Lootok

Menu

What's new?

How to use Scenario Planning in Risk Management - Thomas Chermack on Fresh Perspective

 

Read Post

Fresh Perspective with Daniel Diermeier

Read Post

Gartner names ClearView a leader in its 2016 Magic Quadrant for BC software

Lootok is proud to announce that ClearView, our trusted software partner,  has been positioned in the Leaders Quadrant in Gartner’s July 2016 Magic Quadrant for Business Continuity Management Planning Software, Worldwide.

Gartner: Magic Quadrant

CEO Charles Boffin comments, “We are delighted that we have been recognized as a leader in the market as we continue to focus on our core principles of delivering a sophisticated and functionally-rich platform in a way that makes it easy to use and intuitive for all users, irrespective of role in an organization. We believe our transition from the Challengers to Leaders quadrants demonstrates our continuing commitment to remain a key player globally in this field.”

Read Post

Can a crisis make you a celebrity?

Picture of man speaking to the press
Ready or not.  Say, “Cheese!”

While artists, athletes, and performers struggle to make their mark in the public eye with a memorable act or viral moment, a different type of celebrity has been emerging on the scene - the spokesperson for a crisis.

Here’s a quick exercise to highlight the point:

Jeffrey Boyd, Lew Frankfort, and Stephen Hemsley. Do these names sound familiar?
If not, don’t feel bad. They are the CEO’s of Priceline.com, Coach, and UnitedHealth Group, respectively.

Now, how about the names Tim Cook and James Comey?
We can immediately recall them as the CEO of Apple and the FBI Director, respectively, feuding over a locked iPhone involving a federal investigation of the San Bernardino shooting.

The media diligently covered Cook and Comey’s debate for more than three months. During that time, both men emerged as stars in a cast of characters ranging from lawyers, judges, politicians, and even presidential candidates. The media and public tuned in to hear their perspectives on data privacy, security, technology, civil rights, and terrorism.

Read Post

Snowflake Syndrome: when should we be unique vs. boiler plate?

One of the challenges we have in risk management, crisis management, and security management is striking a balance between customized and standard solutions. Customized solutions and approaches tend to be more expensive now (implementation) and later (maintenance). However, customized solutions resolve specific requirements. Standard solutions tend to be cheaper, but we don’t get exactly what we want. Our challenge is balancing requirements and spend to get the most out of our budgets.

When is good good enough?

Jeremy Stynes, Lootok’s CCO / CTO, has coined a term he calls Snowflake Syndrome. Snowflake syndrome is when someone believes that they are so unique they demand special attention and design - but reality is ... they’re not special. They believe their project/initiative/program is one-of-a-kind, a snowflake. The challenge of the Snowflake Syndrome is rooted in people’s mental models. People can suffer from the syndrome when they confuse their personal uniqueness, or desire to be unique, with the organizational program they are responsible for. It can also come from working in organizational environments that lack standardization and procedures; therefore snowflake solutions are everywhere. It is easy to believe you are a snowflake when everything and everyone around you is a snowflake. Snowflake thinking can lead to overly complex (unique) design and processes. Anytime we see inconsistent design or costly overruns the snowflake syndrome is close by.

Snowflake
Snowflake syndrome

Read Post

Lootok’s 8Rs™ of Resiliency: easy and effective model to communicate, employ, and remember

When working with the masses [end-users; not experts in risk management, business continuity, crisis management], I find it beneficial to present clear, concise, and concrete packaged solutions. People need guidance and structure to help them think through problems and build effective plans. This is one of the reasons Lootok created the 8Rs™ of Resiliency. The goal the 8Rs is to reduce uncertainty, simplify complexity, structure thinking and dialogue, build common ground, and establish preparatory activities. The 8Rs facilitates planning with a plan as the end deliverable (i.e., plans are the byproduct of planning). The 8Rs are designed to provide people with a set of options they can employ to continue operations under various threats and timelines. The 8Rs™ of Resiliency comprises of the following:

  1. Relocate - physical moving assets (e.g., people, technology, equipment) to another location
  2. Reassign – transferring processes (i.e., work) to another location
  3. Repair / Replace – capabilities in place to fix the problem at time of event
  4. Reinforce – fortify, strengthen, assets to tolerate greater impacts and occurrences
  5. Replicate – simultaneous production (i.e., processes, technology, work) at two locations [duplication]; active-active
  6. Redundancy - extra capacity and inventory
  7. Risk Transfer – shift risk to other entities through insurance, contracts, and risk pooling
  8. Relinquish – do nothing [e.g., too cost prohibitive]; risk acceptance strategy
Lootok's 8Rs™
Lootok’s 8Rs™

Read Post

Should global organizations have a global security operations center (GSOC)?

“How did you go bankrupt?”
“Two ways. Gradually, then suddenly.”

- Ernest Hemingway, The Sun Also Rises

I was working with a head of risk management—the chief risk officer—at a global organization that does not have a GSOC. One night over dinner, I asked him why his organization didn’t have one, and suggested he spearhead the initiative. His response? “I’m not convinced we need one. The organization has always operated without a GSOC, so why start now?” He also said, “The reality is, we’re already doing it here and there. The system works fine. Let people do their thing.” Something that seemed so obvious to me and so unnecessary to him left me on the defensive and him on offense.

The reality is, if you’re a global organization, you need a GSOC—or some version of it. If you don’t have one, you will need to communicate the severity of the situation and get one. Allow me to illustrate the need for such capabilities so you can justify the business case to your leadership and board…

GSOC

Read Post