The avalanche of digital data that has resulted in Big Data storage and analytics is leading to additional issues as data volumes continue to grow in volume, variety, and velocity. A critical issue for the enterprise is how to maintain control of these immense pools of structured and unstructured data.

The avalanche of digital data that has resulted in Big Data storage and analytics is leading to additional issues as data volumes continue to grow in volume, variety, and velocity. A critical issue for the enterprise is how to maintain control of these immense pools of structured and unstructured data.

In this issue, we depart from our usual Executive Report format to bring you multiple viewpoints on a contentious topic: whether agile has transitioned from being an upstart methodology adopted in innovative organizations to being the methodology of choice for the “early majority” of Geoffrey Moore’s chasm. Have organizations indeed “crossed the chasm” in viewing agile as mainstream and in adopting it?

In Part I of this Executive Update series, we looked at the barriers to and possible benefits of collaboration. I examined the "four pillars of collaboration," which provide a foundation that supports collaboration and collaborative structures.

In Part I of this Executive Update series, we looked at the barriers to and possible benefits of collaboration. I examined the "four pillars of collaboration," which provide a foundation that supports collaboration and collaborative structures.

Often managers latch on to the methodologies and practices that happen to be in fashion -- the latest management BS! Some make desperate demands for their staff to react, perhaps by creating a service catalog, but without identifying who is going to use it and how it is to be used. Despite containing some really good guidance, ITIL can become a distraction, with organizations using it unsuccessfully as a safety blanket or shield.

Constantly changing security boundaries that are simultaneously "owned" by everyone and no one demand a new approach at both the technical and policy levels. A properly designed and managed enterprise security architecture (ESA) enables this. The less-defined security boundaries that encompass infrastructure require a new way of defining cyber security architecture for the cloud. Organizations still have the same mission; they just need to change their mindset on how they do business in the cloud.

"So the question remains on the table: is ERM unfixable, or can something be done to make it live up to its promise as an effective and relevant business practice?"

-- Robert N. Charette and Brian Hagen, Guest Editors

GETTING IN ON THE GROUND FLOOR

Enterprise risk management (ERM) can be viewed as a framework that consumes, aggregates, and reports analysis accumulated from diverse business units and factors that affect organizational risk. Historically, ERM deployments have tended to begin at a 40,000-foot corporate level, gaining authorization and executive commitment before trickling down into the enterprise.

FLAWED ASSUMPTIONS OF PROBABILITY THEORY

Risk analysis is the core of enterprise risk management (ERM). For example, to conduct a cost-benefit analysis of new security safeguards and controls, organizations first have to perform risk analysis. Risk analysis starts with the identification of risks and assigning values such as probabilities of risk occurrence and the expected amount of damage.

Over the years, the information security function has morphed from a very technologically based discipline to a function that, by circumstance, has become more aligned with business objectives. This increased synchronicity with the business is based on the true nature of security itself -- which is to provide a set of controls to protect assets from threats.

A MATTER OF TERMS

To the person in the street, the notion of managing risks at the enterprise level would seem like common sense -- ensuring that the enterprise doesn't take too many risks and that the ones it does take are sufficiently uncorrelated with one another that a single unfavorable event will not create a domino effect. Shareholders expect it. Employees want it for their own job security.

 

Organizations often spend huge amounts of money and time setting up risk processes and methods, along with supporting tools and training, which often fail to deliver the expected value. Why is this so? We believe the problem isn't in the risk processes themselves, which are usually logically correct. Rather, these investments alone do not enable great risk management practice because risk management is difficult -- it relies on getting groups of people to agree on how to manage things in the future that may or may not happen.

IN DESPERATE NEED OF INFALLIBLE RISK MANAGEMENT

Recent years have seen heightened concern about and focus on risk management, and it has become increasingly clear that a need exists for a robust framework to effectively identify, assess, and manage risk.

Which do you want more: to be right or to learn?

In March, I discussed various tablet options in regard to their possible roles in the enterprise (see " Tablets for the Enterprise").

In March, I discussed various tablet options in regard to their possible roles in the enterprise (see " Tablets for the Enterprise

As the use of mobile devices in the enterprise continues to grow, I see the realization of a dream that has, for the most part, been elusive: the greater use of speech-enabled enterprise applications.

As the use of mobile devices in the enterprise continues to grow, I see the realization of a dream that has, for the most part, been elusive: the greater use of speech-enabled enterprise applications.

The corporate world is littered with the carcasses of enterprises, large and small, wounded -- some mortally -- by failures of the "conjoined twins" of leadership and risk management. Why are these two concepts referred to as "conjoined twins"? Because neither can function without the other.

The corporate world is littered with the carcasses of enterprises, large and small, wounded -- some mortally -- by failures of the "conjoined twins" of leadership and risk management. Why are these two concepts referred to as "conjoined twins"? Because neither can function without the other.

For many organizations, using the words "PMO" and "agile" in the same sentence could be considered an oxymoron. Bringing "agility" into your project management office may be a challenge -- depending on how much your organization has already invested in your current processes and how open you are to consider making "transformative" changes to support the organization's move to agile.

CIOs sit between a rock and hard place.

I used to say to a client that "I am only as good as my data" when the input I received for an engagement was inadequate. I still use this phrase, when appropriate, from time to time.

When an organization effectively combines business and IT architectures together in an initiative or funded program, it stands a much better chance of success.