A Chief Technology Officer for a Midwest banking holding company made a very
interesting observation. In commenting about the needed increase in fraud
fighting resources, he warned about the perils of overemphasizing technology
while ignoring training staff in using manual fraud-detection processes.
Most of what he says is spot on in terms of ensuring the proper
prioritization, risk analysis and the blind reliance on technology to
identify and neutralize threats and breaches. In fact, as an officer in a
technology company, I happen to agree with him on almost everything he said.
He also noted that to prevent fraud, financial institutions need to go beyond
adopting the latest technologies and ensure they have trained staff to
identify fraud, such as by reviewing reports or spotting unusual activity
Now the key is how to cost effectively apply those resources, train tho... (more)
So much is written about the events outside your perimeter; those nefarious
and shadowy individuals and offshore syndicates who are looking to steal
technology or personal data or piggyback on your servers to peddle everything
from pirated products to pornography, implant botnets or viruses, or simply
to create corporate chaos. With all that weighing on our collective IT asset
protection strategies, it is easy to miss what a new Carnegie Mellon report
is pointing to as one of the fastest growing threats…insider breaches. Even
KPMG says this threat has tripled since 2007.
They co... (more)
“Don’t care how…I want it now!”
-Veruca Salt (Willy Wonka and the Chocolate Factory)
We live and work in a world of immediate gratification. In the name of
greater productivity if you need to check inventory from a supplier’s
warehouse…click there it is. Share a file on Dropbox, no problem. Add
detail about a meeting in the sales database… click! Update your Facebook
or LinkedIn status. Email a white paper to a potential client...click, click.
Want to see that flying pig meme…well, you get the picture.
Now that’s not necessarily a bad thing…unless you’re an IT professional
and th... (more)
I was chatting with an IT professional about the benefits of cloud-based
security and he kept referring to a recent risk assessment he performed. (And
if you haven’t done this lately, you should) But what got the gears in my
head turning is how interchangeably he used the terms “risk” and
Now on the surface they seem like the same component of security management.
I tend to disagree. In its simplest of terms, risk the probability or
frequency of doing harm while threat is the actual or attempted infliction of
that harm. Tomato, tomahto? Splitting hairs? It’s all about ... (more)
There are a lot of experts and process gurus who are more qualified than I to
tell you how to manage change. They will offer a great deal of high level
advice such as “define the vision,” “create a change proposition,”
“promote staff input to shape the solution.” And these are very wise
nuggets of advice. And we (in IT) are at a crossroads for change. The
landscape of the role, the challenges of the responsibilities, the tools of
the trade are all evolving.
Much of the change revolves around the migration to cloud-based solutions.
For going on a dozen years, SaaS applications ... (more)