Risk Management: Strong Governance Means Solid Foundation

Successful organizational risk management is not accomplished in a vacuum. 

Without the benefit of executive support, success is fleeting and inconsistent. Without clear message, risk management programs flounder. Without shared vision and strategic priorities which align with corporate mission and goals, risk management programs fail without exception.

Involve Management

To build your program for success, you must first begin by involving executive management. Understanding their concerns and perceptions of organizational risk and risk tolerance can prove invaluable and serve as an impetus to better enable prioritization. Consider formally establishing a Governance Committee composed of key business leaders to maintain continued momentum, better determine programmatic direction and to ensure that proper consideration is given to critical organizational business unit requirements.

It is also recommended that a third-party organizational risk assessment addressing current organizational risk state and applicable legal, regulatory and standards-based compliance be performed. Given outside, qualified expert determination of the severity of known risks and the identification of unknown risks, including any compliance gaps, high risk vulnerabilities may begin to be remediated and the overall threat landscape better understood. With remediation efforts composing the majority of short-term strategy, the Governance Committee may thereafter begin to focus on both medium and long-term strategies.

Establish Responsibilities, Procedures

To then effectively execute upon determined strategy, organizational roles and responsibilities should be reviewed and developed to ensure that appropriate information security and risk management duties are assigned to all personnel with operational security and risk management roles further defined.

The Governance Committee should also require that separation of duties and principles of least privilege are adhered to with (perhaps dependent to some degree on the overall size of the organization) operational security and audit responsibilities assigned to dedicated staff which directly report to one or more leadership roles. Generally, it is this leadership which will have principle responsibility for guiding Governance Committee efforts and ensuring that committee determined strategic direction is successfully implemented.

While qualified personnel are, of course, a primary concern, documentation should not be undervalued. Developing supporting policy and documenting established procedures, security architecture, sensitive data flows as well as data inventory, ownership and retention details provides important reference and opportunity for periodic review and analysis.

A standardized methodology also better allows for consistency of process with a far greater likelihood of desired outcome. Additionally, when aligned with configuration and change management efforts, overall performance and service delivery levels may be recognizably strengthened. Further, training efficiencies and knowledge capture benefits may also be realized.

Continued Review

Given executive support and cohesive direction, it becomes important that security operations and risk management personnel monitor organizational risk on an ongoing basis while remaining cognizant of established programmatic goals and compliance requirements. Monitoring practices should, at a minimum, include daily log review, altering processes, quarterly internal and external vulnerability scanning, annual internal and external penetration testing, and internal and external risk assessment completed on at least an annual basis.

 

Continue reading this article:

1 2 Next Page >

 

 

Source : cmswire[dot]com

Technology to Solve the Problems of Technology #DEMO2012

We're all familiar with the pitfalls of the proliferation of information. Massive quantities of competing programs and platforms leads to an overwhelming over-saturation of media. Battling operating systems and hardware lead to endless issues with connectivity and compatibility. The majority of the new technology being presented at DEMO Conference present themselves as a solution to those woes.  

From data aggregation to seamless functionality across devices, a sophisticated software patch (to over-simplify) may be the only thing we need to eliminate all the hassles that have us pulling our hair out. This is particularly relevant in the social media landscape, where inundation of content is only going to increase until all of our heads explode simultaneously.

Problem Solved?

First off, I'm thankful that brilliant minds are working hard to capitalize on the issues I've described. Secondly, I'm always skeptical that their innovations will be useful enough to justify another download, password and endless series of mandatory updates. Strike that, reverse it.

Among the most promising problem-solvers presented here in the real of social data aggregation are Lifebeat and Zeppelin.

Lifebeat attacks one very common problem head-on: the issue of building multiple contacts across a growing number of methods-to-contact-them. With every able-fingered individual possessing an account or two in email, Twitter, Facebook, LinkedIn, Spotify, SoundCloud, Flickr and more, you may think you're connected to your friends, but really, you're not. Lifebeat intuitively pulls contact information across every medium into one smart portal on your smart phone. It can give you updates, figures out your preferred method of contact for each individual and portends to have no limits on the data it can aggregate.  

Zeppelin exists in a slightly more B2B space (for now), providing one simple, elegant portal of aggregated communication. With smart square gateways resembling floating widgets, you can organize any feed any way you like it and react to any of them across any medium. You can even create internal chats to discuss urgent issues (like, for example, if there's any beer left in the kegerator). The slick, clean, easy-style interface and intuitive control that has been a winner for internet heavies so far may push Zeppelin to the forefront.

Who Will Win?

There's a social element to everything now. 4Sync is a cloud storage company attempting to give Dropbox and Google Drive a run for their (infinite) moneys by providing cheaper storage and, you guessed, integrating a social element. This is exactly why the aggregation of social content is essential. Each outlet has its value and its hardcore users, and we deserve to get every bit of it. But there's only so many hours in the day. While many new companies are attempting to tackle the problem in many new ways, I have to figure there will eventually be a clear winner.  

It should be one that feels like home. It should be friendly, familiar and fresh. It should be intuitive and intelligent. Most importantly, it should be adaptable. It should make room for any new social media fad that comes along. Both of these programs make sure to do that. They may become the singular resource to rule all the resources or they may be arbitrarily trumped by something with a cute picture of a kitten to lure us in. Only time will tell.

 

 

Source : cmswire[dot]com

Hobbs, New Mexico, Home Of A Failed $1 Billion Ghost Town, Conducts Another Grand Experiment

Lea County, New Mexico, shrugs off the loss of an investor's highly publicized tech-research city to focus on innovative energy programs, including algae, uranium enrichment, and one of the nation’s largest solar projects.

In the southeastern corner of New Mexico these days, a booming and diversifying energy industry has produced an enviably low unemployment rate. Which is why when someone mentions “the failed Pegasus project,” all it gets is a dismissive shrug by folks too busy to care.

Last month, Pegasus Global Holdings announced that it was pulling out of its commitment to invest $1 billion in a research ghost town outside Hobbs, New Mexico. Pegasus managing partner Robert Brumley tells FastCompany.com that the deal's collapse was largely due to difficulties in negotiations with a major landowner. (He says his company remains committed to building in New Mexico, however, and is leaning toward a site near Albuquerque.)

We’re too busy to pout or hold a grudge.

At first, community leaders were surprised, frustrated, and even a bit piqued. But those feelings dissipated rapidly, according to Lea County Commission chairman Gregg Fulfer.

“Frankly, with unemployment hovering around 4% (the national rate is stuck at 8.3%) and our economy humming along quite nicely, we’re too busy to pout or hold a grudge,” he says.

Fulfer is a 51-year-old Lea County native who works in the oil and gas industry and has seen the region go through numerous boom and bust cycles. But today, he says, the county is humming on “all cylinders,” thanks to high oil prices (currently around $96 a barrel), heavy investment in natural gas production, and diversification into wind, nuclear, solar, and biofuels, in addition to industries outside of energy.

Presumptive GOP presidential candidate Mitt Romney even visited Hobbs on Thursday to promote his energy plans. Speaking in the parking lot of Watson Truck & Supply--an oilfield business started in 1943-- he promised to speed up drilling on federal lands by turning over the permitting process to states.

A rendering of a section of Pegasus's $1 billion research ghost town

Officials say the county is being chosen for new and innovative energy projects because of a combination of factors including: available flat and arid land; a skilled workforce; training programs; few worries about natural disasters like hurricanes or floods; state and local tax incentives; and a pro-business attitude that welcomes companies of all kinds.

Because of the region's energy diversification, the most recent drop in oil prices (down to $45 a barrel five years ago) did not hit the county as hard as past declines, Fulfer says. Another drop, in the '90s, saw prices fall to $15 a barrel, forcing some residents to leave the county.

“Urenco U.S.A., our nuclear enrichment plant, is going great guns, with plans to build a $1 billion addition to its existing facility,” he says, adding that other areas of the country weren't receptive to an enrichment plant--and a few communities even held protests--but Lea County's energy titans ultimately felt that enrichment was one of the safer fields to be in. “So while the Pegasus project would have been nice, we’re not desperate by any means," Fulfer says. "We’ve got other major developments in the works, too."

Lisa Hardison, president and CEO of the Lea County Economic Development Corp., says her agency has pushed hard to expand the county’s economy beyond oil and gas in recent years with its EnergyPlex brand, welcoming all types of energy development, from algae, wind, and solar to uranium enrichment.

“That’s one of the reasons why Pegasus would have been a good fit with its research efforts and high-quality jobs, because research often means manufacturing,” she says. “But they’ve moved on and so have we because we have so many other positive things in the pipeline.”

The county is also part of one of the nation’s largest solar projects in Sun Edison’s 54-megawatt effort, which is expected to generate more than 2 million megawatt hours of clean, renewable energy over 20 years to power more than 192,000 average U.S. homes annually.

In addition, last year, Massachusetts-based Joule Unlimited leased 1,200 acres--with the potential to scale up to 5,000 acres--for the production of renewable biodiesel and ethanol directly from sunlight, bacteria, and waste CO2. The company recently built a 40-acre pilot plant and is slated to start production in September.

And another firm, El Dorado Biofuels, is using recycled water from oil-and-gas production in four ponds to produce algae that could be used to generate energy or sold as livestock feed. Two others, International Isotopes and Intercontinental Potash, have plans to build plants for processing fluorine gas and fertilizer, respectively.

Brenda Brooks, the community affairs director for Urenco, says her company was recruited to Lea County in 2003, started production in 2010, and now has 350 employees working to enrich enough uranium to supply a dozen large nuclear power plants annually. The company also has 700 construction and contract workers building its new facility.

Halliburton has been here in a big way. It's using our oil and gas training ground as we speak.

Brooks, a Hobbs native who worked in the oil industry in Texas, says it was the “tremendous community support” that led to Urenco’s selection of Lea County as the site for its plant.

“We were recruited here,” she says, praising efforts by the local community college to help train technicians for the enrichment facility. Workers from outside the area were also recruited, she adds.

Steve McCleery, president of New Mexico Junior College in Hobbs and a 30-year resident of Lea County, says companies do training on campus every day--and not just Urenco.

“They aren’t looking for degrees or college hours,” he says. “Halliburton, for example, has been here in a big way for the last year and is using our oil and gas training ground as we speak.”

He goes on: “New companies are walking in every day and we’re just trying to keep up and create packages that meet their needs.”

The Pegasus project would have been a boon to the county by “creating wealth through research,” he says. “But they made a business decision and I have to respect that.”

Meanwhile, his college and southeastern New Mexico are doing just fine, he says: “Right now, if anything, we have a housing shortage and companies can’t find employees, so it’s not the end of the world from an economic-development standpoint. I’ve been through a lot of cycles, but I think things have changed somewhat with our diversification. That’s been a godsend to Lea County, but the multibillion-dollar oil-and-gas industry is still what drives our economy.”

For more information on Lea County, see edclc.org.

Source : fastcompany[dot]com