This site should appeal to the security and safety interests of everyone, including those with strategic oversight of organisations and communities. The issues covered here are extremely pertinent to senior policy-makers, IT strategists, analysts and top business managers.
Winn Schwartau has been at the forefront of information security since the 1990s and his views are often ‘ahead of the curve’. Although what he says may occasionally be considered unconventional or jarring to the refined etiquette of some boardrooms, his underlying messages need to be taken far more seriously.
These days, Winn’s concerns about our mounting reliance upon various IT infrastructure without appropriate risk management has a faint echo of Taleb’s writings about ‘Black Swan’ events, just prior to the global banking crisis. Even the World Economic Forum has identified interconnectivity risks as a major issue. In this short video, Winn talks of his concern about how organisations are adopting sometimes mission critical cloud-based solutions, possibly without a full and thorough appraisal of the risks, in pursuit of near-term profit/savings (Sounds like banking back in 2006!)
Whilst I personally am in favour of cloud solutions, they should only ever be implemented after having considered a thorough resilience review. Think back to how Japan’s terrible earthquake and tsunami temporarily disrupted industries around the world as a result of their reliance upon JIT manufacturing and lack of strategic inventory. Now imagine the impact of a business within your value-chain losing access to mission-critical cloud based services: potentially for days. Would your business survive the short term financial or long-term reputational consequences? If you deliver a crucial service, how will your stakeholders fare? Now, imagine from Winn’s perspective that, regardless of how advanced defences may seem, cyber-warfare can be waged from the state level, through to a teenager in a bedroom, and physical infrastructure is vulnerable too. Just as issues of poor diligence, over-leveraging and overly complex derivatives were considered by most as too tough to talk about back in 2006, these seemingly negative issues are being treated the same way today.
Most of Winn's talks online are much longer. His interests cover all manner of cyber security, ranging from risks attaching to people bringing their own mobiles and smart-phones into work (His focus is mainly big business, for a look at the issues attaching to smaller businesses and what is termed BYOD, check out this Forbes piece) to national cyber-security strategy and planning. H.M. Govt. should pay attention.
In due course I may include a post or two on dynamic risk management matrices, as these relate to the security and safety of organisations, although this is a rather niche subject and dozens more mundane posts are required first. Regardless, if anyone reached this post that finds it interesting, I would welcome some contributions/constructive comments, as they may justify more effort in this space.
