Tag: Risk Management

Sometimes I think IT leaders are missing a key point in the way they speak to their non-technology counterparts. Case in point: we keep saying things like, “The company has to be more comfortable taking risks,” or “We have to fail fast,” or “We need to be less risk-averse.” I can guarantee that none of […]

The roles of the CFO and CIO have been subtly changing. In many enterprises, these roles had veered away from the strategic focus that one would expect from CXOs. But to succeed in the digital world, as I discuss in my book War & Peace & IT, enterprises must let their CIOs and CFOs re-establish […]

I’m very excited to announce that today is the official publication date of my latest book, War & Peace & IT: Business Leadership, Technology, and Success in the Digital Age. It is intended as the hitherto missing book for senior enterprise executives on how best to work with their technology organizations to accomplish their digital […]

It’s no surprise that organizations are worried about becoming locked in to their cloud provider. After all, the history of IT is full of examples of vendors taking advantage of high switching costs to impose restrictive licensing terms and to increase prices. But I think that the cloud is different—and in fact, is making it […]

(image www.bluecoat.com) In an earlier blog post, I discussed the importance of building a culture of security rather than thinking of security as just the job of the CISO’s team. In this post, I’d like to discuss some ideas on how to build such a culture, drawing on my experiences at USCIS. As CIO, I […]

It is no longer sufficient to leave security to a team of specialists who watch over the enterprise’s risk posture and control it through a set of constraining policies. It is not enough to guard the boundaries of the enterprise’s network with firewalls, or to simply implement sets of controls specified in a compliance framework. […]

In an earlier post, I talked about how risk decisions are often compromised by the status quo bias. In this post, I would like to present an alternative way to think about risk—a way that fits well with today’s business practices. To be precise, I want to try to demonstrate that risk in a business […]

I remember an incident from my previous CIO role. A number of us were in a meeting discussing the severe problems we were having with the performance of a large contractor. At one point, someone suggested that we start a new RFP (request for proposal) process to replace the contractor. “Too risky,” said one of […]