Here’s a good one … A small village in the north of England, Argleton, has been causing confusion with an air of mystery. The simple reason is, is that the village simply doesn’t exist except in the world of Google.
Posts Tagged ‘Security’
Curious case of Argleton town
Tuesday, November 10th, 2009Conducting a BIA (Business Impact Analysis)
Monday, October 5th, 2009Yesterday, I touched on the BCM program and I cautioned about holding the IT department responsible for BCM. Lets pause for a while and zoom into why that is the case.
One of the most important activity in the Business Continuity planning process is the Business Impact Analysis (BIA). Typically, BIA is used to identify, qualify and quantify the exposure and impact of threats to your business. With these impact analyzed and quantified, forming the output of the BIA, you will then be able to justify the reasons and case for a business continuity plan. In a nut shell, BIA can be used to:
- Determine the extent to which critical functional and operational dependencies exists within the organization and how important are these functions to the business,
- Assess the impact of a disruption to identified critical functional area or business operations within the organization,
- Establish the priorities and sequence in which critical data processing applications and key business functions should be restored.
If the BIA is used to determine critical business functions, then it wouldn’t make sense to just let IT handle this on their own. It needs to involve the business units and the rest of the organization, especially with the Executive Management support.
Business Continuity Management
Sunday, October 4th, 2009
According to Gartner, 50% of all businesses fail after experiencing a major disruption. The lack of planning and preparation for these disruptions can cause a major blow to a business, which may include losing its customers, assets, personnel, etc. A business is more likely to recover if it has a plan and has taken into account all the areas on which its business depends on to function normally.
In the past (and probably some organizations are still doing this today), IT Disaster Recovery has been part of the IT department’s responsibility. IT’s primary focus for IT DR was to ensure that they pass their annual audits. Unfortunately, I believe there might still be some confusion on the part of business owners thinking that business continuity management and planning is strictly planning for IT Disaster Recovery and is an IT problem. How unfortunate, because IT Disaster Recovery Planning (DRP) is merely just a subset of the whole scheme of Business Continuity management. DRI International defines Business Continuity Management as a holistic management process that identifies potential impacts that threaten an organization and provies a framework towards building resilience with the capability for an effective is defined as Today’s business environment is more demanding and complex, compared to the old days. We continuously face challenges in delivering services to our customers in real-time and have less tolerance for disruptions.
Governance beyond Uncertainty
Saturday, October 3rd, 2009I had the privilege to join Sun’s Chief Privacy Officer, who is also our Chief Governance Officer for Cloud Computing, in meetings with some government InfoComm authority folks. The subject of the meetings were Governance for Cloud Computing.
Overall, I thought she did well in covering the key and important points across areas such as legislation / laws and the jurisdictional territories, Standards, data classifications / categories, how to maintain data privacy and security across its lifecycle, IP (Intellectual Property) of third party contents, license rights, policing rights, etc. The message she brought to the table is that at the end of the day, businesses needs to manage an acceptable equilibrium between gaining the business agility, cost advantages and empowering their business to leverage on available Cloud services, and the acceptable or tolerated level of risks by the business. It was not an easy subject to talk about (especially in an hour duration).
Virtualization Security
Sunday, September 27th, 2009Andreas Antonopoulos of Network World wrote an article “Virtualization Security: so far nothing” earlier this year and he remarked that only 9.6% of companies are deploying security tools specially designed to deal with virtualization, 21.2% expect to do so within the next three years, and 69.3% have no plans at all to secure their virtual environments. Antonopoulos further wrote that many of the threats that are unique to virtualization are overlooked and companies might be trying to shoehorn existing security models and practices into a vastly different environment. He believes there is a great risk that these threats will translate into attacks before companies re-examine their security policies, architectures and implementation. Lastly, he states that there are many innovative security solutions for virtualization and probed what are companies waiting for?
I do agree that very often, security is overlooked. But I do not believe that we can merely buy a security solution or product or tool and able to mitigate the security risks altogether. It takes much more than a tool or product to address the virtualization security subject. (more…)
