise as cyber criminals increase their focus and know-how. The problem demands an international solution.  ISO/IEC 27001 provides a management framework for assessing and treating risks, whether cyber-oriented or otherwise, that can damage business, governments, and even the fabric of a country’s national infrastructure. Continue reading

#41 – CYBER SECURITY IS NOW JOB #1 – NIST CYBER SECURITY FRAMEWORK – GREG HUTCHINS

Thirty years ago Ford Motor Company had a tag line in all its advertising:

Quality is Job #1!

Great tagline.  Now we believe that everyone’s new tagline is:

Cyber Security is Job #1!

Greg Hutchins pixThe US National Institute of Standards and Technology (NIST) has just finalized its much expected cyber security risk management framework.

President Obama directed NIST to develop a risk management   framework to secure infrastructure vital to the US and for that matter’s any country’s critical infrastructure such as banking, electrical power grid, water, and transportation. Continue reading

#39 – FUTURE TECHNOLOGIES HERE TODAY – CAPERS JONES

Capers Jones pixThis paper discusses a number of interesting technical advances that are theoretically already possible in 2014, although in fact not currently available.  Hopefully showing the software community what is technically feasible will encourage universities and larger corporations to move more quickly. Continue reading

#38 – CERM RISK INSIGHTS 2014 CYBERSECURITY WEBINAR SERIES

The title of the proposed 2014 cyber series is:  Changing Cyber Landscape

This year is going to be a banner year for cyber security.  Take a look at the following events.  The number of data breaches will increase.  More state actors from China, Russia, and even our allies will attempt to penetrate critical infrastructure.  More revelations on cyber intrusion of Federal facilities.  Further losses of personal identification information.  Heightened cyber warfare.  Significant data breaches growing exponentially.  Increasing cyber crime with material impacts.  Additional NSA revelations.  Increased privacy law breaches.  More regulatory penalties, shareholder lawsuits, and reputational damage.  And, the list goes on. Continue reading