Category Archives: Technology Risk

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам.

Purchasing a Risk Management Information System

Posted on by

It’s bound to happen. At some point, nearly every risk manager is faced with the need to purchase or replace a risk management information system (RMIS).

The decision may be driven by the obsolescence of an existing RMIS, a need for different or more robust capabilities, organizational changes and general systems upgrades that facilitate wider application of data analytics.

The good news is that RMIS long ago transcended their traditional roles in claims tracking, analytics and benchmarking, and they continue to evolve. Today RMIS offer an array of sophisticated capabilities, including applications to support enterprise risk management and global strategic risk management initiatives.

To get the RMIS that best meets your current and emerging needs, thoughtful consideration is called for. In light of exciting RMIS developments, here are a few ideas that might help.

Rethink your RFP. A rigid RFP process with a defined set of parameters and limited detail might leave you with insufficient information and result in a choice that is less than optimal. With many risk managers now required to address more complex exposures, provide sophisticated analytics, and drive down costs, contemporary RMIS platforms offer the versatility to support a spectrum of risk management needs. So starting out with a broader conversation about needs analysis versus capabilities can equip RMIS buyers to make better decisions.

Remember, people are key. Sure, new technology is exciting. However, as highlighted in the 2014 Advisen/Bickmore RMIS Review, client service is a top reason for organizations to switch RMIS providers. Do the people on the other end of the phone have the experience to understand your complex business and needs? Can they advise or make the changes within your system? Do they have authority to do so without submitting tickets or routing your problem to another department?

buy atarax online healthdirectionsinc.com/flash/swf/atarax.html no prescription pharmacy

While it is reasonable to assume any RMIS vendor will need to get up-to-speed on the specific needs and priorities of your organization and department, you don’t want to be training a less experienced RMIS vendor or employees at your expense.

Usability: How quickly can your team get up to speed? Unlike a decade earlier–or even just a few years ago–virtually all RMIS users are quite familiar with general website navigation based on their Internet use. Ideally, the RMIS you select will have a simple user experience with navigation that’s fairly intuitive and functions and unique features that are for the most part self-explanatory. Historically, RMIS systems were “siloed” in terms of how their capabilities were developed, so information had to be searched for and located. Today, the workflow of a RMIS should coincide with the user’s organic thought process–and not the other way around.

Scalability: What happens as needs evolve? Today, virtually every RMIS provider claims its system is scalable to handle growing organizations. While that may be true, the question for the buyer to ask is: “At what expense?” When interviewing potential RMIS providers, be sure to ask plenty of “what if” questions so you come away with a clear understanding of what might be involved in scaling, changing, or even reconfiguring a RMIS system.

buy doxycycline online healthdirectionsinc.com/flash/swf/doxycycline.html no prescription pharmacy

Does each and every change come with a price tag, or is the system’s architecture built to accommodate on-the-fly configuration changes?

buy arimidex online healthdirectionsinc.com/flash/swf/arimidex.html no prescription pharmacy

There is no doubt these are challenging times for risk professionals and their organizations. In this environment, choosing the RMIS that is right for you can go a long way toward making your job a lot easier and your team more successful. Happy shopping!

U.S. Policymakers Renew Focus on Data Breach Laws

Posted on by

If we have learned any lessons from the last few years, it is that data breaches present a significant business risk to organizations, often resulting in high financial cost and impact on public opinion. According to a recent study, the average cost of a data breach incident is approximately $3.5 million. With reputation management and a complex regulatory landscape as additive organizational concerns, security and risk professionals face the tough task of ensuring their companies successfully manage the aftermath of a data breach.

A crucial aspect to data breach preparedness is having a strong understanding of the legislative and regulatory framework around data breach notification. However, set against a patchwork of 47 existing laws from nearly every U.S. state, risk and compliance professionals are challenged with understanding and communicating rights for their business and customers. The recent mega breaches experienced by several large companies in the United States has resulted in heightened consumer, media and policymaker awareness and concern, making the potential for new requirements and legislation a hot topic.

Currently, legislation that would establish a national data security and breach standard remains undefined.

However, there has been a renewed focus from policymakers and support from the Obama administration to adopt a national notification requirement – offering clarity and guidance for organizations following a data breach. While legislation awaits, experts expect continued data breach enforcement from the federal level, such as the FTC, alongside state governments.

Additionally, as more data is being stored in the cloud and shared across international borders, standard data breach notification requirements are also being evaluated and established on a global level. For example, the European Union’s (EU) new data breach requirements for telecommunication operators and internet service providers (ISPs) were implemented in August 2013. Now, these entities are required to notify national data protection authorities within 24 hours of detection of a theft, loss or unauthorized access to customer data, including emails, calling data and IP addresses. Based on that legislation, the EU is now also considering expanding the 24-hour notification requirement be applied to all commercial sectors as part of the larger update of the region’s data protection law.

A federal standard is likely on the horizon, but in the meantime, there are a few recommended steps risk managers should evaluate now as part of their preparedness plan:

  • Understand the current notification requirements and enlist legal counsel. Once the details of a data breach are identified, organizations will need to assess which laws apply to the incident. Identifying the right group of experts, including outside privacy counsel, ahead of time can help risk managers quickly navigate this process. However, be aware that within the United States, certain state laws have consumer notification requirements as short as 30 or 45 days. This means there is no time to waste verifying consumer addresses; writing, printing and mailing notification letters; or setting up a call center and other services for affected individuals. To complicate things further, multiple state laws may apply to a single data breach due to the jurisdiction of the affected individuals, not where the business is located. For more information on notification requirements, Experian has developed a guide with tips on data breach response available for download at http://www.experian.com/data-breach/response-guide.
  • Offer identity theft protection. Though laws and industry regulations vary regarding if and when an organization needs to notify victims following a data breach, affected consumers have also expressed their expectation that organizations will offer credit monitoring and identity theft protection services in the aftermath of an incident. In fact, 63% of respondents from a recent survey indicated breached companies should be obligated to provide free identity theft protection to affected customers. Organizations that provide fraud monitoring and identity protection are better positioned to improve compliance and maintain consumer’s trust. Policymakers have also made clear as they evaluate data breach legislation that they expect for companies to take steps to further protect consumers from identity theft following a breach.

As legislation for data breaches continue to be shaped, risk managers preparing for their response plans should ensure they partner with legal counsel to understand various notification requirements, across national and international borders. It is also important to remember data breaches cannot be managed solely as a compliance issue, and to take into account consumer needs and expectations. As part of having a well-practiced pre-breach preparedness plan, risk professionals should focus on clear notification and guidance, along with offering identity theft or fraud protection to protect consumers and ultimately maintain their trust following a breach. With these measures in place, regulators will likely recognize that a company is demonstrating established and responsible procedures for managing and responding to a breach.

More information on data breach legislation and resources can be found at the Experian Data Breach Resolution website and the Experian Data Breach Resolution blog.

Apple Again Leads Gartner Supply Chain Ranking

Posted on by

Gartner announced its top 25-ranked organizations for supply chain in 2014, which includes four in the top-5 that also topped last year’s list. They are: Apple, McDonald’s, Amazon and Unilever, with P&G at fifth place. Gartner analysts announced the findings from this year’s research at its Supply Chain Executive Conference last week.

Apple took the No. 1 spot for the seventh year, continuing to outpace the others by a wide margin on the composite of financial and opinion measures used. McDonald’s placed in second spot for the second year in a row, followed by Amazon.com.

Two new companies joined the Top 25 this year—Seagate Technology (No. 20) appeared for the first time and Kimberly-Clark (No. 21) re-emerged after a year’s hiatus.

A primary goal of the Supply Chain Top 25 research initiative is to raise awareness of the supply chain discipline and how it impacts business, Gartner said. The supply chain rankings comprise two main components: financial and opinion. Public financial data gives a view into how companies have performed in the past, while the opinion component provides an eye to potential and reflects future expected leadership. These two components are combined into a total composite score.

Gartner analysts develop a master list of companies from the Fortune Global 500 and the Forbes Global 2000, with a revenue cutoff of $10 billion. The company then breaks the combined list down to the manufacturing, retail and distribution sectors, eliminating certain industries, such as financial services and insurance.

Analysts highlighted three standout trends for supply chain leaders in 2014:

Supporting the “Fully Contextualized” Customer

A trait of leading companies is that customer needs and behaviors serve as the starting point for go-to-market and operational support strategies. Their cultures enable consistently high-quality customer experiences that are tailored, where important, to local tastes. Supply chain leaders are expanding this demand-driven concept in terms of how they relate to their customers. They are more deeply understanding customers and striving to blend seamlessly into their daily routines. Ultimately, this understanding of customers in their local environments is helping supply chain leaders capture more revenue for their businesses, improving operational effectiveness, Gartner said.

Converging Digital and Physical Supply Chains

Leading companies have moved past selling only discrete products or services to their customers and are focused on delivering solutions. Regardless of industry, these companies want their customers to be loyal subscribers to their solutions. Several of the leading consumer product companies on this year’s list offer e-commerce subscriptions for their products, in partnership with retailers. This approach offers convenience and privacy to those customers who would typically purchase products in a physical store—and might switch to another consumer brand at any time.

Progressive industrial companies have suggested order replenishment systems with their dealer networks, based on the manufacturer’s ability to forecast demand for their dealer. Some have gone further, acting as virtual consultants to their customers’ planning organizations. They recognize that helping improve customers’ internal capabilities is part of a total solution, which makes them more competitive suppliers.

“Another significant aspect of the total customer solutions we see deployed by leaders relates to the remote management of aftermarket services, leveraging Internet connectivity,” said Debra Hofman, research vice president at Gartner. “The Internet of Things allows for monitoring of performance across the value chain; in the field at customer sites, but also to collect and analyze the big data generated as part of upstream manufacturing and logistics flows. This additional connectivity has also elevated the importance of supply chain security to prevent theft, counterfeiting and other forms of fraud. One thing is clear — future supply chains must seamlessly integrate the digital and physical worlds of customers to be competitive.”

Supply Chain as Integrated Partner

Growth is a top priority for the C-suite in 2014, with 63% of senior executives picking growth as a top imperative in Gartner’s 2014 CEO Survey. Leading supply chains are enabling this growth both organically and through successful M&A integration. Supply chain leaders also are emerging as trusted and integrated partners to business groups. Their focus on profitable growth often leads to smarter, more conscious decision making, saving business groups from spiraling out of control in the drive to maximize revenue.

In their quest for growth, however, many companies are finding the business models they were famous for dominating are now under attack from competition. Supply chain has a large part to play in enabling the business to compete for the future, concurrent with protecting existing business. The most advanced companies in the ranking said they are not afraid to rethink the design of their global supply networks to be successful. In some cases, this has led to increased vertical integration where leaders become involved in their customers and their suppliers’ businesses in an attempt to dominate value chains, redrawing the lines of competition in the process.

More detailed analysis is available in the report “The Gartner Supply Chain Top 25 for 2014.”

New Studies Highlight Sources, Patterns of Data Breach—And How to Do Better

Posted on by

Three recent studies provide a great reminder of the threats of data breach—and the role workers and IT departments play in either maintaining a company’s defense or letting malware storm the gates.

In its 2014 Data Breach Investigations Report, Verizon identified nine patterns that were responsible for 92% of the confirmed data breaches in 2013. These include: point of sale intrusions, web application attacks, insider misuse, physical theft/loss, miscellaneous errors, crimeware, card skimmers, denial of service attacks, and cyber-espionage. They have also identified the breakdown of these patterns in various industries, highlighting some of the greatest sources of cyber risk for your business:

Verizon Data Breach Investigations Report

Verizon’s report also offers specific information about the patterns and advice on how to respond to them.

Many sources of vulnerability come from within, and there is less variation than you might expect in terms of who the riskiest workers may be.

buy atarax online www.handrehab.us/images/patterns/jpg/atarax.html no prescription pharmacy

A survey by the Pew Research Center found that 18% of adults have had important personal information stolen online, including Social Security number, credit card, or bank account information—an 8% increase from just six months ago. Further, 21% of adults who use the internet have had an email or social networking account compromised. Two groups that make up a large part of the workforce were hit particularly hard during this period: young adults and baby boomers. The percentage of individuals in these groups who had personal information stolen online doubled between July 2013 and January 2014.

buy symbicort online www.handrehab.us/images/patterns/jpg/symbicort.html no prescription pharmacy

stolen personal data by age

But as this chart shows, all age ranges have experienced a significant amount of data theft as of the beginning of the year.

Indeed, according to meetings-software company TeamViewer, 92% of IT administrators have seen troublesome habits among office workers using company computers. These risky behaviors are frequently known to open the work system to viruses or other malware, including:

  • Browsing social media websites (reported by 82% of IT admins)
  • Opening inappropriate email attachments (57%)
  • Downloading games (52%)
  • Plugging in unauthorized USB devices (51%)
  • Plugging in unauthorized personal devices (50%)
  • Illegal downloads, such as pirated movies, music or software (45%)
  • Looking for other jobs (39%)

Further, nine out of 10 IT administrators reported witnessing problems to company equipment because of these actions, including viruses (77%), slow computers (74%), crashed computers (55%), mass popups (48%) and inability to open email (33%). Not only do these behaviors leave corporate infrastructure at risk, but they may endanger the overall HR program, as a vast proportion of IT workers report feeling frustrated, angry and discouraged.

buy xenical online www.handrehab.us/images/patterns/jpg/xenical.html no prescription pharmacy

Up to 12% even said that they were considering quitting over these bad behaviors and increased strain on the IT department.

So what can you do? Administrators agreed that better security software, using remote access to fix problems, installing disk cleanup software, integrating automatic backup solutions, and offering the ability to telecommute would all help mitigate these issues and make their jobs easier.