Those “private” (sm)e(ar)mails 15 Apr 2009Posted by Tony Law in Impact of IT, Managing IT.
Tags: email, Gordon Brown, McBride, Risk
add a comment
This isn’t a political blog and anyway there’s been plenty of comment about the invented-smears emails, their origin and their target.
But just one IT point keeps being ignored and it appears to have been perpetuated from the very top in Gordon Brown’s letter. It is the assertion that these emails were somehow “private”. Brown’s letter, as reproduced in full by the BBC, says
“I am assured that no minister and no political adviser other than the person involved had any knowledge of or involvement in these private emails.”
Hang on. We’re also told that they were sent “from an official account”. So absolutely no way are they private. Gordon Brown, his staff, and the media are confusing “private” with “confidential”.
If they were private, they should have been sent from a private email account. Sure, if they’d been sent from dmcbride@googlemail there would still have been a fuss if they’d been uncovered; but it would have been much less of an embarrassment for McBride’s employers.
If they were sent from an official email address, that’s the equivalent of being on 10 Downing Street headed notepaper. If they were confidential, but official, they could have been encrypted. Confidential messages have been being sent in code since writing was invented.
This is an object lesson about information risk and information security. Sending personal (= “private”) messages from your business email is very poor practice and highly unprofessional. Not making it clear to your employees that personal mail should be sent personally is equally poor practice and puts both the employee and the employer in jeopardy. And not encrypting information which is truly highly sensitive and business confidential is, quite separately, stupid – although all of us, I suspect, neglect this one most of the time.
As any decent risk management practitioner will tell you!
Is it “OK to stop the project”? 7 Oct 2008Posted by Tony Law in Managing IT.
Tags: Compliance, Forrester, Gartner, Risk, spending
add a comment
Mike Rasmussen of Corporate Integrity has been busy. He’s in the right business – in the current climate, regulation and compliance are climbing right up the agenda and there will, I’m sure, be many extra demands on IT to provide visibility of data and respond to new regulatory demands.
If you read this in time, Mike is hosting a webinar today (Tueday 7th) at 5pm UK time. He’s done a lot of work on a new structured analysis of the global regulatory and compliance (GRC) arena to identify the issues, and, he says, to define 13 core technology areas that the organization should build into an enterprise architecture for GRC.
Gartner have released a short note (and right at the moment it’s available for free) advising IT organisations to prepare for three scenarios: flat spending, a 20% reduction, and a small increase. But I haven’t seen anyone suggesting that IT should be prepared to increase spending on GRC, either by a budget increase or by diverting resources from other things. Think on!
You might like to look at George Colony’s take on the mess as well. He proposes three general rules:
• Apply a simple rule: “If it doesn’t make sense, it doesn’t make sense.”
• Risk assessment and management programs (perhaps within Sarbanes) should be placed on alert to identify danger points (by which he means: where computer models fail rule one)
• Never be afraid to say Andy Grove’s favorite business word: “No.”
This last one reminds me of a visit I paid a year or two back to London Heathrow’s Terminal 5, which was then one of the UK’s biggest building projects. The biggest message, plastered all over the site and aimed at everyone from plumbers to executives, was “It’s OK to stop the project”. No-one was going to get hammered for saying something was going wrong, or unsafe, or didn’t make sense. Most building projects, our host said, get built one and a half times. They aimed to avoid that cost, and did.
• GRC 2.0 the GRC EcoSystem Mike Rasmussen, Corporate Integrity, 6 Oct 2008
• Hal destroys Wall Street Counterintuitive: George Colony, Forrester CEO, 3 Oct 2008
• U.S. Congress Rescues Banks but Pressure on IT Budgets Looms Gartner, 6 Oct 2008