June 12, 2015

Cyber Essentials made mandatory by the Welsh Government
Quoted by SCMagazineUK.com, a Welsh Government spokesperson said: “From 1 April 2015, Cyber Essentials is required for all relevant Welsh Government contracts involving the handling of personal or sensitive information. This will also apply to National Procurement Service collaborative frameworks.” The Welsh Government has identified five levels of risk from 0 to 4. Level 0 is ‘low risk’, and means that no special arrangements are needed when minimal amounts of non-sensitive personal data are processed. ... “The CES defines a set of controls which, when properly implemented, will provide organisations with basic protection from the most prevalent forms of threat coming from the internet. Evidence of holding a Cyber Essentials (or equivalent) certificate is desirable before contract award, but essential at the point when data is to be passed to the supplier.”

3 Accidental Whistleblowers (Fired for Doing their Jobs Well)
As Adam Turteltaub, SCCE VP of Membership Services, puts it: “Whistleblowers are courageous, principled heroes, unless they are on my team, in which case they are dirty rotten traitors.” Whistleblowers are like the foreign body in the organization being attacked by its white blood cells. Or the nail sticking out of the board, begging to be hammered. The modern compliance program has as its stated goal to find, fix and prevent problems. Whistleblowers are a key resource in achieving this goal. But still, the white blood cells remain vigilant. But what happens when the whistleblower is a senior manager, head of a control function or even a CEO, who happens upon the problem – sometimes a very large problem – in the ordinary course of doing their job well?

When Big Hearts Meet Big Data: 6 Nonprofits Using Data to Change the World
When people think of big data, they often think of machines, robots and things that might be generally impersonal. But when you couple data with an altruistic mission, the results can be astounding. As we sink deeper into the digital era, nonprofits are now presented with new opportunities. For example, 56% of people donated to an organization because they read a story via social media. Fundraising sites such as DonorsChoose.org, Causes.com and Network for Good allow organizations to raise money with a simple click of a button. But this is only the beginning. Here we’ll take a look at which organizations have upped the ante by becoming not only socially-driven, but data-driven as well. See how these 6 nonprofits are using data to empower others and make a genuine difference in the world.

Twitter's next CEO faces four challenges
Perhaps the biggest problem Twitter has is that many people who aren't tech enthusiasts still don't understand what it's for or why they should use it. For every occasion Twitter is referred to as a social network, it's also identified as a news source, a publishing system, a feed of real-time events and a micro blog. Perhaps it's all those things, but that doesn't help sell it to people who aren't yet on the service. If it's a social network, why use it when Facebook's around? If it's a micro blog, why not use a proper blog like Tumblr instead? ... The company has tried to address these issues with new tools. Earlier this year, it began rolling out a feature called "instant timeline" that uses a variety of signals, including the contacts on a person's smartphone, to see who they might want to follow and automatically create a list.

Cybersecurity Firm Rapid7 Files For $80 Million IPO
The cybersecurity industry is booming as breaches and nation state attacks continue to dominate headlines. While VC investment in cybersecurity is on the rise, cybersecurity IPOs in the United States have been few and far between. Since November 2009, there have only been 17 IPOs in the security space (seven of which happened in 2012), according to research done by Pitchbook. The most recent security IPO was MobileIron’s $100 million exit almost a full year ago in July 2014. FireEye had biggest security IPO in the past five years at $349 million in September 2013.

Big Data Systems House Sensitive Data, Security Exposures
The result is an exposure that companies may not have counted on as they initiated their pilot big data projects, according to the survey report, "Enabling Big Data By Removing Security and Compliance Barriers," available here (registration required). Cloudera, the supplier of Hadoop system Cloudera Enterprise, sponsored the SANS survey. Many times, those projects demonstrate the utility of bringing together diverse data that was previously hard to assemble given the radically different data types. Big data systems gain utility as more data is brought in. The result is a slow brew of gathering risk without sufficient safeguards, the study warns.

Data as currency: Balancing risk vs. reward
At the heart of good IG is good recordkeeping, and therefore the senior records manager must be a key player in the IG initiative. Also vital to the program are compliance officers to help ensure the recordkeeping practices are satisfying the demands of such laws as Sarbanes-Oxley for the financial industry and the Health Insurance Portability and Accountability Act; IT executives to provide the right tools and to help effect proper protection policies; legal counsel to help assure the defensibility of the program; and senior managers from the business units to provide realistic guidance on how the information is created and used. Organizations wishing to monetize their big data should work to mitigate the security risks by implementing an IG program that treats records as the strategic assets they really are.

Mobility brings new ways to tackle IT security threats
The unique nature of mobile operating systems themselves has also provided new security opportunities. For example, mobile devices have managed to avoid many of the antivirus concerns that threaten Windows PCs, thanks to more closed operating systems such as Apple iOS, said Chris Hazelton, research director for enterprise mobility at 451 Research. OS vendors can still do more to help, including allowing IT to turn off specific app permissions and ensuring third-party apps can't collect employee data, he said. "A developer can sell and monetize your information if they can track your location," he added.

Why Data Lakes Require Semantics
According to Nick Heudecker, research director at Gartner, “Data lakes typically begin as ungoverned data stores. Meeting the needs of wider audiences requires curated repositories with governance, semantic consistency and access controls.” Heudecker also says that “…without at least some semblance of information governance, the lake will end up being a collection of disconnected data pools or information silos all in one place.” ... Adding Semantic technologies can address many of the issues inherent in Data Lakes if an organization needs to rapidly answer complex, real world questions that require the fusion of data in many dimensions. Semantic Data Lake (SDL) is a semantically integrated, self-descriptive data-repository based on graph (network) representation of multi-source, heterogeneous data, including free text narratives.

Q&A with Claudio Perrone on PopcornFlow / Evolve and Disrupt
In lean, we often talk about value streams. Yet, it's not what we do, but rather what we learn by doing it that matters. When I look at a typical scrum or kanban board, however, all I see is a snapshot of the outcome of the thinking behind it. Perhaps we are missing an opportunity. Popcorn flow accelerates, sustains and brings to the surface the reasoning (how and what we learn), specifically through a continuous stream of small and traceable change experiments. This is a vivid example of what I call a "learning stream". Value streams and learning streams work together and help us make progress like rails on a ladder. The trick is to make both visible. Most teams use two separate boards. But some teams who adopted this approach now split their single visual board horizontally.

Quote for the day:

"A man must be big enough to admit his mistakes, smart enough to profit from them, and strong enough to correct them." -- John Maxwell,