Situation Awareness for Incident Response – Computers & Security

New article in Computers and Security.

How can organizations develop situation awareness for incident response: A case study of management practice

Organized, sophisticated and persistent cyber-threat-actors pose a significant challenge to large, high-value organizations. They are capable of disrupting and destroying cyber infrastructures, denying organizations access to IT services, and stealing sensitive information including intellectual property, trade secrets and customer data. Past research points to Situation Awareness as critical to effective response. However, most research has focused on the technological perspective with comparatively less focus on the practice perspective. We therefore present an in-depth case study of a leading financial organization with a well-resourced and mature incident response capability that has evolved as a result of experiences with past attacks. Our contribution is a process model that explains how organizations can practice situation awareness of the cyber-threat landscape and the broad business context in incident response.

To access the article, please click [LINK].

Communicating the Business Value of Innovation

Innovation depends upon consistent communication. Yet different stages of the innovation process require different kinds of communication. Companies who have recognized the different elements of the innovation process are able to target their communication mechanisms to encourage the strongest possible results from organizational innovation. Ideas can be brand new and relatively unconsidered or rather mature and half-implemented, and understanding clearly the distinctions between those types of ideas and communication mechanisms around them can inform organizations about how to best discuss and encourage innovation.

Consider the stage of idea generation and mobilization: One example of a company that has successfully created numerous channels for communication of ideas is Whirlpool. One strategy used by Whirlpool explicitly for idea generation was having an Innovation Team (people conversant with desired business goals and objectives as well as current operational capacities) go to each department and solicit ideas from employees. The Innovation Team included a cross-section of the company, including members from many functional areas and levels of hierarchy. During the idea collection process, all ideas were recorded and listened to without evaluation. By having a team composed of people from across the company and having that team travel to each department, normal rules of hierarchy and ordinary routines were disrupted sufficiently that employees could communicate without needing to find a way to communicate across the hierarchy.  Ethicon Endo-Surgery conducts team events encouraging cross-team functionality. For instance, the "battle of the masterminds" allowed employees to collaborate in teams to solve a particular problem. This may not necessarily be  a medical problem, but it instigates analytical thinking and cross-team collaboration.

Mars, the candy company, hosted a conference for its employees, and gave each one a nametag with RFID components that lit up when the employee was near someone they didn't know. Social networks were mapped out on a huge overhead projection that changed in real-time as employees met new people. This project was backed by social network analysis done with academic researchers, who interviewed employees to find out their current connections and devised this plan to increase the networking for the entire organization. The technique of social network analysis can provide a way for organizations to see whether or not collaboration across hierarchies and divisions is happening, and if so where--thus allowing them to analyze why. Social network analysis can illustrate pockets of communication that could be particularly ripe for idea generation. Peer-to-peer networks which have been derived from this concept  are deemed the best forms of communication are now getting popular day by day.

The next stage is the advocacy and screening of ideas. The joint processes of advocacy and screening involve the bubbling up of ideas and the filtering out of ideas into separate categories. Advocacy leads to increased communication about potential innovations, as well as encouraging the refinement of scope and intent of ideas. Screening is the process of identifying which ideas are suitable for development at a particular time, with particular capacities in mind. These two processes must occur together, as a communicative endeavor. At the end of this stage of the innovative process, high priority and high probability ideas have been identified. More extensive screening processes will also include categorization of ideas for the future, high-risk but high-gain ideas and ideas for mobilization.

Creating groups of advocates can be a challenging process. At Boeing, when executives decided to support radical process innovation they chose to create a specific team designed for the sole purpose of finding and advocating for big, radical innovations -- the group was called Phantom Works. The goal of Phantom Works was not to be the sole source of innovations, but to inspire change throughout the organization by asking questions, supporting ideas and demanding radical changes. In effect, Phantom Works is an advocacy group, supporting the idea generation and advocacy stages of the innovation process. Phantom Works also helped with communication between departments and sought ideas and technologies that could be applied in new areas of the organization. The creation of a business unit for purposes of radical innovation demonstrates organizational commitment as well as creating an advocacy body that can help incumbent organizations develop and sustain advocacy and idea generation.

These are just a few examples of how to communicate the business value of innovation. To learn more about how to communicate the business value of innovation within your organization, please contact me…

Understanding the barriers to communication in these discrete phases of the innovation process allows executives and organizations to make rational choices about what types of communication to pursue. These stages of innovation each have particular challenges, but anticipating those challenges and taking steps to minimize them can significantly increase the success of long-term innovation in an organization. When discussing the business value of innovation, organizations must be sensitive to the current stage of the innovation process. A newly hatched idea simply cannot be talked about in the same way as an idea that has passed through advocacy, screening and experimentation and is currently being mobilized for use in a new area of the organization. Innovations have differing levels of maturity, and communication must reflect those levels. Furthermore, creating an open and collaborative culture can assist communication at all levels of the innovation process.

Cyberprotest in Contemporary Russia forthcoming in Technology Forecasting and Social Change

Volodymyr V. Lysenko and I have authored paper that explores the possibilities of the Internet as a tool for supplying information necessary for the organization and mobilization of successful opposition movements, especially under non-democratic regimes. Examples of the roles the Internet plays in the political processes in Russia are discussed in detail. In particular, the recent cyberprotest cases of the website and the movement to release political prisoner Svetlana Bakhmina are investigated. Besides showing the Internet’s significant role in organizing modern protests, these cases also demonstrate that in environments where practically all traditional mass-media are under the authorities’ control, the Internet becomes the major source of alternative information. Our paper offers a look at how deploying technologies can bring about social change, even in some of the most difficult political environments.

The paper will appear in Technology Forecasting and Social Change. Volodymyr and I will present the paper at the Harriman Institute for the Etiology and Ecology of Post-Soviet Media Conference at Columbia University on May 7-9, 2010.

Speaking at the Washington Technology Industry Association: Securing Organizational Knowledge – Human Intelligence Operations

wtialogo_intI will be giving a talk for the Washington Technology Industry Association based on my recent book, Managing Knowledge Security (Kogan Page, 2007). The talk will take place on December 7, 2009 at Seattle University. For details, please click here [Link]

Based on his recent book, Managing Knowledge Security: Strategies for Protecting Your Company's Intellectual Assets (Kogan Page, 2007), Desouza will describe how human intelligence operations are conducted to ascertain competitive intelligence. Warning his audience of business practitioners that most organizations fail to understand that their core resources intellectual assets are constantly under attack, and that protecting these resources is as important as any other part of the strategic agenda. Desouza, gives advice on how to recognize dangers of human and technological breaches, hazards of outsourcing and business alliances, implementation of breach prevention measures, and the necessity of working with disaster scenarios. He illustrates his advice with cases from his personal experience working in the fields of competitive intelligence, knowledge management, crisis management, and security operations.