Information Assurance for SMEs

We are regularly hearing news regarding attempted or successful cyber-attacks on large corporations, government institutions and military targets.  The threat of hackers accessing online data and using it for financial or political gain is increasing and Britain’s National Security Strategy has classed the threat as Tier 1, which, although it is far less likely to cause actual physical harm to individuals, is equal to terrorism.

With only the large scale attacks making the media headlines, it can seem like a world away from those of us working away in our offices, industrial estates and retail outlets. As the threat of someone hacking into our data may sound like an unlikely event, information assurance isn’t a top priority for many SMEs.

As the majority of companies are conducting more of their business online; through their website, social media or cloud computing for example, the risk of cyber-attack is a growing reality. Many businesses see that embracing technology has reaped rewards; with increased efficiency, national or global clients, greater flexibility in working practices and cheaper marketing. Whilst these have helped many companies, they do come with a risk that the company is exposed to cyber-attack.

You may think that your company are too small for anyone to be interested in accessing your data, but if it is valuable to you, then it has value to others. SMEs are appealing targets, as they are more likely to underestimate the risk and so are less likely to have current data security measures in place. SMEs also provide cyber criminals with routes into larger companies that the SME is supplying to, or serving.

Whilst national targets such as electricity grids, or air traffic control would cause massive disruption, they are well protected and present more of a challenge than a large number of smaller hits on SMEs. From gathering data to sell, or use for fraudulent purposes, to cloning bank details, accessing data offers a number of financial gains. There is evidence that organised groups from areas such as Eastern Europe are obtaining the majority of their income through small scale cyber-crimes.

If you are a SME taking advantage of technology to drive your business success, you really need to put measures in place to make it more difficult for your company to be targeted. This needn’t be a costly exercise, but does need to be regularly reviewed and updated, to keep pace with developments. Whilst nothing can guarantee to fully protect your business, below are ten information assurance recommendations for SMEs:

1. First, you need an audit to work out what areas of your business need protecting and prioritising these, so you know where to focus your attention. This could include any specialist applications that give you a competitive advantage or highly confidential data.

2. You need to identify what device connects your business to the internet and install a firewall if one isn’t already in place. This needs to be configured and updated regularly to ensure it is fit for purpose.

3. Higher risk activities such as online banking should take place on a machine where no other web browsing takes place.

4. Strong passwords, including a combination of letters, numbers and symbols in upper and lower case should be used and not shared with other staff members

5. Back-up systems for data should be used, so if your system is hacked, you haven’t lost all of your work.

6. In many businesses all staff have access to all files, but this isn’t usually necessary. Consider restricting access to data that individuals do not need in order to undertake their role.

7. Any removable data, such as USB sticks and DVDs used to store business data should be restricted to work use only. They should ideally be kept in the workplace and stored securely. Where possible the data on these should be encrypted, so if stolen, it can’t be used.

8. With increasing numbers of people working from home,, it important that any computers used have anti-malware software installed and are password protected.

9. Incorporate security measures into your staff training.

10. Regularly review the measures you have put into place, updating software as necessary and reminding staff of good practice.

 

If your business would benefit from higher levels of information assurance, ECA www.ecalimited.co.uk/information-assurance.htm offer the extensive expertise to secure the data, information and other documentation stored electronically within your company.

Posted in Uncategorized | Leave a comment

Clipper Round the World 13-14

We are delighted to announce that our Practice Lead for ECA Ocean Trusted Crew Services has been selected as one of twelve professional skippers for the Clipper Round the World Race 13-14. This group of elite professional skippers will lead 12 evenly matched and identical boats, crewed by amateur sailors from all over the world. The Clipper Race  is the only race in the world where the organisers supply the fleet of 12 identical, 70-foot, stripped down racing yachts – each sponsored by a city, a region or a country – and man each with a fully-qualified skipper, employed to lead the crews safely around the globe. It’s where taxi drivers rub shoulders with chief executives, vicars mix with housewives, students work alongside bankers, nurses work with vets and doctors team with rugby players. It’s an experience that will change people’s lives. Yet while the crews may be amateur, no one has told the ocean that.

The sea does not distinguish between Olympians or novices and if the Southern Ocean, the Pacific or the South Atlantic decides to throw down the gauntlet, the Clipper Race crews need to be ready to face exactly the same challenges as those experienced by professional racing crews. And, when they return from the biggest challenge they have ever faced, the crews bring home countless lessons with them. The importance of teamwork and the importance of respect. Of giving more than you take. Of learning what your body is capable of. An appreciation of cultures, religions, lifestyles and attitudes that connect with communities right around the globe. These lessons will be fed into our work on Matt’s return and we are planning a series of leadership workshops which will enable you to gain appreciation of the lessons learnt on what has to be the longest and most challenging team-building and management task available today!

We will be keeping you updated with the progress of Matt and his crew as they battle the oceans on their 40000 mile circumnavigation, and you can view details of Matt and his crew here: https://www.clipperroundtheworld.com/crew#CV23. The race starts on Sunday 1st September, and we will link to the Race Tracker from that date.

Posted in Uncategorized | Leave a comment

ECA invited by the Centre for the Protection of National Infrastructure (CPNI)

The ECA Group are delighted to be members of the invitation-only team of industry experts working with the Institution of Engineering and Technology (IET) to  undertake pioneering work in establishing Intelligent Building Standards for the UK. ECA were invited by the Centre for the Protection of National Infrastructure (CPNI) to be part of the team.

The IET announced:

Pioneering work to establish intelligent building standards

Pioneering work to develop standards of good practice for protecting intellectual property and the design and operation of building systems has been launched by the Institution of Engineering and Technology (IET).

The IET’s technical briefing: the Resilience and Cyber Security of Technology in the Built Environment has been developed by industry experts with the support of the Centre for Protection of National Infrastructure (CPNI).

The document examines the issues in relation to the building’s life-cycle; from concept, through design, construction, fit-out and operation, to its eventual decommissioning and demolition.

Hugh Boyes, the IET’s cyber security expert, said: “Our society is increasingly moving towards the creation of intelligent or smart buildings for economic and environmental reasons.

“In an intelligent building a range of systems will be integrated to improve the efficiency of the building’s operations, particularly its utility consumption, and to improve the occupants’ enjoyment of the accommodation.

“From a resilience perspective the additional complexity increases the risk of systems failure which could simply cause inconvenience or in some circumstances lead to serious injury or loss of life. In terms of cyber security there is increased risk of corruption or hackers interfering with the safe and secure operation and occupancy of the building.

“This technical briefing examines the different sources of threats across the building lifecycle from initial concept through to decommissioning. It considers potential threat agents that could cause or contribute to a cyber security incident and identifies some of the measures that may be appropriate to reduce the risks.”

The briefing can be downloaded from the IET website at: www.theiet.org/cyber-buildings-pr or from the ECA Group website here.

Please contact Martin Hogan or Tony Collings of The ECA Group to discuss resilience, cyber security and technical requirements of intelligent buildings development.

Posted in Uncategorized | Leave a comment

‘Big Data’- Separating The Wheat From The Chaff: Part Three

 

Data security implications.

 

What this means in practical terms is that vast amounts of data will come flowing into organisations who will look to clump it all together for convenience – looking for trends based on behavioural/ transactional/ relational data which will be pulled together and kept it in one place for ease of reference and sharing; this is likely to be either in-house or in the ‘cloud’.

 

This fact immediately raises a number of associated questions that may, or may not be of concern at corporate level; these should be:

 

 

  • What have we got? Is it information or data? (considered as one for the purpose of this White Paper)

  • Who owns the data?

  • Is it ours with IPR or other commercial value to others and must be appropriately protected?

  • Are there any caveats on its’ use i.e. Data Protection caveats on collection and retention

  • In whose jurisdiction was it collected, held, manipulated, shared etc?

    • Is the data being used for the purpose for which it was collected?

    • Is the length of time the data is being held appropriate?

  • Is it personal data?

    • If so did the data subject give their permission for that data to be collected?

    • Did they give permission for that data to be shared? (The dreaded Opt-in or Opt-out debate, and a particular problem)

  • With whom may they legally ‘share’ the data, internally, nationally, internationally?

  • Are there regulations and regulators that would seek to monitor and prescribe on use?

 

 

Part of the problem is that current legal and regulatory frameworks are trailing behind and do not currently sweep up this new data paradigm. Legislation is normally reactive not predictive. Generally the regulators have yet to proclaim in this particular regard, but this does not change the basic fact that all data acquired, used and stored by whomever must still comply with EU legislation, National DPA and associated regulations.

 

 

There should also be an understanding, and concern regarding, how the concept of Aggregation, Accumulation and Association works. This is a core commercial and intelligence exploitation of data concept but it carries with it associated legal, regulatory and Privacy issues as well. It is likely that corporate entities are storing information that requires adequate and appropriate protection from cyber-attack and unauthorised exploitation, but also they are likely to be collecting, storing and exploiting information and data that falls foul of the Data Protection Act and other regulations internationally.

 

 

In our experience, from the corporate perspective, this area is mostly ignored or at best there are varying levels of corporate ignorance. Earlier this year, Dame Pauline Neville- Jones,a former security minister who is now the HM Government’s special representative to business on cyber-security warned:

 

 

There is a vast swathe of corporates who have valuable intellectual property; much more valuable than they understand which is inadequately protected…the level of awareness is nothing like it needs to be. This is a very, very serious state of affairs.”

 

 

At the commercial and corporate level the executive solution to both the ‘cyber’ and the’ big data’ challenge is that it is simply a ‘compliance’ issue and thus handed down the management chain. Tempting though it may be to pass the buck, this is firmly an executive, Board level legal responsibility.

 

 

Additionally, if one considers who could be looking at the data, the issues become more significant.

 

There is a real threat that the inadequately protected data could be mined by almost anyone:

 

The potential for untrained/ ignorant or malign individuals, or organisations, to gain access to or give access to (and potentially alter) huge amounts of personal and corporate data potentially opens up significant issues:

 

  • Companies might inadvertently be using aggregated information to which they are simply not entitled

  • Individuals could get access to information about other individuals or families or companies that could be viewed as ‘private’

  • Criminals and others suitably equipped and motivated (who can also acquire the means to aggregate ‘Big Data’) would equally see this as a potentially lucrative global opportunity.

 

Consider a data set that has aggregated data from emails, social media accounts, travel bookings, weblogs, Company’s House, loyalty cards, credit reference agencies, insurance companies, automatic number plate readers, Google, photos and videos on YouTube and CCTV footage.

 

This could then be combined into a data set that has name, gender, age, address, nationality, passport and social security details, social standing, financial information, number of children, schools, travel patterns, household purchases, political affiliations, religion and religious affiliations etc. and this data would be easily available outside the country in which it was generated.

 

Considering for a moment UK government ‘best practice’: which indicates that using the metrics of Confidentiality (Security), Integrity, Availability and Privacy this data would conventionally warrant protection in terms of its’ impact to the individual or corporate body for loss or compromise. Such information or data would require some means of appropriate “assurance process that ensures controls and safeguards be in place to prevent unauthorised access”.

 

 

There is evidence to suggest that most users of Big Data have simply not given this concept and duty a moment’s thought.

 

 

Effectively they are ‘running blind’ and relying on the conventional mantra, ‘if it costs me money, I don’t want to know and when it fails, fix it’. It is far better to predict and prevent failure than to experience failure and fix it, having to deal with significant reputational fallout and damage in the process. Add to this the little known and understood implications to data held by US companies who are under an obligation to share any and all data under their control, anywhere to the US Federal Authorities if so requested under the Patriot Act (The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001). This places executives in a difficult position with other legislative and regulatory regimes that will forbid such disclosures and place them in ‘double jeopardy’ between a rock and a hard place.

 

Summary

 

From a compliance perspective there are a bewildering array of ‘Tools, Policies and Processes’ that were designed for another problem and not this one whose scope is enormous.

 

At executive level ‘Big Data’ at whatever level of definition and opportunity is the “Elephant in the room”, dominating, powerful and dangerous if mishandled. Even following the advice, ‘first cut the Elephant into bite sized chunks’ ‘Big Data’ is a challenge not well understood.

 

This is a Wake up Call to:

 

  • Understand what Big Data is and what it is not

  • Realise your opportunity and accept that with it come added responsibilities

  • Understand the concept of Predict and Prevent problems before failure bites, ignorance is no defence when failure strikes

 

___________________________________

This is the final instalment of a three-part story on Big Data – part one here, and part two is available here.

Data security implications.

What this means in practical terms is that vast amounts of data will come flowing into organisations who will look to clump it all together for convenience – looking for trends based on behavioural/ transactional/ relational data which will be pulled together and kept it in one place for ease of reference and sharing; this is likely to be either in-house or in the ‘cloud’.

This fact immediately raises a number of associated questions that may, or may not be of concern at corporate level; these should be:

  • What have we got? Is it information or data? (considered as one for the purpose of this White Paper)

  • Who owns the data?

  • Is it ours with IPR or other commercial value to others and must be appropriately protected?

  • Are there any caveats on its’ use i.e. Data Protection caveats on collection and retention

  • In whose jurisdiction was it collected, held, manipulated, shared etc?

    • Is the data being used for the purpose for which it was collected?

    • Is the length of time the data is being held appropriate?

  • Is it personal data?

    • If so did the data subject give their permission for that data to be collected?

    • Did they give permission for that data to be shared? (The dreaded Opt-in or Opt-out debate, and a particular problem)

  • With whom may they legally ‘share’ the data, internally, nationally, internationally?

  • Are there regulations and regulators that would seek to monitor and prescribe on use?

Part of the problem is that current legal and regulatory frameworks are trailing behind and do not currently sweep up this new data paradigm. Legislation is normally reactive not predictive. Generally the regulators have yet to proclaim in this particular regard, but this does not change the basic fact that all data acquired, used and stored by whomever must still comply with EU legislation, National DPA and associated regulations.

There should also be an understanding, and concern regarding, how the concept of Aggregation, Accumulation and Association works. This is a core commercial and intelligence exploitation of data concept but it carries with it associated legal, regulatory and Privacy issues as well. It is likely that corporate entities are storing information that requires adequate and appropriate protection from cyber-attack and unauthorised exploitation, but also they are likely to be collecting, storing and exploiting information and data that falls foul of the Data Protection Act and other regulations internationally.

In our experience, from the corporate perspective, this area is mostly ignored or at best there are varying levels of corporate ignorance. Earlier this year, Dame Pauline Neville- Jones,a former security minister who is now the HM Government’s special representative to business on cyber-security warned:

There is a vast swathe of corporates who have valuable intellectual property; much more valuable than they understand which is inadequately protected…the level of awareness is nothing like it needs to be. This is a very, very serious state of affairs.”

At the commercial and corporate level the executive solution to both the ‘cyber’ and the’ big data’ challenge is that it is simply a ‘compliance’ issue and thus handed down the management chain. Tempting though it may be to pass the buck, this is firmly an executive, Board level legal responsibility.

Additionally, if one considers who could be looking at the data, the issues become more significant.

There is a real threat that the inadequately protected data could be mined by almost anyone:

The potential for untrained/ ignorant or malign individuals, or organisations, to gain access to or give access to (and potentially alter) huge amounts of personal and corporate data potentially opens up significant issues:

  • Companies might inadvertently be using aggregated information to which they are simply not entitled

  • Individuals could get access to information about other individuals or families or companies that could be viewed as ‘private’

  • Criminals and others suitably equipped and motivated (who can also acquire the means to aggregate ‘Big Data’) would equally see this as a potentially lucrative global opportunity.

Consider a data set that has aggregated data from emails, social media accounts, travel bookings, weblogs, Company’s House, loyalty cards, credit reference agencies, insurance companies, automatic number plate readers, Google, photos and videos on YouTube and CCTV footage.

This could then be combined into a data set that has name, gender, age, address, nationality, passport and social security details, social standing, financial information, number of children, schools, travel patterns, household purchases, political affiliations, religion and religious affiliations etc. and this data would be easily available outside the country in which it was generated.

Considering for a moment UK government ‘best practice’: which indicates that using the metrics of Confidentiality (Security), Integrity, Availability and Privacy this data would conventionally warrant protection in terms of its’ impact to the individual or corporate body for loss or compromise. Such information or data would require some means of appropriate “assurance process that ensures controls and safeguards be in place to prevent unauthorised access”.

There is evidence to suggest that most users of Big Data have simply not given this concept and duty a moment’s thought.

Effectively they are ‘running blind’ and relying on the conventional mantra, ‘if it costs me money, I don’t want to know and when it fails, fix it’. It is far better to predict and prevent failure than to experience failure and fix it, having to deal with significant reputational fallout and damage in the process. Add to this the little known and understood implications to data held by US companies who are under an obligation to share any and all data under their control, anywhere to the US Federal Authorities if so requested under the Patriot Act (The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001). This places executives in a difficult position with other legislative and regulatory regimes that will forbid such disclosures and place them in ‘double jeopardy’ between a rock and a hard place.

Summary

From a compliance perspective there are a bewildering array of ‘Tools, Policies and Processes’ that were designed for another problem and not this one whose scope is enormous.

At executive level ‘Big Data’ at whatever level of definition and opportunity is the “Elephant in the room”, dominating, powerful and dangerous if mishandled. Even following the advice, ‘first cut the Elephant into bite sized chunks’ ‘Big Data’ is a challenge not well understood.

This is a Wake up Call to:

  • Understand what Big Data is and what it is not

  • Realise your opportunity and accept that with it come added responsibilities

  • Understand the concept of Predict and Prevent problems before failure bites, ignorance is no defence when failure strikes

Posted in Projects and Programmes | Leave a comment

‘Big Data’- Separating The Wheat From The Chaff: Part Two

Making sense of it all:

To put all of these sources into some kind of useable, understandable order is difficult and there are many opinions, however, leading the charge in servicing this potential new ‘big thing’ is Oracle, who IDC believe to have the most balanced and most comprehensive offerings in both storage and analytics- and whilst there are clear competitors at every level, it makes sense to use the Oracle definitions at this time.

1

The McKinsey Global Institute estimates that data volume is growing at 40% per year, and will continue to grow 44 times between 2009 and 2020. But while it’s often the most visible parameter, volume of data is not the only characteristic that matters.

To clarify matters, the 3 Vs of Volume, Velocity and Variety are commonly used to characterize different aspects of big data. They’re a helpful prism through which to view and understand the nature of the data, however, those 3 are incomplete- from the ECA perspective there are an additional 2 V’s that are as important, Value and Veracity (what we would also term ‘Integrity’ a concept that has been around for a very long time where Integrity = Accuracy, if data is not accurate it’s commercial use is limited).

  • Volume. Machine-generated data is produced in much larger quantities than non-traditional data. For instance, a single jet engine management system can generate 10 Terra Bytes (TB) of data in 30 minutes. With more than 25,000 airline flights per day, the daily volume of just this single data source runs into the Petabytes (1 million gigabytes). Smart meters and heavy industrial equipment like oil refineries and drilling rigs generate similar data volumes, compounding the problem. (Whilst this is impressive from a technical viewpoint- there would- on the face of it, seem to be little of commercial interest in these vast volumes of data which are, or should be restricted to tight commercial confidentiality, even IPR.) However- what is also true is that increasing data volume beats improving your modelling, given modern analytics and the ease with which analytical algorithms can be generated 600 data points would produce a better forecast than a dozen and would, for example, predict demand more accurately.
  • Velocity. Social media data streams – while not as massive as machine-generated data –produce a large influx of opinions and relationships valuable to customer relationship management. Even at only 140 characters per tweet, the high velocity (or frequency) of Twitter data ensures large volumes (over 8 TB per day). The Internet and mobile era means that the way we deliver and consume products and services is increasingly instrumented, generating a data flow back to the provider that can be harvested as part of the sea of ‘Big Data’. Online retailers are able to compile large histories of customers’ every click and interaction: not just the final sales. Those who are able to quickly utilise that information, by recommending additional purchases, for instance, gain significant competitive advantage.
  • Variety. It is self evident that data will not always be present in a way that is perfectly formatted for use or analysis. Traditional data formats tend to be relatively well described and change slowly. In contrast, non-traditional data formats exhibit a bewildering rate of change. A common thread in Big Data is that data sources are diverse, and don’t fall into neat relational structures, therefore, a common use for Big Data analytics platforms is to extract ordered meaning out of unstructured mass data.
  • Value. The economic value of different data varies significantly. Typically there is good information hidden amongst a larger body of non-traditional data; the challenge is identifying what is valuable and then transforming and extracting that data for analysis.
    Jeff Jonas, chief scientist at IBM’s Entity Analytics group says : “The value of data is proportional to the context it’s in. Making better sense of the observable space and reacting faster [allows for] the best edge.” Traditionally in military or intelligence circles mass data is not intelligence until it is analysed, with context and association added to then become valuable.
  • Veracity. All of the above means very little if there is doubt about the accuracy of the data being used and this can come about in various ways. Uncertainty due to incomplete data, entry errors, processing, sensors, social media, latency of information, deception, modelling approximations, etc. Incorporating inaccurate data into the analytical environment introduces unknown variations that resonate along any management initiatives. When data is spread out over multiple systems, different data standards, formats etc. the error factor is potentially magnified exponentially. Accurate and relevant contextual data that is reliable and delivered quickly has huge competitive advantage. To quote the American general Patton “he who gets there firstest, with the mostest usually Wins”!

What does this mean for potential commercial clients?

 

Commercial organisations are being feted with the notion that using the transactional data they have been storing for decades, and analysing that alongside the ‘treasure trove’ of newly available unstructured data, will yield in-market competitive advantage.

As a result, more and more companies are looking to include non-traditional yet potentially very valuable data and their traditional enterprise data in their business intelligence analysis.

The commercial challenge now is to make sense of what data is potentially valuable and what is not, then how to make sense of it all and what to do with it to give a commercial gain over competitors – who will probably be trying to do the same thing!

How companies go about that will naturally depend on which industry they are in, however, the process remains largely the same. Companies will need to have the ability to acquire the necessary data, organise it into useable chunks, analyse it and then come to implementation decisions, whilst not falling foul of the Regulator (if there is one, Regulators recognise a ‘duty of care’ and can determine the jurisdictional challenge).

1 Oracle Information Architecture: An Architect’s Guide to Big Data- August 2012.

___________________________________

This is the second instalment of a three-part story on Big Data – part two can be found here, and part three will be uploaded on December 19th.

Posted in Projects and Programmes | Leave a comment

‘Big Data’- Separating The Wheat From The Chaff: Part One

Introduction

This White Paper seeks to examine the emergence of the ‘Big Data’ phenomenon and attempts to give insight and understanding as to what it is, why it seems to be important right now, and examines the potential issues that are likely to cause headaches – from the perspective of the cyber aware executive and security professionals and how the risks may be identified and mitigated.

What is ‘Big Data’?

Today the term “big data” draws a lot of attention, there now seems to be a viable commercial concept behind the hype, with plenty of big companies having hefty vested interest in making this the next ‘big thing’.  It is also part of the growing awareness of “cyber”.

There are any number of players looking to climb on to this particular band wagon, from those who sell storage space and hardware to those offering the latest in analytics suites. They range from niche advisory services to the out-source analytics houses and the big consulting firms attempting to tell the world why their take on the issue is unique and invaluable and every shade in between.

Make no mistake, from their perspective, ‘Big Data’ is the new ‘Big Thing’- but whether its’ true value is being over- hyped (think early days CRM and the wild claims doing the rounds in the late 90’s) or whether the idea is real, the implementation (and success) will depend on the competitive space.

Big Data is all about finding a needle of value in a haystack of unstructured information. Companies are now investing in solutions that interpret consumer behaviour, detect fraud, and even predict the future! McKinsey released a report in May 2011 stating that leading companies are using big data analytics to gain competitive advantage predicting a 60% margin increase for retail companies who are able to harvest the power of big data¹.

Reductions in storage and computing power costs have made it feasible now to collect, store and analyse unprecedented volumes of data- no matter how structured or otherwise it might be.

There now exist vast amounts of data in non- traditional, less structured environments; e.g. weblogs, social media, email, sensors, geo-data, videos and photographs which can be mined for useful information. Ownership of that data is an interesting question, large portions of it being personal data that ought to be subject to legal and regulatory controls.

¹ – Oracle Big Data white paper, January 2012
______________________

This is the first instalment of a three-part story on Big Data – parts two and three will be uploaded on December 12th and December 19th, respectively.

Posted in Uncategorized | Tagged , , , | Leave a comment

Latest Trends in Cyber: Emperor’s New Clothes?

In the coming months we’ll be commenting on some of the key news trends in the world of Cyber Security Assurance and posting a number of papers and eBooks for downloading.

As I spend increasing amounts of time as an Expert Witness for Cyber Assurance I have been struck by the frequency with which the same scenarios and failings of management are repeated. The lessons learned from previous mistakes are lost, and history repeats itself.  Bismarck said:  “Fools learn from their own mistakes, a wise man learns from the mistakes of others and does not repeat them.” How much of what is currently hyped in the security world can be seen as the Emperor’s New Clothes, and how much is genuinely ground-breaking and pushing forward not only technology but management skills and business opportunity?  The industry which has grown up around Big Data alone is worth more than $100 billion and growing at almost 10% a year – roughly twice as fast as the software business as a whole (The Economist. 25 February 2010. http://www.economist.com/node/15557443.)

Key trends that we’ll be looking at:

Big Data”: what is it, is it marketing hype, a challenge, a genuine opportunity for the data owner (rather than the analysts) or a combination of all of these?

Intelligent Buildings and structures” are increasingly developed as hybrid structures combining power, communications, management and storing personal information with some interesting compromises between security, privacy and unfettered access.

Cyber” has been a much hyped and misunderstood phenomenon but one of massive significance to us all, in business it is far too important to be left to the IT department, it is an Executive responsibility and function: getting it wrong is not an option.

The Cloud” has been a marketing triumph, but is nothing new – it’s Distributed Architecture re-branded.  The Cloud brings potential cost savings, but like so many other things, if misunderstood, mis-sold and implemented casually also brings serious shortcomings.

UK Government re appraisal of its protective marking scheme” – driven by potential cost and complexity savings this will be an interesting development with an underlying attempt at ‘personal accountability’: we’ll be “in the thick of it” for a very “Yes Minister” experience

And lastly, but maybe first:

“To patch or not to patch?” – we have seen more panic and hot air around ‘patching’ or the application of a manufacturer’s fix to a known failing than most other factors in ICT.  What most people do not fully comprehend is that patches have to be applied to real systems that are complex and all different – the law of unintended consequences applies here more than most other places.  Patching is both an art and a science and has to be very carefully tested before being applied to an operational system, or there can be tears.

Posted in Uncategorized | Leave a comment