From Scapegoat to Savior: The Risk Manager Story

Chris McClean

Even in the toughest times, winners will invariably emerge. With the way expectations are changing regarding corporate controls and disclosure, risk management professionals (whose lack of influence was seen as a substantial cause of our current state of affairs to begin with) will likely be among the first beneficiaries of our new outlook on business.

Forrester customer inquiries seem to have taken a step back when it comes to risk management. While there are still plenty of incoming technology and vendor selection questions, there has been a noticeable spike in calls about fundamental issues, such as how to build and organize risk management programs. Knowledge and experience in risk management basics is in high demand.

Last week, the New York Times emphasized this demand by highlighting the current value of graduate degrees or certification related to risk management. The article explains:

Read more

Don't Rely On Industry Averages For Cost Of Downtime

Stephanie BalaourasOn a weekly basis, I get at least one inquiry request from either a vendor or an end-user company seeking industry averages for the cost of downtime. Vendors like to quote these statistics to grab your attention and to create a sense of urgency to buy their products or services. BC/DR planners and senior IT managers quote these statistics to create a sense of urgency with their own executives who are often loath to invest in BC/DR preparedness because they view it as a very expensive insurance policy.

BC/DR planners, senior IT managers and anyone else trying to build the business case for BC/DR should avoid the use of industry averages and other sensational statistics. While these statistics do grab attention, more often than not, they are misleading and inaccurate, and your executives will see through them. You'll hurt your business case in the end because you haven't done your homework and your execs will know it.

I saw a study recently that stated the cost of downtime for the insurance industry was $1,202,444 per hour. You might be tempted to grab this statistic and throw it into the next presentation to your C-level exec but what is this statistic really telling you? Do the demographics of the companies in the study match yours? Do you trust the accuracy of the data? Consider the following:

 

  • What is the definition of insurance industry in this case? Is it companies that focus solely on insurance or does it include companies that also provide financial advice and monetary instruments to their clients?

     

Read more

Denial Of Service Attacks Have The Internets All A Twitter

John Kindervag

My BlackBerry battery died more quickly than usual yesterday as I received a wave of calls from reporters wondering about the denial of service (DoS) attacks against Facebook, Twitter, and other social networking sites.  It seems many people are not aware of the long and storied history of denial of service attacks and this is their first personal experience with DoS. These types of DoS attacks have been around since the creation of the public Internet. A 15 year old named Mafiaboy famously brought down many of the top Websites of the day at the beginning of this millennium using similar techniques.

Read more

Hathaway resigns … another one bites the dust

Khalid Kark

Hathaway joins a distinguished group of highly respected and accomplished people who have quit the position of Cybersecurity Czar. She wasn’t even the actual Cybersecurity Czar, she was just the acting one, but it appears even that was too much to take for her. She cited personal reasons for resigning, but media reports suggest a more plausible reason for resigning – frustration at “spinning her wheels” and not being able to accomplish anything. Sounds familiar, doesn’t it. Whether you are a Cybersecurity Czar or a CISO, the challenges for this position are very similar. 

Read more