Our Thinking

Benefits Management – What Do Benefits Align To?

Posted by Bruce Leppky on Feb 15, 2018 3:44:55 PM

Principle # 1 – Use a “benefits-led” approach

In my previous post, “Why Benefits Should Drive Your Project Planning and Delivery”, I introduced the concept of adopting benefits management so that benefits can be properly planned, delivered, and measured. As a key principle of benefits management, I also shared how adopting a “benefits-led” approach to program and project planning can improve successful project delivery, so that the intended business outcomes are achieved and their expected benefits are realized.

Read More

Topics: Project Management

Choosing the Right Security Operations Capability for Your Organization

Posted by Patrick Hayes on Feb 8, 2018 8:23:59 AM

Over the past decade, the level of attacks, breaches, and potential dangers to vital data have escalated to the point where organizations in every industry need to take measures to ensure their assets and technical infrastructure are safeguarded. A key part of that protection is having the continuous knowledge of where your environment is vulnerable and the type of risks that may threaten it. The approach you take to continuously monitoring for threats and vulnerabilities can vary based on a number of factors, such as existing technology, staffing, and internal processes. Not to mention the financial impact based on your organization’s resources and maturity. This leaves you with several critical decisions your organization should consider when determining an in-house, or outsourced approach to security operations.

Read More

Topics: Security

The Lowdown on Security Policies – Part Three

Posted by Steve Levinson on Jan 26, 2018 11:17:33 AM

In Part One of my blog series aimed at breaking down each section of Online’s security policy, we looked at some general best practices surrounding the development of a security policy. This included answering the question of “why develop a security policy?” and went into detail about developing the scope of content contained within. Part Two analyzed the organizational roles and responsibilities needed to implement an effective security policy. Now let’s take a look at how Electronic Communication plays into an effective policy.

Read More

Topics: Security

Why Asking the Tough Questions Will Help You Make a Better App

Posted by Kevin Guenther on Jan 17, 2018 2:45:25 PM

With Christmas trees getting wrapped up for the chippers and the feelings of celebration, togetherness, and giving diminishing to their normal levels— comes that familiar feeling of buyer fatigue. Whether we’re questioning the impact or necessity of the gifts we gave, wondering if we’ve gone overboard or are simply just happy that all the running around is over. A lot of us are just feeling tired at this point in the season. Tired of just buying… stuff.

Read More

Topics: Digital Experience, Digital Transformation

What are the Spectre and Meltdown Vulnerabilities?

Posted by Security Consulting Team on Jan 8, 2018 5:20:00 PM

As you may have heard in the news, computer researchers have recently discovered a design flaw that results in a security vulnerability in the CPU chip that powers nearly all the world’s computers, including PCs, smartphones, and data center computers. This hardware bug allows malicious programs to steal data that is being processed in the computer memory. The name given to these vulnerabilities is ‘Meltdown’ for Intel chips or ‘Spectre’ for AMD and ARM chips. The first reports were published on January 2, 2018, prior to a coordinated disclosure scheduled for the week of January 8. There is no evidence of exploitation at this time, but the publicly disclosed proof-of-concept (PoC) exploit code could result in the vulnerabilities being weaponized for malware delivery.

Read More

Topics: Security

I failed my PCI assessment - now what?

Posted by Shawn Lukaschuk on Dec 28, 2017 12:48:18 PM

As 2017 comes to an end, the latest PCI DSS 3.2 requirements (coming into effect on Feb. 1,  2018) are on the minds of many Service Providers and Merchants. A natural question stemming from these changes is "What do I do if I fail my PCI assessment?" Let's take a look back to a blog written earlier this year that answers just that. 

Read More

Topics: Security

Objects are Closer Than They Appear – Those “Optional” PCI Changes are Coming Home to Roost

Posted by Shawn Lukaschuk on Dec 21, 2017 2:44:14 PM

Remember when PCI DSS version 3.2 was released way back in April 2016? We counted our blessings that the new requirements truly raised the bar - especially for Service Providers - and gave us a considerable grace period to implement them. And as it goes, 2018 seemed so far away and implementing these changes didn’t seem so urgent. Well fast forward to today and all of a sudden January 31, 2018 doesn’t seem too distant in the future anymore.

Read More

Topics: Security

Why Benefits Should Direct Your Project Planning and Delivery

Posted by Bruce Leppky on Dec 14, 2017 3:53:45 PM

More and more, it is becoming critical for organizations to ensure that project investments deliver on their expected outcomes. Projects exist primarily is to provide some element of business improvement or new capability, resulting in benefits to the organization. This prompts an important question – do your projects deliver their proposed business change and expected benefits?

Read More

How to Adopt the NIST SP 800-63-B Digital Identity Guidelines and Still Be HIPAA Compliant

Posted by Adam Kehler on Dec 7, 2017 3:24:29 PM

I was recently asked the following question: “Can Health Centers adopt the less stringent password measures recently updated in [NIST Special Publication (SP) 800-63-B] and still be compliant under the HIPAA Security Rule?” This is a great question that isn’t quite as simple as it may seem. It requires an understanding of what the NIST Digital Identity Guidelines are, their place in enforcement, and how to interpret HIPAA requirements as they relate to authentication.

Read More

Topics: Security

Roadmap to Digital Customer Touchpoints

Posted by Heidi Deras on Nov 30, 2017 4:25:05 PM

In today’s world, information is available to anyone with a simple swipe on a smartphone. With this ease of interaction, customers are increasingly rejecting traditional brand touchpoints, such as print media, and focusing their time on personalized interactions that are designed with the customer in mind. A future filled with digital experiences is closer than we think and we need to adapt, or be lost, to this new reality.

Read More

Topics: Design, Digital Experience, Digital Transformation

Our Thinking - The Online Blog is a source for insights, resources, best practices, and other useful content from our multi-disciplinary team of Onliners.

Subscribe to Blog Updates

Recent Posts