#21 – WHITE HOUSE INCENTIVES FOR CIP CYBER ADOPTION – CAROLYN TURBYFILL

turby

turby

It has been a busy year in the U.S. for Cybersecurity.  The latest development (as of August  6, 2013) is an announcement from the White House outlining incentives under consideration to encourage Critical Infrastructure companies to implement the Cybersecurity Framework under development by NIST: Continue reading

The Rise of Risk Engineering – Greg Hutchins

Greg Hutchins pixQuality + Engineering (Q+E), our firm, is a risk engineering firm.  OK.  Let’s use our formal description of services.  We provide Critical Infrastructure Protection: Forensics, Assurance, Analytics(R) engineering services.

When we started the company, there were only a few folks who knew, understood, or even cared about what we do.  But, what a difference a ten years make.  Now, risk management and more specifically risk engineering is all the rage. Continue reading

C – Level Risk Management

Greg Hutchins pixVolatility is going to be with us for a long while.

This means more risk.  The good news for us in operational and technology risk management is lots of work and consulting opportunities.  This is from a survey conducted recently by the Society of Actuaries.  So, here are a few more data points: Continue reading

Cyber ERM

Cyber Security is going ERM.

The US Department of Energy (DOE) released for public comment the Electricity Subsector CyberSecurity Risk Management Process.  You can download it at:

(http://energy.gov/sites/prod/files/RMP%20Guideline%20Second%20Draft%20for%20Public%20Comment%20-%20March%202012.pdf

It may be a game changer in risk frameworks.  Most risk frameworks are linear risk assessment processes.

The DOE standard is ERM process based, inputs  => activities => outputs, hierarchal (tiered), and follows a novel cycle.

Let’s discuss a few of these:

The RM model is tiered: 1. Tier 1: Organization; 2. Tier 2: Mission and Business Processes; and Tier 3: IT and Industrial Control Systems.

The RM model has a cycle of: Frame => Assess => Respond => Monitor.

Each tier follows a process, much like the Project Management Institute Body of Knowledge (PMBOK)

Different RM model.  ERM based.  Interesting.  Novel.  Check it out.

MORPHING PROFESSIONS

Qur firm – Quality + Engineering – provides professional engineering, forensics, and risk management.  In the last two months, we’ve been contacted to:

1.  Manage outsourced quality operations.
2.  Reframe a much smaller quality group into a risk management group.
3.  Do a combination of the above.

Is the quality profession morphing, disappearing, or maturing?  Or, is this an anomaly to the quality profession?  I don’t think so!

We’re seeing more than one profession changing dramatically.  As I read the NY Times and Wall Street Journal, it’s happening to the legal, marketing, journalism and most professions.    Newly minted lawyers can’t get jobs.  Top law firms are changing their revenue models, revamping their partnership models, or are folding.  Marketing is moving on line, which requires new technical skills.  Journalism is also moving online.

So, the critical questions for most of us are:

  • What changes are happening in our profession?
  • How are we keeping current?
  • What value are we adding to our organization or customers?