All the latest Articles, Features and Resources

Digital Resilience & Business Continuity Planning in the post-Covid era …

In the wake of the global Covid-19 pandemic, businesses worldwide were forced to confront unprecedented challenges. Organisations had to rapidly adapt to remote work models, ensure data security in a distributed environment and maintain operational continuity amidst a rapidly changing landscape. In this new era, digital resilience has emerged as the foundation of effective business…

Why Cyber Resilience is not Cyber Security

  In today’s digital landscape, protecting sensitive information and safeguarding against cyber threats has become a top priority for organisations. Two concepts that often come up in this context are cyber resilience and cyber security. While related, there are distinct differences between the two disciplines and also to business continuity planning. This post outlines the…

COVID19 – Business Recovery Phase

The following is a summary of the status updates and actions in preparing for the Recovery Phase and addressing new risks which have been identified since the COVID-19 Pandemic outbreak.  We have now entered into the Business Recovery Phase, which is estimated could now last until the end of the 2020 calendar year, and businesses need to know how to prepare…

Decommissioning is Part of Disaster Recovery Planning

More moving parts mean more chance of failure. Replace “moving parts” by “comatose IT servers” and the adage still holds true. You may be tempted to reply that 1) there aren’t many of this kind of server anyway, and that 2) comatose servers may not be doing any good, but as such they are not…

Adapt or Die – A Darwinian Take on Business Continuity

Most businesses experience change constantly. Markets, technologies, regulations and strategies all evolve. Enterprises that stand still get left behind and disappear, one way or another. While we have business continuity theories, principles and tools galore, it’s worth revisiting one of the most fundamental concepts from time to time – that of Darwin’s idea of evolution,…

How’s Your User Experience for Your Disaster Recovery?

It may sound strange to talk about “touchy-feely” stuff like user experience in the context of IT disaster recovery. After all, the priority is on getting systems up and running again within recovery time and recovery point objectives, rather than sitting around in focus groups discussing feelings and opinions. The only UX that many IT…

Towards Set-It-And-Forget-It Business Continuity

Few activities and operations are truly set it and forget it. Lights-out factories like the showcase installation run by technology company Siemens are proof of concept, but still the exception. Business continuity in most cases requires periodic adjustment because environments and conditions are constantly changing. However, here’s a thought that could change that. The idea…

Why Stop at Just Disaster Recovery with Your DRP?

Do more with less. Who hasn’t already heard that in business? And just because something – like disaster recovery planning and management – is vital to ensuring enterprise survival does not mean that you cannot leverage your investment to get more out of it. The more DRP and DRM can help you increase profits or…

COVID19 – Business Recovery Phase

The following is a summary of the status updates and actions in preparing for the Recovery Phase and addressing new risks which have been identified since the COVID-19 Pandemic outbreak.  We have now entered into the Business Recovery Phase, which is estimated could now last until the end of the 2020 calendar year, and businesses…

Decommissioning is Part of Disaster Recovery Planning

More moving parts mean more chance of failure. Replace “moving parts” by “comatose IT servers” and the adage still holds true.

Insiders, Still One of IT Security’s Biggest Problems

The enemy is (largely) within, when it comes to the security of information and information systems. Knowing how and why insider threats materialise is a big step towards dealing with them.

Adapt or Die – A Darwinian Take on Business Continuity

Most businesses experience change constantly. Markets, technologies, regulations and strategies all evolve. Enterprises that stand still get left behind and disappear, one way or another.

Why the Internet is an Elephant

Proverbially at least, elephants never forget. Neither does the Internet. Once information is out there, you must assume it will always be out there, and that deleting it at its source may make no difference.

Towards Set-It-And-Forget-It Business Continuity

Few activities and operations are truly set it and forget it. Lights-out factories like the showcase installation run by technology company Siemens are proof of concept, but still the exception.

Why Stop at Just Disaster Recovery with Your DRP?

Do more with less. Who hasn’t already heard that in business? And just because something – like disaster recovery planning and management – is vital to ensuring enterprise survival does not mean that you cannot leverage your investment to get more out of it.

How’s Your User Experience for Your Disaster Recovery?

It may sound strange to talk about “touchy-feely” stuff like user experience in the context of IT disaster recovery. After all, the priority is on getting systems up and running again within recovery time and recovery point objectives, rather than sitting around in focus groups discussing feelings and opinions.

Steering a New ITSM Course with Container Management

IT service management changed a few years ago with the introduction of containers. They helped usher in the concept that a data centre was no longer a place with computers, but that the data centre itself was the computer.

Time to Get Your Disaster Recovery Plan Straight?

Time is money, as they say, and it is also a key factor in IT disaster recovery. Take, for instance, the well-known recovery time objective or RTO, which defines how fast you should get back to normal operations after an IT incident.

Training Can Be Double-Edged in Business Continuity

Imagine taking your car to the garage for an urgent repair, only to be told that you’ll have to wait for week because the garage mechanics are off on a training course.

Mind Your Language in Your Disaster Recovery Planning

Military precision? Business descriptions? No fluff? All these qualifications have a bearing on a disaster recovery plan, but with certain conditions.

IT Systems Management and the 5 S’s

We may live in a digital age, but much of the concepts from the previous industrial era still carries through. We have virtual cloud data factories and production lines, just like their physical counterparts for making cars, furniture, aircraft and so on.

Where Does a Business Continuity Plan Fit with Emergencies, Contingencies and Disasters?

The bigger an organisation gets, the more the plans multiply. There may be plans for dealing with contingencies, crises, disasters, emergencies, pandemics, risks and who knows what else, all in addition to your business continuity plan.

Cyber Security and the Legal Sector

It’s commonplace to see articles and discussions about cyber security and the law, but this article is not about that. It is about cyber security and law firms, those august institutions with their lawyers, barristers, and attorneys.

AI in Your DR – Should You, or Shouldn’t You?

Artificial intelligence is finding its way into many applications and systems, so why not disaster recovery? The advantages are multiple.

Business Continuity and Volcanoes – So Far, and Yet So Near

The Agung volcano in Indonesia has been in the news recently. At time of writing, observers are sending back reports of clouds and glows that suggest that major eruption could be imminent.

Building a Kill Chain to Boost Your IT Security

When hackers try to penetrate your databases and IT infrastructure (or perpetrate any other cybercrime), they often plan a sequence of steps to get what they want. Individual steps may seem innocent or meaningless.

The Business Continuity Runbook – Between Automated and Manual BC

Much of business continuity today can be automated. Production lines, supplies reordering, failovers in case of problems, management reports, many of these things now work on a “set it and forget it” basis.

Linux the Unhackable? That All Depends…

Linux has an enviable reputation as a secure platform for servers. But Linux the Unhackable? Certain myths persist about the inherent resistance of Linux to viruses and the superfluity of firewalls.

Legal Requirements for Business Continuity

Business continuity is good for your business, but is it also a legal requirement? Laws and regulations differ from one country or one industry to another, although there is a basic expectation that organisations will act responsibly.

Cyber Security and Pointers from Criminology

While cyber security may have you thinking in zeros and ones, and wondering which next generation firewall you should buy next, the human element is alive and well in cyber crime.

Near Misses, Critical Parts of Business Continuity

If everything is working and you have a business continuity plan in place, is there anything left to worry about? Yes!

ITSM and Statement of Work

With the aim of IT service management being to serve the business or the organisation funding the IT, it’s crucial that business requirements drive ITSM projects and procurement.

The “Six Degrees” of Business Continuity

The “six degrees” concept is that you can reach any person in the world using a maximum of six personal relationships in a chain stretching from you to the person you want to reach.

Information Security and ERP Systems

In principle, every IT system needs to be secure. In practice, some IT systems are less secure than others.

Business Continuity in 2017 – Lest We Forget?

So, it’s that time of the year again, when we look back over the last 12 months in business continuity to see… nothing?

Santa Clause and Cyber Crime

Does Father Christmas know just how exposed his operation is? With one of the largest address books ever conceived (names, addresses, gift preferences of billions of people) and a seasonal workforce of elves that may or may not have been vetted before hiring, Santa’s gift selection, preparation and delivery system may be hugely at risk.

Robots and Business Continuity – We’re Well Past the Turing Test

Meet Sophia, who has Saudi-Arabian nationality. There’s nothing unusual about that, except that Sophia is a robot.

Threat Hunting Could Accentuate the Corporate Divide

The idea behind threat hunting is that some attackers are getting too smart for current IT security technology.

ITSM and the Scourge of Server Sprawl

In theory, IT service management should contain sprawl, limiting or preventing the spread of underutilised IT assets.

Business Continuity and Suppliers – Take Nothing at Face Value

“Yes, we have a business continuity plan”. Every enterprise wants to hear this from its suppliers, especially the key suppliers.

IT Security and the Unikernel – the Answer to Hackers and Attackers?

First, there was the virtual machine. Then came the container. Now, welcome to the unikernel, the latest initiative for atomising computing.

The Business Continuity Battle Against FUD

Fear, uncertainty and doubt. Collectively known as FUD, these items skew rational thinking, panic otherwise sensible people, and throw sizeable spanners in the works of business continuity planners.

The End of the Password (Again)?

Will it ever go away? The basic password is still alive and well.

Business Continuity Management and Avoiding Bankruptcy

Bankruptcy per se is not necessarily the end of an enterprise, as several high-profile phoenixes rising from the ashes have shown.

Why You Can’t Trust Anyone These Days

It’s not paranoia, they really are out to get you. When the very organisations promoting IT security manage to botch it up, it’s difficult to have confidence in anything anymore.

Why Business Continuity Will Be a Constant Battle Against Silos

You may well have heard the story of the person trying to streamline business operations and driving past huge, separated grain silos one day, which reminded him of the mentalities and divisions he was trying to overcome back in the office.

How Far Back Do You Go in Your Business Continuity?

It’s a fact of business life that customers, markets, and industry commentators only see your brand, and not the suppliers who provide the materials, components, or products behind it.

Bad Habits Are the Worst IT Security Risk

People – “Can’t live with them, can’t live without them” might be the motto for many enterprises and their chief information security officers (CISOs).

Business Continuity by Staying (Very) Close to Your Customer

Sometimes in business continuity we end up with such a fierce focus on actions inside the enterprise that we neglect actions directed towards the outside world, and specifically towards our customers.

A Zero Trust State of Mind in IT Security

Hollywood (once again) got there first. Remember those films in which shadowy figures hiss “Trust no-one!” before vanishing from the scene?

Business Continuity for Machines? Just a Sec, I’ll Print You Some

You may find this blog article mind-expanding – especially if your natural reaction is to think about its title in two dimensions, rather than three. To set things straight, we’re not talking about paper printouts of business continuity plans that by definition are out of date the moment they are distributed.

IT Service Management, Your New Name is Marketing

What’s more important in IT Service Management (ITSM), the management or the service?

The Observer Effect in Business Continuity

When you look at something, you have an impact on it. That’s the observer effect.

When Bolted-On IT Security is the Only Option

If you’ve worked in IT development for hardware or software, or had dealings with that world, you may well have seen the statistics about the costs of fixing bugs.

Business Continuity? It’s in Our DNA, Right?

How many times have you heard business people talk about their DNA – meaning their business culture or something similar?

Risk Management and Proactively Dealing with Threats

What’s the difference between a risk, a threat, and a vulnerability? This is worth knowing, because if you can spot the risks in your enterprise and mitigate or eliminate them, you might not have to worry about associated threats.

3 Ways to Build Collaboration into Business Continuity Management

As a business continuity manager, you are likely to be involved in getting your colleagues to take business continuity seriously and ensure that their own departments will continue to function even in adverse conditions.

Business Continuity Management – How Relevant is It to Data Breaches?

It’s always good to show how business continuity can be a net profit generator or produce other positive and measurable advantages.

People are Important to Business Continuity Too

Sounds obvious? When you’re knee deep in metrics, reports, and audits, it’s not always easy to remember that without people doing their jobs, nearly every organisation will rapidly cease to function.

The Most Worrying Definition of the Blended Attack

It almost seems that there are as many definitions of the “blended attack” in IT security, as there are experts willing to give them.

Is Business Continuity about Prevention or Detection & Repair?

Ideally, business continuity means no discontinuity.

The Rise and Rise of the Insider Threat in IT Security

Once upon a time, IT security was all about building the highest wall possible to keep attackers out and corporate users and systems safe.

Is IT Getting in the Way of Business Continuity?

In theory, IT should be a boon for business continuity. Speed, reliability, automation, efficiency, productivity, all these things are positive effects available by moving to a digital environment driven by information technology.

Risk Assessment Pitfalls to Watch Out For

Risk assessment is already a vast subject and the pitfalls of risk assessment alone would probably fill a good-sized book.

Are Politics Interfering with Your Business Continuity?

Politics in career progression, in investments, in enterprise projects – but in business continuity as well?

The Four, No… The Five “P”s of IT Service Design

People, products, processes, and partners are the four “P”s of IT service design in a lifecycle model for IT services, but is there something missing?

Business Continuity and Resiliency Engineering

To stay healthy, should you get your jabs or eat your vegetables?

What Will It Take to Kill Off the Password?

Back in 2004 at the RSA Security Conference, Bill Gates was campaigning for the replacement of the password by two-factor authentication or some other secure mechanism.

The Use of Praise in Business Continuity

Don’t get us wrong, simply telling somebody how wonderful he or she is unlikely to guarantee business continuity!

Even in Australia, Europe’s New Data Regulation Could Affect Your Business

Talk about the long arm of the law!

Objectives or Capabilities, Where Does Business Continuity Start?

In business continuity management, should you start with what you want or with what you have?

Disaster Recovery Failure with a Cyber Security Twist

The case of Code Spaces still echoes in cyberspace.

Business Continuity Management May Need Another Name

Did you know that car manufacturers tend to choose the letters for their car model references according to the type of buyer they want to attract?

IT Risk Management is Getting Tougher, but are Managers Keeping Pace?

Tougher to do, and with tougher consequences if you get it wrong: these are the two big trends in IT risk management today.

Agile Business Continuity – A Happy Medium Between Fossilisation and Chaos

Ah yes, agile, that buzzword that is being borrowed by so many parts of businesses! The word itself is full of promise, suggesting all kinds of good things, like flexibility, nimbleness, and adaptability.

ITSM for All, Including Those Who Have Nothing to Do with IT

We’d be straining your patience if we didn’t explain the title of this blog right away. ITSM?

Business Continuity Jargon – For or Against?

Jargon crops up everywhere, and business continuity is no exception. RTO, RPO, BIA, and others are often sprinkled liberally into conversations, plans, and reports.

The Vulgarisation of IT System Hacking Could Be Good News

Attack sophistication is growing. 20 years ago, social engineering had already made inroads and automated attacks were on the rise, with denial-of-service, browser executable attacks, and techniques for uncovering vulnerabilities in the binary code of applications.

Adaptive BC – The New ABC of Keeping Things Running?

Every so often it’s good to shake things up. Sometimes the simple act of asking questions about what we do in business continuity and why we do it can give us a fresh point of view and point out areas for improvement.

Should Disaster Recovery Be a Legal Requirement?

Governments often make legal requirements about things that could damage people’s health, whether in a physical, financial, or possibly other sense.

Synchronizing Your Business Continuity Plans with a Changing Business

The cliché of “change is the only constant” is true for most enterprises. Customers, business analysts, and employees all expect some sort of evolution, even if it is with varying degrees of enthusiasm.

Just Delete It – Destruction as an IT Security Strategy

If confidential information didn’t exist, you wouldn’t have to worry about data breaches.

Dealing with Combined Mobile and Cloud IT Security Problems

Now that so many people and enterprises have rushed headlong into mobile, cloud, or both, it’s time to take a step back and consider your security posture relating to these two items.

The Macro and the Micro of the Perfect Storm in Enterprise Risk Management

What does a perfect storm make you think of – natural catastrophes, perhaps, like the one portrayed in the film “The Perfect Storm”, the risks confronting the Korean economy, or simply a situation you would rather avoid in the interests of business continuity?

IT Service Management, Meet Marketing!

IT service management is sometimes described as a customer-focused approach to making information technology available.

Business Continuity and Machine Learning

According to certain industry analysts and software vendors, we are now midway between a stage 10 years ago when few applications used machine learning, and a stage 10 years into the future when apparently, most applications will function with it.

IT Service Management, Automation, and Erosion of Job Satisfaction

Labour-saving devices, robots, and automation – Weren’t they all supposed to improve the quality of life, by removing manual work and drudgery?

The Coming Roles of Virtual and Augmented Reality in Business Continuity

If you thought virtual reality (VR) and augmented reality (AR) were just gimmicks for people with too much time on their hands, you could be in for a surprise.

Enterprise Attacks that Start in Mobile Apps

Some IT security attacks start from the most innocent mobile apps and in ways that let cyber-criminals simply pick up confidential communications without having to hack into anything at all.

Business Continuity by Working Backwards

Ever since marketing figured out that companies could do better by asking customers what they wanted, rather than just trying to tell them, businesses have moved massively to the notion of working backwards from the customer.

IT Self Service Management is Not the Easy Option

It’s tempting to see IT self-service as the simple way to hand off responsibilities to end-users.

Combining Scenario and Impact Planning in Business Continuity

Scenario planning, in which you seek to identify higher risk and higher probability causes of business interruption, attracts both supporters and cynics.

IoT Device Security Doomsday on the Horizon?

Does it sound strange that many organisations believe they are exposed to major problems with Internet of Things device security, yet few of them have taken any measures to resolve those problems?

Why Business Now Needs Personal Business Continuity

Business no longer controls all its data, now that the data is spread out over systems that could be in-house, in the cloud, or in somebody’s pocket.

IT Asset Management of Grey Matter

If you’ve already moved all your systems and applications to the cloud, you may feel there is little left for you to manage other than your organisation’s data and your IT department’s skillsets.

Disaster Recovery and Human Error

The title of this blog post could almost have read “Never send a human to do a machine’s job”.

Are Routers Open Doors for Hackers?

Small businesses using low-end routers for their networks may be highly vulnerable to hackers.

Business Continuity, Gut Feeling and Data-Driven Decisions

“Give me your gut!” (as in “gut feeling”) has long been the cry of business continuity management in meetings, trying to make sense of complex situations or cut through to the essentials.

Adapting Your IT Sourcing to BYOD (or is that CYOD?)

In theory, BYOD or bring your own device lightens the load in terms of IT sourcing, because it transfers the work (and cost) of acquiring a device to the user of that device.

How Business Continuity Goes to the Movies

Vendors like to go to the movies, meaning they like to see their products and logos in Hollywood productions, and are usually prepared to pay for the privilege.

IT Security and Strange Mobile App Permissions

If you have already installed mobile apps on your smartphone to go beyond the stock selection provided with the device, you may well have noticed how a mobile app asks for permission to access certain resources or take certain actions.

Secrets of a Business Continuity Culture

Do you dream of a work environment in which everybody automatically thinks “business continuity” and acts accordingly?

Cloud IT Sourcing via Brokers – A Solution Whose Days Are Numbered?

What used to be IT sourcing at the physical system level is turning into an exercise at the virtual cloud level, but with a new actor, the cloud broker.

Better Business Continuity with Analytics Chatbots

In this age of big data, business analytics are likely to form an increasingly large part of business continuity planning and management.

National Preparedness Month, World BackUp Day, and Change that Sticks

A while ago, we asked in this blog if World Backup Day was really a good idea. Our logic? If everybody focuses on one day in the year to get their backups right, then spends the other 364 days ignoring the issue, things won’t change for the better.

Business Continuity and Multipathing

Sometimes, IT can teach business a thing or two. In a recent survey on private cloud computing use, there was a statistic on the use of multipathing.

Is It Time to Rename Malware as Sneakyware?

Malware (Sneakyware) is the software that gets into your system and causes havoc, unless you detect it and neutralize first.

Business Continuity and the Knock-On Blackouts

Power blackouts in business can range from a minor inconvenience to a major threat. Diggers slicing through power cables, extreme weather conditions bringing down power lines, or other local failures can all interrupt the supply of electricity.

BYOD, BYOT, BYOC, All One Facet of a Bigger Challenge

IT has no shortage of four-letter words. It’s not clear what the latest variations on the “BYO” or “bring your own” theme add.

The Other Face of the Business Continuity Hacks

There are hacks and there are business continuity hacks. Some hacks are bad news, especially when they target IT security and jeopardize business continuity, but others – the other kind of hack – could save the day in certain circumstances.

Ransomware is so 2016 – The New Menace is Ransomworm

Don’t take this title too literally. Ransomware, the malware that extorts money from victims to prevent a disaster, will surely continue to be active, at least in the short term.

Business Continuity and Machine Learning – Is It Time?

Machine learning, if you have not already met it, is the capability of a machine (a software application) to modify its rules and algorithms according to new data.

ITSM and DevOps – A Win-Lose Situation?

Do the formalism of IT service management and the agility of DevOps mean that one can only succeed if the other fails?

The Business Continuity Manager and the Typewriter

A well-known IT security solution vendor recently published a white paper about planning for business continuity, and listed typewriters as examples of equipment that should be safeguarded to prevent interruptions to an enterprise’s activities.

Data Lake Hacking is the New Dumpster Diving

When computers ran on punched cards and information was stored and communicated using paper, suspicious individuals could sometimes be seen loitering close to the large rubbish bins or dumpsters used for corporate refuse.

The Great Business Continuity Risk-Reward Mix-Up

Investors and financial institutions like to correlate business continuity risk with business continuity reward. If risk is greater in an investment, then the potential reward should be greater too.

Our 2016 Business Continuity Review – From National Resilience to Toasters (and Back)

It’s always an editorial dilemma – Do we start with the event with the biggest business continuity impact? The event that was the most unbelievable? For the 2016 Business Continuity Review, we have some difficult choices, including the massive cyberattack of the toasters, the most powerful man in the world (soon) trying to carve up the Internet, and a smartphone threatening the health of a national economy.

Travelling at the Speed of IT Security

Einstein, move over. There is a new universal constant now, one that governs all IT-driven security activity, which by now is almost everything that goes on in the known world.

IT Service Management and Digital Transformation

Speaking of these two items in the same breath might seem incongruous. After all, what does IT service management looking after daily operations (mundane) have to do with the digital transformation of an organisation (visionary)?

Why IT Strategy Fails and What to Do About It

IT strategy – hmm, that sounds good! It suggests you know what you’re doing, and that those invoices from your IT suppliers correspond to something of value to the business.

BCM, ITSCM and BIA – Alphabet Soup or a Chance to Save Money?

We know you know, but to save you the mental effort of fleshing these acronyms out into full-length descriptions, here’s what they stand for. BCM is business continuity management. ITSCM is IT service continuity management.

6 Ways to Go Down the Road to ITIL Hell (or to Avoid Doing So)

Paved with good intentions and best practices, the road to ITIL hell can look so alluring to the unwary IT manager.

Business Continuity and Business Transformation

Can these two items coexist? Business continuity is about keeping things going, whereas business transformation is often about breaking things (figuratively, if not literally) to get out of a rut and into a new, more competitive mode of business.

Emergency Management and the Rise of the 5G Networks

5G networks is on the horizon now, destined to increase mobile data transfer speeds and reduce communications latency compared to current 4G.

Ethics and Your IT Sourcing Strategy

IT servers, enterprise applications, data centres and cloud services might seem world away from other sectors traditionally attracting attention in terms of a ethical sourcing strategy.

Should You Have a Secret Agent for IT Asset Management?

Start humming the James Bond theme, now. Or perhaps not. Agents in IT asset management don’t quite have the glamour of 007.

At this Moment, Deep Inside Your System, an APT May Be at Work

The advanced persistent threat or APT is the up and coming menace to IT systems today.

Four Steps to External IT Sourcing without Tripping Up

The road to IT sourcing nirvana is full of potholes, not to mention the ravines on either side, should you stray from the straight and narrow.

IT Service Management as a Business Partner

Now and again, we hear rumblings about IT governance and how synergy must be developed between IT and the rest of the organisation to work in harmony as a “business partner”. The principles are praiseworthy.

IT Risk Management as Seen by the Man with the Black Swan

The man in question is Nassim N. Taleb. He coined the term “Black Swan” in risk management to describe events that are unforeseeable, even highly unlikely, yet that happen and in doing so change the course of history.

Seven Mistakes to Avoid in Planning Your IT Strategy

According to some sources, only 10% of any business strategy plans are ever effectively implemented.

IT Security and the Worry About WordPress

As free and freely available software that has helped millions of individuals and enterprises easily establish a presence on the web, WordPress has a reputation for being well-designed and reliable.

The Link Between Online Dating and IT Asset Management

You mean, there is one? Yes, indeed – You see, online dating organizations are all about asset relationships, preferences, likes and dislikes.

Is World Backup Day Such a Good Idea?

Hooray for World Backup Day, you might think, reminding people how important it is to safeguard data and systems.

The Delicate Position of the Chief Information Security Officer (CISO)

A well-paid, but heavy responsibility with a built-in ejector seat is one way of looking at the CISO position.

IT Asset Management and Hardware Hoarders

You’d be surprised at the emotional bonding that can go on between users and their IT hardware devices but there’s a difference between managing your asset appropriately and actually collecting a heap of junk hardware you’ll never use.

IT Service Management and Complete Recovery from Service Failure

How do you measure your IT service success and failure? Performance numbers and metrics can be valuable, because they help you to improve, as well as to defend your IT service management against possible criticism.

The Comeback of the CMDB for IT Asset Management

Enough of the four-letter acronyms! CMDB, in case this had slipped your memory, stands for configuration management database.

Four Pitfalls in IT Risk Management that You Can Avoid

IT risk management can be a risk all by itself. Although the principles sound straightforward, applying them incorrectly can lead to wasted effort, mistakes in risk postures, and failing to spot relevant risks or changes in those risks.

In the Future, IT Service Management May Lose the “IT”

Don’t worry, all you IT people, you won’t lose your jobs because IT service management changes its name.

IT Risk Management and Technical Debt

When you shove things higgledy-piggledy into your desk drawer, just to clear space in your workspace, you have a quick solution, you also have a dirty solution, because trying to find the key to your filing cabinet will take you ages afterwards, and Yes, you’ve just experienced technical debt, first hand!

6 Pitfalls in IT Risk Management

IT risk management is a common thread running through IT investments, IT security, IT disaster recovery, and business continuity.

Using MTTR, Not Just MTBF, in Your ITIL Problem Management Processes

If ain’t broke, don’t fix it, as the saying goes. However, even unbroken IT installations must be fixed by patches, upgrades or redesigns to meet new business objectives. ITIL Problem Management Processes tackles the issue by taking a problem-solving and root cause approach.

How Often Should Users Change Their Computer Passwords?

This is a little like asking “how long is a piece of string”, except that in this case the string may already be a lot shorter than you imagined. Passwords are often the bane of the IT helpdesk.

IT Service Management and Employee Engagement

Does talking about these items in the same breath seem incongruous to you? After all, IT service management is typically viewed as technology at the service of an enterprise and its end-users, helping productivity, rather than being linked directly with motivation.

Uberisation and Business Continuity

So much of business is being scrutinized through the lens of uberisation that it would be an omission (and possibly a dangerous one) to neglect a quick squint at business continuity.

Adjusting Your IT Risk Management Language for Your Business Colleagues

Sure, as a CIO or IT manager, you know what IT risk management is. It’s all about applying risk management principles to IT, including the adoption, ownership, operation and influence of IT within the larger context of the enterprise but in terms of risk management language, are these principles communicated properly across the organisation?

Cascading in IT Asset Management – Should You or Shouldn’t You?

“Here, take my old PC. I’m getting a new one to help meet my advanced needs, but this one will surely do the job for you.” This, in a nutshell, is cascading in IT asset management.

IT Strategy – More than Just a Simple Matter of Business Alignment

On the face of it, it sounds simple. IT strategy should be driven by business requirements.

Your Strategy for Shadow IT Sourcing

Wait a moment, does it actually make sense to talk about shadow IT and sourcing strategy in the same breath?

Archived Backups and Backups of Archives – What Do You Need?

If you’ve archived backups of data for contractual or regulatory reasons, do you also need to back that data up?

Whaling? If Your IT Security Smells Fishy, It Probably Is

There is some deeper relationship between IT security and the sea that has yet to be fathomed.

Will IT Management Morph into Business Process Management?

Take IT as a service, IT governance and maybe some business process execution language, and mix them all together.

Big Data Security Challenges Now and Into the Future

People and organisations generate more data than ever before. Smart software can analyse mountains of data and offer insights and recommendations, or even take decisions.

ABS Census Attacked by DDoS

What were Australian’s doing on the evening of the 9th of August, 2016? All jumping on the bandwagon to fill out their Australian Bureau of Statistics (ABS) Census details on the Census website.

Is Blockchain Going to Be Big for Business Continuity?

If you’ve met blockchain before, it may well have been in the context of the cyber currency Bitcoin.

Expanding ITIL to Cover the Whole DevOps Model

What do ITIL and DevOps have in common, you may ask – apart from the syllable “Ops”? So far these two items have had little overlap, but that may now start to change significantly.

When Less is More in Risk Management

In business risk management, risk-reward is a concept known by many, but understood by rather fewer.

Lean and Cost Cutting in IT Service Management

Enterprises can come up with all sorts of schemes for cutting waste and costs, ranging from cancelling coffee machines to selling off entire business units.

Would You Reveal Your Password for Chocolate? For Even Less?

A survey showed that commuters in London more often than not (more than 70%) would reveal their computer password in exchange for a bar of chocolate.

IT Service Management and Handling Shadow IT – Fight, Flight or Better Marketing?

Now that business apps (that really can help you do better business) are available immediately in the cloud, the internal IT organisation may find itself being ignored as the shadow IT.

The Business Continuity Fight of the Week: Real Clouds vs. Virtual Clouds?

What would you expect residents of Sydney to be doing Sunday afternoon and evening, 5 June 2016?

Will Every IT Security Risk Now Be Followed by a Fake Risk?

It would be risky to generalise from one specific example in IT security, but the case of fake ransomware is intriguing.

Where Do You Put the Cursor for Supply Chain Resilience?

Supply Chain Resilience have so many moving parts that rapidly becomes a priority issue.

Business Impact Analysis Errors You Must Avoid

In business continuity planning, business impact analysis or BIA is possibly the most critical part.

Risk Evaluation and the Science of Danger

Let’s be honest. Between ‘Risk Evaluation’ and ‘The Science of Danger’, the second name has more star quality.

Cyber Criminals attack on Third Parties

Where do cyber criminals focus their attacks? On the organisations with the information of most interest or highest worth, naturally enough.

Designing Business Continuity into Your Business Strategies

As IT morphs from legacy on-site systems and firewalls to cloud computing, mobility and data-anywhere, it is having to change in terms of agility and security.

Learning from How Others Do Their Business Continuity

Looking at how other enterprises organise their business continuity can be beneficial for two reasons. First, it helps to compare your own preparations with those of another entity.

Have Data Protection, Can Travel – IT Security without Borders

IT Security perimeters no longer exists, now that mobile and cloud computing are so prevalent. The availability of files and information to employees in the office, on site, on the road or at home is high.

Resilience and TICTF (Too Interconnected to Fail)

Remember the economic meltdown (almost) of eight years ago? Two buzzwords came to the fore at that time. One was “systemic risk”, the risk that applies to an entire sector or domain; in this case, the global economy.

A Lean Approach to Business Continuity

Often, techniques that are invented in one domain can be of use in another one too. If you’ve spent your working in life so far in business continuity, you may not have seen much of the lean approach that is frequently used in manufacturing.

If Facebook Rules the World, What about Business Continuity?

The company has a vision of making its Messenger app the default communication mode for businesses, whether with other businesses or with customers.

Where Whistleblowing Fits into Business Continuity

On the face of it, business continuity is a robust process. You gather the appropriate information, apply methodologies to assess business risk.

Outward-Looking Business Continuity

It is easy to indulge in navel-gazing when it comes to business continuity. We examine your business, its components, its requirements, its objectives and the risks that could affect it.

Get Your Own Local Resilience Forum

A Local Resilience Forum? Should you have one? Also referred to for short as an LRF, the idea is to bring together different respondents in a local area in order to guarantee cooperation

Cloud Business Continuity – Brilliant, but Still Garbage In, Garbage Out

Current press coverage may be focusing on exaflops and artificial intelligence, but the IT success story of the decade is still likely to be cloud computing as Cloud Business Continuity struggles to bring much progress.

Will Buggy Releases Triumph Over Smart Mobile Architectures?

Smart mobile has so far been largely a consumer-driven market. That has been good news for the business sector. It has reaped the benefits of the technological advances and better user experiences, with which vendors have sought to woo Jane and Joe Public.

Willie Sutton Logic and Cyber-Attacks

Willie Sutton was the man who (according to a popular story) gave the definitive answer to the question “Why do you rob banks?” He said “Because that’s where the money is”.

Why BYOD Isn’t All Enterprise Security Gloom

The economic arguments for bring your own device (BYOD) working are multiple. The first one is that if employees fund their own terminals (smartphones, tablets, portables), their employer does not have to.

Human Rights and Business Reputations

Sourcing and procurement in business is becoming less and less hands-off. Gone are the days when an enterprise could shut its eyes to labour conditions in a supplier’s company, as long as the products or services arrived on time and at the agreed cost yet behind the scenes what impacts the most is business reputations when the human element becomes non-existent.

Are Cyber-Security Skills Due to Nature or Nurture?

Culture and language determine much of how we live, think and act. So does history. These factors could explain why the Netherlands has gained a reputation as a leading exporter of IT Cyber-Security.

The (Non) Strategy of Australian Government Cyber Defence

The 2016 Defence Whitepaper from the Australian government is now available online. It discusses a broad range of defence topics, of which cyber defence is just one.

Proper Backups Can Beat Ransomware Attacks

Ransomware attacks are on the rise, according to recent reports. Cybercriminals often favour these attacks, because they find them to be effective and lucrative.

The Inherent Risks of payWave and PayPass Cards

Convenience is the name of the game, especially when it helps customers spend more. The new generation “tap and go” paywave and paypass cards are designed to do that.

Does It Make Sense for a Battle Box to be a Physical Artefact?

If you have a battle box for your enterprise, then it probably contains vital information such as employee and major supplier contact details, the most important business contracts, system codes for accessing or restarting critical applications, and so on.

Winning in the IT Service Continuity Management Obstacle Race

In an ideal organisational world, ITSCM (IT service continuity management) guarantees rapid recovery of critical IT services after unplanned downtime.

Nobody, but Nobody is Safe from Cybercriminals

You might not go as far as to bet that they would never, ever suffer a breach of security. Yet today’s scandals seem to concern entities in the private sector.

The Rise and Rise of the Recovery Consistency Objective

Timing, as comedians say, is everything. It’s true if you’re on stage entertaining an audience.

Hi, Can I Interest You in Some Second Hand Security?

Buyers, beware! While a car with one careful previous owner (we’ve all heard that one, right?) may still be a viable purchase proposition, somebody else’s security may be ill-suited to your organisation. Second Hand Security can crop up in situations like company mergers and acquisitions.

Employees vs. Employees – the Internal Battle for Data Security

As organisations have boldly gone when no enterprise has gone before, meaning out to the far corners of cyberspace, the face of data security has changed significantly.

Zika and the Multi-Dimensional Development of a Pandemic

The Zika virus is turning out to be a bigger and more unwelcome surprise than expected.

Should Mobile Device Data Protection Be Encouraged or Enforced?

How many people in your enterprise use their personal mobile devices for work?

Our 2015 Business Continuity Review – Cloudy with Scattered Security Breaches

Information security, both in-cloud and on-premise, was somewhat higher profile during 2015. The top three threats for the year for cloud environments were (in decreasing order of importance) app attacks, suspicious activity, and brute force.

IT Security Trends in Technology, Politics and People – Always Two Sides to the Coin

With mobile computing already so widespread and the promise to add billions more attached devices, a large part of your security will be determined by the state of your technology.

How Ready Do You Feel for Bring Your Own Encryption?

Revelations of government snooping and pressure on cloud providers to provide customer data to authorities have led to new developments in the way encryption is applied with those ready for the Bring Your Own Encryption (BYOE) phase.

Micro Answers to Expanding IT Security Perimeters

If you use a cloud service or let your employees access company systems from their own smartphones, you’ve probably already noticed how your IT security perimeters has expanded.

IT Security and the End of Ivory Towers, Bolt-Ons and Bigger Fences

Have you ever looked at an IT security plan and wondered, “what’s wrong with this picture?” When words like “policy”, “procedure” and even “implementation” are prominent, but others like “user”, “training”, “performance” and “awareness” seem to be pushed into the background, there may be room for improvement. Unless your context is entirely “lights-out” and computer-driven…

The Rise of Rule-Based Security in Cloud Computing

Corporate policies on anything from safety to ethical sourcing are all about rules. Do this; don’t do that! Often created from the experience of everything that went wrong in the past, policies can soon turn into large, unwieldy documents. IT security also has its rules, some of them born of common sense, others of past…

IT Security, One Rotten Apple and a Whole Bad Barrel

Barrels of apples can go bad, both literally and figuratively, because of just one rotten apple. The rot spreads from one apple to another until the whole barrel is infected. Not so long ago (in 2014), experts from security company ESET discovered 25,000 servers infected with malware, some of these servers being grouped together in…

3 Broad Categories of Cyber-Security Trends for 2016

System hacks, data breaches and information theft are frequently in the news, and will surely continue to feature strongly in 2016. However, recent crystal ball gazing by different actors and experts yielded an intriguing variety of predictions for the coming year. Broadly speaking, there are IT security trends we can expect, those we should suspect,…

Data Encryption and Reputation Management

What do encryption and reputation have to do with each other? On the face of it, the link seems tenuous. However, if a data breach occurs, encryption could be the difference between intense corporate embarrassment and a corporate reputation that remains untarnished. Of course, we’re talking about than standard encryption of data in transit with…

Cryptographic Protection that Does Not Hide Your Information

Does this sound like a contradiction in terms? If your idea of cryptography is all about keeping confidential information hidden from prying eyes, then the idea of applying it to information that is then consumable by others may seem strange, to say the least. However, this is a major function of cryptography too. It makes…