Archive for the ‘Humor’ Category

Book Review: “The New Data Imperative: Managing Real-Time Risk in Capital Markets” by Dr. Raj Nathan, Irfan Khan, & Sinan Baskan

Nude Sunbathing
Image by STML via Flickr

It seems that since the arrival of the Great Recession everyone has rushed a book out explaining why it happened and how to prevent it in the future.   The feeding frenzy includes folks from all sorts of backgrounds who barely know what Sarbanes-Oxley, a financial statement or a CobiT control is.  For many of these “experts,” the reasons for the recession are clearly not financial or regulatory or linked to Globalization, but deeply ingrained in our dysfunctional and narcissistic society and by nasty “capitalism,” which to many is as deadly a tormentor of society as the Black Plague was 700 years ago.   The damage caused by the recession is viewed as evidence that there is a need to educate the masses in new righteous ways to make money and  legislate new rules over corporate conduct.   The new Robin Hoods of course  are poised to make lots of money by selling new training programs, conducting seminars in Las Vegas and devising new green and “humane” ways to dismantle capitalism.

Although, writen by Sybase excecutives, The New Data Imperative by Dr. Raj Nathan, Irfan Khan and Sinan Baskan is not one of those new opportunistic books I am so disappointed to see in the book stores today.   This book is a breath of fresh air in that it does not overshoot its scope and intent.   Although, discussing the recession and using it as a backdrop, the book in its 115 pages manages to convey the what, how, when and why of the information infrastructure behind today’s globalized financial markets, and why changes to these are needed.  It does this in language that is understandable to non-technical business people (auditors, compliance, legal and financial management), who for the most part  are the ones who need to understand these things, so they can participate in future implementations and improvements to existing  systems.

In the next three to five years Risk Management will see an increase in the complexity of analysis,  the need for faster data acquisition, faster reporting and the integration of more diverse data sources from in-house and  from “the cloud.”   Not to mention a likely increase in Regulatory Compliance  mandates.  For these reasons, the way we approach the infrastructure that supports the  Risk Management function(s) needs to be  re-conceptualized.    “The New Data Imperative” provides a quick snapshot of how to achieve this.  The book looks at the state of current Risk Management “silos,”  their data feeds, analysis cycles, reporting structures and overall data infrastructure, explaining why these current systems fell short during the recent financial crisis and provides us with a well conceptualized picture of how to transition, often without major and costly changes, into the data environments needed for the new Risk Management processes now being proposed by regulators, the Big Four and some of the leading international financial standards organizations.

In addition to its clarity, in my opinion the book serves another important purpose.   That of attempting to educate “legacy” type IT managers who in many organizations today have “stale” skill sets and  are often ignorant of industry best practices  and trends.   As many an experienced IT auditor can confirm,  these managers are ill prepared for the future  and  can not visualize the infrastructure changes needed to implement and maintain the Enterprise Risk Management systems of the post Great Recession era.  Because these folks can not visualize the future, they tend to be serious obstacles to improving performance and strategically positioning IT investments for competitive advantage.    Although, high in authority because of seniority or organizational politics,  these folks have managed to carve out positions where they appear to provide value not by what they do, but by how they stop others from doing.   They are in a way the “Gate Keepers” against innovation and process improvements.    If by some miracle some of  these individuals were to read “The New Data Imperative,” I think great technological achievements would take place in their organizations.

If you are an IT Auditor or a Risk Manager for a financial institution, I highly recommend that you familiarize yourself with this book.   I believe the book will bring you up to date on the latest real time risk management concepts and will open your eyes to some of the technological challenges we will be facing in the next three to five years as Enterprise Risk Management evolves to a more mature level.

Because the book is small and unassuming, I also recommend it as a gift for those “legacy” type IT managers I mentioned earlier.   It may be the most eye opening technology book they’ve read in the last 10 years!

If you’re wondering about the “Nude Sunbathing” sign above…. let me explain why it’s here.   This picture was taken last July one block away from the Jacob Javitz Convention Center in NYC, on the day the National Enterprise Risk Management Club of Buenos Aires, Argentina, was holding its national awards for the most creative use of Twitter in a crisis situation.   When members saw this sign they Twitted all the participants, and half the Jacob Javitz Center emptied as the men rushed to the Hudson River to watch the annoyed sun bathers.   Now the question being debated by serious Harvard sociologists is:  Did Twitter empty out the Jacob Javitz Center, or was it the naked sunbathers and their uncontrollable effects on the hot Latins from Argentina?

Enhanced by Zemanta


Enterprise Risk Management – A one-day course led by James Lam, author of Enterprise Risk Management

I took this picture at the 2005 US Open.
Image via Wikipedia

November 4, 2009
9:00 am to  5:00 pm
New York City


  • Establishing a strong business case for ERM, and overcoming organizational barriers
  • Developing a practical ERM framework and implementation plan
  • Demonstrating tangible benefits from ERM adoption
  • Implementing and integrating ERM into strategic and business decisions
  • Establishing effective risk management policies and explicit risk tolerance levels
  • Developing effective dashboard reporting for senior management and the board
  • Creating an effective feedback loop for ERM performance

For further information on this event from PRMIA, please click the link below:

Shared via AddThis

The photo above shows the turn out at the last Chess championship between Latvia and Jamaica held in Mozambique last year.    Soon after this picture was taken the audience rioted because the sound system broke down and no one was able to tell when the game was over.   This event is an example of why Enterprise Risk Management needs to be taken more seriously.

Enhanced by Zemanta

5 Security Lessons From Real-World Data Breaches

Syntho Saur
Image by david via Flickr

I think everyone involved in IT Security knows that the majority of IT Security incidents are not reported outside the organizations in which they occur.   This excerpt from an article published in should be of interest to IT Security folks as well as CIO’s.   To read the full article follow the link at the bottom of the post:

“The unwritten rule among companies is that the less said about security breaches, the better. For every public revelation of stolen data there are dozens of breaches that don’t make the news.

This code of silence might avoid angering partners and customers, and sidestep a public relations mess, but it makes it harder for the industry as a whole to learn from mistakes and improve information security and risk management practices. That’s why this article draws on direct observations from real-world security breaches on which we’ve performed forensic investigations, to help companies understand how breaches happen and what to do about them.”

The full article from is in the link below:

Shared via AddThis

If you haven’t been able to figure it out yet, the photo above is of the famous Japanese Sumo wrestler Kami Nobugama disguised as a toy Godzilla, when he was attempting to break into a Department of Defense apparatus on September 10, 2001.   This formerly classified photo was sent to us by Mr. M. Icon using secure Steganography.

Enhanced by Zemanta

CalPERS Pushes for Change at Texas Industries

VanDyck, Man in armor 1625
Image by yak23flora via Flickr

Anyone who knows what the CalPERS Corporate Governance Focus List is, knows that CalPERS is one of those organizations that is not afraid to advocate for changes in corporate America.   Especially if it is a major stockholder in the company in question.   I found this article at and felt it provides an excellent example of the types of conflicts taking place today between those who advocate for systematic changes in Corporate Governance, and those who want to see changes at a slower pace or not at all.   After you read the excerpt below you can read the whole article by clicking on the link at the bottom of this post:

“The California Public Employees Retirement System (CalPERS) has made its case to revamp the board of directors at Texas Industries, according to the Sacramento Business Journal. Texas Industries, which will host its annual shareholder meeting on October 22, is facing a dissident slate of directors from CalPERS through Shamrock Activist Value Fund, which invests $200 million for CalPERS.  “The experienced and diverse Shamrock director slate can more effectively oversee CalPERS interests as a long-term shareowner of Texas Industries by better focusing the board’s attention on optimizing the company’s operating performance, profitability and returns to shareowners,” said CalPERS’s Anne Simpson, senior portfolio manager of corporate governance.”

To read the article, please click the link below:

Shared via AddThis

The photo above is of Don Pedro de las Marias Heinkel Windham III, the first Texas cowboy in recorded history.   He founded the famous San Antonio tavern “Los Borrachitos” (near River Walk) and fathered 27 children with  Anne Marie Johnston Wyler and 20 other women.  He owned the first rapid fire 67 caliber flintlock outside of New Spain.

Enhanced by Zemanta

FBI offers advice during new National Cyber Security Awareness Month

The Coffee-Serving Security Guard
Image by Qole Pejorian via Flickr

Another initiative from the FBI to increase public awareness of the Cyber Crime problem.   This excerpt from lets us know (in case we didn’t).   This may be the sort of information we pass on to persons who need to know how our tax dollars are spent, children or Rip van Winkle.  Here is the excerpt:

“This October has been declared National Cyber Security Awareness Month, a month in which Americans are encouraged to learn more about the “national security priority” that is the US communications infrastructure.

“Cyber attacks and their viral ability to infect networks, devices, and software must be the concern of all Americans,” President Barack Obama said yesterday. “This month, we highlight the responsibility of individuals, businesses, and governments to work together to improve their own cybersecurity and that of our Nation. We all must practice safe computing to avoid attacks. A key measure of our success will be the degree to which all Americans educate themselves about the risks they face and the actions they can take to protect themselves and our Nation’s digital infrastructure.” “

To read the rest of this story, from follow the link below:

Shared via AddThis

Seriously, we must all practice “safe computing,” otherwise we will be deemed promiscuous and will  get ugly freckles in our faces.

Enhanced by Zemanta
Categories: Humor, Security Tags:

White Paper: A Wiki-Induced Stimulus for Knowledge Management

La Fée Electricité
Image by Feuillu via Flickr

One of the most difficult problems faced by organizations and Internal Audit departments (especially those with a geographically dispersed staff) is poor communications and a lack of knowledge transfers. The silo problem adds to this, where some groups or individuals adopt ownership of critical knowledge and “unofficially” hold the department hostage by not sharing information, or not doing it in a “timely manner.” This culture also encourages informal communications, where instructions and/or directives are verbally passed, resulting in high rates of forgetfulness, especially in times when the validity of the directive is in question.

In an Internal Audit scenario, the challenge in solving these problems lies heavily with Chief Audit Officers, and those they report to.  This is so mostly because these folks are not technologically savvy, and are inexperienced in the deployment, use and maintenance of enterprise solutions. Although, Internal Audit is often at the forefront of advocacy towards the adoption of improved technologies in the organization as a whole, more often than not it is one of the most antiquated and inefficient departments, with little understanding of the very things they advocate for. If you add to this the traditional clashes that take place between the typical IT Department and Internal Audit, you quickly realize that rolling out anything beyond a complex Excel application for the field auditors is a real challenge.

So, how do you begin to solve the problem of poor communications and information silos? A Wiki is in my opinion a good starting point. If you do not know what a Wiki is, then go to and play around with it…. its the highest profile Wiki in the world, one maintained by thousands of non-technical users every day.

The idea of the Wiki is akin to a sponge. It absorbs user information which can then be squeezed out at any time by anyone with access to the application. It is not a database, because it can be free-form, and it is usually learned in less than 30 minutes. Because of this ease of use, Wiki’s are now becoming the main internal repositories of knowledge at many universities and research centers. They are replacing traditional archives and document warehouses.

Because of the simplicity of the Wiki, most IT Departments have few problems implementing them, and because they are normally maintained by non-technical users, there is little need for a dedicated technical staff to support them. Wiki’s are also inexpensive, run over SSL on the web for security and most support RSS, Twitter and other communication services. This should ease the “tensions” normally put up by IT departments when new deployments are proposed.

As we see the unfolding of new Enterprise Risk Management (ERM) requirements from the US Congress, and the increasing need for cooperation among Internal Audit, Risk Management, Legal, Compliance and Governance, it is clear that those organizations with entrenched silos and internal communication problems will have very difficult times transitioning and keeping controls over the new ERM processes. Emails, memos and endless meetings (the traditional approaches)do not have the “stickiness” to sustain and encapsulate the types of information and data needed to keep an effective ERM program moving forward from year to year.   A Wiki does.

My advice to those organizations and Internal Audit departments experiencing communication problems, and preparing for an increased role in ERM is to consider a Wiki as soon as possible.

The link below will take you to a White Paper posted by eTouch, in the site, which provides a good discussion on how to use their Wiki:

To experiment with a free (ad supported) Wiki you can visit the site.   They are one of the largest free Wiki providers.

There are many commercial Wiki vendors aside from eTouch.  One that has obtained a lot of recent publicity is which offers a variety of packages for businesses of all sizes.

Shared via AddThis

If you look closely at the photo above you will be able to tell its a photo of a managing director from one of the Big Four accounting firms.   She is surrounded by visual stimuli in a Carlos Castaneda type trance, asking the motherly spirits to explain why she makes so much money while hardly working and being a complete &%$#@ to everyone around her.  Any resemblance to anyone you may know is completely unintended.

Enhanced by Zemanta

Help Wanted: Homeland Security Seeks Cybersecurity Pros

Reenactment of a Roman legion attack.
Image via Wikipedia

I think everyone agrees that America’s IT Security posture needs improvement.  This initiative from the Obama administration, in my opinion will help us harden our vital communications infrastructure making life harder for future Cyber attackers.  It is also a great way to stimulate the economy by spending money on hiring some of the young sharp CISSP’s I see loitering around in NYC IT Security conferences.    Below is the excerpt from

“The Obama administration has given Department of Homeland Security the go-ahead to hire up to 1,000 new cybersecurity pros over the next three years, secretary Janet Napolitano said today.

The new hiring authority will let DHS, a key agency in the nation’s cybersecurity strategy, fill positions in risk and strategic analysis, incident response, vulnerability detection, intelligence, investigation, and network and systems engineering.”

To read the rest of the report follow the link below:

Shared via AddThis

The guys in the photo above are CISSP candidates in training, at a state of the art training facility on 34th Street in NYC.

Enhanced by Zemanta