Edward Ferrara

Issue 90 of Board Perspectives: Risk Oversight published by Protiviti Inc. (“Protiviti”) addresses the role of Boards of Directors (“Boards”) in ensuring cybersecurity capabilities are continuously improving in the organizations they serve.  Protiviti sites cyber as being amongst the top five risks for many businesses across industries, largely due to innovative IT transformation initiatives (e.g. mobile device usage, cloud computing solutions).

Research conducted by Protiviti indicates that Board engagement in security matters has improved, and they presented the following eight “business realities” for Boards to consider in order to maintain this trend:

1. The organization must be prepared for success.  Protiviti recommends Boards ensure cybersecurity is managed in a manner that allows organizations to benefit from technological innovation through resilient policies and systems rather than overly managing cyber risk at the expense of technical evolution.
2. It is highly probable that the company is already breached and doesn’t know it.  Cyber risk events may have already occurred and/or are underway at companies that don’t have the ability to detect them.  Protiviti suggests organizations become resistant to cyber events to protect their reputation and brand image.  They recommend that periodic simulations of attacks be performed and the effectiveness of defenses assessed, and that Boards focus on the length of time it takes for organizations to detect and respond to breaches.
3. The board should focus on adverse business outcomes that must be managed.  Protiviti suggests Boards encourage focus on organizational strategies and objectives when assessing security risks as opposed to only protecting the underlying “key” systems/applications.
4. Cyber threats are constantly evolving.  Protiviti stresses the need for evolutional protection measures in order for organizations to stay ahead of threat profiles and recommends Boards become aware of how management identifies and responds to new cyber threats.
5. Cybersecurity is like a game of chess, so play it that way.  Protiviti cautions that reliance on technology to effectively monitor security is unsafe in today’s computing environment, and suggests organizations improve their methods of delivering protective services to create enterprise-wide cyber awareness.
6. Cybersecurity must extend beyond the four walls.  In light of collaboration with third parties and increases in access extended to channel partners (e.g. vendors) and customers, Protiviti recommends Boards hold management responsible for assessing associated vulnerabilities and proactively implementing cost effective solutions.
7. Cyber issues cannot dominate the IT budget.  Protiviti warns Boards that they should not allow cybersecurity spend to disproportionately suppress technological advancements, cautioning that insufficient funding for innovation could result in insolvency due to the organizations failure to remain competitive against new market entrants.
8. Directors should gauge their confidence in the advice they’re receiving.  Protiviti recommends Boards consider adding technology savvy members or advisors to assess the adequacy of expertise the Board relies on regarding cybersecurity matters.

Protiviti also reported that cybersecurity program offices are emerging for the purpose of successfully managing large security projects in organizations that are not readily capable of managing cyber risks.

In closing, Protiviti reiterated the need for companies to target protection investments on business outcomes, maintain awareness/understanding of the changing threat landscape, and prepare for inevitable incidents since cyber risks will continually evolve and become increasingly difficult to manage.

My favorite sentence in the article was: “It is always less expensive to build security into a system’s design early rather than to retrofit it later.”  What’s yours?

Who is Edward Tufte?

Edward Tufte is an analytical design theorist, educator, and landscape sculptor best known for his self-published books on analytical design. Furthermore, Edward Tufte was famously known for noting his writings and impact on information design such as scatter graphs, bar charts and line graphs including so many more graphical graphs , and also Edward Tufte was a pioneer of data visualisation meaning how data (a.k.a information) is presented as graphical content for important use.

Measuring Misrepresentation

The lie factor is calculated by dividing the size of the effect shown in the graphic by the size of the effect in the data.

If the lie factor is GREATER THAN 1 the graph OVERSTATES the effect.

Principles of Graphical Integrity

1. The representation of numbers, as physically measured on the surface of the graph itself, should be directly proportional to the numerical quantities represented.
2. Clear, detailed and thorough labeling should be used to defeat graphical distortion and ambiguity. Write out explanations of the data on the graph itself. Label important events in the data.
3. Show data variation, not design variation
4. In time-series displays of money, deflated and standardized units of monetary measurement are nearly always better than nominal units.
5. The number of information carrying (variable) dimensions depicted should not exceed the number of dimensions in the data. Graphics must not quote data out of context.
6. Graphics must not quote data out of context

Source:

http://classes.engr.oregonstate.edu/eecs/spring2015/cs419-001/Slides/tufteDesign.pdf

Focus, personality and reader comments are key to building an audience, say popular bloggers

By William Kraska Spring 2005

The Internet contains nearly 3 million active blogs, according to one recent count, with topics ranging from politics to movies, to food, to the emotional ramblings of high-school teens. With so many blogs, how does one become popular? What qualities will distinguish a blog from the massive congestion in the blogosphere? Blogs become successful because of specificity and passion, according to Kevin Donahue, co-creator of Fanblogs, a college football blog described by Forbes.com as the best blog dedicated to a single sport. “Repeat visitors feel an ownership and loyalty to the blog. They will police comments, pointing out when someone is out of line.” “Have a single focus about a topic you really enjoy, and put a little of yourself into it,” he says. Fanblogs prospers because college football already has a loyal fan base. “And that passion translates into a loyal readership.” Reader comments are a significant factor in blog popularity, according to several bloggers. Hart Brachen, creator of the snarky, ironic blog The Soxaholix says, “People who leave comments build the community aspect that really helps a site become more than just one blogger writing into space. Comments let you know what’s working and what’s not, and inspire you to keep at it.”

Daniel Kasman, a writer for the popular film discussion blog MilkPlus, agrees. Posted comments will keep a blog “fresh and full of discourse,” he says. Lockhart Steele, the managing editor of blog publisher Gawker Media, says that after a blog develops an audience, readers will submit tips and fact-check stories. They basically “do all of the work for you.”

Dedicated readers also keep a blog’s integrity in check. “Repeat visitors feel an ownership and loyalty to the blog,” observes Fanblogs’ Donahue. “They will police comments, pointing out when someone is out of line.” But before a blog is able to rely on its readers to help it succeed, a blogger must sometimes wait months, or even years, before a regular following develops. While some bloggers believe that they’re going to attract regular commenters within days of launching their blogs, Holiday of Fanblogs says, “it doesn’t happen like that.”

Modifying a quote from the movie “Field of Dreams,” he says: “If you build it, they will come … slowly.”

ORIGINAL SOURCE: Kraska, W. (2005). What Makes a Good Blog. Retrieved from http://journalism.nyu.edu/publishing/archives/notablog/story/good_blog/