Day 2 at Insights 2011 started with a keynote panel, made up of very senior folks from the ‘Big 4’ accounting firms. At first I thought this session may be a little tedious – expecting an old-fashioned audit focus.
Not so, and I found the session very interesting. The key messages related to the need to better understand and cope with risk;
- New, and perhaps not well understood, risks from emerging markets
- Not just the physical risks, but also need to understand and adapt to different cultural expectations
- New (and again poorly understood) risks relating to disruptive technologies
- e.g Cloud, Mobile devices, Social Media
- The combination of these risk sources
- Some developing countries may actually skip the PC era and move straight to the smart phone era, need to be able to operate in such a market.
It was interesting to hear the representative from Deloitte promote the concept of “Risk Intelligence” – I would hope he is using the term in the context of learning and experience of risk (as suggested by David Apgar’s book
The discussion reminded me that I have not finished reading this book, and will do so and review for you here. Being able to learn from our experience to better understand and mitigate risk is essential for resilience.
The sessions continued in the similar vein to yesterday, with plenty of interaction with audience, and discussion leaders using interview style rather than powerpoint. Moving from yesterdays theme on “Executive Insights during Challenging Times” to today’s theme of “Insights on “Integrating Business and Technology”.
Strong session from Dr Ron Ross of NIST about the future of cyber security. Raising some of the same disturbing scenarios as suggested by Richard Clark
An appropriate follow-on from Ross’s session – where he discussed the NIST guide on Risk Management for IT Systems was a specific session dedicated to that subject. Very passionate speaker in Brian Barnier – strong message from several sessions for Info Sec folks to get up out of the weeds and ensure risk management is linked to business objectives and needs.
Creation of ‘Risk Aware Architectures’ is going to be an essential change to keep this alignment and integration of business and IT. It will not be possible to manage IT Risk by bolt-on solutions chosen after solutions are designed and implemented.
The lunch session returned to the topic of Cyber Security featuring Howard Schmidt, White House Cybersecurity Coordinator. This presentation raised the area of focus above the needs of individual organisations to address national, and multi-national issues in this space.
Not surprising that this issue of cyber security is featured in several sessions at this conference. Clearly a top of mind issue with this audience.
It has been hard to fault the calibre of the people leading the discussion at this conference, very focussed selections (they did not have a call for papers) has resulted in almost no bad speakers.
A fire alarm (thankfully false) and evacuation certainly roused the delegates in the final session of the day.
Looking forward to tomorrow, when things will wrap up with “Insights for the Future of Business and Technology.”
Some very interesting points here, Ken, in particular in relation to risks in emerging markets. Emerging markets skipping the PC era and moving straight to smartphones, coupled with social media wildfires is maybe not a risk per se, but it certainly creates a potentially volatile and unstable environment which requires a different set of communication skills than what we are used to.
And I will definitely look into some of Apgar’s writings… thanks for the pointer!
As always Jan, a pleasure to create extra reading for you!
Agree with your comment that the actual process of managing risks is the same, we just need to make sure we have understood the context in which we look at risk.
These emerging markets add more uncertainty as we try to understand the implications of their development cycle.