Saturday, November 24, 2018

Predictive Profiling: The Human Firewall...

In Harrison Ford's 2006 movie Firewall the viewer is entertained with a combination of a Seattle bank heist, kidnapping and good old fashioned Hollywood chase and fight scenes. There is even a degree of deception and conspiracy mixed in, to spice up the story line. The plot is full of social engineering lessons, that even those with little knowledge of high technology can learn a thing or two.

While the actual high technology bank heist turns out to be nothing more than a simple stealing of account numbers and a transfer of $10,000 from 10,000 high net worth customers, the movie title is a ploy. In only one short sequence is there any focus on the fact that the bank is being attacked on a daily basis from other locations on the other side of the globe.

Those attackers using new and increasingly sophisticated strategies, are consistently giving financial institutions new challenges to secure their real assets; binary code.

In early 2005, a criminal gang with advanced hacking skills had tried to steal GBP 220 million (USD 421 million) from the London offices of the Japanese banking group Sumitomo and transfer the funds to 10 bank accounts around the world. Intelligence on the attempted theft via key logging software installed on banks' computers has been circulating in security circles since late last year after warnings were issued to financial institutions by the police to be on the alert for criminals using Trojan Horse technology that can record every key stroke made on a computer.
In this case and even in the movie, the "Insider" is a 99.9% chance. A person has been bribed, threatened or spoofed in order for the actual fraud or heist to occur. The people who work inside the institution are far more likely to be the real source of your crime, rather than the skilled hacker using key logging software. More and more the real way to mitigate these potential risks is through behavior profiles and analysis.

The human element, which relates to awareness, can't be ignored any longer. And this can only be changed through education, training, and testing of employees. An organization that procures technology worth millions, is naive if you don't invest in educating your employees to make the investment worthwhile.

Sometimes the human element stands alone. Awareness, detection and determination of threat, deployment, taking action and alertness are key ingredient for security.

Predictive Profiling comes into play as organizations recognize that detecting threats starts long before the firewall is compromised, falsified accounts established and bribes taken.

The Israeli Airline El Al has known for a long time the power of the "Human Factor" as a force in security. An empowered, trained and aware group of people, will contribute to the layered framework as a force multiplier that is unequaled, by any other technology investment.

Firewall The Movie, was a wake-up call for those institutions who still have not given their employees more of the skills and tools, for detecting human threats long before any real losses occur.

Sunday, November 18, 2018

Risk Parity: Ideal Organizational Design...

Organizations across the globe are operating each day with Operational Risks. As a result, management is doing their best to implement a combination of Operational Risk Management (ORM) capabilities.

The strategy is to manage risk to the enterprise through a series of controls and modification of human behavior. Is it possible to create the most ideal organization from the start? Could you design it with the lowest possible Operational Risk exposure at every physical, process, virtual and human component?

What do we mean by this? Lets play a game. Or more importantly, lets imagine a workplace exercise to design the ideal professional services organization in one hour:

This organization will be in the private sector. The fictitious name for the organization is "Improvise, Inc." All of the legal entities have been created and it is registered as a U.S. Delaware company. It will have the following characteristics, capabilities, assets and purpose:

200 humans with advanced education between 25 and 65 years old. 50% Men & 50% Women
Global reach of professional services. (It sells intellectual capital and information)
Office hubs are physically located across four locations: Denver, Zurich, Abu Dhabi, and Singapore.
Language expertise includes English, German, French, Italian, Arabic and Mandarin.

Subject Matter Expertise of the Improvise associates is diversified. The core staff devoted to operational administrative processes is also diversified by physical location, 4 people each. Therefore, less than 10% core overhead.

Improvise, Inc. generates revenues by selling information, advisory services and subject matter expertise. The diversity of it's 200 humans and their Intellectual Capital provides professional services to Fortune Global 500 companies.

Now, to start the exercise you will have one hour to design the ideal mosaic of people, processes, systems and external factors to operate Improvise, Inc. on a daily basis. Begin.

How would you begin designing the ideal organization? Will you have a headquarters location? Will the offices have four leased corporate offices or utilize a virtual / shared space model? What will the facilities layout be with single offices, cubicles, conference rooms? Would you start with human resources and the hiring and selection process? What kind of systems and tools would you procure to issue to your new associates? How would you communicate and what vendor/providers will Improvise use outside its core? What organizational "Rule-sets" will be established?

Who will govern and what roles of power and influence will these employee-owners (Associates) have to make decisions for the good of Improvise? What countries across the globe will you dispatch your associates to do their work? How will you keep them safe and secure where and how they travel? What vendors and service providers will you contract with to provide digital communications and store your valuable intellectual property?

Will you locate your Associates across the four locations equally? Since you have 200 split into 100 men and 100 women, will you have 25 of each or 50 people in each office? Will they all be citizens of that native country only? Again, we are designing the ideal organization with Operational Risk Management (ORM), as our highest priority in the design. Is this even a valid consideration?

What about the use of digital assets? Will your associates at Improvise use PC or Mac, both? Microsoft or Linux-based? Android or iOS? Anti-virus scans daily or monthly. VPN, yes or no. Public or Private cloud? Encrypt data to remote sites? Retention and privacy policy? What happens when an associate goes home? When they leave the organization? Is there an "Acceptable Use" policy in place? And the list goes on.

Will Improvise standardize on a single travel agency, airline or hotel chain? What kind of training will occur with your associates on international customs, cultures, threats and vulnerabilities. Who will be accompanied by a buddy system or personal protection specialist when they travel? Will travelers receive intelligence briefings or reports in advance of their departure? Commercial or private carrier?

What processes are to be put in place for Improvise to follow, in the way it sells and delivers it's professional services? What autonomy does each associate have to make their own decisions on the price, scope and deliverable to a client? How do you interact, treat and question yourselves? Are your associates subject to any laws from the U.S. or the country they are operating in with regard to selling your professional services? Why are we doing all of this?

So when you are done with this first phase of the exercise after one hour, how could you improve Improvise, Inc. over your lifetime? Hopefully, this illustrates the breadth and depth of Operational Risk Management (ORM) and some of the key considerations. Your single points of potential failure. Your risk exposures and places to focus your design. Your decisions and how this shapes your culture and principles. Your trust and transparency.

One last thought. How would you currently judge your risk parity? In other words, how have you allocated risk effectively across the organization. Not in terms of assets, but in terms of volatility. Think about it. What kind of social contract do you have in place to operate together?

Is it true, that you are now on your way to achieving true "Business Resilience"...

Sunday, November 11, 2018

Veterans Day: The Spectrum of Those Who Serve...

On this Sunday in the United States of America, it is Veterans Day November 11. As you look around your neighborhood, how many others are flying the colors of our American Flag?

Flag of the United States of America
Veterans Day (originally known as Armistice Day) is an official United States public holiday, observed annually on November 11, that honors military veterans; that is, persons who served in the United States Armed Forces.
As the son of a U.S. Marine, the thought of what our country has endured and how people like him loved all that the Flag stands for, brings tears.  This morning, we are the only house on our street with the "Stars and Stripes" on display flying in the wind.  Why?

It is hard to understand and yet most people on the block have never read "Team of Teams" either.   There are millions in the U.S. Armed Forces who have lived their whole career, experiencing when people working with a sense of mission can be so remarkable.

Yet you don't have to be holding your Form DD-214 to understand, that the American people on your block, in your town or across your state, need a clear mission to come together.  A purposeful mission helps most people get out of bed in the morning.  To go to school.  To show up at work.  Are you a leader of people or a leader of a true Team?

Sure, you can use the sports analogies to get the point across.  The Vince Lombardi stories are famous for getting people to understand team work and winning the game.  Yet ask any Veteran, and they will probably say that a game that lasts years, is so much different.  Lombardi coached at West Point at one point in his career, and this had a lasting impact on him.

The new rules of engagement for a complex world, is the name of the game today.  The rapidly advancing tools of conflict are changing from superior geographic positions on the hill with a Combat Controller (CCT), to the stealth of an exploit code software payload.

So what?

Start thinking about the spectrum of digital members of our military who serve our country each day.  Some are behind a keyboard, or working on the front lines of software maintenance to keep the data centers operating at peak efficiency.  Think about all of the professionals in the shadows, who are collecting and analyzing intelligence for us all to better anticipate, prepare and to be more resilient.

The asymmetric conflicts here are going on 24 hours a day, 7 days a week.  Right in your own city or business.  Everyone has their specialty, and each finds there way into the job they are destined to perform.  And they are truly a "Team of Teams"...

Thank you for all that you have done for our country.  Thank you for what you are doing today for us here and in the rest of the world...

Sunday, November 04, 2018

Wonder: The Mystery of Your Relationships Map...

"Mystery creates wonder and wonder is the basis for man's desire to understand" --Neil Armstrong
Think about it.  How could you use the inspiration of this remarkable man and apply it to your life?  Your family.  The people you work with and collaborate with on projects, to discover what is possible.

When was the last time you had the opportunity to say to your closest love one:  "I wonder..."

How might we frame the context of our next quest with a friend, a co-worker or just a sponsor of our project, with a sense of "Wonder."

When you think of the quote by Neil Armstrong, a test pilot, an explorer, an astronaut it makes some sense.  Yet what about the quote from a boy who grew up in Ohio, and moved to sixteen towns in the state over the course of 14 years.  A boy who learned to fly and earned his student flight certificate on his 16th birthday.  Little did he know, that someday he would be looking at the planet Earth from the surface of our Moon.

What do you wonder?  It is there, inside you and all you have to do is capture it and capitalize on it.

Take out a piece of paper.  Write your name in the middle of the page.  Write the names of your family around yours in a circle.  Maybe it's more like a star*.  Now write the names of people around the core of your family relationships, that you truly value and trust as friends, comrades and collaborators.

An now on this most outside band of people, write the names of those you admire or would most like to spend more time with, to wonder.  In a meeting, on a project or to pursue a long term mission with.

Ever wonder about your life right now?  Look at the piece of paper in front of you.  The spiral of relationships you have and are pursuing, will of course influence your destiny.  The ability to achieve your life long dreams.  Is it a mystery?

So what?

Trust this piece of paper as your daily game plan.  Your life compass.  It is your map to what is important today.  When you spend time elsewhere or with other people, it is a distraction.  A life limiting factor.  Your livelihood and the quality of your trusted relationships are that important.

What can you do or say to the people on your relationship map today, that will make a significant difference?

Wonder...

"On November 18, 2010, aged 80, Armstrong said in a speech during the Science & Technology Summit in The Hague, Netherlands, that he would offer his services as commander on a mission to Mars if he were asked.[246]"