24 October 2010

Situational Awareness: Battlefield to Board Room...

Creating a "Common Operational Picture" for your organization is an elusive yet attainable goal for your senior management and the Board of Directors. How at a moments notice does the organization provide leadership with the answers to Operational Risk questions such as:
  1. How many employees from our company are currently traveling outside your home country?
  2. What are their modes of transportation and where do they plan to stay each night?
  3. What employees from our "Red Zone" list have left the company in this past week?
  4. How many of these employees left suddenly without any warning?
  5. What employees were asked to resign or were fired from their position?
  6. What controls have failed in the process for closing deals within our standard time period?
  7. How much has our sales pipeline increased or decreased over the past quarter?
  8. What is the total number of network access points (Points of Presence) our company currently believes are available for employees to connect to the Internet?
  9. How many known incidents occurred over the past week related to malicious software attacks or Denial of Service attempts on our network?
  10. How many employees started work with the company who have been added to the "Red Zone?"
  11. What are the names of the local liaison officials for our water, power, telecom and data carrier suppliers? Who is their deputy?
  12. How often has the company exercised a plan for major business crisis or disruption in the past year?
  13. What is the current forecast for severe weather in the corporate headquarters region in the next week?
These questions and more should be able to be answered at a moments notice. Any senior manager or member of the Board of Directors should have an information dashboard they can view with these situational awareness questions at their finger tips. If you don't have the latest Operational Risk Quotient in your enterprise it may be a clear indicator that the people, process, systems or external events are a severe threat.

The corporate landscape or battlefield if you will requires that the commanders in the field have the intelligence they require to make split second decisions. These Directors, Managers, Supervisors that drive the business forward each day need leadership to give them split second answers, especially in the midst of a crisis. There is not time for a Q & A session or for an extended report to give leadership the view they need to steer the enterprise out of harms way.

This is why many U.S.-based organizations have invested in capabilities, systems and training from companies like NC4:

"U.S. and global corporations are seeing increasing risks to their domestic and international operations, traveling employees, and supply chains," said Jim Montagnino, President and CEO of NC4. "We have assembled a powerful set of components that customers can leverage within the NC4 Risk Center solution to better manage their operational risk."

By configuring the solution to customer's specific needs, NC4 supports a holistic view of operational risk to enable customers to quickly learn about risks threatening assets, operations, suppliers, and employees. The NC4 Risk Center helps organizations to ensure business continuance, protect the health, life, safety and productivity of employees, streamline risk-related decision-making processes, and reduce labor costs. In addition, other optional NC4 components, such as the capability for secure communication and collaboration, may be incorporated into NC4 Risk Center to further enhance an organization's Risk Management program.


Operational Risk Managers rely on a combination of real-time feeds from internal sources and outside the organization to provide this level of situational awareness. CCTV feeds, access controls, intrusion detection, and many more are part of the Corporate Intelligence Unit's own Fusion Center.

Why is this a prudent business practice to assist you in "Achieving a Defensible Standard of Care" for your employees? Because without it you are flying blind and trying to operate without the awareness and predictive ability to mitigate risks as they unfold before you.

This blog has touched upon the topic of "Situational Awareness" in the past with these other posts:




And a solution from NC4 will only get you 50% or so of the total equation. You also need the benefits of the "Situational Awareness" gained from NetWitness. With a 2010 round of venture funding from Summit Partners they are poised to keep the R & D engine running. More importantly, the following announcement is a game changer in the marketplace:

NetWitness Spectrum is an expert automated analytics engine that provides extraction and prioritization of executable content within an enterprise. In order to develop Spectrum, we approached many expert analysts and cataloged their methodology for investigating malware. In their process, malware experts consider thousands of variables when investigating potentially malicious content. The result is a system that thinks and acts like a malware expert, and is able to recognize and differentiate suspicious behaviors and trends from normal or less concerning use of executable content.

Spectrum is your virtual malware expert, sifting through thousands of executables and doing the laborious legwork to prioritize malicious content on a continual and real-time basis. A single download in sensitive environments can consume an expert's time for hours. Prioritization and automation are critical to effectively combat the advanced and changing threat from malicious code that besieges corporate networks today.


Whether it is on the battlefield or your own organization does not matter. Your people need to understand their role in providing this vital aspect of the risk management solution. Without hourly by the minute or second intelligence about your people, processes, systems and external events you are destined for a future either known or unknown. You make the choice.

No comments:

Post a Comment