29 February 2020

Workplace Violence: Maximize Dialogue and Anonymity...

Proactive vs. Reactive. The argument goes on in many organizational departments when it comes to budgeting for preparedness vs. response. How do you detect the next employee "Gone Rogue" as they say?

What is the early warning indicator that tells you that you need to train employees on the detection of "abnormal behavior" or out of context business transactions?

If we are to continue the path of handling disruptions in business and emergencies with personnel with the idea of mitigating the risk post incident, then increase the number in the budget for the line items under outside counsel, litigation and insurance.

However, the idea that a corresponding increase in the line items in the budget under the heading compliance, security and training will decrease risks prior to an incident, is prudent thinking.

In the battle for finite dollars to be spent across the enterprise in all categories that have significant risks, there will always be an argument on where the investment of resources will have the biggest payoff or return on investment.

"Yet, how will you ever know whether this is the year of the earthquake, the cyclone or the employee who becomes hostile or potentially lethal?"

The point is, you will never know, for certain...

This is why an investment in enterprise risk management dialogue requires that every department and each process, factor in additional costs for mitigating risks.

Each person who is closest to the work being done knows where the greatest potential is for a loss event. The place that is most vulnerable.

Just ask the HR specialist what employee they have hired over the past year or two that represents the most lethal threat to the company. Just ask the IT Security Engineer what system or application is on the verge of a melt down and they can tell you.

Or just ask the executive who they think the middle manager is, that is getting ready to move to the competition, with all the latest Intellectual Property (IP) secrets. Most likely, they can tell you.

Being proactive in managing operational risks sometimes means that you have to ask your employees risk related questions on a continuous basis. You have to document and collect the answers and feedback so that you can detect trends in behavior or potential eruptions in behavior.

Finally, you need to figure out how to do all of this using new tools and processes, to protect privacy and anonymity. Get started!

22 February 2020

Analytical Decisions: Navigating to a Trusted Future...

"For those of us who are decision makers, these are huge problems. With growing velocity, we are losing our ability to trust digital information to be factual, accurate, reliable, and authentic. But we also are losing something far more important—trust in the quality of our own decisions and our confidence in those we trust to make good decisions"  Jeffrey Ritter-Achieving Digital Trust

Think about all the Trust Decisions that you made this morning.  This week.  This month.

Countless decisions to act upon your experience, your current information or the live scenario unfolding almost instantly in front of you.  "Trust Decisions".

Is this a discipline or process that you can truly learn and improve upon?  The question is, do you think it is important enough to learn more and to devote precious time to making this a priority in your life?
Where are you in your particular "Life Cycle" right now?  At the beginning, near the end or somewhere in between?  Yet it is never to early, to study and learn more about the science of Trust.

SpaceX is looking to raise around $250 million in new funding according to a new report from CNBC’s Michael Sheetz. The additional cash would bring SpaceX’s total valuation to around $36 billion, according to CNBC’s sources — an increase of more than $2.5 billion versus its most recently reported valuation.

The rocket launch company founded and run by Elon Musk is no stranger to raising large sums of money — it added $1.33 billion during 2019 (from three separate rounds). In total, the company has raised more than $3 billion in funding to date — but the scale of its ambitions provides a clear explanation of why the company has sought so much capital.
Building trust with a new person, new organization, new project, new government or new ecosystem requires a sound and thoughtful strategy.  A strategic approach to reaching your vision, completing the transaction and achieving your outcome.
Trust is the affirmative output of a disciplined, analytical decision process that measures and scores the suitability of the next actions taken by you, your team, your business, or your community. Page 49 - Achieving Digital Trust - Jeffrey Ritter
Godspeed on your particular TrustDecisions ahead.  Onward!

15 February 2020

Open-Source Intel: Future Preemption...

Flashback fourteen years ago...

The methods of Intelligence gathering and sharing for the 17+ agencies that comprise the DNI is evolving to new Web 2.0 capabilities. In fact, they are putting these new tools to work to break down the silo's and connect the dots faster than the embedded and legacy systems have been capable of in the past.
Intelligence heads wanted to try to find some new answers to this problem. So the C.I.A. set up a competition, later taken over by the D.N.I., called the Galileo Awards: any employee at any intelligence agency could submit an essay describing a new idea to improve information sharing, and the best ones would win a prize. The first essay selected was by Calvin Andrus, chief technology officer of the Center for Mission Innovation at the C.I.A. In his essay, “The Wiki and the Blog: Toward a Complex Adaptive Intelligence Community,” Andrus posed a deceptively simple question: How did the Internet become so useful in helping people find information?
Yet even those who have implemented the use of new Web 2.0 collaboration and social networking to try and break through those typical information sharing barriers have another problem. Getting everyone to make a seachange and cultural shift to the use of these new tools and processes. The question is that even if you get everyone to use it and there is not anything "Secret" for fear of it ever being known by the wrong person, will it work? Thomas Fingar, the patrician head of analysis for the D.N.I.:
Fingar says yes, for an interesting reason: top-secret information is becoming less useful than it used to be. “The intelligence business was initially, if not inherently, about secrets — running risks and expending a lot of money to acquire secrets,” he said, with the idea that “if you limit how many people see it, it will be more secure, and you will be able to get more of it. But that’s now appropriate for a small and shrinking percentage of information.” The time is past for analysts to act like “monastic scholars in a cave someplace,” he added, laboring for weeks or months in isolation to produce a report.

Fingar says that more value can be generated by analysts sharing bits of “open source” information — the nonclassified material in the broad world, like foreign newspapers, newsletters and blogs. It used to be that on-the-ground spies were the only ones who knew what was going on in a foreign country. But now the average citizen sitting in her living room can peer into the debates, news and lives of people in Iran. “If you want to know what the terrorists’ long-term plans are, the best thing is to read their propaganda — the stuff out there on the Internet,” the W.M.D. analyst told me. “I mean, it’s not secret. They’re telling us.”
The amount of self-publishing on "Blogs" and "Wiki" applications is here to stay and now it is just a matter of having the right analysts using the correct tools. The point is that new search technologies and all of the "bots" and "crawlers" can try and keep up with the new content, but it is not likely. Intelligence analysis will continue to take far more grey matter than we have people trained and able to do so. This fact alone, should bring us back to square one. There is no such possibility as 100% security. Prevention and Preemption are both elusive goals and will be our "Holy Grail" for some time to come.
Today’s spies exist in an age of constant information exchange, in which everyday citizens swap news, dial up satellite pictures of their houses and collaborate on distant Web sites with strangers. As John Arquilla tells Clive Thompson a contributing writer to the New York Times, if the spies do not join the rest of the world, they risk growing to resemble the rigid, unchanging bureaucracy that they once confronted during the cold war. “Fifteen years ago we were fighting the Soviet Union,” he said. “Who knew it would be replicated today in the intelligence community?”

08 February 2020

Business Risk: Grow or Die...

In a previous issue of Corporate Board Member magazine in a PwC survey, the question is asked:

Has your board discussed what to do if the company is hit by a major Crisis?

  • No - 51%
  • Yes - 41%
  • Not Sure - 8%
What is the definition of "Crisis" in the minds eye of the Board of Directors today?

n. pl. cri·ses (-sz)

1. A crucial or decisive point or situation; a turning point.

2. An unstable condition, as in political, social, or economic affairs, involving an impending abrupt or decisive change.

3. A sudden change in the course of a disease or fever, toward either improvement or deterioration.

4. An emotionally stressful event or traumatic change in a person's life.

5. A point in a story or drama when a conflict reaches its highest tension and must be resolved.


How can these numbers be correct? Why don't these results make sense?

It does seem almost impossible that just over half of those surveyed said, that they have not discussed what their company would do in the event of a crisis.

In light of the latest corporate governance and catastrophic events any board member who would answer no, is either not attending the meetings or is so new to the board, that they haven't been part of the conversations yet.

The Pwc survey of 1,103 directors who responded have illustrated many of the risk management issues that are taking up much of the shareholders time.

They also indicate where they wish they were spending more time, as 59% hoped they could be doing more "Strategic Planning."

Is there a correlation between those who have not been part of discussions of crisis management and the wish to focus more on strategy?  We hope there is.

Our experience is that corporate management and the board need a 3rd party facilitating the mechanisms for change and towards the "Big Picture" of the future.

If management sees the board as an overzealous parent and not working on behalf of the shareholders the tension increases.

Once the board and corporate management have found a "strategic facilitator" to guide them towards a model of "Enterprise Architecture" everything becomes crystal clear.

The factions now see the blueprint for change and the path to implement the strategy and the tactics to achieve it.
The Importance Of Leadership In Uncertain Times

In an age of global unrest, strength and courage at the helm are more important than ever. As a director, it's your job to ensure your CEO has what it takes.
At the end of the day, the deliverable is to continually grow and whenever that significant crisis or "Breakpoint" occurs, the engineered resilience of the business enables its survival and the next phase of growth to begin...

01 February 2020

Travel Risk: Adaptive Survival Instruction...

Travel risk to corporate executives is on the rise. Even if you are not an executive who can afford the services of personal body guards and armored cars, there are some prudent ways to mitigate the risk of traveling to the global hot spots.

The Mission

Travel safety is becoming more of a main stream issue with savvy Operational Risk Managment (ORM) leaders. The fact is, most of these so called travel safety courses are being taught from only one side of the equation.

"In a world of global commerce, CSOs are often tasked with building their company's corporate travel safety programs. The job calls for a proactive approach to educate employees about precautions they can take to stay safe, whether they're the CEOs of multibillion-dollar conglomerates who fly on company jets that land on secured tarmacs or rank-and-file staff riding in commercial airline coach."

The Take-Away

Business has to be done in some of the most dangerous places on the planet, even when it comes to being exposed to kidnapping, terrorism and corrupt governments. Our advice is to make sure your instructor transfers skills to people on "how" to detect, deter and defend against the attackers. Not just the "What to do".

The how is not easy to teach unless you have been there and experienced it. One of the reasons why most CEO's are "Age Experienced" is that it takes time to acquire enough valid leadership lessons.

It does not happen in a week or a month or even a few years. Learning the skills to survive in strange cities, cultures and countries requires instruction by age experienced and "Quiet Professionals". Much of this instruction is about training people to be "Adaptive."

Personnel threat management is a prudent risk mitigation solution. This combination is one key strategy to reduce the operational risks associated with key personnel in your organization.

Individuals whose occupations place them at risk may include people with access to valuable proprietary information or holders of high level security clearances, the wealthy and those responsible for their safety.

Comprehensive "Adaptive Survival Instruction" for international business executives, is a primary mission for OPS Risk leadership, because it saves lives.