DRJ's Spring 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 32, Issue 1

Full Contents Now Available!

Advice From A Risk Detective

DRJ | The premiere resource for business continuity and disaster recovery

Influencing the Future

I like to tell the story about a client who could not understand why I would honor a commitment to teach rather than give the firm more hours in order to make more money. "Why would you want to do that?" he asked. I answered that I could reach more people interested in what I had to say and at the same time influence the next generation of risk leaders.


I continue to write books and articles and accept public speaking engagements for similar reasons. Translating concepts and ideas into action is as relevant in the corporate world as it is in the classroom, where theories and frameworks from textbooks are blended with examples of risk from the real world. The examples of financial loss from poor risk management are plentiful. And since the field of risk management is so new, frameworks and standards continue to evolve. Staying right on the cutting edge of thought and practice is a priority.


In late April, I had the opportunity to chair a panel for the University of Washington's iAffiliate Day. The general topic area was information risk, which I refocused to" Access, Privacy and Information Risk." Jim Loter, director of IT for the Seattle Public Library, discussed the desire to expand services to online patrons without compromising American Library Association Code of Ethics guidance to guard the privacy of patrons by not retaining records of activity. Bryce Newell, recovering California attorney who is working on a Ph.D. in information science, discussed work he has been doing with the Seattle Police Department's pilot body-camera project. Just as the library's work involves anonymizing data, the Seattle Police Department's work includes anonymizing faces of citizens caught by one of the cameras before the video is posted on YouTube. On the private sector side, Aaron Weller, privacy specialist at PriceWaterhouse Coopers, spent most of his time on the information risk connected to corporate data collection from customers with the objective of targeting them with offers, referencing a 2014 Chief Marketing Officer {CMO) survey that shows 88.5 percent of businesses expect to collect and analyze customer data. He pointed out that "data that is socially beneficial in one scenario can cause significant harm in another"' and that "the context of data use matters tremendously."


This next week I'll be speaking at the Puget Sound Data Management (DAMA) Day, on a somewhat related topic: "If You Can't Manage Your Data, Then How Can You Run Your Company?" The audience should include not only chief information security officers, or data management specialists, but also technology, medical and data officers. I'll be looking at how Big Data has morphed out from inside corporate firewalls onto personal devices like tablets in the name of convenience; and/or to get around file size limits on work email. Once moved, corporate data is sitting in someone else's cloud (QuickOffice, iCloud, Dropbox). From recent current events, we've learned also that government employees may or may not do their email on personal devices or store it on personal servers. So the ethics of information use becomes important, not as a news story but rather as an investigation of what we give up when we opt for convenience.


Next month, I'll be at SecureWorld Portland, speaking on how to present to executives, offering colorful characterizations of the types of executives you might encounter, as well as practical advice to get projects funded in the context of the current risk environment. I expect to be able to wrap in commentary on the two largest operational risks facing businesses and government today: cyber risk and third-party (vendor, contractor) risk.

In August, when I begin my full-time appointment at the University of Washington, I have the opportunity to design and teach an entirely new enterprise risk management course for undergraduates in the Informatics program. I look forward to what I'll learn and to the energy I get back every time I step into the classroom, which is a long way from the feeling one gets in stepping into the corporate board room

Quick Disaster Recovery Tips for IT
Readiness Best Practices: Effective Risk Assessmen...