Wednesday, July 27, 2011

Did your customer just make you non-compliant with PCI guidelines?

Did your customer just make you non-compliant with PCI guidelines?

The convenience and ease at which technology has connected us may open the door to inadvertently exposing your organization to violations and PCI audits.  If, for an example, a customer sends their credit card information to you in an email or other social medium format, which sends (or should send) red flag warnings.  You absolutely cannot process the transaction.

According to Walter Conway, “If you do, then your company’s email servers, cell phones, web browser caches, Twitter, and Facebook accounts are all subject to a PCI-DSS audit.”

Refusing the transaction is not good for business, but accepting it means that everything in the communications channel is now handling cardholder data and must be compliant.

Worse yet, because much of these communications are not encrypted, what happens if that card information is compromised?  You now have a post-breach situation which notification requirements and regulators looking for your Written Information Security Plan (WISP).  Fines are sure to follow, but what about the loss of that customer and others that now look at your company as liability.

Better to refuse the transaction and explain the gory details to the customer rather than risk the alternatives.  Dolvin Consulting works with Cyber Security Auditors and Administrators (CSA2) to help you prepare.  Contact us to discuss how we can help protect your reputation and bank balance.

Monday, July 25, 2011

Focus Experts’ Briefing: Supply Chain Management Overview

Using Enterprise Resource Planning (ERP) systems for Maximum Competitive Advantage.

In an increasingly competitive market, smarter businesses thrive. This comes from real-time visibility into all aspects of your supply chain and the ability to quickly analyze this data. A well thought out ERP integration can make this a reality. Focus' Supply Chain Management (SCM)/ERP Research Package provides a wealth of information from ERP and SCM experts so you're prepared to evaluate solutions.

Now more than ever, businesses need to run efficiently. Supply chain management (SCM) can provide real-time visibility into your supply chain so you can manage — and optimize — day-to-day operational performance. But how does a business get started with SCM, and how does one find the right application? What skills should a supply chain manager have? Where do supply chain analytics fit into a supply chain management solution? This Experts’ Briefing leverages the expertise and experience of Focus Experts and Focus Community members, whose guidance can give you a better understanding of the practical aspects of SCM, from selecting an appropriate SCM solution to gaining insight into supply chain analytics.

This guide is a great starting point.  Figure out what you do not know and then contact Dolvin to see how we can use our knowledge and industry partnerships to connect you with the resources you need to achieve your goals.

We welcome your comments and suggestions.

Friday, July 22, 2011

The Cost of a Breach

According to IBM Systems Magazine the 2010 cost per compromised record was $214, up from $204 in 2009, $202 in 2008, and $202 in 2008 and $197 in 2007.

A couple of hundred dollars is not so bad if you only had one or two records compromised, but what if the total record breach was in the thousands or millions?

What about the loss of customer confidence and trust?  How many customers will you lose as a result of not taking the most basic preparation steps of a Written Information Security Plan (WISP)?  According to the Ponemon Institute, it’s recent study pegged the average 2010 cost of a data breach in the US at more than $7 million.  

This number is bound to rise once 2011 numbers have been tabulated.  Dolvin Consulting works with its partner Cyber Security Auditors & Administrators (CSA2) to help companies determine their risk potential and develop an appropriate WISP plan.

According to CSA2’s June newsletter, the following are just some of the high profile breaches that have occurred this year:
·         Health Net- March 2011
·         Epsilon- April 2011
·         Sony- April 2011
·         Michaels- May 2011
·         PBS- May 2011
·         IMF- June 2011
·         ADP (Automatic Data Processing)- June 2011

We are here to help, contact us today.

Thursday, July 21, 2011

Data Archiving: If it is worth saving, it is worth protecting.

IBM Smart Archive Strategy utilizes tiers of security.  One of the more important features of the information archive is the three levels of information protection, which coincide with the collections architecture. 

As reported in IBM System’s Magazine (July 2011), One of the benefits of this collection architecture is you can assign the protection level for each collection according to your information protection requirements.

Basic protection level:
·         Documents can be deleted before the expire.
·         Retention periods can be increased and decreased.
·         Documents with an extended retention period due to a retention hold can be deleted.
·         IT administrators can change the document protection level at any time.

Intermediate protection level:
·         Documents with an extended retention period due to a retention hold can’t be deleted.
·         Administrators can change the document protection option to maximum at any time, but can’t lower it to basic.
·         After the retention period expires, elements within the collection can be deleted, but the collection itself is permanent so new documents adhering to the same requirements can be added.

Maximum protection level:
·         Documents can’t be deleted until the end of their retention period.
·         Documents with an extended retention period due to a retention hold can’t be deleted.
·         Document retention periods can be lengthened but not shortened.
·         After enabling maximum protection, administrators can’t modify the document protection option to another level.
·         The collection can never be deleted.

IBM information archive also offers and enhanced tamper protection feature, which is important for customers with very strict retention requirements.  With this technology the administrator can remove root access so nobody, with malicious or non-malicious intent, can affect archived information.  This optional feature can be enabled at the customer’s discretion, but once enabled, it remains for the duration of the system’s life.

Why is all this important?  Because, if it is worth saving, it is worth protecting.  Dolvin works with enterprises to help them define and implement the right solution for their challenges.  Contact us today for an evaluation.

Monday, July 18, 2011

Taming the Supply Chain

In a recent IBM Systems Magazine article, Jim Utsler describes how IBM reduced its microelectronics inventory, but elevated service levels. 

In today’s uncertain economic times, companies of all sorts are keeping a close eye on inventory levels.  They must avoid having too much stock during lean times and not having enough should orders suddenly arrive. 

Mastering this delicate balance is the key to increased revenue and reduced operational expenses.  According to article, IBM Research developed Advance Cross-Inventory Optimizer (AXIO), formally known as Dynamic Inventory Optimization Solution (DIOS) to address this balancing act.    The Q&A article goes into some detail about how and why this method of calculation is better than those of the past.  Apparently this is true, because they were able to reduce inventory 10 times while achieving service levels above 95 percent.

The take-away is that the methods used today may be more sophisticated, but the need is still the same.  Ever since manufacturer’s existed the need for better and better inventory management has driven the need for new systems. 

In today’s world Enterprise Resource Planning (ERP) systems are customized for specific industry segments.  The ability to link industry needs with the right solutions is where many consultants transition from Salesrep to Trusted Advisor.  The array of choices today is too vast to navigate alone.  Dolvin works with your team to define and deliver the right solution to your challenges.

Friday, July 15, 2011

How do you put a price on loss of customer loyalty, goodwill, and trust?

Data Protection Standards Changing for Database Marketers

Globalization of consumer data intrusion seems to be the unifying result of the data breaches we have been hearing about lately.  No way of telling how many breaches have yet to be discovered or will simply not be reported. 

PCI or Credit Card compliance standards are not enough.  Malware plays a big role.  The economy is tight and there just are not sufficient funds to address the growing sophistication of the attacks.  Data theft is more akin to high volume low amounts, than low volume and big amount.  The thefts are designed to fly below the radar of detection for long periods of time. 

Associates, employees, and human error all play a part in this puzzle.  The practical approach is to start with a Written Information Security Plan (WISP).  This written plan is a regulated must that prepares organizations of all sizes to assess their risk potential and to take a proactive approach to the post-breach remediation. 

Prepare now and gather your resources before they are needed.  Have you ever seen the movie where the woman, in a panic, runs around yelling "What's the number for 911"?

The article linked above makes several good points and is worth the time to read.  Just do not expect to be able to fall asleep easily.  Once you open the door, you probably will not be able to close it anymore.

Contacting Dolvin is your first step in being prepared.  We utilize our partnerships with industry experts to help you navigate the ever changing landscape of technology.

Monday, July 11, 2011

Why do so many ERP implementations fail?

Why do so many ERP implementations fail?

Pain, no matter what caused the failure, will be the end result of a failed Enterprise Resource Planning (ERP) system installation.   This kind of pain will leave an indelible mark.  I only ever remember touching a hot burner with my finger one time.  After that I knew to check for a hot surface.

Typical causes of failure include a bad fit between the organization’s challenges and the chosen solution.  Research, planning, and training are key ingredients.  Selecting a system should not be based on fancy presentations, features and benefits.  A need analysis, departmental review, and C-level buy-in should be included in the decision process.

Cost overruns are typical and also related to a rushed review and planning steps.  It is not uncommon to see budgeting of 50% on implementation, which will include training.  To gain a balance, some companies will choose time when they are tight on finances.  They will take more time to implement the system. The advantage here is the system is so well known at conversion time that the conversion is a non-event.  Yesterday the old system, tomorrow the new and operations are not impacted.  If time is the constraint, then sufficient monies must exist for training and conversion efforts.

If you do not have time or money, then your implementation is going to fail.  You need one or both of these resources to continue.

Employee acceptance is often taken for granted.  Hey, if the boss says this will work, the employees who are already overworked and underpaid from all the budget cutbacks will be happy to work double in the transition period.  I am sure you can envision how happy your employees would be to take extra time to learn yet another system.  All levels need buy-in.  They all need to “see” how this new system will make them more efficient. 

Other contributions to failure are the desire to overly customize the new system.  Some basic changes are common, but making extensive changes should be considered carefully.  Why are the changes being made?  Is it an attempt to build consensus among employees to “make it easier” or is the software not really a good fit?  What functionality exists in the new system that has not been discovered?  Every change introduces risk.  How well can the system be tested during the implementation phase to know no other problems are going to surface?

How much expertise do you have in-house to manage the conversion project?  Has your ERP provider assigned a dedicated project manager?  Haste makes waste.  Do the job right the first time.  Quality really does matter.  This is one area where you do not want to cut corners.  After all, your company’s future rests on the right solution, done right.

We cannot guarantee you will not have any problems, but we can help manage them.  Contact Dolvin to see how we can help you identify your challenge areas and possible solutions.

Friday, July 8, 2011

Cybercrime: A Global Calamity

According to M86 Security, we face a global malware epidemic from which no organization is immune.  While cybercrime techniques become more sophisticated, dynamic and targeted, most security vendors have struggled to keep pace.

In fact, cybercrime has escalated by more than 400% since 2007 alone — leaving organizations vulnerable to damaging malware attacks, which can result in noncompliance issues, financial loss and expensive reputation damage control.

To get the full picture of the security industry, download this special report – The Global Malware Problem: Complacency Can be CostlyIn it you’ll find the results of a survey conducted by Osterman Research and M86 Security that aimed to understand what your peers think about the security in their organizations. The results indicate that perception is far from reality.

Here is just one of many interested notes in the White paper:  Many decision makers and influencers believe they have little or nothing to worry about in the context of breaches or network downtime, despite the fact that most organizations have experienced malware attacks.

The dynamic nature of the security landscape today is why Dolvin Consulting works with Cyber Security Auditors and Administrators (CSA2) to offer cyber risk management and solutions for best industry practices.

CSA2's Expertise includes:
  • Basic analysis of current cyber risk coverage gaps through a secure online questionnaire.
  • Identification of potential future gaps in risk coverage in conjunction with our insurance partners.
  • Matching exposures to these potential gaps to provide detail analysis of risks identified.
  • Designing risk management solutions that will also provide education seminars for our clients personnel.
  • Develop a tailored Written Information Security Policy (WISP).
  • Provide a complete end-to-end security solution through our IBM Internet Security Solutions Platinum Channel partners.
If you are concerned about your risk potential and the impact it can have on your business, contact us by clicking here.

Wednesday, July 6, 2011

Business Intelligence can be a Strategic Solution to Efficient Operations.

Business Intelligence can be a Strategic Solution to Efficient Operations.

Business Intelligence (BI) can empower users by giving them the tools they need to make better decisions.  Users at all levels need to be able trace and track the silos of information across the enterprise.  Enterprise Resource Planning (ERP) systems help by creating a central repository of information, but extracting that information in a useful way can be a challenge.

BI analysis enables users to extract the information needed in a useful and refined way at the right time.  With the ability to slice and dice, then drill down on specific data a good BI tool empowers management with knowledge.  These decision points can help business implement better operational efficiency.

ERP success is dependent on its tight integration between the modules that make up the system, which includes BI.  BI gives insight into a company’s performance by allowing users to share the information collected across the enterprise.  With greater control and visibility management can better match the corporate operations with its goals.

Sometimes an ERP solution has an integrated BI module, sometimes the BI solution is a third-party add on solution.  In either case Return on Investment (ROI) and Total Cost of Ownership (TCO) should be considered with a BI purchase.  There are upfront costs and ongoing costs that include licensing and maintenance.  Do not forget to budget training and development.  You can have the most robust solution, but if nobody can make it work, then you wasted more than money, you wasted your most precious asset, time.

A number of factors will affect the success of implementing a BI solution.  At Dolvin Consulting, we help you look at your operations, strategic goals, and processes to find the right solution to your challenges.  We encourage you to take the first step by contacting us.

Monday, July 4, 2011

ERP: Uniting Manufacturing and Inventory in Lean Times

Tough times call for greater efficiencies. But is ERP your best weapon to achieve leaner production and inventory? 

How do Enterprise Resource Planning (ERP) solutions deliver production efficiencies?  How will a smart ERP system improve the entire organization?  Which ERP solutions play well with manufacturers?

Find success with the right ERP solution that will grow with your company.  This Focus research paper highlights how aligning manufacturing and inventory processes is one of the most critical components of any ERP system.

Real-time data regarding inventory information and production process is the key. Cost reductions, detailed information, improved decision making, stock reduction, waste elimination, and accelerated production cycles are all features of a comprehensive ERP solution.

Finding the right solution that addresses your challenges and business culture is a process, not an event.  This is where Dolvin Consulting works with you to understand your needs.  Please take a moment to reach out to us so we can help you find the right solution by clicking here.

Friday, July 1, 2011

The Regulators Are Coming

The link above points to a recent article published by Alan Heyman Managing Director of Cyber Security Auditors & Administrators (CSA2) concerning the growing maze of regulations regarding data privacy and security. 

Alan highlights how the Massachusetts law reaches beyond their border to include any company outside of Massachusetts regardless of them being public, private, professional or not-for-profit that maintains personal information of a Massachusetts resident.

The direction all companies should be taking as a first step is to create a Written Information Security Plan (WISP).  A WISP plan must include administrative, technical and physical safeguards that are designed to meet the objectives of the regulators.

I invite you to read Alan’s full article, then contact Dolvin Consulting to see how we can help you connect with the resources you need to safeguard your information and sleep better.