Posts Tagged ‘CIO consultant’

Want a Successful IT Transformation Project? Try tweeting, texting and blogging…

March 10, 2011

In the not so distant past, IT Transformation efforts utilized email and communication managers to communicate updates to the employees of an organization. This was only as effective as the communications manager and leadership team ability to keep the mechanism moving. This method of communicating primarily only allowed for one way communication – normally taking the shape of progress reports, status reports or issue reports.

The introduction of Facebook has changed the way we communicate electronically from a one-way to two-way communication to the masses. The ability to get real-time feedback from a small group or from millions of people on a comment, idea, or thought has transformed the way we as a people tend to communicate. Twitter has pushed this concept even further, people now have the ability to “follow” specific people or discussions. Now when one person states their opinion, status or issue, it is heard by hundreds, thousands or even millions of people.

With the advent of social networking, an ordinary person has the ability to reach large numbers of people with minimal effort and resources. And the people you reach have an opportunity to talk back and share their opinions. The power to sway mass opinion is now available to everyone. Companies have recognized this phenomenon and have tapped into this network. At first, most companies viewed this as just another form of feedback or input on their performance. But remember, true social networking is a “two-way” communication. Smart companies have recognized this and are using social media outlets to talk directly with their end consumers, with minimal efforts and cost.

The question has always been asked as to why IT Transformation projects fail and the most common answer after all of the dust has settled is that they fail due to a lack of communication. The second reason they fail is due to a lack of communication and the third reason they fail is a due to a lack of communication. I know it’s redundant, but there is no other reason! Today’s generation are more likely to communicate via Twitter, Facebook and texting than they are by email. Companies undergoing an IT Transformation need to take a page from this generation’s playbook and establish a two-way dialog during their IT Transformation initiatives.

So the question is “How?” Most companies do not want their internal transformation initiatives on Facebook or Twitter.  A good solution is the use of Microsoft SharePoint–a platform that allows companies can create a discussion dialog that allows people to communicate with the Transformation Team and with each other. Not the same as Facebook, but users can “write on a SharePoint wall.” You can also use internal Web Pages that support Blogs or Forums that provide similar functionality.

Almost every company uses some form of internal / external Instant Messenger (IM). Although this is not the same a Twitter, you can simulate some of Twitter’s functionality. As long as your IM software will deliver messages to offline people when they log in, it will function like a “tweet.” In addition, most IM software will allow you to create “chat rooms” that will allow people to communicate with each other on-line and with your Transformation Team.

Now once the tools are in place the Transformation team MUST ALSO use them. The worst thing that can happen is that when people send questions to the team and those questions go unanswered which can also allow rumors to spread across the organization without being addressed. Remember, smart companies are already using social networking tools to reach their end consumer. And really smart companies are turning Social Networking into a mechanism to reduce risk on their mission critical IT Transformation projects.

So you’ve been hacked–NOW WHAT?

November 9, 2010

Jill Liles of the Global Knowledge company has written a very good article that outlines the immediate steps required by Information Security Officers and CIOs  if they find that their systems have been hacked.  The essence of the article is below with a few additions.

First of all, don’t panic.  Obviously the plan that you had in place to prevent such an attack needs to be updated to reflect the current circumstances. But before you do that, you need to take the following  five steps in order to respond and defend against future attacks.

1. Execute your Emergency Plan

Every system should have some sort of disaster recovery plan associated with it before it goes into production. These plans usually cover such things as intruder scenarios and security breaches, natural disaster scenarios, man-made disaster scenarios and the steps required for remediation.

Like many first responders in critical situations the first step is to not make the situation worse than it is. Even though it will be difficult to stop your natural instincts to shut everything down and pull the plug on power or connectivity. You might be causing more issues than what the initial attack had caused.  Even though your efforts to protect the system or data have been compromised continue to evaluate the accuracy of your remediation plan as you learn more about the intrusion.

2.  Act Deliberately

Determine the extent of the intrusion by identifying which systems, routers, and data have been compromised.  Once this is done determine the amount of isolation that is required to limit the impact of the attack. Check inbound and outbound router logs to determine where the attack was initiated from.  Perform reverse IP lookups to see if the offending system can be easily located. Depending on the nature of the attack and the complexity of the attack

3.  Clean Up and Restore

Based on business priorities, bring systems back on-line and begin monitoring them regularly. Replace any hacked data with the most recent stable backup. Change the passwords for all affected devices, users, and applications, including the root password and default accounts.

4.  Prevent Other Attacks

Modify your security structure so this type of attack can be prevented in the future. Learn from this attack so remediation processes are updated accordingly. Some malware can lie dormant after being “removed,” waiting years for an opportunity to reactivate, so be sure you continually protect your network, including installing the latest software patches and performing a regular vulnerability assessment.

5.  Communicate

Depending on your industry, a security breach may require you to notify people outside the company, particularly if the incident affects your compliance with a regulation such as PCI, GLBA, or HIPAA.

If you want to pursue criminal charges or recover damages, you should contact your local law enforcement’s cybercrime unit or national law enforcement.