Tag Archives: communications

The importance of convergence

Rachel Drinkwater
Senior Business Analyst
University of Coventry

The Business Analysis Conference Europe 2018

Last month I had the opportunity to attend the much lauded Business Analysis Conference Europe in Westminster, London, courtesy of UCISA’s personal development bursary for those working in the education sector.
The 2018 event marked the conference’s tenth year and having been a business analyst for approaching fifteen years now, this conference has been on my radar for some time. Over the years I have watched longingly as more senior colleagues, freelance peers and even co-workers nominated for ‘Business Analyst of the Year’, have departed for London for three days of sharing ideas, networking and learning and returned positively sparking with inspiration. This year, my turn came and I spent much of the week before preparing and planning, determined to gain the most I possibly could from this experience.
I returned, somewhat exhausted, but brimming with ideas, inspiration and a newfound pride in my profession. As a blogger, I also have inspiration for articles and blogs to keep me and my readers happy until Christmas! Over the space of the three days, I attended fifteen talks and workshops and left each one more enlightened that when I walked in, from gaining a new nugget of information, a shift in my attitude and approach towards the BA profession, to learning an entirely new technique.
More detail will follow over the coming weeks, but in this article I discuss the first of a number of key themes that seemed to permeate the conference: convergence.

Convergence

Many years ago I completed a lengthy application process for an industrial placement with a global corporation and on my application form I ticked ‘marketing’ and ‘IT’ as my two business areas of interest. In the interview stage, I was quizzed for some time on what the recruiters perceived as a most unusual juxtaposition; how could a person wanting to work in the technical discipline of IT also harbour an interest in the creative field of marketing?
Marketing has been a career-long interest for me. I chose to pursue a career in IT, but have often tended towards marketing in my personal development, attending the occasional CIM training session, self-studying related online courses and eventually undertaking a Masters which comprised at least 50% marketing modules. But why, if I had chosen a career in IT? Well, firstly because I find marketing theory and customer behaviour fascinating and secondly, perhaps because I approached IT from the field of web design and running my own business in the early 00s, I’ve always mentally linked marketing with IT.
Unfortunately, my industrial placement hirer’s attitude was not in isolation. Throughout my career, many potential employers have been perplexed and in some cases even turned off by my multi-disciplinary set of interests. Given this, it was a great reassurance to find that a significant proportion of the discussion, theory and techniques at Business Analysis Europe had roots in or strong connections to marketing.
Technological innovations and developments have disrupted almost every industry. The pervasive use of digital devices and social platforms by the majority of the populace, certainly in the Western world, has led to digital becoming a primary channel for many companies to engage with their customer base; pushing communications to them, engaging them in two-way conversations, facilitating digital communities of like-minded customers and of course ecommerce.
These digital marketing systems and platforms require IT professionals, just as with any other system and as with any other project, business analysts need to understand marketing theory and strategy if they are to design, build and successfully implement systems to support organisations’ marketing strategy.

I draw on marketing as it is an area of personal interest and because it was indeed a key area of focus at the conference, but the same applies for all areas of business; sales, operations, asset management, HR and certainly customer service and PR, as previously explored in my earlier blog article ‘Blurred Lines’.  As Mark Smalley (@MarkSmalley) stated in his The Digital BA session: “In the digital enterprise, business and IT are converging and we <as Business Analysts> need to consider the consequences of this”.

Coming Soon…

In addition to convergence, the following concepts arose time and again at Business Analysis Europe 2018, being discussed and explored in the majority of the sessions I attended:
  • Creativity
  • Customer focus
  • Empathy
  • Continuous Learning
  • Catastrophizing.
I will be posting about each one of these at a high level, then looking to explore some of these areas in more detail in future articles.
This blog originally appeared at: https://www.linkedin.com/pulse/business-analysis-conference-europe-2018-rachel-drinkwater/.

Interested in finding out more about a UCISA bursary, then visit UCISA Bursary Scheme.

New UCISA Toolkit makes it easier to get effective IT communications right

UCISA’s new Communications Toolkit (www.ucisa.ac.uk/ITComms ) was officially launched at the 2018 Support Services Group conference in Crewe in the summer. Designed specifically for the UCISA community by UCISA members and accessible as a dynamic standalone microsite, the Toolkit has been well received.

Below HENRIK BROGGER, project contributor and Head of IT Service Delivery at Queen Mary University of London, offers his thoughts on why communication can sometimes be problematic and how the new UCISA toolkit is now the go-to resource for the why, how, what and who of getting your message across. You can also hear from some of the other members involved in its creation in this short YouTube video.

 

NEW UCISA TOOLKIT MAKES IT EASIER TO GET EFFECTIVE IT COMMUNICATIONS RIGHT

When contributing to the development of UCISA’s new Communications Toolkit, there was a lot of debate about the outcome we wanted. Personally, I was keen we didn’t produce a printed booklet because a static product is difficult to update or interact with if you are somewhere and don’t have it to hand.
We needed something digital — and we were all on board with the idea of an agile web space that could evolve and be added to. Now, if we need to rewrite or update a section, we can meet tomorrow and do it rather than having to start producing a second print edition from scratch.
Simplicity was our watchword. We wanted to make it really easy for you to get to the information you want and to give people real-life examples that they can look through, learn from or replicate themselves. As a microsite, it’s meant to be something you can dip into and out of easily. In that sense it’s almost bite-sized learning that you can refer to any time for examples, downloadable templates and other resources.
So yes, we fully embraced digital (and it was Blue Sky thinking, I think the next step would be some sort of App). We also embraced digital in project delivery — using Trello to monitor the project, track progress, list responsibilities and share comments with colleagues around the country and Google Docs and Google Hangouts for virtual meetings.
When I shared UCISA’s new Communications Toolkit with the senior management team here at QMUL, the immediate feedback was ‘This is really good. We can use it to have a communication strategy and plan for IT here’. I’d already floated this thought with peers but having one of the senior managers come out and back the idea so enthusiastically was a real result.
So now we’re doing it. We’ll be applying the learning to IT first because that’s the area we’re responsible for but it will link to, and support, the wider professional services strategy and the University’s overall strategy. We will of course be meeting with the marketing and communications people here as part of all that.
In fact, one of the things that came through loud and clear when discussing Toolkit content, as you can see on the website, is the need to ensure everything correlates. A communications strategy for IT is not a standalone piece — it has to tie in with the strategy for the rest of the University.
When it comes to communicating IT, I think that we tend to be fairly good at communicating down time and fairly good at communicating when something goes wrong — but less good at communicating when things go right, such as projects and tasks completed and the good feedback we’ve earned.
Communicating and celebrating success, not only with outside audiences but among ourselves, was something we talked about a lot and there’s a dedicated section on ways to do this within the new Toolkit.
There are challenges when communicating with the rest of the University. You’ve got to think about the needs of individual schools and institutes so the way you communicate might have to be different. You are addressing very intelligent people who are paid to think and question so you need to draft your content accordingly. It’s not like the private sector where someone might send one email about change to the whole organisation. Adopting a consultative approach, rather than diktat, is key.
As well as making sure your message is clear and pitched at the right level, I think we should all – whether within or outside IT – spend more time making sure the method of delivery is right.
Email is actually a very poor communication tool. If you are always sending emails it is often a zero-sum scenario because people will just scan and bin them. When a really important email comes through, they’re not going to be reading it. That’s why all other ways to communicate need to be considered. It’s really important to think about your audiences and what’s going to work with them.
Personally, I’ve found reflection on different ways to communicate really useful. For example, we now have a board up in IT so everyone walking by can see the kind of positive feedback we’ve been getting.
And among the interesting examples of communication on the Toolkit website is Leeds Beckett University’s ‘12 Days of IT Security’ Twitter campaign to increase student awareness of online safety in the digital world. For me, it really stands out as a novel way of communicating that both addresses the needs of students provides information in a way that they, as a digital generation, find natural.

Key take-outs:

    • UCISA’s new Communications Toolkit is available at www.ucisa.ac.uk/ITComms.

    • The Toolkit was produced by UCISA members for UCISA members. The dip-in-and-out microsite includes practical advice and examples on how to better communicate as an IT function as well as a range of ready-made templates that can be downloaded.

    • Communication channels and tools are constantly evolving.  Producing the Toolkit online, rather than as a printed booklet, means the content can continue to evolve, stay up to date and be added to.

 

UCISA welcomes blog contributions and comment responses to blog posts from all members. If you would like to contribute a new perspective or opinion on a current topic of interest, simply contact UCISA’s Executive Director Peter Tinson execsec@ucisa.ac.uk

 

The views expressed on UCISA blogs are the authors’ and do not necessarily reflect those of UCISA.

 

Identifying common points of failure in technology implementation

Mia Campbell
IT Support Services
Leeds Beckett University

The Service Desk and IT Support Show, June 2018

Attending SITS18 in June, courtesy of a UCISA bursary, has helped me learn about the most common points of failure in an implementation programme. These include:
  • Ineffective coaching program
  • Management not taking ownership
  • No workflow or content standard
  • Wrong metrics
  • Seeing it as just a project.
From one of the SITS sessions, I learnt that Eptica had compiled some interesting stats together this year from customers which are useful to be aware of:
91% of customers report that they become frustrated if they are not able to find answers they are looking for online quickly
75% of customers report incidents where agents haven’t had the right or sufficient information to be able to answer their question
70% say that they often experience inconsistent answers between channels
94% of customers say a high-quality response makes them loyal.
By looking at these statistics, it looks as if communication is the key factor which makes and breaks a successful service.

The role of AI

We must adapt to change and the change in how early/what technology people are introduced to. There were a number of different sessions which looked at AI over the course of the conference including: ‘The role of AI and the automation in the rebirth of IT’ and ‘What AI will mean for ITSM and you’. AI is now a key component in many households, which the newest generations are now experiencing at a very early stage. However, there is still an audience that has not had the same experience and may struggle to adjust. One of the speakers stated that in 2011 it had been predicted that by 2020 customers will manage 85% of its relationship with an enterprise without interacting with a human. It is quite noticeable today that it is in fact quite close to that already. So with AI, how can it be harnessed as a tool to make an efficient service for the customer?

The importance of individuals

This follows a point on performance of individuals. Although we are human and not robots we should have a uniform/quite identical approach and knowledge database when assisting a customer so that we can provide an effective and positive service. We can all be guilty of cherry picking who we want to deal with to get the satisfaction we need, but all involved should be able to provide that; behaviour and knowledge are very important factors in providing good customer experience. ‘Shift left’ is a great example of this as it reduces the time a customer has to spare to receive a resolution, but also helps the person/people providing the support to be more efficient and productive in their work. This may possibly save time from unnecessary escalation and provide more time on tasks that may require additional focus.
Other points noted regarding what makes a service/tool run well are as follows:
Consolidation, Compliance, Security, Adoption, Optimisation, Integration, Mobilisation, Collaboration, Collaboration, Efficiency, Productivity.
To elaborate on a couple, Adoption is a key element on both user and support side. The service/tool needs to be adopted as smoothly as possible to enable the service overall to be at its constant prime, so that it can resume or start as expected to complete its duties. Mobilisation is also another factor which relates to availability. In order to achieve the optimal service for a customer, such as online remote support, mobility plays an important part providing support no matter where the customer is.

I met with Sally Bogg for a short while on the first day who is the head of our end services at Leeds Beckett and was also talking at SITS on career development for women in IT.  We attended a keynote session on Women in Technology lead by Dr Sue Black OBE. It was quite inspiring and Dr Black had some amazing stories which she kindly shared with us all.

Conclusion

Although my role is not a managerial one and I cannot make decisions regarding the take-up of tools, it was a pleasure to learn about them. It has been a great experience to take this information back for research purposes and also to document in these blogs how we can improve our attitude and processes. I also spoke to the vendors about how colleagues and I have utilised these tools. The vendors were glad to receive feedback at the event which they could take back to improve their provision to us all.
I spoke to many individuals at this event and it has not only been beneficial for my role but also for my own confidence. Thank you very much to UCISA for the opportunity to attend this event – it is one that I’ll keep with me.
Interested in applying for a UCISA bursary? Then visit UCISA Bursary Scheme.

I love it when a plan comes together – working on the UCISA IT Comms Toolkit

Anna Mathews
Head of Policy and Projects
UCISA

 

 

The UCISA IT Comms toolkit – a resource for higher and further education institutions

As the project lead, Sarah Peace, Head of Desktop and Printing Services at the University of York explains, “The aim of this Toolkit is to provide the UCISA community with a resource that anyone involved in IT communications can use. Whether you have an embedded communications team, a central university team or it’s everyone’s responsibility, there’s always room for improvement, and we hope that even someone who has worked in comms for several years can learn from this resource.”

The Toolkit www.ucisa.ac.uk/ITcomms is split into four sections: why communicate?, how to communicate, when to communicate and who to communicate to. But perhaps the most valuable part of the Toolkit is the resources section – a repository of graphics, templates, strategies and videos that colleagues in higher and further education are invited to explore and repurpose, or as Sally Bogg, Head of End User Services at Leeds Beckett University has it, please do “pinch with pride”.

There are quite a few things that I have really enjoyed about this project, to the extent that process may have become more significant to me than the final output. This is because:

  • before we commenced drafting we talked – and I mean really talked – about comms and who is doing good work on this in the sector, horror stories of when we haven’t communicated well ourselves, and everything in between;
  • I’ve seen at first hand the motivating effect of involving younger colleagues in a UCISA activity (for example, recent graduates seeing what roles they might progress into, through talking to more experienced members of the project team);
  • I’ve had the opportunity to work with graphic and web designers from one of UK’s most creative universities (thank you, University of the Arts London);
  • we used what at times seemed like every collaborative tool going to envisage, draft and hang a product together from scratch in a few short months, and kept the energy going (thank you, Sarah) with a crack team from all over the country most of whom are captured in this short, informal video.

We’ll continue to add to the Toolkit throughout the year, so that we have examples from as many different mission types and comms functions as possible. Therefore, if you have anything that you are able to publicly share please send it to me for potential inclusion. We are happy to have duplicates for examples that are already there, and we are also looking for comms materials and documents for IT projects, and with business change.

What do you like, what do we need more of and what are we missing? Please drop me a line at execsec@ucisa.ac.uk or leave a comment below.

The beast from the East

Lisa McDonald, User Support Manager at the University of Edinburgh and UCISA Support Services Group Committee Member, offers tips on service continuity and lessons learned after ‘Beast from The East’ snow caused widespread travel-to-work disruption.

HOW OUR BCP BEAT THE BEAST FROM THE EAST

“We’ve all heard the terms Business Continuity and Service Continuity and you likely all have business continuity plans you hope you never to have to use,” writes Lisa McDonald, User Support Manager at the University of Edinburgh.
Recently, the University of Edinburgh IT Service Desk had to become far more familiar with their BCP plans than anyone would want to.
In late February and early March 2018, the central belt of Scotland was hit by what the media termed “The Beast from the East”. And a beast it was, causing widespread chaos which unfortunately included the complete closure of the University of Edinburgh for nearly three days — a nightmare scenario for any Service Desk manager.
But we got through those three days and managed to keep our IS Helpline Service running throughout — handling 352 calls and resolving all bar four second line calls. We did this while spread geographically over an area covering a 127km radius of Central Scotland.

Figure 1: User Support team home locations (Argyle House in red)

We were organised, made the most of the tools we had and showed amazing team spirit. We learned many lessons on the way and this post is a “Top Five Tips for Service Continuity”
  1. Preparation 
    Have a Working from Home policy for all users. Create an Adverse Weather register showing team ability to travel in adverse weather and their ability to work from home. Ensure your key services like VPN have capacity to cope with an increased load from off-campus connections
  2. Communication
    Ensure your users understand the level of service to expect during this period. Set communication times in the day so staff and users know when to expect updates. Communicate with other first and second line teams so that you’re all aware of the level of underpinning support available.Your team might have tasks they need to see to at home during a weather emergency (playing in the snow doesn’t count!). They might face connection issues or find it hard to keep focus in a home environment. Make sure you continue to communicate to the team on a regular basis but don’t be tempted to micromanage.
  3. Tools
    Use Skype to hold meetings. Use chat tools to keep everyone focussed as a team while they’re geographically spread. Group chat is also a great morale booster ­– my team co-wrote a Helpline theme tune: “The Helpline Blues (I’ve got snow in my shoes)”. If you have out-of-hours cover from a 3rd party, ensure you use it as much as possible.
  4. Time Management
    You may not need as many staff on duty as usual. Review and revise your rotas so the team know when you expect them to be handling support calls. Have other tasks for them to do such as updating documentation, reviewing your website or completing their personal development paperwork.
  5. Review
    Ensure you review the event afterwards and discuss successes and learning points — not just within your own team but across the wider university or college.
No Business Continuity will ever be perfect, but with a good team and some organisation you can turn a Snowpocalypse into a Winter Wonderland!

Pictured: Lisa working from home during the ‘snowpocalypse’

Key take-outs:

  • Be prepared – Have policies guiding your users on working from home and ensure you do regular checks on your team’s ability to travel or work from home in adverse weather

  • Set expectations – Use automatic replies or standard solutions to explain to your users that service quality and speed will differ from normal running. Distance learners may not be impacted by the weather

  • Use the tools available to you – Cloud services, VPN, Chat tools and Remote Assistance tools

  • Communicate – make sure you clearly communicate at all stages of the event

 

UCISA welcomes blog contributions and comment responses to blog posts from all members. If you would like to contribute a new perspective or opinion on a current topic of interest, simply contact UCISA’s marketing manager Manjit Ghattaura via manjit.ghattaura@it.ox.ac.uk

 

The views expressed on UCISA blogs are the authors’ and do not necessarily reflect those of UCISA.

Benefits of receiving a UCISA bursary

Vicky Wilkie DSC_0007

 

 

Victoria Wilkie
IT Support Specialist
University of York

 

 

 

 

 

Six months ago I was awarded funding from UCISA to attend the CILIP conference in Liverpool. At the time I was on secondment to the IT support office at the University of York, but my previous (and now current) position was as a senior library assistant at the University Library. I was particularly interested in finding out how the two teams could work more closely together, and also how I could support colleagues in doing this. One key area I looked at when I returned from the conference was ways of merging best practice from both teams and integrating these systems to assist staff with the changes. Lending Services already had a wiki where they stored and updated information for staff. I worked with colleagues in the IT support office to develop an ITSO wiki that could be used by library and IT staff in the day to day running of the merged desk.

Social media

One of the main things I took away from the conference was how useful a resource social media can be. This usefulness took place on two levels; the first was with our interactions with users. At York we are fortunate enough to already have a communications team that look after our social media accounts. They take the time to interact with our users, but also with other universities and related services. They make sure that enquiries are answered, but they also keep the interactions fresh, funny, and relevant, which has resulted in some very positive feedback. In order to complement and promote the work our comms team are already doing, I took inspiration from one of the conference talks to focus on informing our users about the different methods of social media we use to interact with them, and how this might assist them with their studies.

The second level focused on how useful social media can be to professionals wanting to share and research new ideas in the field. During the conference, I used Twitter to disseminate my ideas and engage in debates around the subjects that were raised. I started following a range of different people in the sector, and saw the issues that were impacting on them and their users. One real benefit of social media was that it allowed me to follow themes and ideas at conferences that I was not able to attend, and find out issues that were impacting service desks from different counties as well as from a range of different sectors, from Twitter users around the world.

Collaboration

Andy Horton and Chris Rowell’s talk ‘The Twelve Apps of Christmas’ was especially interesting to me, given that I knew one of my tasks upon returning to the library would be helping with the integration of basic IT support at the library helpdesk. Their enthusiasm really inspired me, and made me assess the different training we could give to staff to help them integrate the new processes. Although we have only just started with this, the overall feedback from staff has been very positive, and we are keen to take this on board to find more ways of updating and improving training, and ensuring that it is as efficient as possible to help staff develop their skills. Collaboration was something I was very interested in, and I was surprised to see how much collaboration was already taking place, especially between library and IT departments. What I took away from the conference was that collaboration is the way forward for service desks; we strengthen each department by working together, and it was wonderful to see how many other places are already doing this.

The final major point that I took from the conference, and that has really impacted on my approach to work, was the idea that we need to celebrate our successes more. As a service desk sector, we have a tendency to focus on what we could have done better and how we can constantly improve. Whilst it is very important to ensure that we continue to progress services, it is also important to focus on what we have done well and where we are really standing out. Since returning to the library, I have worked hard to highlight times when I think that staff have been doing an exceptional, job as this motivates and encourages the whole team.

To sum up, going to the conference allowed me to look at my colleagues and really appreciate the successes we have. Looking at it from an organisational point of view, it made me assess the ways in which our different teams could work more closely together to ensure that our users get what they really need. In terms of the sector, it made me more aware of what my colleagues around the world are doing. It allowed me to share ideas with other people who are working in libraries and IT. It also made me look at the different types of service desks in education. Before  the conference, I had a tendency to focus on HE desks, but since then I have been in contact with colleagues who work in public libraries and FE colleges, looking at what they are doing and how we can work more closely together to improve the sector.

Interested in applying for a UCISA bursary? Then visit UCISA Bursary Scheme 2018.

A practical approach to risk management – two perspectives

Tim Banks
Faculty IT Manager
University of Leeds

 

This is a write-up of a session  I attended on Wednesday at Educause 2015  which was delivered by Bill Arnold, Information Security Analyst at the University of Tampa, and Dr Lawrence Dobranski, ICT Security Access & Compliance, University of Saskatchewan (Canada).

Introduction

The University of Tampa, Florida, is a liberal arts institution and has a student population of around 8,000 students, 65% of whom live on campus. There are 1,200 staff and the annual turnover is c. $235m with an estimated annual economic impact of around $850 million. They formally launched their Information Security Program 3 years ago with the appointment of a Chief Information Security Officer, who reports directly to the President (Vice-Chancellor). Their stated aim is to build a culture of risk management, security awareness and data protection, and as part of this, they have created a cyber-security lab. They achieved ISO/IEC 27001:2013 accreditation in July 2015.

The (often misspelt) University of Saskatchewan is one of the top 15 research universities in Canada with 22,500 students from over 100 countries. They have a 16:1 student:staff ratio and an annual budget in excess of $1bn which includes $9.2m of scholarships and bursaries. They have 120 Graduate Degree Programs (taught postgraduate) and over 200 undergraduate degree programs. It snows regularly and can get very cold! They formally launched their information security program in June 2012, which is centred around the following three areas:

  • IT Security
  • IT Compliance
  • IT Access

It is a risk based program, meaning that priorities for investment and action are based around a risk score. Bill observed that in 2014, cybersecurity criminals were making more money than drug cartels.

A number of barriers to progress were noted which included:

  • Lack of executive support
  • Inadequate investment
  • Ineffective information security leadership
  • Information security ‘unaware’ community
  • Information security gaps especially with respect to 3rd party service providers

Practical steps

  • Ask the right questions to the right people
  • Don’t adopt every aspect of a rigorous standard (like ISO27001), use common sense
  • Focus on information lifecycle
  • Insights will come quickly once you start working with your stakeholders. These will inform your future strategy.
  • Advance planning and effective communication are absolutely essential
  • Don’t use mass surveys (if you actually want people to provide useful information)
  • Decide how you will engage – either in person or through focused surveys
  • Keep the process simple
  • Focus on business processes and impacts on information (e.g. loss / unauthorised access) rather than using technical jargon

The University of Tampa developed a very simple spreadsheet that included each major business unit on campus, each major process within the units and the process owner. The process owner was asked to rank each of their processes on a scale of 1-5 in three areas:

  • Degree of sensitivity of the data
  • Impact of loss of integrity
  • Impact of loss of availability

The average was taken of each of the three scores for each process to arrive at a risk score for the process. A discussion was held with the process owner about the information handling lifecycle involved with each process which covered:

  • Accessing the data
  • Processing the data
  • Transmitting the data
  • Sharing the data
  • Storing the data (in both paper and electronic forms)

They also looked into whether there were any compliance requirements associated with the type of information that was being stored, and determined whether the University IT department or a third party provided the service.

Summary (University of Tampa)
Bill provided the following summary of the University of Tampa’s risk based approach to managing information security.

  • Data Discovery – find out where your confidential data resides
  • Opening the Doors to positive change in University departments. You should be seen not as people who stop departments from doing things, but the people who help them to do it securely.
  • Re-engineering information handling, which will require a change in mindset from both IT and the business
  • Getting everyone to participate
  • Security Awareness (education is key)
  • Once they trust you, they will come (bringing information about risks right to your door)
  • Rinse, wash repeat (continual process)
  • Collaborate to reduce risks

Blog_4__slide1Always remember there are a lot of things we don’t know that we don’t know, as demonstrated by this slide.

 

 

 

 

Summary (University of Saskatchewan)
Lawrence focussed mainly on the best way to present information security risks to University senior management. This is done most effectively when the senior officers of the University understand and accept the cyber-risk. In addition:

  • The information presented must be in a familiar format, as we cannot afford for the busy people we are trying to communicate with wasting time trying to understanding the presentation format.
  • We need to focus on risk information and focus on the high risk areas when talking to the University executive group.
  • Don’t make the visuals too complicated or people will stop listening to you and start focussing all their attention on trying to understand the graphics.
  • Read the IEEE publication (Slide Rules)

During their audit, they discovered an internet accessible incubator control unit with a built in web server. On further investigation, if this had been hacked and the incubators shut down, then thousands of cute little chicks would have died (and research would be put back two to three years). They also found a robot roaming the hall talking to patients which the department was trying to control remotely by adding it to the wireless network. This robot was big enough to cause serious injury to somebody if an authorised person managed to take control of it.

Blog 4_slide2The key stakeholders that Laurence identified were cyber security professionals (never be afraid to ask for help) and the staff and students at the University. It is vital that those closest to the business processes are closely involved in the threat and risk/privacy impact assessment process. The world of cyber security is a fast changing one, so dedicated cyber security professionals, either internal or external are vital in order to keep abreast of emerging threats and techniques to combat them. As an institution, we need to own risk and manage it.

Some particular suggestions for ways in which to present the information security risks included using a Gartner-style quadrant with likelihood on one axis and impact on the other. Then encourage your senior team to only focus on the top-right quadrant, whilst being able to see at a glance the entire risk landscape.

slide3

An alternative is to use a radar plot to display how well the University is doing with multiple aspects of a particular IT security concern.

Overall this was a very informative session with some practical takeaways on how to both manage information security risks and communicate this to senior managers.