Monday 24 September 2018
Reflections from Independent Member of the Public Accounts Committee
Really interesting at Public Accounts Committee today. Talking about our role and forthcoming public hearings with Director General re Property Holdings 22 Oct and States CEO re Public Sector Reform 19 Nov. Also look forward to C&AG Report on Remuneration of States Owned Companies and to hear from States CEO on response to previous C&AG Reports.
https://www.jerseyauditoffice.je/our-work/2018/
It’s interesting to what extent the meeting is like a chat show host, allowing officers to say their key messages or to what extent it is an interview to test facts, figures and progress of the implementation.
16 October: Meeting with Treasurer re EY Transformation of SoJ Finance
Will be interested to see EY Transformation of SoJ Finance and the milestones for changes in people, process and technology and how this all fits together within the orchestrated plans for Target Operation Model and Change Programme. What will be the KPIs and measured benefits for each of these initiatives which the public will see over the next 12 months.
22 October: Meeting with Jersey Property Holdings
This will be a very interesting meeting given the C&AG Report [“Resolute action and consistent buy-in required to secure improvements in property management” says C&AG as latest report is issued (21st June 2018)] and also the news on Bailiwick Express: The Director of Jersey Property Holdings is stepping down amid criticism over management of the government’s £1billion property portfolio
https://www.jerseyauditoffice.je/wp-content/uploads/2018/06/Report-Operational-Land-and-Buildings-21.06.2018.pdf
https://www.bailiwickexpress.com/jsy/news/states-property-portfolio-director-resigns/#.W6kWwXtKjcs
19 November: Meeting with Charlie Parker
I know the States’ Chief Executive is keen on transparency and accountability and I am sure a public hearing will provide a good opportunity for Officer’s to show their talent and outline their achievements to us and the public, especially given his commitments in this video.
https://www.youtube.com/watch?v=A3fql59qd88
USEFUL LINKS
About Public Accounts Committee [PAC]
https://statesassembly.gov.je/Scrutiny/Pages/ScrutinyPanel.aspx?panelId=4
https://statesassembly.gov.je/Pages/Scrutiny.aspx
C&AG Controller and Auditor General
https://www.jerseyauditoffice.je/our-work/2018/
Tim Rogers
http://www.timhjrogers.com/about-tim/
DISCLAIMER
Please note that the thoughts above are personal as Independent Member of the Public Accounts Committee and not necessarily the collective view of the Public Accounts Committee, Chaired by Senator Sarah Ferguson.
TWITTER 140 CHARACTER COMMENTS
Really interesting at PAC talking about role public hearing with Director General re Property Holdings 22 Oct. Interested? Come along, or post a question for us to ask!
Really interesting at PAC talking about meeting States CEO re Public Sector Reform 19 Nov Interested? Come along, or post a question for us to ask!
Really interesting at PAC talking about C&AG Report on Remuneration of States Owned Companies. Do you think you are getting value for money?
Tim HJ Rogers MBA CITP
Independent Member of the Public Accounts Committee
Mob 447797762051 timhjrogers@gmail.com
Skype timhjrogers Twitter @AdaptCCompany
Linked-In https://www.linkedin.com/in/timhjrogers/
Sunday 23 September 2018
'Cyber security - what is the incident response capacity of the island of Jersey?
https://www.eventbrite.com/e/iod-jersey-lunch-with-stephanie-peat-director-of-digital-telecoms-policy-states-of-jersey-tickets-50487839487
This should be interesting. There are some really good initiatives recently
Partnership with UK strengthens Jersey’s cyber resilience
https://www.gov.je/News/2017/pages/CISPNetworkJersey.aspx
Channel Island Information Security Forum Annual Conference.
https://2018.ciisf.org/speakers/
USEFUL REFERENCES
PAC Review of e-Government
https://statesassembly.gov.je/ScrutinyReports/2017/PAC1.2017%20-%20Review%20of%20eGov.pdf
e-Gov Jersey
https://www.gov.je/government/publicsectorreform/egovernment/Pages/eGovernment.aspx
Government Cyber Essentials Plan
https://www.gov.je/StayingSafe/BeSafeOnline/ProtectYourBusinessOnline/pages/cyberessentials.aspx
About Public Accounts Committee [PAC]
https://statesassembly.gov.je/Scrutiny/Pages/ScrutinyPanel.aspx?panelId=4
Tim Rogers
http://www.timhjrogers.com/about-tim/
Monday 17 September 2018
Learning and Loving DevOps
Bill, an IT manager at Parts Unlimited, has been tasked with taking on a project critical to the future of the business, code named Phoenix Project. But the project is massively over budget and behind schedule. The CEO demands Bill must fix the mess in 90 days, or else Bill’s entire department will be outsourced.
With the help of a prospective board member and his mysterious philosophy of the Three Ways, Bill starts to see that IT work has more in common with manufacturing plant work than he ever imagined. With the clock ticking, Bill must organize work flow, streamline interdepartmental communications, and effectively serve the other business functions at Parts Unlimited.
In a fast-paced and entertaining style, three luminaries of the DevOps movement deliver a story that anyone who works in IT will recognize. Listeners will not only learn how to improve their own IT organizations, they’ll never view IT the same.
I recommend the book
https://www.audible.co.uk/pd/The-Phoenix-Project-Audiobook/B00VB034GK?source_code=M2M14DFT1BkSH082015011R
Based on this I am reading and watching as much as possible
This is a simple primer
https://www.youtube.com/watch?v=_I94-tJlovg
This is important and brilliant by Gene Kim (author of The Phoenix Project )
https://www.youtube.com/watch?v=877OCQA_xzE
This is the seminal video Velocity 09: John Allspaw and Paul Hammond, "10+ Deploys Pe
https://www.youtube.com/watch?v=LdOe18KhtT4
I welcome any suggestions on other videos or further reading
Tim
Sunday 16 September 2018
Culture and the keys to DevOps
Culture and the keys to DevOps
We also know culture is notoriously hard to describe. If you want an eye-opening experience, just ask a group of your employees to describe your own organization’s culture and see what kind of responses you get – after the quizzical, contemplative, and downright stumped looks, of course. Even harder than describing culture is demonstrating its contribution to organizational performance.
Culture’s importance is reinforced in the DevOps movement as the “C” in “CALMS” – one of the 5 Key Aspects of DevOps Posted April 21, 2016 by Jeff Gallimore
I’ve become increasingly passionate about and involved in the DevOps movement over the last several years. It’s so exciting to see all the impact DevOps is having on individuals and organizations coming from the innovation happening in the industry. However, DevOps is also such a broad (vague? confusing?) term that everyone has their own take on what it is (including me) and their own perspective on how “DevOps-y” an organization is.
“DevOps is about technology!” “No, DevOps is about process!” “No, DevOps is about people!” Well, they’re all right (although I agree most with that last person).
So what are the key aspects of DevOps?
At the first DevOpsDays conference in the U.S. in 2010, two pillars of the DevOps movement, John Willis and Damon Edwards, coined the acronym “CAMS” to describe the aspects of DevOps. “CAMS” stands for “Culture, Automation, Measurement, and Sharing”. Jez Humble, author of the ground-breaking Continuous Delivery book, later added the “L” for “Lean” to give us “CALMS”.
Let’s describe each one of the aspects of “CALMS” so we can have a clearer picture of where an organization is in its DevOps journey.
1. Culture
Peter Drucker, the famous management guru, realized how important culture was to the performance of an organization. He’s alleged to have said, “Culture eats strategy for breakfast.” More recently, Dr. Ron Westrum advocated for a “Three Cultures Model” that describes attributes and observable behaviors of a corporate culture and how it processes information. His three culture types are: Pathological (power-oriented), Bureaucratic (rule-oriented), and Generative (performance-oriented). For example, is an organization the kind of place where messengers are shot and failures are covered up (pathological)? Or are messengers trained and failures viewed as opportunities to learn (generative)? Culture has an impact on organizational performance in countless ways – for better or for worse.
2. Automation
Computers are terrific at doing the same task the same way really fast over and over again. Humans… not so much. Automating repetitive, time-consuming, error-prone tasks can yield big dividends. Have you implemented the foundational elements of continuous integration, automated testing, and automated builds? Are you ready for infrastructure-as-code and continuous delivery pipelines? You might even be adopting ChatOps. Whatever your state of automation is, the possibilities for automation to improve speed, consistency, and quality are endless.
3. Lean
We’re seeing the same Lean practices that were applied to manufacturing in the 1980’s being applied to IT now. Do we understand the end-to-end process we use to deliver value (in this case, with software) to our customers? Do we know where the inefficiencies and waste in that process are? Do we have a plan for reducing that waste? The primary Lean tool in our toolkit is value stream mapping. You’ll also hear a lot of Japanese words associated with the gold standard of lean practices: the Toyota Production System.
4. Measurement
You might have heard the expression, “You get what you measure.” We want faster feature flow into production, higher quality, and more value – so we need to track metrics associated with these outcomes and then use the information to drive feedback loops and decision-making. One of the DevOps unicorns, Etsy, takes measurement to the extreme by measuring virtually everything within their enterprise. You might not be tracking the quarter million time-series metrics like Etsy does (in 2013!), but measuring important aspects of your engineering and business operations will yield valuable insights so you can respond faster and improve more.
5. Sharing
Friction-free information improves organizational performance. The degree to which an organization shares information is directly influenced by its culture (see the first aspect). How does information flow between people, teams, functions, and levels within the organization? There are all kinds of indicators of sharing, like peer code reviews, information radiators, lunch-and-learn meetings, process ceremonies, and any number of feedback loops from one person or group to another. The more open an organization is when it comes to sharing and communication (i.e., the closer to a generative culture it has), the better it will perform.
No two organizations are the same and therefore no two organizations “do the DevOps” the same way. “CALMS” gives us a clearer way of looking at what an organization is doing, and identifying what is working and what might be opportunities for improvement. “CALMS” can be a powerful tool to accelerate an organization along its DevOps journey toward better results and helping it win in the marketplace.
Culture also shapes how an organization shares information – “sharing” being the “S” in “CALMS” and another key aspect of DevOps.
But for all its importance, we’ve had few tools and limited research to describe or quantify culture.
That is, until Dr. Ron Westrum came along and gave us his “Three Cultures Model” to describe different ways organizations process information. He shared his model and research in his paper “A typology of organizational cultures,” published in Quality & Safety in Health Care in 2004. The table below from his paper identifies the three cultures and provides attributes describing how organizations with each culture share information.
The DevOps Maturity model
LINKS
https://qualitysafety.bmj.com/content/13/suppl_2/ii22
https://www.excella.com/insights/3-types-of-culture
https://www.excella.com/insights/5-key-aspects-of-devops
Feedback and comments and debate always welcome
TimHJRogers
@TimHJRogers +447797762051
https://www.linkedin.com/in/timhjrogers/
http://www.timhjrogers.com/
TimHJRogers World Champs Rower, Commonwealth Games Triathlete, MBA (Management Consulting) Projects & Change Practitioner, TEDx & Jersey Policy Forum
We also know culture is notoriously hard to describe. If you want an eye-opening experience, just ask a group of your employees to describe your own organization’s culture and see what kind of responses you get – after the quizzical, contemplative, and downright stumped looks, of course. Even harder than describing culture is demonstrating its contribution to organizational performance.
Culture’s importance is reinforced in the DevOps movement as the “C” in “CALMS” – one of the 5 Key Aspects of DevOps Posted April 21, 2016 by Jeff Gallimore
I’ve become increasingly passionate about and involved in the DevOps movement over the last several years. It’s so exciting to see all the impact DevOps is having on individuals and organizations coming from the innovation happening in the industry. However, DevOps is also such a broad (vague? confusing?) term that everyone has their own take on what it is (including me) and their own perspective on how “DevOps-y” an organization is.
“DevOps is about technology!” “No, DevOps is about process!” “No, DevOps is about people!” Well, they’re all right (although I agree most with that last person).
So what are the key aspects of DevOps?
At the first DevOpsDays conference in the U.S. in 2010, two pillars of the DevOps movement, John Willis and Damon Edwards, coined the acronym “CAMS” to describe the aspects of DevOps. “CAMS” stands for “Culture, Automation, Measurement, and Sharing”. Jez Humble, author of the ground-breaking Continuous Delivery book, later added the “L” for “Lean” to give us “CALMS”.
Let’s describe each one of the aspects of “CALMS” so we can have a clearer picture of where an organization is in its DevOps journey.
1. Culture
Peter Drucker, the famous management guru, realized how important culture was to the performance of an organization. He’s alleged to have said, “Culture eats strategy for breakfast.” More recently, Dr. Ron Westrum advocated for a “Three Cultures Model” that describes attributes and observable behaviors of a corporate culture and how it processes information. His three culture types are: Pathological (power-oriented), Bureaucratic (rule-oriented), and Generative (performance-oriented). For example, is an organization the kind of place where messengers are shot and failures are covered up (pathological)? Or are messengers trained and failures viewed as opportunities to learn (generative)? Culture has an impact on organizational performance in countless ways – for better or for worse.
2. Automation
Computers are terrific at doing the same task the same way really fast over and over again. Humans… not so much. Automating repetitive, time-consuming, error-prone tasks can yield big dividends. Have you implemented the foundational elements of continuous integration, automated testing, and automated builds? Are you ready for infrastructure-as-code and continuous delivery pipelines? You might even be adopting ChatOps. Whatever your state of automation is, the possibilities for automation to improve speed, consistency, and quality are endless.
3. Lean
We’re seeing the same Lean practices that were applied to manufacturing in the 1980’s being applied to IT now. Do we understand the end-to-end process we use to deliver value (in this case, with software) to our customers? Do we know where the inefficiencies and waste in that process are? Do we have a plan for reducing that waste? The primary Lean tool in our toolkit is value stream mapping. You’ll also hear a lot of Japanese words associated with the gold standard of lean practices: the Toyota Production System.
4. Measurement
You might have heard the expression, “You get what you measure.” We want faster feature flow into production, higher quality, and more value – so we need to track metrics associated with these outcomes and then use the information to drive feedback loops and decision-making. One of the DevOps unicorns, Etsy, takes measurement to the extreme by measuring virtually everything within their enterprise. You might not be tracking the quarter million time-series metrics like Etsy does (in 2013!), but measuring important aspects of your engineering and business operations will yield valuable insights so you can respond faster and improve more.
5. Sharing
Friction-free information improves organizational performance. The degree to which an organization shares information is directly influenced by its culture (see the first aspect). How does information flow between people, teams, functions, and levels within the organization? There are all kinds of indicators of sharing, like peer code reviews, information radiators, lunch-and-learn meetings, process ceremonies, and any number of feedback loops from one person or group to another. The more open an organization is when it comes to sharing and communication (i.e., the closer to a generative culture it has), the better it will perform.
No two organizations are the same and therefore no two organizations “do the DevOps” the same way. “CALMS” gives us a clearer way of looking at what an organization is doing, and identifying what is working and what might be opportunities for improvement. “CALMS” can be a powerful tool to accelerate an organization along its DevOps journey toward better results and helping it win in the marketplace.
Culture also shapes how an organization shares information – “sharing” being the “S” in “CALMS” and another key aspect of DevOps.
But for all its importance, we’ve had few tools and limited research to describe or quantify culture.
That is, until Dr. Ron Westrum came along and gave us his “Three Cultures Model” to describe different ways organizations process information. He shared his model and research in his paper “A typology of organizational cultures,” published in Quality & Safety in Health Care in 2004. The table below from his paper identifies the three cultures and provides attributes describing how organizations with each culture share information.
The DevOps Maturity model
LINKS
https://qualitysafety.bmj.com/content/13/suppl_2/ii22
https://www.excella.com/insights/3-types-of-culture
https://www.excella.com/insights/5-key-aspects-of-devops
Feedback and comments and debate always welcome
TimHJRogers
@TimHJRogers +447797762051
https://www.linkedin.com/in/timhjrogers/
http://www.timhjrogers.com/
TimHJRogers World Champs Rower, Commonwealth Games Triathlete, MBA (Management Consulting) Projects & Change Practitioner, TEDx & Jersey Policy Forum
Saturday 15 September 2018
UK Business Leaders Warned About Cybersecurity - Jersey needs to be prepared too
British business leaders need to extend their cyber security defenses beyond the threat posed by Russia to other states and criminal syndicates, one of the UK’s leading spymasters has warned.
In an interview with the Financial Times, Ciaran Martin, chief executive of the UK’s National Cyber Security Centre, which is part of the communications intelligence agency GCHQ, said that while Russia remained a serious threat to businesses, Iran and North Korea, as well as international cyber criminals, presented equal if not greater risks.
https://www.informationsecuritybuzz.com/expert-comments/uk-business-leaders/
Adapt Consulting Company has been working with TechColab and a number of other Cyber Essentials organizations to create a CE Toolkit of tools, templates, training and scripts to apply Cyber Essentials compliance to SMEs and Charity Businesses.
With the States of Jersey now suggesting Cyber Essentials is mandatory, it's a good time to get prepared.
Feedback and comments and debate always welcome
@AdaptCCompany +447797762051
http://www.adaptconsultingcompany.com/
Adapt Consulting help people and organisations get things done
@AdaptCCompany
Tuesday 11 September 2018
Computer Emergency Response Teams
CYBER SECURITY NATIONAL CRITICAL INFRASTRUCTURE
I recently commented about Cyber Security National Critical Infrastructure in a posting titled This is the ultimate game of cops and robbers
http://timhjrogers.blogspot.com/2018/09/this-is-ultimate-game-of-cops-and.html
Following attendance at the meeting to discuss CERT [Computer Emergency Response Teams] I have the following observations.
Overall I think the meeting was a positive step in the right direction but my inclination would be to prioritise Government and National Critical Infrastructure before discussion with Visit Jersey, Association of Jersey Charities, Jersey Business, Digital Jersey etc.
I am sure all the SMEs and Voluntary Sector would welcome a government funded Computer Emergency Response Teams to co-ordinate advice, action, reporting for Jersey.
However perhaps Government and National Critical Infrastructure (Health, Ports, Electricity, Water ) should be the role models and help by setting the tools, templates and techniques that SMEs and Voluntary Sector can follow.
There is consensus that initiatives like Cyber Essentials CE is good. But also recognition that cost, understanding and expertise are a barrier to large-scale take-up of Cyber Essentials (see link below)
There is concern about States of Jersey suppliers certification requirements
1. From 2018, suppliers awarded any new government contract worth more than £25,000 will need to commit to adopting Cyber Essentials, or a higher standard, within 12 months.
2. From 2020, all suppliers in receipt of contracts valued at more than £25,000 will need to demonstrate adherence to Cyber Essentials or a higher standard.
This is likely to create more fear than compliance in the absence of funding or guidance.
It is noted in the UK that despite being years’ ahead with Cyber Essentials the take-up has been low.
It is noted that some Government departments or quangos don’t meet suppliers certification requirements and it seems premature to mandate this as a requirements without the training, tools, templates and techniques (ostensibly from CERTS) to make this happen.
However rather than challenge the wisdom of CERTS, this instead highlights how important they are and that perhaps the government’s ambition for CERT should be in-place to help facilitate and support Cyber Essentials.
COMPUTER EMERGENCY RESPONSE TEAMS
There was good discussion about the wide variety of approach and content for CERTs. It seems many people take many different approaches.
It its most basic level both CE and GDPR require planned responses to breaches and information security events and any toolkit (including one supplied by me) include all the tools, templates and techniques necessary to satisfy that requirement.
However at a macro level it doesn’t make sense for 100’s of small businesses duplicating effort that a central Computer Emergency Response Teams might do faster, cheaper, better and with considerably more expertise and co-ordination.
Take for example co-ordinating regulatory reporting for OIC, JFSC, Police, NIST etc.
Or another example, offering standardised advice and guidance on tools, templates and techniques
Or perhaps noticing patters of cause and effect that are not obvious in isolation, but can be managed better from “higher-up”
CONSCLUSION
The CERT [Computer Emergency Response Teams] initiative is a good one. But it needs to be co-ordinated with Cyber Essentials and States of Jersey suppliers certification requirements.
As always, feedback welcome – particularly form people who have experience and knowledge to contribute on CERTS and Cyber Essentials
LINKS
CERT [Computer Emergency Response Teams]
https://en.wikipedia.org/wiki/Computer_emergency_response_team
About Cyber Essentials
https://www.gov.je/StayingSafe/BeSafeOnline/ProtectYourBusinessOnline/pages/cyberessentials.aspx
Sunday 9 September 2018
Can Jersey's e-government and Open Data benefit Charities?
OPEN DATA
The Open Data Institute defines open data as ‘data that is made available by organisations, businesses and individuals for anyone to access, use and share’ – we’ve listed some of the top sources of open data for UK charities below. These datasets can be blended together with a charity’s own data as fuel for AI innovation.
Source:
https://www.charitydigitalnews.co.uk/2018/07/11/the-top-open-data-sets-available-to-charities-now/
UK GOVERNMENT
In June 2012, every Whitehall department produced an open data strategy, but not all of them have gone on to provide the same quantity of of data in a clean and accessible format.
Limitations include data not being published or recorded. When it is released, it sometimes features redactions and lacks effective categorisation, and flagship datasets such as transactional level spending for government departments are often out of date.
Source
https://www.computerworlduk.com/data/how-uk-government-uses-open-data-3683332/
The UK government has promised to provide more data in future to both the public and private sectors. In December 2017, it published new guidelines on what data should be released and how to ensure that it would be easy to find and available in the most usable format.
Emma Prest of DataKind UK – a UK charity that helps charities, non-profits and other social groups improve their impact through data science.
JERSEY OPPORTUNITIES
Surely Jersey is well placed to use eGovernment and Open Data to help local voluntary sector of 535 businesses and 11,000 people to provide better targeted resources and funding more efficiently for the benefit of the community and saving for the public purse.
Open datasets worth exploring See..
https://www.charitydigitalnews.co.uk/2018/07/11/the-top-open-data-sets-available-to-charities-now/
The Association of Jersey Charities will be revising its activities and its website. Would this be a good time to embrace Open Data to see the flow of Lottery Funding using Open Data?
Imagine if we can see how money is being spent, and measure the benefits and social impact. Using Open Data we can do this, as well as open the possibilities of new products and services, reports and analysis for example by targeting Digital Jersey coding programmes to combine student learning with social benefits through innovative products and services.
Feedback and comments always welcome
TimHJRogers
@TimHJRogers +447797762051
https://www.linkedin.com/in/timhjrogers/
http://www.timhjrogers.com/
TimHJRogers World Champs Rower, Commonwealth Games Triathlete, MBA (Management Consulting) Projects & Change Practitioner, TEDx & Jersey Policy Forum
The Open Data Institute defines open data as ‘data that is made available by organisations, businesses and individuals for anyone to access, use and share’ – we’ve listed some of the top sources of open data for UK charities below. These datasets can be blended together with a charity’s own data as fuel for AI innovation.
Source:
https://www.charitydigitalnews.co.uk/2018/07/11/the-top-open-data-sets-available-to-charities-now/
UK GOVERNMENT
In June 2012, every Whitehall department produced an open data strategy, but not all of them have gone on to provide the same quantity of of data in a clean and accessible format.
Limitations include data not being published or recorded. When it is released, it sometimes features redactions and lacks effective categorisation, and flagship datasets such as transactional level spending for government departments are often out of date.
Source
https://www.computerworlduk.com/data/how-uk-government-uses-open-data-3683332/
The UK government has promised to provide more data in future to both the public and private sectors. In December 2017, it published new guidelines on what data should be released and how to ensure that it would be easy to find and available in the most usable format.
Emma Prest of DataKind UK – a UK charity that helps charities, non-profits and other social groups improve their impact through data science.
JERSEY OPPORTUNITIES
Surely Jersey is well placed to use eGovernment and Open Data to help local voluntary sector of 535 businesses and 11,000 people to provide better targeted resources and funding more efficiently for the benefit of the community and saving for the public purse.
Open datasets worth exploring See..
https://www.charitydigitalnews.co.uk/2018/07/11/the-top-open-data-sets-available-to-charities-now/
The Association of Jersey Charities will be revising its activities and its website. Would this be a good time to embrace Open Data to see the flow of Lottery Funding using Open Data?
Imagine if we can see how money is being spent, and measure the benefits and social impact. Using Open Data we can do this, as well as open the possibilities of new products and services, reports and analysis for example by targeting Digital Jersey coding programmes to combine student learning with social benefits through innovative products and services.
Feedback and comments always welcome
TimHJRogers
@TimHJRogers +447797762051
https://www.linkedin.com/in/timhjrogers/
http://www.timhjrogers.com/
TimHJRogers World Champs Rower, Commonwealth Games Triathlete, MBA (Management Consulting) Projects & Change Practitioner, TEDx & Jersey Policy Forum
Cyber Essentials - a joined-up approach is needed
Ten-fold increase in security breach cases since GDPR, claim lawyers
Last year, Fieldfisher handled about three new cases a month. Today, it's handling one new case every day
https://www.computing.co.uk/ctg/news/3062333/ten-fold-increase-in-security-breach-cases-since-gdpr-claim-lawyers
This only heightens the need for Jersey to be prepared for this global game of cops and robbers.
http://timhjrogers.blogspot.com/2018/09/this-is-ultimate-game-of-cops-and.html
The problem is that in this inter-connected world you are only as strong as your weakest link and for that reason government must help Charities and SME's to become CE Certified (Cyber Essentials) as a minimum.
https://www.cyberessentials.ncsc.gov.uk/
The solution is a CE Service that is affordable (ideally subsidized) and standard so that businesses can share knowledge and expertise and find themselves compatible with each other for tools, training, techniques and templates.
Feedback and comments and debate always welcome
TimHJRogers
@AdaptCCompany +447797762051
https://www.linkedin.com/in/timhjrogers/
http://www.adaptconsultingcompany.com/
Friday 7 September 2018
This is the ultimate game of cops and robbers
ANOTHER SCANDAL ON THE LIST OF SCANDALS
I am sure everyone is talking about the BA Hacking. Nearly 400,000 passengers have been caught up in yet another PR disaster for British Airways, with the airline the victim of a “sophisticated and malicious” security hack.
The stolen information did not include travel or passport details, the British flag carrier said, but warned that customers should check with their banks and credit card providers for suspicious activity.
How to find out if your data was compromised
BA said that the hack related to bookings made or changed between 10.58pm on August 21 and 9.45pm on September 5. “We will be contacting affected customers directly to advise them of what has happened,” the airline said on its website.
To be sure this is another scandal on the list of scandals. Here are the Biggest, Baddest, and Scariest
https://www.orangewebsite.com/articles/biggest-hacking-scandals-of-all-times/
CYBER SECURITY NATIONAL CRITICAL INFRASTRUCTURE
But we should not be surprised. Indeed we should expect more, and be prepared.
I am looking forward to attending Government Cyber Security Incident Response Capability Workshop. Hosted by Phil Ashley (Digital Policy Advisor - Financial Services & Digital Economy) this should be a really interesting meeting.
The workshop’s objectives are:
1. To understand whether businesses would want to make use of an incident response capability
2. Gain an appreciation of the skills, resources, facilities and services that organisations already have access to
3. Determine what model and scale might be appropriate for the Channel Islands
4. Explore the potential services that would be valued
5. Identify how the capability should be resourced
The initial ambition is that the capability will cover government, critical national infrastructure organisations and private businesses. This workshop is a key opportunity to feed into government’s thinking on the subject and help ensure that Jersey is able to respond to cyber security incidents in a way that works for business.
LESSONS FOR GOVERNMENT AND BUSINESS
It is clear that there are so many dependencies between business and government, between government and the voluntary sector that a joined-up approach is needed.
For example the voluntary sector has 535 organisations and 11,000 volunteers providing charitable health, social care and other services to the vulnerable and needy. Much of our health and social services provided to the community are dependent upon Island’s Critical Infrastructure.
I can see value in all States Departments using a common set of tools and making recommendations on tools, training and techniques that will benefit the Island and Critical Infrastructure (eg Ports, Police, Health, Education) + National Critical Services (Health, Care etc)
For example it seems optimal that States Departments use the same tools, policies and guidance for GDPR, CE and Encryption as part of a joined-up approach that serves both government but also the business and community.
This is however just one aspect. National Critical Infrastructure is much broader than this. It is about prevention as well as response.
If you are interested in Data Protection and Cyber Security this is the ultimate game of cops and robbers. The stakes are high. And it is compelling to learn and apply the collective wisdom of initiatives like Government Cyber Security Incident Response Capability Workshop.
USEFUL LINKS
https://www.bbc.com/news/technology-45446529
https://www.bbc.co.uk/news/uk-england-london-45440850
https://www.theguardian.com/business/2018/sep/07/ba-says-hack-hit-only-those-buying-tickets-in-two-week-period
Subscribe to:
Posts (Atom)