ASIS International has announced the publication of a revised version of the ANSI/ASIS Chief Security Officer - An Organizational Model. This standard provides a model for organizations to use when developing a senior leadership function responsible for providing comprehensive, integrated risk strategies to protect an organization from security threats.
This standard replaces the 2008 ANSI/ASIS Chief Security Officer Organizational ANSI version.
“Early on, it was determined that the standard’s purpose was to state the risks that need to be managed within an organization — of any size — and based on those risks, determine the skills and competencies needed to manage those risks,” said Jerry Brennan, technical committee chair, and chief executive, Security Management Resources. “By identifying who owns what, who is accountable, and what is shared, organizations can then determine what is needed within its ‘senior security executive’ position and the competencies that are best suited for that role.”
The standard’s model for a senior leadership position is presented at a high level and designed as a guide for the development and implementation of a strategic security framework. The structure is characterized by appropriate awareness, prevention, preparedness, and necessary responses to changes in threat conditions. Specific considerations and responses are also addressed for deliberation by individual organizations based on identifiable risk assessment, requirements, intelligence, and assumptions.
“The perspective through which organizations evaluate and integrate operational risk within their strategic plan continues to be a dynamic process which not only impacts the role of the ‘senior security executive’ but also the position or positions that may assume that role,” said Charles Baley, ASIS Standards and Guidelines Commission Liaison and chief security officer, Farmers Group, Inc. “This Standard focuses on the importance of the function and not a single title or position.”
Applicable to both private and public sector organizations, the standard provides a methodology to evaluate and respond to a spectrum of threats to tangible and intangible assets on both a domestic and global basis.
View the executive summary (PDF).
CIO — Recently I saw yet another slide presentation showcasing the decline of enterprise IT spending and the comparable increase in public cloud business. The conclusion? Enterprises just don't have money to spend and it's killing enterprise vendors.
This is fundamentally not true. What's really happening is that users are increasingly using public cloud services, and the expenses they incur are being reimbursed, so the money's theirs. I've also seen several studies showing that moving to the cloud is expensive — twice what it would cost to build services internally, according to an internal analysis I recently reviewed, and five times as much if one uses the Oracle alternative.
After reading this blog post, if you would like more detail, fellow Forrester analyst Christian Kane and I have collaborated on two short reports describing the acquisition of AirWatch through the lens of mobile workforce enablement and a second report through the lens of mobile security. Enjoy the reports, and as always... we love to read your comments!
Discussions about IT and business alignment are almost taboo these days. I suppose people have heard too much about it in the past decade.
Yet, that’s exactly the kind of discussion data experts seem to be calling for when it comes to how IT manages data.
“Over the past year it is becoming increasingly clear that we have to stop thinking as data managers and start thinking as data designers,” writes Forrester analyst and data management expert Michele Goetz in a recent Information Management article. “What matters is what data drives for the business first and then design a data system around that. We need to educate ourselves on what the business does with the data.”
The widening gap between economic losses and insured losses from natural catastrophes is our topic du jour.
Guy Carpenter’s GCCapitalIdeas.com just published this chart showing that approximately 70 percent of global economic losses from natural catastrophes were uninsured between 1980 and 2013:
Almost from the very beginning of the modern virtualization movement, technology futurists wondered what it would be like to have a completely virtualized data center. What would be the benefits, and the major challenges, to building entire compute/storage/networking infrastructure complete in logic?
Those questions are about to be answered now that the IT industry is taking seriously the idea of the software-defined data center (SDDC). In fact, the concept is now openly discussed as the next major segment within the increasingly diversified enterprise infrastructure market.
Organizations are turning to Big Data because they believe more information will improve decision-making, whether it’s whom to target for a sale or whether a product should be recalled.
But what if the real value of the data isn’t in providing us with more information, but in replacing us as decision makers?
Andrew McAfee, co-director of the Initiative on the Digital Economy in the MIT Sloan School of Management, goes way meta in two recent Harvard Business Review blog posts that question not just how to use data — but who should be using it.
Bell Canada has selected ERMS Corporation (www.ermscorp.com) to again support their
400+ team in Sochi, Russia during the 2014 Winter Olympic Games, as they did for the
2012 Summer Olympic Games.
“Providing a broad range of live and on-demand content to smartphones, tablets, TV and
computer screens for Canadian customers means the Bell team in Sochi will be very
mobile and highly active throughout the Olympic venue, “ says Sylvain Rollin, President
of ERMS Corporation. “With heightened security concerns, the ERMS Advantage
notification system will provide Bell, and its team, with the reassurance and reliability
they need to communicate anywhere, at any time, on any device,” he added.
EMRS Advantage will provide Bell with easy-to-use mission critical tools for real-time
team communication. Advantage allows the large Bell Olympic coverage team to report
their status on a regular basis which in turn enables Bell’s security team to quickly
determine who may need assistance and focus their attention on employees who have
not reported their status. In the event of an emergency, the emergency notification
system can be used to rapidly notify Bell’s team to help ensure their safety, to poll
recipients, or to automatically have recipients transferred to a conference call or
support personnel. All while helping to speed recovery with real-time reporting and
crisis management collaboration tools.
Bell used ERMS Advantage successfully during the 2012 Olympics for daily critical and
About ERMS Corporation:
ERMS Corporation (www.ermscorp.com), a Canadian company, is the developer and
provider of Advantage — the industry’s most comprehensive and adaptable emergency
and incident mass notification system.
ERMS Advantage is comprised of 7 tightly-integrated modules (Messenger, Roll Call,
Crisis Manager, Mapper, HotLine, myAdvantage, and Library). Through flexible pricing
structures, the industry’s most inclusive API, and Advantage’s advanced functionality,
ERMS provides organizations with the ability to use the emergency notification system
in a way that suits them best.
Advantage is sold as a complete end-to-end solution that empowers business continuity,
crisis communication, and disaster recovery professionals to, quickly and reliably,
prepare, execute, and report on the notification portion of their continuity and recovery
ERMS Corporation is winner of the 2013 Motorola Award for Public Safety Technology,
presented by CATAAlliance Innovation and Leadership.
What Is Emergency Mass Notification?
Emergency and Incident Mass Notification Services (EMNS) automate the distribution
and management of important alerts and critical messages to multiple recipients on
multiple device types. Secure message distribution can be activated via browser (on a PC
or mobile device) or via phone. Use cases include emergency/crisis events, business
operations notifications, business-context-based alerting, IT service alerting,
reverse/enhanced public emergency calls, and employee/public safety.
Supply Chain Resilience Management course (SCRM 2000) is designed to ensure that all students have a complete understanding of the supply chain risk and resiliency practices and techniques used by leading companies today. Offered as a "live" eLearning course over a two-week timeframe, SCRM 2000 combines the benefits of "learning from home" and interaction with a "live" classroom environment using ICOR's interactive eLearning education system.
Supply chain resilience is the ability of a company to protect the continuity of supply and achieve sustained operational performance in the event of global multi-tier disruptions of any type at any frequency from ongoing to catastrophic. SCRM 2000 aligns to the guidance and requirements of ISO 28000, PD 25222, & ISO 31000. After completing this course, students will be able to apply supply chain resiliency techniques and best practices to their organization or to their consulting practice.The course is intended for individuals who are currently engaged in supply chain or procurement functions, business continuity and risk management, or who are in other functional areas but have an interest in gaining additional insights regarding proactively addressing future supply chain disruptions.
Based on University Elearning Programs, Supply Chain Risk Mitigation is an interactive "live" elearning opportunity. SCRM 2000 is the only ANSI Accredited Certificate Program in supply chain risk management.
How does it work?
- Virtual Instruction: View and listen to Resilinc expert teach for approximately 1 hour each week.
- "Live" Discussions with Students World-Wide: Participate in a virtual classroom discussion and answer 2-3 discussion questions each week.
- Learn from Experts: There is 60-100 pages of reading material assigned each week to supplement the instruction. Learn from industry experts and the latest research.
- Provide Supply Chain Resilience and Risk Mitigation Strategies to the Leadership of your Organization: As part of the course you will be required to write an essay exam to respond to an issue in supply chain risk mitigation by senior management. The work completed in this course can be applied to the mitigation of supply chain risk and ensure supply chain resilience for your organization.
- A holistic review of supply chain management risk and resilience chain management: Introduction, standards, and definitions
- Creating a supply chain resilience program - organizing for success
- Measuring supply chain risk - measures, metrics, and hot spots
- Proactively planning for supply chain resilience - plan before the crisis
- How to react quickly to supply chain disruptions and organized crisis response - handling disruptions after the fact
- Supply chain risk mitigation approaches - techniques for reducing potential risk and future impacts
- Case studies in supply chain risk and resilience - apply the course concepts
functions, business continuity, risk management or who are in other functional areas
but have an interest in gaining additional insights regarding proactively addressing
future supply chain disruptions.
Credentialing and Accreditation
Successful completion of the Supply Chain Resilience Management Course requirements and passing the exam with an 80% or higher earns students an ANSI Accredited Certificate and the designation of Supply Chain Risk Associate (SCRA).
Resilinc is the leading provider of supply chain resiliency solutions and delivers scalable enterprise solutions that enable supply chain professionals to gain visibility across multiple tiers of their complex, global supply chains. With a comprehensive offering that encompasses multi-tier supply chain mapping, single points of failure analytics, global disruption event monitoring and management, mitigation workflow, and part-level supply chain compliance programs such as conflict minerals.
Resilinc has become the leader in comprehensive supply chain resiliency solutions. Resilinc helps customers achieve supply chain resiliency through innovative and patent-pending technology, an extensive resiliency-driven supply network, and a proven comprehensive enterprise scale solution that delivers strong value to both clients and supplier partners. For more information, visit www.resilinc.com .
About the Instructor: Bindiya Vakil
Bindiya Vakil is CEO and founder of Resilinc and is a recognized thought leader in the area of supply chain risk management. She has been a practitioner in high-tech supply chain management with companies including Flextronics, Cisco and Broadcom.
Ms. Vakil has a master's degree in supply chain management from MIT and her research focus has been on risk quantification and product resiliency.