Please complete all required fields!
Conclusion: Risk assessment tools help protect and support staff and minimise business disruptions by following Australian risk management (and health) guidelines.
Read more ...
Conclusion: IT services are critical to reducing the impact of pandemics on public health, jobs and the overall wellbeing of nations. To prepare IT for this challenge, organisations should:
Conclusion: With cases of the novel coronavirus (COVID-19) emerging across Australia, many businesses are or should bewell into pandemic planning to ensure they maintain essential services. Teleworking, remote working, or working from home, is a centrepiece of those efforts and will increasingly be implemented by organisations. Cybercrime activity is rising rapidly with actors seeking to exploit the fear and uncertainty in the community. The use of remote working technologies presents additional cyber security challenges that can be different from the more secure on-premise environments. Below is a list of considerations to help guide businesses through these challenges.
Conclusion: Ransomware attacks have been in the news lately with Toll, Talman, Travelex and Manheim Auctions all having their day-to-day operations completely shattered. Many pundits and security product vendors are touting their initiatives to help an organisation defend itself against such an attack.
Despite all best efforts, there is no 100 % guaranteed defence against succumbing to a ransomware attack. So rather than investing still more funds in defensive products, it is well worthwhile creating a strategy to allow a rapid recovery or reestablishment of service after being struck by an attack.
It is possible to develop some strategies, all relatively inexpensive apart from time, that will position an organisation to have an excellent chance of quickly returning to normal productivity after a ransomware attack.
Conclusion: Covid-19 has already had severe global impacts even though the total impact is yet to be fully dimensioned. Further restrictions are foreseen in Australia. Its implications will be long term and disrupt the way we conduct business in future and the way we interact socially and a ‘new normal’ will emerge. No business will be immune and during this dislocation both challenges and opportunities will arise.
At IBRS we believe that it is critical to take the long view on how the crisis will evolve and be prepared for the waves of change which will follow.
IBRS workforce transformation advisor Joseph Sweeney said many government departments had to navigate difficult IT environments that were only part-way through their digital transformations, with some systems in the cloud, and other legacy software still on premise.
With the outbreak and continued spread of the recent Coranavirus, or COVID-19, your business continuity plan (BCP) may need to be put in motion.
IBRS has created the Business Continuity Planning: Pandemic Scenario template to test your BCP using the potential COVID-19 pandemic.
Download and use this template to ensure your organisation is well prepared.
"BCP Steps and Checklist" IBRS, 2020-03-06 20:04:13
"Incident response planning: Key artefacts" IBRS, 2020-02-06 04:20:37
"Incident response planning: More than dealing with cyber security breaches and outages" IBRS, 2019-07-05 00:59:04
"Preparing for a Swine Flu Pandemic - Avoid being 'piggy in the middle'" IBRS, 2009-06-29 00:00:00
"Testing your business continuity plan" IBRS, 2019-05-31 13:39:29
"Top 10 considerations when running an incident response drill" IBRS, 2018-09-04 13:29:16
Conclusion: The increased proliferation of critical digital services has resulted in ransomware attacks becoming one of hackers’ means to make money. As a consequence, many organisations have become the victims of such attacks. IT organisations should implement a full recovery strategy to restore IT services in the event of ransomware attacks. The recovery strategy should become an integral part of the disaster recovery plan. This will raise business stakeholders’ trust in the service security and reduce the spread of this type of IT organised crime.
Conclusion: Not knowing where an organisation’s business-critical data is located, and its quality, can lead to many frustrating efforts to respond to management queries. When the converse is true and IT management can respond quickly to queries, say, at a board meeting or in an FOI (freedom of information) request, it enhances confidence in the quality of management of IT generally.
Conclusion: Every dollar spent in supporting legacy systems or BAU (business as usual) represents a dollar that cannot be allocated to digital transformation initiatives. Conversely, organisations without legacy systems (digital natives) can be quicker to market with innovative solutions supporting the digital strategy, as there is no residual debt to repay.
Compounding the problem for organisations with legacy systems is that skilled IT professionals supporting them are likely to be fewer each year, as they leave for greener pastures or retire. To back fill, management must pay a premium to engage skilled contractors who will need time to understand the nuances of the legacy systems and become productive.
"Digital transformation: More than a technology project" IBRS, 2018-06-01 04:04:24
"Innovation: Taking action in 2018" IBRS, 2018-08-01 09:14:16
"Make the process for allocating IT resources transparent" IBRS, 2018-06-01 04:17:01
Conclusion: There has been a lot of talk about incident response since the new data breach laws came into effect in Australia and Europe. But the laws alone should not be the driving force to having a response plan in place. Having a plan in place means more than talking about a plan, planning a plan and signing off on a plan. Being prepared puts you way ahead of the curve but being truly prepared means testing your incident response plan through drills and tabletop exercises. A drill provides an opportunity to understand realistic outcomes for risk scenarios and apply the lessons learned to your incident response efforts during a crisis.
"Cyber insurance – it’s not the cybers you’re insuring" IBRS, 2017-09-02 01:58:42
"Learning from the misfortune of others – the Equifax breach" IBRS, 2017-10-02 23:02:39
"Maersk and NotPetya – a case study on business impact and cyber risk management" IBRS, 2018-03-06 07:14:54
"Use the NIST cybersecurity framework to drive for visibility" IBRS, 2018-06-01 04:19:32
Conclusion: If the broader business is to commit to investing in security, both emotionally and financially, they will need to buy into their responsibility. Security is likely to be seen as an IT problem because historically the minimum level of protection came through network and operating system security staff embedded deep in IT. Technical controls are not sufficient to protect an organisation from all known and potential threats as they are only as strong as the rules and configurations implemented by human operators. If nothing else, raising the profile of security to a broader audience with relevant, personalised messaging will begin to show the business how they can extract full value from security investments and dispel the belief that IT should solve the “security problem”.
IBRS iQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.
Conclusion: Organisations considering applications migration to a Cloud service provider may lack the experience to understand potential risks or how to select a service provider. This may result in budget overrun or inability to meet business needs.
While planning to engage a service provider, a “Plan B” (to invoke in case of failure) is needed to strengthen the project plan’s foundation and mitigate risks. The process of developing the alternative plan helps define potential risks to consider, and what success or failure will look like. Costing out the alternative plan will also help in assessing the financial benefits and costs.
Conclusion: Vodafone Foundation’s DreamLab1 charity has shown in its work with The Garvan Institute for Medical Research how a huge and diverse collection of the public’s volunteered processing on their smartphones can be used in aggregate to solve complex cancer research problems2.
The use of Mobile and Cloud as the first choice for ICT infrastructure and applications has not been an intuitive choice for most enterprises but the supporting evidence for its value has built rapidly as seen in DreamLab. This case shows the power of using intensely popular smartphones to aggregate processing to solve supercomputer-scale problems.
It also shows that an enterprise Data Centre is not the only place to perform large-scale processing. A combination of vastly distributed third party computing managed by public Cloud is reversing the business risks currently accepted when an enterprise deploys its own ICT infrastructure and places significant risk with the Cloud provider.
Similar applications of this Use Case include other charitable donations of processing capacity; shared processing in channel-focused businesses; supporters aiding not-for-profit organisations; or those that collaborate intensely; or Internet of Things (IoT) scale micro-processing of Big Data scale information across vast numbers of devices.
Conclusion: Poor planning is frequently cited in surveys as a major reason an ICT project has failed. A major element in the planning process is the preparation of the business case setting out why the project is needed and must be approved.
Management is remiss when it approves a poorly developed business case as it sends the wrong message to developers and sponsors – that if the project fails to deliver they are not to blame.
Conclusion: When business critical systems have ‘passed their use-by-date’ or maintenance costs are excessive there is a temptation to fast-track the approval of the replacement systems and underestimate the cost and complexity of doing so. Avoid the temptation by thoroughly defining the scope of the project and include contingencies in the cost estimates to cater for the unexpected. When this is done, start lobbying management so they approve the project first time.
Over the last few years the talk about search engine optimisation has given way to hype about semantic search.
The challenge with semantics is always context. Any useful form of semantic search would have to consider the context of a given search request. At a minimum, the following context variables are relevant: industry, organisation, product line, scientific discipline, project, geography. When this context is known, a semantic search engine can realistically tackle the following use cases:
Conclusion: Engaging with an incident response service provider is a process that needs careful research and planning. It’s valuable for your incident responders to know a considerable amount about your business operations so that they can help support the business in an incident, and not just stamp out technical fires, potentially doing further business damage. It is equally important that you know your incident response service provider; how they prefer to engage, what their capabilities are, their reference clients and, what their employment policies are.
"Preparing for cybercrime - communications" IBRS, 2013-03-24 00:00:00
"Preparing for cybercrime; incident response Part 2" IBRS, 2013-11-27 00:00:00
Conclusion: The business case for the use, acceptance and adoption of mobile financial transactions is that the provision of the technology will create its own demand. Some persuasion and marketing is required but essentially the convenience and innovation of the mobile handset is a powerful catalyst. Eventually technological force will transform the way society transacts. The main players expect to eliminate all loose change in every purse and pocket.
Such confidence is not entirely misplaced. The industry is using many channels to convince the public of the efficacy of the technology. However the basis of the business case may not be as secure as believed by its adherents and that may be a costly oversight.
Conclusion: CIOs today are often faced with deciding whether to buy integrated systems solutions and services from major vendors or buy best of breed solutions from multiple vendors and manage the integration project in-house.
Organisations that have engaged external services providers on a major scale and eroded their IT skills base typically find they have no option but to buy the integrated solution. Conversely those with specialist skills in-house and the need to develop their people, often find in-house systems integration solutions more attractive.
Conclusion: IT Strategic Plans typically include a long term application pathway for offering enhanced services to clients, and better management information. In reality this is just the beginning of the journey from concept to benefits realisation. To succeed, project sponsors need to take the initiative and gather arguments that will ensure funds are allocated to their projects by the governance group as soon practicable.
To minimise management tension the governance group has to create a level playing field and equitably allocate resources to sponsors whose projects best contribute to meeting business objectives.
Conclusion:It is tempting to seek out easy solutions for hard problems. Many others must have had similar problems, and a large part of the solution development effort can be short-circuited by selecting an appropriate productised solution – that’s hope. But similarities between problems in different organisations are easily over-estimated – that’s uncertainty. Business cases are strengthened by highlighting key differences to other organisations, and by proposing a path that incrementally removes uncertainty.
Conclusion: Astute CIOs know that to be successful they must assume, or act out, many roles. One role they must not overlook is that of engaging stakeholders during the budget or planning cycle and helping them identify ways to maximise the benefits of existing IT investment and canvass ways to exploit emerging technologies.
With increasing use of external service providers CIOs and IT managers find themselves having to prepare an increasing number of RFPs (Requests for Proposals) to select the right provider at the right price.
Conclusion: Public sector IT projects have been found to have similar rates of failure to their counterparts in the private sector, however they also have a number of characteristics that are different to private sector projects. Project related issues that arise from these characteristics have been found to be the drivers for the majority of public sector project failures.
Conclusion: The continuing widening of the span of control of application systems managers is a major management concern. Unless the span is reduced by initiatives such as replacing systems with marginal value and rationalising the number of application software vendors, organisations will see their systems maintenance costs rising higher than other support costs and the time from program fault to fix blowing out.
Conclusion:A prerequisite of a business case is that all the variables are covered; the forecasts of likely outcomes along with the returns on investment and the processes to manage the venture are classified and described. In so doing, risk is averted or minimised, although there may be occasions when a proposed venture is so large a degree of faith in a business forecast is just as influential as the logic or rationale contained in the business case.
As News Corporation emerged became the third largest digital media player in the US in 2005, its approach to managing online strategic investments offer an interesting insight into its strategic direction. For instance the corporation is now committed to digital media to produce a new growth channel as its newspaper businesses suffer decline.
Few mangers will face the scale of what News has done but two useful messages emerge. Firstly, catching up with the early movers is prudent because the risks associated with catching up with them decrease over time. Secondly, management needs to take steps to ensure that a new initiative works across the entire organisation, that is, it produces benefits for most operating divisions. In the case of News, to take a military analogy: they have boosted their right flank and hoped the left can survive – for the time being.
Conclusion: At the big end of town some remarkable process improvement breakthroughs are being achieved with a combination of Lean Manufacturing and Six Sigma philosophies. However, the benefits that can be realised from these techniques can also be enjoyed by medium sized enterprises. Using recent work carried out by the Commonwealth Bank of Australia (CBA) through its Commway initiative, this article briefly charts their journey to date and provides advice for those who wish to embark on similar journeys.
Conclusion: When executive decision makers review business cases and observe a ‘J' curve investment pattern, it generates immediate doubts regarding the project's value. On the other hand, ‘S' curves, which represent competitive advantage or increasing profit, generate enthusiastic responses. Unfortunately, too many IT infrastructure business cases are presented with ‘J' curve profiles due to high initial investment costs. In many cases projects with high initial costs and delayed profits can be legitimately restructured to reflect a better commercial outcome with forethought and strategy. Not every project can be transformed, but two methods of cost structuring and ROI analysis have demonstrated successful results.
Conclusion: Recently I was at a Christmas party with several 30 year IT Veterans. As usual a few war stories were shared. This paper contains two of the more bizarre stories. Unfortunately neither of these stories would exist if a formal peer review process had been in place in the organisations concerned.
IT departments should have some form of peer review for all initiatives and this should include operations, systems development, purchasing, communications, etc. Failure to implement a peer review process may result in your actions being recounted in war stories some time in the future.
Conclusion: Most organisations conduct a business case before making major ICT investments and almost all choose not to invest in a system if its business case does not stack up.
While all this sounds wonderfully logical, it does not explain how we have made investments in products like e-mail. Few organisations bothered to conduct a business case for e-mail and even fewer have ever attempted to deliver any benefits from their investment in e-mail.
Conclusion: Managers that fail to identify the benefits accruing from implementing an ERP will find it difficult to get senior managers to approve investment to upgrade to the next major release of the software.
Conclusion: In an ideal world the business case report recommending the organisation invest in a business solution (systems, business processes and workplace change) should act as the cornerstone on which the ensuing project(s) proceeds. If the report is coherent, well researched and presents a credible picture of the future, all stakeholders can use it to guide their actions.
While many organisations have templates of the typical business case report, compliance is no guarantee of quality.
Conclusion: Business managers, who sponsor major Business Solutions implementations, need to be identifying what they have to do to succeed and develop plans that will make success a reality. Focusing on the Right Things Starts with Astute Planning
Conclusion: When faced with proposals requesting investment in Business Solutions in an environment in which demand exceed available resources, firms need to develop and apply an IAC (Investment Allocation Criteria) to help them prioritise and rank the competing proposals.
Conclusion: Successful projects are analogous to freshly cooked puddings in that they not only have to smell nice when taken out of the oven but also excel when tasted to earn the praise of the client. Or to put it in simple terms a successful project is one that has helped the firm to realise the expected business outcomes.
To increase the probability of firms implementing successful projects senior managers must, at a minimum:
Identify staff with potential to handle the political as well as the technical arena of projects and a) give them training in project management disciplines as well as b) negotiation and influencing techniques
Implement the initiatives described below, monitor their outcomes and ensure the lessons learned in both technical and political arena are widely disseminated
Login to read your premium content.