Category

Risk Management

Ideas and strategies to make risk management more effective.

Aug 292017
 
Conducting an Architectural Risk Assessment — Step 1

An architectural risk assessment is not a penetration test or merely a vulnerability scan. It is an engineering process with the aim of understanding, defining, and defending all the functional output from customers, line workers, corporate staff, and client-server interactions. Architectural risk assessments include ethical hacking, source code review, and the formation of a new network design. As Fred Donovan wrote in the Cutter Consortium Executive Update, Architectural Risk Assessment: Matching Security Goals to Business Goals, “Performed correctly, [an architectural risk assessment] will empower the technology staff and enable the business to focus less on security and more on customers.” According to Donovan, the first step of an architectural risk assessment is to conduct interviews Read more

May 022017
 
RPAs: A Cautionary Tale

Last week I wrote about the “triple win” that can come from robotic processing applications (RPAs). But Cutter Fellow Robert N. Charette points out a cautionary tale. In a recent Business Technology & Digital Transformation Strategies Advisor, Charette tells the saga of the Michigan Unemployment Insurance Agency’s Michigan Integrated Data Automated System (MiDAS) system, which was found to have falsely accused at least 22,000 — and possibly more than 50,000 — of the state’s residents of unemployment fraud between October 2013 and August 2015. How did that happen? Writes Charette: It turns out that Michigan decided to fight unemployment fraud using a software-driven approach, rather than the previous ‘manual and paper intensive work process.’ In fact, Michigan UIA Read more

Nov 122015
 
Bob Charette Weighs in on a Decade of IT Failures

Cutter Fellow Bob Charette has been blogging over at IEEE Risk Factor for the past decade, looking at the myriad ways software projects fail. To mark that 10-year milestone, he set out to analyze what’s changed — and what hasn’t — in the area of systems development- and operations-related failures. Bob doesn’t claim to have compiled a comprehensive “database of debacles” in Lessons From a Decade of IT Failures. Instead, he’s endeavored to bring together the “most interesting and illustrative examples of big IT systems and projects gone awry.” Be sure to spend some time with his colleague Josh Romero’s five super cool interactive visualizations of the data where you’ll: Look at the various ways Read more

May 142015
 

Cloud computing, data analytics, sensors and the Internet of Things, robotics, mobile and social computing, “super-intelligent” systems and advanced cognitive systems are merely a few of the technologies that have moved from the realm of being an interesting idea into the main stream. Just over the horizon are not only improvements to each of these technologies but also virtual/augmented reality systems, autonomous vehicles, private drones, 3D printing, quantum computing, gesture control systems and wearable computing, among others that promise to change our daily routines in a myriad of ways. High tech companies like to tout the many benefits of these technologies — for example, it is believed that moving to autonomous vehicles will not only Read more

Dec 022014
 
Still-shrinking Workforce will Bode Well for Those in Risk Community

Last year, I predicted the work force would continue to shrink. I was right. Relative to the population, the work force continued to dwindle, and it will continue to do so in 2015. The percentage values will become even more dramatic when considering the migrant workforce (legal and otherwise). As such, it’s still a good year ahead for those who can find ways to leverage smaller staffs in 2015. Tragically, this will lead to a greater divide between the rich and the poor. Any industries marketing with a “we care” strategy that applies across the “have/have-not” divide will be seen as philanthropic and societally beneficial (in a time of increased political turmoil). Turmoil bodes well Read more

Oct 292014
 
From Information Risk Management to BI for Software Organizations to Agile Transitions, We’ve Got You Covered.

We’ve been rounding up Dennises lately: Dennis Adams and Dennis Hogarth have joined our team of expert consultants. But along with the Dennises, we welcome Nancy Williams, Murray Cantor and Don MacIntyre. Dennis Adams is a long time Cutter contributor. He’s frequently presented the academic viewpoint for Cutter Benchmark Review. (If you’re not familiar with CBR, it partners academics and practitioners who co-write a survey, analyze the data, and then write opinion pieces — influenced by their academic/practitioner perspective — that are based on the findings. Looking at an issue or technology from both an academic and practical perspective gives CBR readers the 360 view they won’t otherwise see.) Now Dennis will add his expertise Read more

Oct 162014
 

It took home improvement retailing giant Home Depot about a week before it finally confirmed it had suffered a data breach. Home Depot first reported the possibility of a breach on 2 September 2014, but did not actually confirm the hacking until 8 September. During that time, the company made somewhat vague statements that it was still carrying out an investigation to determine whether or not its systems had actually been compromised. Based on the company’s recent press release confirming the breach (see “The Home Depot Provides Update on Breach Investigation“), it appears that Home Depot’s internal IT security team was unaware that its payment data systems had been compromised. Instead, it looks as if Read more