Skip to main content

Enterprise technology's juxtaposition, complementarity and application

The ability to see within an enterprise with operations requiring various technologies in information, communication, operational, security and compliance, or two or more of these, finds stakeholders, or the need to adjust techniques and make, some ingenious ways to be more effective in their responsibilities and deliverables or production. Enterprise technology is not an area and language to be used where there are only some specializations involved but which still within the confines of information technology. IT may have been serving utility operations or energy generation for sometime already and yet stakeholders cannot see how to work hand-in-hand to increase their own efficiency, and the output for which customers are very dependent. There are efforts but they remain completely separate and the result is the bigger realizations and concerns about costs rather than creation of value from the start, not just when profits began to come in. If IT is not clearly use in such environmen

IT risks not managed, maybe violated further

It is, when you do have one or more of the following--
IT policies and procedures doesn't reflect real processes, efforts are workarounds and communications ill-defined or strict without the best of reasons.

No access verification and monitoring. Shares and lends credentials, computers and gadgets to each other. Browsing unconsciously, and wandering in, the Web. Opened emails that came from unknown individuals or sender very often without questions. Too much of a trusting person online. Uses the same flashdrive, borrowed or owned, for home computer and office computer. Update platforms and software irregularly. Very proud or dislike to cooperate with colleagues and friends or confident lone wolf. IT people enjoys computer games, doesn’t talk to business people. Risk not attended by IT and/or security people themselves.

Mad and disruptive personalities and no respect for rules and regulations. Dismissive of, or no regard to, security protocols. Inattentive to security events.

Expensive and complex solutions that nobody else is aware. IT is dealt with exclusively.

Not enough awareness or doesn't care at all. Prefer second hand information.

Believe it or not. IT risks are--may be becoming one, if not already--business risks.

While stakeholders will want to benefit from the technological development that happens in and out of their organizations, their use of IT is not without associated risks towards their business. It is an everyone’s responsibility. They must scrutinize cautiously and their actions, too. Remember, we humans, our associations, practices and data, the technology we designedly and deliberately used including the very definition and purpose of our own security and privacy rules has, or might have impending if not an immediate, risks. Within the context of revolutionary and disruptive IT environment, risk management must be solidly built within IT programs and projects, comparable to an effective security and privacy mechanisms. Not an afterthought, they say, which is true. Risk management suggests there is no such thing as unpredictable solution. Even history and current IT events says the presence of, and understanding the, risks might be the best of reasons to further the hardening of business systems.

Within our organization, risk management practices or applications and principles must ascertain common grounds and applicability. How about efficiency? Encompassing organizational policies, regulations and technical controls must be reexamined and updated once in a while. Risks must be managed.

Comments

Popular posts from this blog

Philippine telcos blocking entire SMS text with internet addresses in it

If you are sending SMS texts to your friends, family or colleagues and they contain internet or web address including IP and email addresses, and even a period or dot separating, regardless of, your words and numbers, they are automatically blocked and not going to be received by your waiting recipient. Cooler heads must prevail here especially if an important message is urgently being expected. IP version 6 address is fine. However, an IPv4 including localhost address (given automatically to every computers and network interfaces as their own alone designed for troubleshooting purposes), and your money in the billion figure using dot as separators would be blocked.  If you send "local.business, naman.naman etcetera" or any words that made you use dot in between them, as part of the text, they will be blocked. There are some, that isn't blocked in this category. Like check.iclassed, some.ent, whatever.local etcetera, that is because they do not form any domain name at all

Philippine cyber campaign

Are Philippine institutions being targeted or simply being probed? We don't know for certain. It could be either or both. Whichever comes first? What we can understand, with the success of such attacks, is that they have found their way. Really.   How hard or easy? The attacker knows, but probably, also, those being attacked. Inclination should be there no matter how sophisticated our security systems are. In cybersecurity, we do a very focused job. Making sure we disappoint whoever is trying to gain access to any resource without permission and authority regardless of the environment we are in. What happened is that every asset deemed to have every variant of resource built-in, operating, that makes up the entire system working whatever it is trying to employ, in that case the primary purpose. Meaning, we have to know if we are running our system in a manner that is really secure, provisioned properly during design stage and managed continuously afterwards, post-implementation. No

iclassed privacy policy, unbelievable at first sight

Those who, before engaging us and was reading our business conduct, alerts and notices , could not restrain themselves asking, "can you really do your job without keeping any data at all? At the end of the day, you should still be looking at those information and make sure you did, and will, do well. I am expecting a lot from you here, you said so yourself!" Now, that last sentence is so loud. We keep them, not in our premises, but yours. If you've been our clients, you'll know how persistent we are when it comes to the reliability and security of your systems, data and credentials. That's our responsibility, as is made popular by cloud computing, and we don't need to be in a cloud.