Bright Stove

Reflecting information risk journey

Archive for August 2012

Changing season

with one comment

This is a post that I have drafted roughly about two years ago, when I was still living in Beijing at that time, on an early autumn day. As we approach the end of August, here in San Jose this week, I feel that the temperature is lowering each day, and yesterday, I came across this short article at Nanfang Weekend (南方周末), it reminded me about this post that I still have over here to share some related thoughts.

As the season changes from summer to autumn, we see a changing surrounding of yellowing leaves, and feel the cooler breezes of wind, and lowering temperature. Along with these changes, we often hear Chinese physicians advising the public from radio and TV stations to beware and be careful of the chilling wind, and at this stage of seasonal change, from summer to autumn, not to put on too much warm clothing too quickly as well. The opposite during the change from winter to spring. As our individual body system has its own unique vulnerabilities, the consequence of such exposure to the changing environment could range from catching a cold to a stroke (for the older folks, especially those with a heart condition or high blood pressure). In fact, I can feel the wind is more chilling early in the morning and evening now than during the summer period. I recall a year ago at around this period, in one of the morning, I drove to office and decided to wind down the windows to enjoy the early autumn breezes, and it was quite cooling and pleasant through the journey. Shortly after arriving at office, however, my neck got stiffer by the minutes and it was impossible for me to turn to either side by noon. That lasted for a few days even with a daily massage by a Chinese physician. In my first year in Beijing, I caught a cold in the same period for putting on too much warm clothing too early as well. Adaptation to change is never easy.

Maybe my neck is just too weak after so many years of fixating at the computer/laptop display, and I was living in a yearlong summer season country for so many years then that a slight drop in temperature is a big change that my body reacted to too quickly.

In any case, such seasonal change reminds of the importance of change management in our digital world as well. As organization undergoes ongoing changes, especially from closing one financial quarter to beginning a new quarter, or moving from one fiscal year to another, there are often new or evolved goals, objectives, directions that are put forward, in which changes to the supporting and operating environment follow. The wind of change has its own effect on information security. The consequence of not understanding the information security risks associated with those changes, and not managing or preparing for them appropriately could leave the organization systems with severe gaps or hidden issues. The effect may be minor in some cases, like catching a cold that could be recovered quite quickly by resolving the issues, to severe illness causing prolonged period of downtime or inefficiency. In the worst case, exposing critical systems or information to breaches or compromises. As reported in a not too recent incident, the repeated use of an outdated procedure in a maintenance process had resulted in more than six hours of downtime for a major bank in Singapore. So, before your organization catches a cold in the process of change, best to work the security changes into the planned change, or the seasonal change. In the traditional Chinese health systems approach, the summer is the season to build up energy and get ready for the cooling autumn and chilling winter to come. Going outdoor, working out physically, and taking energy-enhancing food are amongst the common advise from the Chinese physicians. Similarly, in the period before an anticipated change event, or unanticipated incidents, getting organisation (including people) ready (through planning, training, drills/exercises, etc) are important activities that should not be taken lightly.

One question though, what about places like Singapore that don’t really have a four season? In a summer all year long country, are we constantly working out and building energy? Where do we expand those energy? Any thoughts?

Advertisements

Written by mengchow

August 20, 2012 at 12:54 am

11th RAISE Forum Meeting

leave a comment »

Last week in Tokyo, members of the RAISE Forum gathered for the 11th meeting since its inauguration in November 2004. In the past two to three years, activities and participations in the Forum meetings seemed to have slowed down, but core members from Japan, South Korea, Chinese Taipei, Malaysia, and Singapore continued to be active in organising and facilitating the proceedings, focusing mainly on information sharing and keeping each other updated on their respective economies’ developments (in terms of information security and standards). Malaysia, as one of the founding members, also continued to contribute through remote participation (thanks also to the WebEx conferencing tool) even though they couldn’t get the funding to attend the meeting physically.

In this meeting, there were two interesting developments. We have our mainland China’s members sending four representatives and providing two contributions to the proceedings, expanding the members’ presence in the meeting and increasing the level of activities in the forum. At the close of the meeting, we also agreed on two new initiatives to pursue forward. As this is still a semi-open forum, I shall not discuss more details about the new work items proposed until we have something more concrete to share. Meanwhile, if anyone in Asia has interest to participate and contribute (not just observe and listen ;-)) to improve the sharing of information security learning and experience, feel free to drop a comment here, or send a direct message to us in Twitter @raiseforum, or our alternative RAISE Forum group site at LinkedIn.

Special thanks to Japan NICT for their sponsorship for the meeting, and our Japanese members for organising the logistics and administrative supports, including the reception gathering, which all made the meeting possible and successfully held for the 11th times. Our next meeting will be held in mainland China, organise by our P.R. China members.

Stay in touch!

Written by mengchow

August 19, 2012 at 6:40 am

%d bloggers like this: