Category Archives: Operations

Ransomware Week

“Faux Ransomware Does Damage,” The Wall Street Journal, June 30, 2017 B3.  Motive for recent attacks was not blackmail, but just disruption.  The files that were attacked may not be recoverable.  “Malware Leaves Big Law Firm Hobbled,” The Wall Street Journal, June 30, 2017 B3.  DLA Piper shuts down after its computer systems hit.  “Hospital Is Forced To Scrap Computers,” The Wall Street Journal, June 30, 2017 B3. West Virginia hospital tosses its entire computer network after cyberattack.

Have the Visigoths gathered at the gate?  If we can’t protect our computers and the information they contain and send, does our civilization survive?  Is IT now more important that all the other functions?

Leave a comment

Filed under Access, Business Case, Business Continuity, Controls, Information, Interconnections, IT, Operations, Risk, Security, Value

There’s gold in them thar hills

What are you buying when you go to the grocery store?  Organic bananas?

Not if you’re Amazon.

“Big Prize for Amazon: Shopper Data,” The Wall Street Journal, June 21, 2017 B5. Amazon seeks to buy Whole Foods, but for what?  Its hard assets such as stores and locations? Its customer base?  Its purchasing and distribution network?  More likely: information on how shoppers shop.

If you’re the government agency in charge of approving or disapproving this deal, how do you analyze the impact on competition?  What is the “market” that needs to be analyzed?  Is this a vertical or horizontal deal?  Or something else?

Is most of the value (to Amazon) in this deal the information that it gets?  Where’s that on the Whole Foods balance sheet?

Leave a comment

Filed under Access, Analytics, Information, Operations, Use, Value

British two-step

Gee, how important are computers to your company?  Or, more importantly, the information they contain?

“Big Outage Dogs British Airways,” The Wall Street Journal, May 30, 2017 B3. A power surge apparently takes out BA’s entire IT system.  No flights, no baggage, and no customer communications.  This is partly a business continuity problem, and is a predictable hazard (I was working at Amoco in Chicago in the 90’s when a flood took out the email servers that were then in the basement- Ed.).  But it also highlights how important access to information is to having your business run right.  If you put all your eggs in one basket, watch that basket.

What happens when you have so much information that you can’t read it all? “U.K.’s MI5 Begins Internal Probe,” The Wall Street Journal, May 30, 2017 A9.  Apparently, the suicide bomber in Manchester was on, and then off, the security service’s radar screen.  He was one of 20,000 suspects, but not among the 3,000 most active ones.

Leave a comment

Filed under Access, Accuracy, Business Continuity, Communications, Controls, Duty, Governance, Government, Information, Interconnections, IT, Operations, Oversight, Supervision, Third parties, Value

Hacking hackers

“In Cyberwar, Spies May Be Targets,” The Wall Street Journal, May 25, 2017 B4.  In a breach of protocol, the hackers behind the WannaCry ransomware attack may be releasing the names of some of the hackers working for the NSA.  Certainly cuts down on their foreign travel.

If they can’t keep their own secrets secret, what’s a body to do?  Will this shut them down?

How well does your company keep its secrets?  How important is it to your employees?

Leave a comment

Filed under Access, Business Continuity, Controls, Duty, Government, IT, Privacy, Security, Third parties

You manage what you measure

If the Board asks how much the company paid for something, “I don’t know” isn’t a good answer.  Neither is “We can’t track that today.”

“Algorithms Help Calpers Tally Fees,” The Wall Street Journal, May 23, 2017 B1. The question was how much the pension plan had paid private-equity managers in performance fees.  It turns out the answer was $3.4 billion, over 25 years, with $490 million last year.  Answer was derived using algorithms.

“It took five years to develop a new data collection system that requires private-equity managers to fill out various templates describing their various fees.”

How comforting – a self-graded exam for $3.4 billion in fees.

What’s information worth?  How can you manage without it?  How did they?

Leave a comment

Filed under Access, Analytics, Board, Collect, Controls, Corporation, Data quality, Directors, Duty, Governance, Information, Internal controls, Management, Operations, Oversight, Oversight, Protect information assets, Third parties, Use, Use, Value, Vendors

Algorithms

Is the use of algorithms to set prices a subterfuge to facilitate price fixing?

“To Set Prices, Stores Turn To Algorithms,” The Wall Street Journal, May 9, 2017 A1. Use of algorithms to establish prices for a wide range of products, from Staples to gas stations based on “big data.”

But what if everyone uses the same algorithm?  Or if the algorithms are wrong or the data upon which they are based is wrong?  Can anyone explain what they do and how they do it?  The ultimate black box.

 

Leave a comment

Filed under Analytics, Business Case, Collect, Compliance, Data quality, Governance, Information, IT, Management, New Implications, Operations, Oversight, Use, Use

Tending to fences

When talking about cybersecurity, the analogy is made to castle walls.  Like most analogies, it’s true and it isn’t.

Hackers Found Holes In Bank Network,”The Wall Street Journal, May 1, 2017 A1.  Security at the SWIFT network buildings is really tight, as one would expect for a large company whose business is the electronic transfer of “money” across national boundaries.  But apparently, some of the national banks using this service are not as diligent in managing their own security.

Pesky users!

Providing, and denying, access to information are key parts of information governance.  But how do you do that for third parties?  And how do they do it for themselves?

Leave a comment

Filed under Access, Controls, Governance, Interconnections, Internal controls, IT, Management, Operations, Protect, Protect assets, Security, Third parties, Use, Use