Failure to innovate and evolve has been the death knell of many former industry leaders – think of Polaroid or Digital Equipment. Both are no longer relevant,, and both failed to respond effectively as the world around them changed. Lack of innovation is in itself a major risk and, for many companies, IT is a a key enabler (or dis-abler) of innovation. Continue reading
“Faster is Slower” is one of the “Laws” formulated by Peter Senge in his book The Fifth Discipline. This particular “law” plays out with a vengeance in larger software development projects, and often has a secondary negative impact of cyber security. Let’s look at a rather typical scenario that illustrates this dynamic. Continue reading
There’s a lot we don’t yet know about this classic disaster, but nonetheless it is not too early to examine several obvious flaws in the approach. Top software professionals knew at the outset of various measures that would have saved a lot of expense and embarrassment, but were not applied. It seems clear this project was “managed” by comparative amateurs clearly not up to the management challenge. This effort did not fail for technical reasons – virtually all of the issues that have arisen were foreseeable and preventable. Continue reading
Hans Christian Anderson was on to something important and relevant to today’s risk environment … “Once upon a time there lived a vain Emperor whose only worry in life was to dress in elegant clothes. He changed clothes almost every hour and loved to show them off to his people.” Probably you know the gist of this story – flim-flam artists convinced the Emperor an imaginary fabric was actually beautiful, at least until “A child, however, who had no important job and could only see things as his eyes showed them to him, went up to the carriage. “The Emperor is naked,” he said.” Continue reading
When applying Enterprise Risk Management (ERM), as in much else in life, the devil is in the details. The details are especially critical when attempting to apply standards such as ISO 31000 to software and IT intensive systems. ISO 31000 describes principles, a framework, and a high level process for ERM. ISO 31000 clause 5 identifies process steps – in this article I will focus on risk assessment and risk treatment as it applies to software and IT intensive contexts.