Thursday, December 7, 2017

Technology Abuse in the Wired World

Technology Abuse in the Wired Workplace

Inspired by ancient Greek Wisdom

By John Kyriazoglou
Liability risks, productivity losses, service shutdowns, financial losses, brand and reputational damage, customer data and personal data breaches and large security gaps, to state only a few of the after-effects of intrusions are causing many board directors and managers to wonder what kind of ‘Pandora’s box’ they opened when their companies and organizations entered the electronic age by connecting to the Internet and carrying out their operations primarily via the Web and other e-Commerce platforms and applications.
In ancient Greek mythology, the story of ‘Pandora’s Box’ goes like this: ‘Pandora (Greek for ‘all-gifted’) was the first woman on earth. Zeus (the master of gods) ordered Hephaistus, the god of craftsmanship, to create her and he did it, using water and earth. The gods endowed her with many talents: Aphrodite gave her beauty, Apollo music, Hermes persuasion, and so forth. Hence her name: Pandora, ‘all-gifted’. When Prometheus (ancient Greek for ‘Forethought’) stole fire from heaven, Zeus took vengeance by presenting Pandora to Epimetheus (ancient Greek for ‘Afterthought’), Prometheus' brother. With her, Pandora had a jar which she was not to open under any circumstance. Impelled by her natural curiosity, Pandora opened the jar, and all evil contained escaped and spread over the earth. She hastened to close the lid, but the whole contents of the jar had escaped, except for one thing which lay at the bottom, and that was Hope’.

So we see that up to this day, whatever evils are upon us, hope never entirely leaves us; and while we have that, no amount of other ills can make us completely wretched.

I think the meaning of this story is that we have to manage technology and its impact (contained in Pandora’s jar) in all aspects of our personal and business life to benefit, as much as possible, the greater society2.

Coming back to the central issue of ‘how to manage these impacts better while gaining the benefits of the Internet technology’, the questions are:

Is the company making best use of IT systems, personnel and resources?

Are corporate managers prepared for both the tremendous responsibility and liability this places on both the board and the IT department?

Has the company implemented the best business management and IT controls to mitigate the intrusion and other risks while managing the debilitating effects of hacking and avoiding the huge fines imposed by the regulatory authorities on personal data and other breaches?

Saturday, November 25, 2017

By John Kyriazoglou

1. Description of the GDPR

The EU General Data Protection Regulation (GDPR) 
(Regulation (EU) 2016/679) is a regulation by which the European Commission intends to strengthen and unify data protection for individuals within the European Union (EU).
It also addresses export of personal data outside the EU. The Commission's primary objectives of the GDPR are to give citizens back the control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

When the GDPR takes effect, it will replace the official Directive 95/46/EC from 1995. The regulation was adopted on 27 April 2016. It enters into force 25 May 2018 after a two-year transition period and, unlike a directive, it does not require any enabling legislation to be passed by local (national) governments.

2. Security Measures and Controls
The GDPR requests (see articles 32 to 34 and recitals 39, 49, 52, 53, 71, 73, 75, 78, 81, 83, 85 to 88, 91 and 94) the company controller and the processor engaged in collecting, processing, storing and transferring personal data to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk and establish a uniform data breach notification requirement to inform, within defined time limits,  both the data protection authority as well as the data subject involved, in the event of a data breach leading to the loss, access or disclosure of personal data, etc.
The following controls, methods and techniques may be utilized for the analysis, design, implementation, assessment and evaluation of your threat strategy and measures required to protect the personal data and other valuable IT assets, in any type of organization.

More details at:

Saturday, January 14, 2017

Critical Success Factors in Improving Corporate Performance

By John Kyriazoglou

1. Introduction

There are five typical questions (Q) that come to mind in evaluating and improving the corporate performance of any company:
Q1: Which are the critical success factors (CSFs) enabling the design and good operation of strategic controls to establish the performance framework and ensure the improvement of the performance of our company?
Q2: How do we target our bottom line and continuously improve our company’s performance?
Q3: Do all our business functions/units meet the corporate financial and other performance targets?
Q4: How do our business functions/units translate corporate targets into measurable actions?
Q5: How do we monitor implementation of these actions and their impact on our company’s profit and loss (P&L)?

My answer to the first question (CSFs) is presented next.

2. Critical Success Factors in Improving Corporate Performance

The critical success factors (CSFs) enabling the design and good operation of strategic controls are: management tools, performance measurement culture, training, professional knowledge, top management commitment, and modern reporting model. These are described below.

CSF 1: Management Tools. These include Policies, procedures and systems of corporate governance related to organization, financial management, human resource management, production, sales, IT management, etc.
CSF 2: Performance Measurement Culture. This includes establishing and enhancing the role of the performance management manager, adding resources to the performance measurement teams with the appropriate skills, dexterities and talents: financial management, sales, human resource management, IT systems development and operation, production process management, customer support, etc.
CSF 3: Training. Training and educating management staff is a must to enable them to acquire and enhance their skills on the analysis of all performance data (e.g., financial, customer, internal corporate processes, employee learning and development, etc.).
CSF 4: Professional Knowledge. Very strong knowledge of the given organization’s processes, the industry to which the organization belongs, the culture of the said organization and its business operating model, as well as effective inter-personal communication skills at all management levels are also required.
CSF 5: Top Management Commitment. Very strong commitment to performance is a must by all members of the executive board, corporate leadership, top management, management committees, various organizational committees, etc., and pursuing it to all levels (up, down, across) of the given organization, corporate management, organizational units, business functions, projects, systems, processes, stakeholders, etc.

CSF 6: Modern Reporting Model. The last CSF but also as important is an open and widely-distributed environment of information and know-how exchange regarding performance, and the production and support processes and a flexible, modern and continuously kept up-to-date reporting model for the organizational performance, and for the consequences of the organization’s operations  on the greater environment, society, economy, etc.

My answer to the other four questions (questions 2 to 5) are contained in my book described next.

3. Improving Corporate Performance with BSC                      

This book describes how to control better and improve your Company’s Strategy and Performance with the Balanced Scorecard Framework. It does this by identifying the concept and importance of strategic controls, describing the types of strategic controls (such as financial, output, IT, etc.), defining the roles and responsibilities of managers and others in these, proposing a Balanced Scorecard Approach to Strategic Control for all enterprises and organizations and providing examples of a Performance Management Policy, a Corporate Strategic Plan, and a set of audit checklists and Business Performance Measures.

1. Introduction
2. What is strategic control?
3. The Importance of Strategic Control
4. A Balanced Scorecard Approach to Strategic Control
5. Strategic Control Systems
6. Key Issues in Designing Strategic Control Systems
7. Critical Success Factors
8. Types of Controls (Financial, Output, Behavioral, IT)  
9. Roles and Responsibilities
10. Strategic Controls – Examples of BSC Implementation          
11. Review and Audit Tools and Techniques (Strategic Readiness Checklist (55 questions), Business Idea Development Checklist (11 questions), Corporate Strategic Plan Checklist (15 questions), Generic Performance Audit Program (16 questions))
12. Conclusion          
13. End Notes
14. Bibliography
Appendix 1: Performance Management Policy
Appendix 2: Corporate Strategic Plan-Example
Appendix 3: List of 42 Business Performance Measures (for finance, sales, production, management and IT)

4. Further Resources

For more details, see:
1. Improving Performance with Balanced Scorecard
2. Examples of  four BSC Case Studies