Our Thinking

In light of Mark Zuckerberg’s appearance in front of Congress last week, Business Insider reported that Zuckerberg’s personal notes had the following reminder:

It’s not uncommon for me to be asked how often an organization should review its own InfoSec alerting framework and library. My answer usually goes as follows: Like so much of security, nothing is straightforward, but there are some fundamental best practices that provide critically helpful guidance. The bottom line is that Threat Detection and Response (TD&R) management is really a lifecycle operation.

In the first part of this blog, I covered how organizations of all kinds are increasingly adopting user centered Design Thinking practices instead of dreaming up features or digital products they think their users need. I then discussed the MVP Effort, Proposed Solution, and Aim steps of the infographic below. In this final part, we will be covering viability milestones during the post-launch impact stage, including how to track the milestone's using your metrics system and what warning signs to look for that could indicate you’re not hitting all six of them. 

With the European Union’s GDPR regulation coming into effect on May 25, we sat down with Online’s legal counsel/privacy consultant, Laura Sulymosi, to discuss the biggest questions being asked by organizations looking to be compliant.

Organizations of all kinds are increasingly adopting user centered Design Thinking practices instead of sitting around boardroom tables with their peers, dreaming up the next big feature or digital product they think their users need. But depending on your company culture and organizational structure, you may still be finding it challenging to break the “grand assumption” habit.

Tim Siemens is the Chief Technology Officer with Online Business Systems. We asked Tim to share his insights with us on the top 3 technology trends in 2018.

Do I Really Need a Business Case?

A completely legitimate answer to this question is “no”….BUT only if you have a lot of time, money, and people - and a desire to waste all three! 

A business case, at the very least, makes one think more carefully about a future initiative. At its best, a business case helps ensure an organization is undertaking an initiative that will add value, which includes being in alignment with organizational goals.

Another benefit of writing a business case is that it sets the parameters for the initiative, which then feed into the project planning process making it easier for the project sponsor and project manager to move the initiative forward. 

Principle # 1 – Use a “benefits-led” approach

In my previous post, “Why Benefits Should Drive Your Project Planning and Delivery”, I introduced the concept of adopting benefits management so that benefits can be properly planned, delivered, and measured. As a key principle of benefits management, I also shared how adopting a “benefits-led” approach to program and project planning can improve successful project delivery, so that the intended business outcomes are achieved and their expected benefits are realized.

Over the past decade, the level of attacks, breaches, and potential dangers to vital data have escalated to the point where organizations in every industry need to take measures to ensure their assets and technical infrastructure are safeguarded. A key part of that protection is having the continuous knowledge of where your environment is vulnerable and the type of risks that may threaten it. The approach you take to continuously monitoring for threats and vulnerabilities can vary based on a number of factors, such as existing technology, staffing, and internal processes. Not to mention the financial impact based on your organization’s resources and maturity. This leaves you with several critical decisions your organization should consider when determining an in-house, or outsourced approach to security operations.

In Part One of my blog series aimed at breaking down each section of Online’s security policy, we looked at some general best practices surrounding the development of a security policy. This included answering the question of “why develop a security policy?” and went into detail about developing the scope of content contained within. Part Two analyzed the organizational roles and responsibilities needed to implement an effective security policy. Now let’s take a look at how Electronic Communication plays into an effective policy.