Evaluating risk can be a daunting task. Breaking down every system within an operation, figuring out where your greatest assets lay, and where your greatest risks are. This process can never be an individual task, and the successful ones always have a team of staff members involved.
Delphi
The Delphi process is often employed with qualitative risk analysis. It allows staff members of a company, each with their own expertise, to anonymously weigh in on the risks and safeguards to presented. All of the comments are then collected into a report to again have comments added by each expert until a consensus can be found. This is very powerful in getting feel for how the company should invest in protecting its assets.
Qualitative Risk Report
Qualitative risk analysis does not provide the dollar figures that executives are often looking for, but it does provide an excellent starting point to getting those numbers. By assembling a team of experts within the company, a very detailed view of a companies risks and preferred safeguards can be evaluated. From here the cost of each safeguard can be evaluated against the value of each asset.
Safeguards and countermeasures all need to be weighed against the risks that they are there to protect. If it costs more to protect than it is worth, then a decision to accept the risk needs to be made. Keep in mind that whatever decision is made needs to be documented and the support of all management needs to be on board.
Just tonight, was an amazing quote by the leader of the CTU division on Fox’s 24, that I thought perfectly applied to the security concerns of we are discussing.
“Everything that happens here is my responsibility. All of its successes and failures… I let the snake into the Garden”
Hastings, the head of CTU was being terminated and replaced by their lead technical analyst. He was not happy about the decision, but recognizes that ultimately everything that occurs within the organization reflects on him. While blame will be placed on the staff of an organization, the responsibilities for the success or failure of a company, reflects on its leaders.
Before deciding on what measures are going to be taken to protect a system, an analysis of the threats, vulnerabilities and effective losses needs to be made. If a particular asset is worth $1000 (in acquisition, maintenance, and recovery), and it would cost $5000 to protect, and is evaluated to occur once every 2 years, it would not be worth protecting. That risk should be classified as an acceptable risk.
Quantitative Risk Analysis
Quantitative analysis can be very challenging. A value needs to be associated with each asset, to include the cost to acquire it, recreate it, cost if lost, and its value to competition. Some of these values are difficult to evaluate, such has an assets cost if it was lost, or how much it would be worth to the competition.
Evaluating Risk
Quantitative risk analysis requires complex calculations, though with the right tools, can be automated. You still need to do the research to plug in the appropriate risks, but the application can calculate the dollars associated to each risk. From threats, vulnerabilities, exposures and safeguards, you can evaluate the dollars associated with each level in, helping you to make an informed decision regarding whether or not a risk level is acceptable, and which safeguards should be taken in order to protect your assets. Quantitative risk analysis can be very time consuming and costly to put together, but is often the best way to show decision makers where they need to invest to protect what they have created.
While developing standards, and creating new procedures often people look to see what the current industry standards are, to see if they can build off of existing practices, without having to spend the years of research that go in to developing a new procedure. With products and services varying from company to company, as well as their methods and systems varying, you can expect there to be many different ways that people look to achieve a secure and reliable environment.
ISO 17799
ISO 17799 was an older standard developed by British organizations. It had been the defacto standard for many years regarding information security. It was designed to secure and maintain healthcare systems, but has been adopted by many different industries as it is a great starting point for security.
ISO/IEC 27001
Built off of British standards, it outlines establishment, implementation, control, and management of health care systems. There are also guides to protect sensitive personal health information. This is the latest generation of security standards, and careful note of its goals should be noted. It can be broken down into asset classification and control, personnel security, physical and environment security, communications, access control, compliance, and other information security policies for organizations.
CobiT and COSO
Focus more on the what needs to be achieved, rather than how to achieve it. ISO/IEC provides lengthy documentation on how to achieve a secure system.
Six Sigma
Six Sigma puts an emphasis on process improvement. It is a new quality control mechanism, focusing on statistical analysis of existing procedures in order to provide better practices at a higher success rate.
Familiarity with the fundamentals of each of the standards is important in order to better understand the best approach to securing a system. Each has its own advantages and disadvantages. They don’t all apply to all circumstances, meaning that you will need to evaluate what is best for you organization, and the tasks at hand.
As a business leader, relationships are critical to your current and future success. But, what sort of people should you surround yourself with? Here are seven people every leader needs in their life and ways you can start (or continue) building these relationships today. Do not be intimidated, as each one of these relationships can be built through the Successful Thinkers network.
1. The Peer Climber
3. The Experienced Executive
6. The Community Connection
It’s been a while since I’ve posted anything, and for those that know me, you understand some of the crazy things I’ve been going through and working on. Recently there has been some outages on Twitter, Facebook, LiveJournal and some other social giants. Many of us were wondering what was the cause of this massive outage / attack. Below is an article from DarkReading that explains how why so many people had to go without their social addiction for a few hours.
Botnet attack takes aim at pro-Georgian blogger and leaves collateral damage on social networking sites
Aug 07, 2009
By Kelly Jackson Higgins
DarkReading
It turns out yesterday’s major distributed denial-of-service (DDoS) attacks that shut down Twitter for hours and disrupted Facebook and LiveJournal came out of a targeted attack waged against one individual with accounts on all of the sites.
A pro-Georgian blogger called "Cyxymu" was apparently the intended target of the massive DDoS that knocked down Twitter and caused major slowdowns on Facebook and LiveJournal when a botnet apparently blasted waves of traffic at his accounts on the sites simultaneously in an effort to shut down his communiques.
Cyxymu tweeted yesterday on his Twitter profile that the attackers were "Russian KGB." The blogger, who later unmasked himself to CNN as "George," 34, of Tbilisi, Georgia, told the cable giant that his recent blog posts may have triggered the attacks. One post, he told CNN, discussed "how Russia was preparing military aggression (sic) against Georgia, how they were training soldiers and mobilizing military equipment, what kind of provocations were carried out by the separatists prior to the war," according to the CNN report. He also said the attacks were timed to coincide with the one-year anniversary of the Russia-Georgia conflict.
As of this morning, Cyxymu’s LiveJournal site was still down.
Various reports attributed the attack to an email spam run gone wild, but security experts dismissed that theory, saying it had to be a coordinated attack from bots. "There’s no way that simply spamming out email containing the links would generate that kind of traffic to the social networking sites. There simply wouldn’t be enough people who would click on the links to create a DDoS," says Graham Cluley, senior technology consultant for Sophos. "So this must have been a ‘traditional’ DDoS attack from compromised computers [that] could hammer the Websites with multiple requests every few seconds."
Twitter acknowledged it was working with other services on "what appears to be a single, massively coordinated attack. As to the motivation behind this event, we prefer not to speculate." It said no user data was compromised.
Facebook confirmed the attacks were going after one person: "Yesterday’s attack appears to be directed at an individual who has a presence on a number of sites, rather than the sites themselves. Specifically, the person is an activist blogger and a botnet was directed to request his pages at such a rate that it impacted service for other users. We’ve isolated the issue and almost all of our users are able to enjoy the normal Facebook experience," the company said in a statement.
Meanwhile, Facebook’s chief security officer, Max Kelly, is quoted in another report: "It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard," he told CNET.
And from the blog of Mikko Hypponen, chief research officer for F-Secure: "Whoever is behind this attack, they had significant bandwidth available. Our best guess is that these attacks were done by nationalistic Russian hackers who wanted to silence a visible online opponent. While doing that, they’ve only managed to attract more attention to Cyxymu and his message."
In addition to the DDoS attacks on Cyxymu’s Twitter, Facebook, and LiveJournal accounts, Hypponen says the blogger’s YouTube account was DDoS’ed, and he was also targeted by a so-called "Joe Job’"spamming attack with email purported to be from "George" and trying to lure users to his blog on LiveJournal.
You will spend more time working than you will with your own family. It is important that you do what your love. Right now there are a lot of people hurting for an income. Many businesses are suffering slower sales, or even a loss. Barely keeping their head above water. It is important that all of these business owners find their passion. If you are are one of the unfortunate unemployed, then it is even more important that you live your passion.
Getting Started
When I first started down my IT career path, it wasn’t for money. There was a large technology boom going on, but I didn’t even notice. I didn’t pay much attention to industry trends at the time. Instead, I was following my heart. I enjoyed helping people. I was going to college, studying organic chemistry, working part time as a business tech support representative. I wanted to go into medicine to help people have a better life. I was working tech support to aid businesses with their technical needs so that I could pay my bills.
My passion to help people, drove me to learn to develop websites, begin programming, and to promote other companies. By following this passion, I became very dedicated to learning to do it better. Passion motivates learning. If you are passionate about something, you will continue continue to push yourself to be better.
Marketing
When we all go out and socialize with other, we talk about our passions. When we meet new people, we talk about our passions. You will naturally share your passions, and people around you will become more interested in what you have to say, as they see that passion come out of you. The people that you meet will recognize your expertise and will be drawn to you.
Building a Team
The hardest part about running your own business and following your passion, is the paperwork. Few people are passionate about paying bills, reading up on laws, paying taxes, etc. However, you will find that there are plenty of people around you that are willing to help you succeed. As they see that fire inside of you, they will catch it. They will want more. They will want to be part of what you have. You will be able to create a win-win team for yourself and the people around you, as you all help to build each other.
Terrible Time to Start
Many people will tell you that it is a terrible time to start a business. And as you begin, you might even be discouraged at the outlook of the current economic trends. But if you look at the experts, they are all saying that now is the best time to build a business. Business that start, build and survive through economic turmoil, will come out stronger and more successful than anyone else. You will find that people are more desperate to work with you, it is cheaper to get started, and your customers are more loyal. Now is the best time to get started, or to start building.
Looking for a Way to Start
I have been helping startups get on their feet for the last 9 years. I have a passion to help brilliant entrepreneurs find their dreams and to find ways to achieve them. Often people have great ideas, but run into challenges in finding economical ways to achieve them. I can help you get the resources that you need to start your business, or to take it to the next step. Please leave questions or comments below, and I will help point you in the right direction. If I am unable to answer your questions, I can put you in touch with someone who is passionate about your topic, and they will help you follow you dreams and keep your passion alive.
Don’t Get Discouraged
As we follow our passions, we often run into things that are not so much fun. Every job as parts that you don’t want to do, parts that your are not passionate about, and parts that you might not be that good at. Do not get discouraged about these things. Instead, reach out to the people around you. Focus on your passion and let them focus on theirs. When you come across someone passionate about their field, they will help you because they love what they do.
New technologies are constantly coming out. Our challenge is figuring out out to leverage them for our success.
Google is will be launching a new platform called Wave. The Google Wave is suppose to leverage social networks to enhance communication.
Check out what one of its founders had to say.
"Back in early 2004, Google took an interest in a tiny mapping startup called Where 2 Tech, founded by my brother Jens and me. We were excited to join Google and help create what would become Google Maps. But we also started thinking about what might come next for us after maps. As always, Jens came up with the answer: communication. He pointed out that two of the most spectacular successes in digital communication, email and instant messaging, were originally designed in the ’60s to imitate analog formats — email mimicked snail mail, and IM mimicked phone calls. Since then, so many different forms of communication had been invented — blogs, wikis, collaborative documents, etc. — and computers and networks had dramatically improved. So Jens proposed a new communications model that presumed all these advances as a starting point; I was immediately sold," explains Lars Rasmussen.
What does this mean? We all have many projects that we are concurrently working on, with many different teams. Well maybe not so many different teams as much so as multiple projects with the same team. Imagine being able to brainstorm, day or night, with your team, and to have a track record of the conversations and the evolution of the project. Your coders can add functional input, your designers can add graphics, your business execs can mold the conversation towards business objectives, and your sales reps or field agents can provide feedback as to what is needed in the field. Real-time, complete, and full collaboration from anywhere in the world.
Just about every demographic should be getting excited about this new platform. Business owners and execs can leverage it for business, while kids can chat about their days or work on hobbies, and gamers can play games with their friends. In order to be successful in anything that we do, we need to invest in the people around us. Google Wave is another way for people investing.
How will Google Wave work? Google defines a Wave as a new communication project. You would create a wave and add people to it. Everyone you invite on to your wave can use richly formatted text, photos, gadgets, and even feeds from other sources on the web. They can all edit directly within the wave, adding replies, comments, images, video, etc… It’s real-time editing, where you will be able to see instantly, what your fellow team members (or wave members) are typing in your wave. Google Wave is just as well suited for quick messages as for long term content — it allows for both collaboration and communication. You can also use "playback" to rewind the wave to see how it evolved.
How can Google Wave make me more Successful?
Often on Successful Thinkers, people are talking about successful people being continues learners. Successful people are looking for better ways to accomplish their goals, and need to be able to lean on their community to do that. A Google Wave will allow you to communicate more effectively with your community and team. You could even open your wave up to strangers to get some additional expert opinions on your projects.
Some people might even consider creating a wave to discuss marketing strategies. Imagine starting a wave about a billboard, and with the help of your community, you could end up with a video production on TV for a fraction of the cost of the billboard. How this would be accomplished, I’m not sure. But the power of a community and the influence that they have, could bring a great reward your direction.
Once Google Wave becomes live, you can bet we will find a way to integrate it into successful thinkers, so that we can all ride that Wave to Success.
Here are just a few life adventures that have lead to some extraordinary successful businesses. The people truly were all successful thinkers. Remember to watch for opportunities all around you.
Life Adventure: Bill Treasurer, 46, conquered his fear of heights by confronting them. Working as a professional high diver for seven years, he performed more than 1,500 high dives–many of them scaling to over 100 feet.
Inspired:
Giant Leap Consulting Inc.
Treasurer’s Asheville, North Carolina consulting firm focuses on helping people take whatever “high dive” they may be facing. Founded in 2002, it has worked with organizations such as NASA and, in 2008, brought in revenue of $590,000.
Life Adventure: Jeff Kelley, now 50, was in Taiwan when he discovered a grass-like carpet lining the bottom of a cab. Kelley bought a piece of that carpet from the driver.
Inspired:
Sanük
Kelley’s footwear company is as much about funk as function: Just check out its “wire bed” sandal. The Irvine, California-based company was founded in 1997 and reached global sales of $27 million in 2008.
Life Adventure:
As head of worldwide marketing for the Chambord brand, Rob Cooper, 32, traveled the globe looking for the next innovative flavor to introduce in the U.S.
Inspired:
St-Germain, Delice de Sureau
An artisanal liqueur made from wild elderflowers, the beverage launched in 2007 and has received multiple industry awards. And it all happened through Cooper’s brainchild, Cooper Spirits International LLC, a New York City-based brand development company in the beverage and alcohol industry with projected 2009 sales of about $6 million.
Life Adventure: Wooed by a nine-month global courtship, Katy Leakey moved from California to join her now-husband Philip Leakey in his native Kenya in 2001. They lived among the Maasai. But when a severe drought and political upheaval left them supporting 100 families, Katy and Philip, now 54 and 59, respectively, knew that something had to be done.
Inspired:
Zulugrass jewelry
Made from fibrous, hollow, drought-resistant grass, dyed in a rainbow of colors and strung with hand-blown Czech glass beads, The Leakey Collection is a line of contemporary, eco-chic jewelry designed by Katy and handmade by the Maasai women. The Kenya/Newport Beach, California collection is distributed to over 1,200 retail outlets and projects year-end earnings of $1 million.
Life Adventure:
At 15, Mark Frobose was staying at a youth hostel in Europe, speaking in broken French with a French musician. Though conversation was limited, they formed a connection. That experience was so powerful that Frobose, now 54, was instilled with a passion for languages.
Inspired:
Language Dynamics
Frobose developed this line of language courses out of his garage in Danville, Illinois. He built annual sales up to $350,000 before selling the company to Macmillan Audio in 2007.
Many entrepreneurs mistakenly think that making the sale has to do with using the consultative selling approach, special listening skills, likeability or any number of popular questioning or closing programs. Sure, they’re all important aspects of selling. But the granddaddy of them all–the one factor that guarantees your sales success more than any other and the one method top producers have in common–is a sense of urgency.
Urgency is what gets top sellers up in the morning and keeps them fired up all day. Their attitude is, “If it’s to be, it’s up to me, and I determine my own success or failure.” They’re constantly asking themselves, “What do I need to do next to move this sale forward? What actions do I have to take to get it done?” It’s about putting your ideas and strategies in motion.
Top sellers don’t waste time when there’s no opportunity. They’re so intensely focused on each of their accounts that they know exactly what each customer wants and what it will take to help them grow their business. When they don’t see the benefit to that customer, they move on and eliminate wasted energy for both sides. But when there’s real opportunity, they’re relentless. A voice inside them keeps saying, “Don’t let customers miss the many ways they can truly benefit from you and your service.”
Recently I spoke to someone that I knew needed to get involved with a particular opportunity. I truly believed that he needed to purchase from me, and to partner with me. I told him that he would see a return on his investment, and would be sold out within just a few weeks, and that if he wasn’t, that I would cover the difference. I realized he never would have bought on the spot like that if he didn’t like me, feel comfortable with me or have a successful relationship with me on previous programs. But the real reason was that I wasn’t leaving him until he bought from me. I knew he would have success, and even before walking in, I based my endgame on that sense of urgency.
To close the deal well, we need to prioritize specific goals for all of our activities and then act on them with confidence, conviction and a desire to move things forward.
You have probably heard this time and time again. You need to set your dreams to be successful. Even if think that your goals do not pertain to what you are currently working on, you need to set your dreams. Here are a couple of approaches.
Dream Board Create a dream board. A dream board is a physical location for you to post your dreams. Many people struggle to remember why it is that they are working so hard. For some a dream board is the best way to be reminded of what they are working for. For others, simply placing a picture of their spouse or kids on their desk is enough. All successful people utilize some form of dream building and some fashion of reminding themselves of what those dreams are. You need clearly find and define your why. Your why, will provide you the energy to drive through your challenges and provide the determination to finish.
Managing Your Thoughts Focus on those dreams and the steps to achieve them. If you continue to focus on the positive goals that you want to reach and push to complete each step of the way, you will make it. Not only will you be able to reach those goals, but you will reach them faster. Most people focus on the things that they don’t want to happen, and as a result those things happen faster, or they run in to more challenges as they push to finish their projects.
Where Am I
Before you can determine where you are headed, or how you can get there, you need to first realize where you are. Where are you financially, emotionally, physically. All of these things affect the way you will map out your plan, and how you will get there.
Constantly Learning
We need to keep in mind that we are constantly learning. When talking to other people, listen to learn. When working on a project, look for ways to push yourself. When faced with a challenge, look for the opportunity to learn. When you crash, or something doesn’t go the way that you had expected… take responsibility for the crash, get up, and learn so that you can avoid that crash in the future.
Set and Achieve Goals The purpose of setting and then reaching your goals is about becoming the person that it takes to achieve the goals. As we work through our projects, we build off of the previous step. The same is true for becoming successful. You need to build yourself with each step, and each day in order to prepare yourself to make it to your next goal.
Big Goals are Important
Setting big goals is important to becoming a better you. The larger the goal, the better you will become. Make sure that all of your goals are written, specific, and measureable. Only a measurable goal can be achieved.
IT Expediting by a Systems Analyst