Presentation is loading. Please wait.

Presentation is loading. Please wait.

Funded by: www.accredituk.com Accredit UK Conference, 24 th June 2008 The Heritage Motor Centre.

Similar presentations


Presentation on theme: "Funded by: www.accredituk.com Accredit UK Conference, 24 th June 2008 The Heritage Motor Centre."— Presentation transcript:

1 Funded by: Accredit UK Conference, 24 th June 2008 The Heritage Motor Centre

2 Funded by: Accredit UK Conference 24 th June 2008, The Heritage Motor Centre 9.00amRegistration, Networking Breakfast and Exhibition 10.00amWelcome Carl Chinn, Conference Chair 10.05amThe role of SMEs in delivering regional IT Services An overview of the joint venture between Birmingham City Council and Capita to manage and operate the Council's ICT services. How we see the development of the sector and the role of the SME in the future Chris Leggett, Service Birmingham 10.35am Accredit UK Assessor- Why he chose to work with Accredit UK Clive Mason, Leadership Management UK 11.05amQuestions and Discussion 11.15amBreak 11.35pmThe modern enterprise – how SMEs can add real value Cliff Warder, Alcatel-Lucent 12.05pmCase Study – working with a multinational – the SME perspective Martin Rice, CEO, & Hugh Beever, Product Director, Erudine 12.35pmQuestions & Discussion 1.00pmLunch 2.00pmAccredit UK Assessor- Why he chose to work with Accredit UK Clive Mason, Leadership Management UK 2.00pmGovernance - what does this mean for SMEs Andrea Simmons, Cyber Security KTN 3.30pmThe Winning Pitch – enabling SMEs to take their offerings to market more effectively Gary McQuade, Managing Director, Winning Pitch, 3.15pm Questions & Discussion 3.15pmPresentation to newly certified companies Vaughan Shayler, Accredit UK 3.45pmClose Carl Chinn, Conference Chair

3 Service Birmingham June 2008

4 Objectives Help you gain a greater understanding of what Service Birmingham is and what does it do. Identify the importance to us of world class standards of service and performance

5 Service Birmingham Supporting Transformation in Local Government

6 Business transformation objectives

7 Partnership model Partnership Objectives Establish and maintain an ICT infrastructure and service to enable business transformation Support and increase the pace of business transformation through the development and acquisition of capacity and capability Opportunity for staff to develop their full potential Mid Sourcing Model New joint venture company, Service Birmingham, formed Exclusive contract for the delivery and support of ICT infrastructure (c.£470m over ten years) Non-exclusive contract for supporting business transformation within the Council Secondment preferred staffing model – with Choices Capital funding to be provided through Prudential Borrowing by the Council

8 Supporting wider transformation Customer First Excellence in People Management Corporate Services Transformation Excellence in Information Management Working for the Future Enabling Transformation Service Transformation Adult Services Childrens Services Community & Environment Housing ICT

9 The vision Improved customer focus Improved customer focus Platform for transformation Platform for transformation Increased capacity Increased capacity World Class ICT Service Improved service quality Improved service quality Lower cost of delivery Lower cost of delivery Supporting service aspirations Supporting service aspirations

10 The elements of service

11 Computing Awards for Excellence 2007 Service Birmingham scored a double with two awards from the Computing Awards for Excellence. Outsourcing Project of the Year IT Professional of the Year e-Government Excellence Awards 2007 Birmingham City Council was awarded in January 2008 an e-Government award, in the Leadership & Professionalism category, for work on Business Transformation. Industry recognition

12 Our strategy The Journey to a World Class Service

13 Current developments Birmingham City Council Community – Digital Birmingham Education Sector Public Services in the Region and beyond Corporate and Social Responsibility

14 Key Initiatives Develop our relationships with key partners Establish regional links with new partners Develop our staff through the Talent Management Programme Bring jobs to Birmingham Schools Mentoring Programme Apprenticeship scheme

15 Digital Birmingham

16 Learners Businesses Service Providers Visitors Communities Residents Workers Helping citizens, communities and businesses in Birmingham to use digital technologies Developing projects that will help close the digital divide Working in partnership across the City to encourage collaborative projects

17 Partners

18 Educational Services

19 Link2ICT Services to schools, adult education and other learning institutions 430 schools (each with their own budget and delegated purchasing responsibilities) buy services from Service Birmingham 80 Local Authorities purchase Adult Education support from Service Birmingham

20 Services End to end technical support and technician service WAN connectivity (10mbps) with capacity for 100mbps taking advantage of Service Birmingham network infra-structure WAN connectivity (10mbps) with capacity for 100mbps taking advantage of Service Birmingham network infra-structure MIS support for schools–Birminghams size means that we can support 2 competitor products, offering schools choice of system MIS support for schools–Birminghams size means that we can support 2 competitor products, offering schools choice of system Educational Internet Service Provider (ISP) and website development and hosting Educational Internet Service Provider (ISP) and website development and hosting Adult education software, hosting and management of adult education funding Adult education software, hosting and management of adult education funding Learning platform and development of single sign on and portal to services Learning platform and development of single sign on and portal to services

21 World class performance

22 World class – prove it SOCITM Benchmarking - annual Customer Satisfaction Survey - annual ISO20000 Service Management– certification achieved ISO – Security Management – in progress BS25999 – Business Continuity Planning / Disaster Recovery – in progress Investors in Excellence – planned for 2009 EFQM – planned for 2010 Accredit UK - review

23 The Journey to World Class EFQM Score 300 Good organisation Quality Assurance in place Starting continuous Improvement 50 0 Very good organisation Sustained improvement programme Process orientation Clear performance improvements 700 Excellent organisation Improvement a way of life Empowered employees Industry benchmark Sustained excellent business results time What is World Class

24 What Standards Mean to Service Birmingham Helps us with world class (measurable) More efficient Improves bottom line Evidences our success Introduces new ways of working Feeds back into CSIP – evidences our improvements Framework for managing whole business

25 Summary OUR OBJECTIVES Grow a successful company Transform the economy and efficiency of public services in Birmingham Help Birmingham City Council become a global leader Create world class ICT service to support the Councils Directorates Create an environment with consistent cultural values within which staff feel valued Create a centre of excellence in Business Transformation

26 Thanks for the opportunity to speak to you today.

27 Funded by: Accredit UK Conference, 24 th June 2008 The Heritage Motor Centre BREAK

28 All Rights Reserved © Alcatel-Lucent 2008 Alcatel-Lucent Corporate Communication Solutions Cliff Warder Marketing Manager The modern enterprise – how SMEs can add real value

29 Alcatel-Lucent Corporate Communication Solutions All Rights Reserved © Alcatel-Lucent 2008 Dynamic Enterprise Vision 4. KNOWLEDGE 3.PROCESS 1. NETWORK 2.PEOPLE The foundation of the business Deliver multi-media Provide secure access regardless of location Network The new generation Latest tools Different ways of working People Interconnected Automated Compliant Process Real-time knowledge accessibility Context and content driven communications Knowledge

30 Alcatel-Lucent Corporate Communication Solutions All Rights Reserved © Alcatel-Lucent 2008 CIO Challenges CIOs are challenged by the Dynamic Enterprise, to: Innovate, drive and support the business Drive better service quality and customer engagement Deliver Quality of Experience And at the same time... Compliance ProductivityCost CIOs are expected to have a business, not technical focus

31 Alcatel-Lucent Corporate Communication Solutions All Rights Reserved © Alcatel-Lucent 2008 So what is expected of the Supplier? A consultative approach An in-depth understanding of their industry and their business Identification of their problems ~ current and potential The presentation of a solution to a problem References Willingness to form partnerships Think Customers Customer

32 Alcatel-Lucent Corporate Communication Solutions All Rights Reserved © Alcatel-Lucent 2008 Developing the proposition Operational Support Full range of support options, including alternative service delivery models Business Assessment Business vision, roadmap and business modeling Key Transformation Steps Program Management and Integration Turnkey project fulfillment End-to-end integration Solution Design Detailed network and operational target architecture and roadmap Delivered through our Eco-system of business partners 3

33 Alcatel-Lucent Corporate Communication Solutions All Rights Reserved © Alcatel-Lucent 2008 Beware of Commoditisation CIOs are investing in strategic relationship and squeezing commodity suppliers "All CIOs have been getting tougher with vendors on cost. The challenge now is how you get more value out of those relationships and getting smarter with the way you work with vendors. Ian Buchanan, CIO, Alliance & Leicester (www.silicon.com) PRODUCT SOLUTION MANAGED OUTSOURCED Commoditised FOCUS BUILD

34 Alcatel-Lucent Corporate Communication Solutions All Rights Reserved © Alcatel-Lucent 2008 Example of What Alcatel-Lucent Look For in a Partner Specialisation, a demonstrable understanding of a key technology or industry that we are targeting Technology Industry Value add Expertise Experience Complimentary products and services Our portfolio Our partner network

35 Alcatel-Lucent Corporate Communication Solutions All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise | February 2008 Alcatel-Lucent Solutions & Go To Market

36 Alcatel-Lucent Corporate Communication Solutions All Rights Reserved © Alcatel-Lucent 2008 Develop a Strategy Strategy definition What and how for who and where Evaluate Strengths Develop proposition Strategy definition What and how for who and where Evaluate Strengths Develop proposition Market Segmentation End user behaviours & requirements UK Corporate Market Size Desirable Target Segments Market Segmentation End user behaviours & requirements UK Corporate Market Size Desirable Target Segments Business Case Analysis Consultancy on projected ROI based on market size, cost of service, projected uptake Business Case Analysis Consultancy on projected ROI based on market size, cost of service, projected uptake Offer development End to end offer definition Benefit statements Offer development End to end offer definition Benefit statements Capability assessment Identify gaps and required actions Capability assessment Identify gaps and required actions PLAN Define success & game planBuild a model for profitable sales Detailed offer design Pricing model, SLAs, conditions, Detailed offer design Pricing model, SLAs, conditions, Sales & Marketing readiness Development of systems, tools and processes; support in training sales force. Sales & Marketing readiness Development of systems, tools and processes; support in training sales force. Partnership readiness Approaches to build direct and indirect sales and service models. Develop eco-system Partnership readiness Approaches to build direct and indirect sales and service models. Develop eco-system Field support readiness Capability statements on providing ongoing support Field support readiness Capability statements on providing ongoing support BUILD Operational Readiness Menu of professional service and business partner options for successful deployment Operational Readiness Menu of professional service and business partner options for successful deployment Stimulate demand and win business Awareness Creation Marketing, Content Development, Marketing Program Plan Awareness Creation Marketing, Content Development, Marketing Program Plan Vertical Programs Produce target vertical market programs Vertical Programs Produce target vertical market programs Organizational learning Lessons learned in other markets; Including case studies / war stories Organizational learning Lessons learned in other markets; Including case studies / war stories Large Account Development Joint account planning / attack plans and support Large Account Development Joint account planning / attack plans and support Lead generation Marketing/PR initaitives to generate qualified leads; eg. White label TCO models Lead generation Marketing/PR initaitives to generate qualified leads; eg. White label TCO models SELL

37 Alcatel-Lucent Corporate Communication Solutions All Rights Reserved © Alcatel-Lucent 2008 Executive perspective of ICT Source: Economist Technology under performs against expectations CEO CFO CIO 49% 38% 39% We must differentiate ourselves or else simply participate in a grim race to the bottom

38 Alcatel-Lucent Corporate Communication Solutions All Rights Reserved © Alcatel-Lucent 2008 Thank you – Any Questions

39 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS Getting Traction with Large Companies Martin Rice: CEO Erudine Carl Maughan: COO Erudine © Erudine TM 2006

40 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS Why do you want to deal with Large Companies? It will get hard

41 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS You have to Punch above your weight This is expensive and upfront

42 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS Have you created the right Brand? This is expensive and upfront

43 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS Dont underestimate Due Dilligence This is expensive and upfront

44 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS Have you set up a scalable company? (Do you even know what this means?) This is expensive and upfront

45 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS Have you got the right people On the bus? This is expensive and upfront

46 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS Can you deal with 3 Full time jobs? This is exhausting and has many side effects

47 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS Your staff hate change – ANY CHANGE This will take you by surprise and is a Fire fight

48 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS And all this is before The war of attrition! This is going to be really hard, emotionally draining, potentially relationship killing….

49 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS But it is the worlds most amazing Rollercoaster! And in case you havent got the message yet IT WILL BE VERY HARD!

50 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS If you are going to do this, dont give up when it gets hard It will get hard

51 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS The Cost of Sales is going to be higher than you estimate

52 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS Accept it takes a very, very long time

53 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS Be prepared to walk away if the deal is wrong

54 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS People leave after average 18 months Your sale cycle may be longer

55 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS You dont deal with large companies - You deal with individuals in large companies

56 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS Finding your individuals

57 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS Mitigating the reputational risk of the individuals

58 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS Learn, understand and apply complex sales process

59 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS Its all about politics and empires

60 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS Consider every communication/ touch as a potential deal ender

61 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS Agree shape of commercial deal with the business owner before you have to deal with purchasing

62 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS Believe in the value you are bringing - dont let purchasing squeeze every penny of profit out of the deal

63 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS Your terms and Conditions will be over-ruled - Pay for good legal advice

64 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS Be prepared to walk away at every stage If not a win-win

65 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS Deliver value - remember the customer decides what is valuable

66 ERUDINE: REPLACES LEGACY WITH FLEXIBILITY AND BUILDS AGILE APPLICATIONS Summary Be sure you want this It will be hard work and expensive Be prepared to walk away if the deal is wrong Dont give up

67 Funded by: Accredit UK Conference, 24 th June 2008 The Heritage Motor Centre LUNCH

68 Accredit UK GRC for the SME…. Andrea Simmons, CISSP, CISM, MBCS CITP. M.Inst.ISP Managing Director 24 th June 2008

69 Widely experienced in Information Governance (DPA98 (ISEB Cert in DP), FOI (ISEB Cert in FOI), PSI, Infosec/ISO27001, BS7799 Lead Auditor etc.) Regularly carries out gap analysis and ISMS and DP/FOI implementation projects etc. Develops policies, procedures, guidelines Provides training to public and private sector regularly, nationwide About me

70 Information Governance DPA DR BCP FOI EIR RIPA HRA Patch Mgmt Access Control Corporate Resilience Customer Relationships Delivery & Operations Business Management Business Direction Business Generation

71 Liability 101 Employers will generally be held responsible for the acts of their employees; the principle of vicarious liability. An employer is vicariously liable for the wrongful acts committed by employees in the course of their employment, and this principle may cover acts of the employee that are incidental to the employment.

72 Legal issues Obscene Publications Act 1959 & 1964 Protection of Children Act 1978 Telecommunications Act 1984 Copyright, Designs and Patents Act 1988 Computer Misuse Act 1990 Data Protection Act 1998 Defamation Act 1996 Human Rights Act 1998 Regulation of Investigatory Powers 2000 Freedom of Information Act 2000 Anti-Terrorism, Crime and Security Act, Section 11 – Retention of Communications Data 2001 You cannot be prosecuted for receipt You can be prosecuted for distribution

73 Legal issues Communications Data 2001 Sexual Offences Act 2003 it is illegal to possess, distribute, show and make indecent images of children making of indecent images of children includes viewing them on the Internet. Civil Contingencies Act 2004 Police and Justice Act 2006 Fraud Act 2006 Waste Electrical & Electronics Equipment (WEEE) directive Identity Card Act 2006 Criminal Justice & Immigration Act 2008

74 Applies to all organisations which hold and process (use) personal data (i.e. both public and private sector) Processing for domestic purposes is not covered Small non-profit organisations are exempt from some of the Acts requirements Includes automatically processed data (e.g. CCTV, PCs) What the DPA 1998 means An Act to make new provisions for the regulation or the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information pre-amble to 1998 Data Protection Act

75 The 8 DPA Principles 1.Processed FAIRly & lawfully (Fish) 2.Processed for specified and lawful purposes (SPECIFIC) (Swim) 3.ADEQUATE, relevant & not excessive (All) 4.ACCURATE and up to date (Around) 5.Not held indefinitely (RETENTION) (Reefs) 6.RIGHTS of data subject respected (Rocks) 7.SECURITY (organisational/technical) (Sunken) 8.International TRANSFERs (Treasures) Data should be:

76 Where are we now?

77 Personal data information relating to a living individual who can be identified name, payroll number, NI number, date of birth, address Sensitive personal data racial or ethnic origin political opinions religious beliefs trade union membership physical or mental health or condition sexual life commission of alleged commission of an offence (or proceedings) What we mean by info Includes any expression of opinion about the individual and any indication of the intentions of the data controller

78 Indirect applicants - recruitment agencies Direct applicants Application forms Short listing Automated decision making Interviewing Vetting Retention of applications Paper and computer records Accuracy Recruitment/Personnel This woman is obviously as mad as a box of frogs' - on a memo that was then asked for under section 7, and, as it was recorded in her file, disclosed. In my non-professional opinion, I believe this lady may showing symptoms of mental instability, such as... Statements of fact not opinion (no subjectivity) Codes of Practice on Employee Data Recruitment Records Monitoring Health data

79 Types of data DPA does not cover: Information about dead people Aggregated data Anonymised date Personal data does include Coded data Indirect references, where identity is obvious Opinions or intentions towards an individual Personal data must say something about an individual Personal data must have some biographical content Incidental references will not be personal data (although this is controversial) However privacy concerns apply a moral stance to the use of such data

80 When things go wrong… There are criminal offences for obtaining and disclosing data.. The Information Commissioner can take enforcement action Individuals can go to the court There may be bad publicity….

81 Criminal Justice & Immigration Act 2008 A penalty for knowingly or recklessly failing to comply with the DP principles Power to inspect DP processing A power for the Information Commissioner to require a data controller to provide him with a report by a skilled person Enhanced enforcement powers to stop seriously unlawful processing to an immediate halt, to place formal undertakings on a statutory basis and to enable the Information Commissioner to take enforcement action to prevent breaches of the Act that are likely to occur Negligently disclosure of personal data = jailed for up to two years

82 Mitigating the business Its important to act quickly Consider the value of pursuing investigations Seek to prevent escalation by implementing robust Incident Management Find the evidence Apply ongoing risk assessment (culture change required) Create policies that hold evidential weight and have a supporting (HR) enforcement process

83 When things go right… There should be increased customer and employee trust Good publicity And an avoidance of prosecution

84 What can you do? Ensure appropriate policies and procedures are in place Recognise subject access requests and data protection complaints Ensure you are always in the loop Always treat others personal information as you would like others to treat yours … fairly! Be professional ……

85 Whats wrong with this picture? Well, 20 things, actually. Here is a view of a typical desk ….OK, maybe most are not this bad! Can you find all the violations? Clear Desk Policy… anyone…?!

86 It's not just untidy, it's unsafe

87 Proprietary Data VIOLATIONSRISKSUGGESTED POLICY Day planner 1 and Card Index or equivalent 2 left on desk. Personal and professional informationincluding phone numbers, passwords, or notes on meeting times, places and subjectsis vulnerable. Store day planners and notebooks in a locked drawer or take them when away from desk for extended periods of time, including overnight.

88 Personal Data VIOLATIONSRISKSUGGESTED POLICY Personal effects including a bank statement 3, chequebook 4 and mail 5 left on desk. Briefcase 6 left open near desk. Bank statements include account numbers and other personal identifiers; mail carries home addresses and could reveal private information; chequebook contains a history of financial transactions. Unlocked briefcases can have items stolen from them if employee leaves the area. Lock briefcases and cabinets when away from desk for extended periods. Keep all personal effects in a locked briefcase or locked cabinet devoted to personal effects.

89 Access Tools VIOLATIONSRISKSUGGESTED POLICY Keys 7, mobile phone 8, PDA 9 and building access card 10 left on desk. Mobile phones can be stolen or have their call histories compromised. Stolen keys give intruders access to restricted areas of the office. PDAs contain sensitive personal and professional data. Stolen access cards can be used for continued access to the building. Keep devices with you, and lock mobile phones and PDAs with a pass code. Never leave your access cards or keys out anywhere; always keep them with you. Notify security staff immediately if access cards or keys are missing.

90 IT Tools VIOLATIONSRISKSUGGESTED POLICY Applications left open on computer 11, CD left in computer 12, passwords on sticky note displayed on monitor stand 13, printouts left in printer 14. Access to personal or sensitive corporate or passwords can allow ongoing access and intrusion. CD left in drive and data on printouts can be stolen. Cache files for applications and printer can yield sensitive data one might have thought wasn't preserved. Close applications and turn off your monitor when you leave your desk. Do not leave portable media such as CDs or floppy disks in drives. Enable a password-protected screen saver. Turn off your computer when you leave for extended periods. Never write your passwords on a sticky note nor try to hide them anywhere in your office. Remove printouts from printers before leaving the office. Shred sensitive printouts when you are done with them. Clear cache files on computer and memory on devices like printers regularly.

91 Spatial Misconfigurations VIOLATIONSRISKSUGGESTED POLICY Desk positioned so it's partially exposed to window and view from the hallway 15. Whiteboard with sensitive data on it viewable from hallway and window 16. Window exposure could enable spying from other buildings. Hallway exposure could allow unauthorised access if data, such as a password, is written on a whiteboard. Desks and furniture should be positioned so that sensitive material is not visible from either the windows or the hallway. Close blinds on windows. Use a screen filter to minimize the viewing angle on a computer monitor. Erase whiteboards; if data on whiteboards needs to be saved, use electronic whiteboards or employ shutters.

92 Beyond the Desk VIOLATIONSRISKSUGGESTED POLICY File cabinet drawer open 17 and keys left in lock 18. Trash bin contains loose- leaf paper 19. Bookshelf contains binders with sensitive information 20. Folders in cabinet are eminently stealable. Keys allow for ongoing access and the ability to return files, so it's hard to detect theft. s, other sensitive paper in trash bin can be stolen after-hours or found in the Dumpster outside. Binders on shelf, clearly marked as sensitive, are also available for "borrowing," making the theft of the information hard to detect. Do not use bookshelves to store binders with sensitive information. Label those binders prosaically and lock them up. Arrange folders in file cabinets so that the least sensitive are in front, most sensitive in back. Keep file cabinets closed and locked. Do not leave keys in their locks. Shred paper on site before having it recycled. If appropriate, lock your office door when you're gone for extended periods.

93 InfoSec = CIA The focus of our e- Business security has only in recent years switched from availability to confidentiality. The next focus will be integrity – in response to the next big threat. Source: David Lacey, June 2008

94

95 Messaging and Web Security Dos & Donts DO Have an Acceptable Usage Policy Install the latest security updates Only visit websites that you trust Delete suspicious looking s immediately Lock your computer when working away from your desk.

96 DONT Allow other people to access your computer Download and install programs from the Internet Open s from people you dont know Reply to spam, even to unsubscribe Click on links in suspicious s Respond to s from your bank – phone them first Post your , personal or company information online. Messaging and Web Security Dos & Donts

97 Technical concerns Cross site Scripting The users browser is subverted to run instructions from somewhere other than the site visited. Sessions may be stolen, cookies read or keystrokes logged. Defence includes input validation and input filtering Client side validation To save network time, users input can be checked by the browser. Hackers can inspect the validation and either circumvent or change the checks. Validation should be performed server-side, or checked on the server. Thick client binary manipulation Applications running partially in the client can be re-engineered back to source code, changed then recompiled. Defences include server-side programming and code obfuscation. Prototype theft Object oriented programming allows code and data to be overridden. And XSS vulnerability may enable hackers to wrap genuine code with a malicious program. SQL injection Database queries formulated from unchecked user input can be vulnerable to the insertion of additional SQL, syntax, revealing data structures and security measures.

98 The to do list! Policy and awareness management Creation and review of policies Education of employees and partners Testing of understanding Enforcement Threat and vulnerability management Auditing procedures Anti-virus protection Firewall management Intrusion monitoring and response Monitoring for events Correlation of events and data Detection and management of incidents Enterprise user management Provisioning and updating of user accounts Management of accounts and users (proactive)

99 Other topics Passwords Physical Security – at work facility, outside of work facility Social Engineering Viruses, Trojans and Worms Virus Hoaxes and Spam and Internet Usage Unauthorised Software and Hardware Access Control – principle least privilege, separation of duties, and back-up procedures Working from home On the road – mobile workforce risks Laptop security PDA security Desktop security Business Continuity and Disaster Recovery

100 Commercial Interests (FOI) Information which is either a trade secret, or which will damage commercial interests is covered by an exemption. Sn43

101 Distinctions Commercial interests relate to a persons ability successfully to participate in a commercial activity whereas Financial interest concerns the financial position of an individual or organisation Sn43

102 Bid information during tendering: Accepted that the kind of commercial secrets normally submitted during this process will be exempt. BUT once a contract has been awarded the: details of the contract, including cost; criteria used to make decisions explanation of why one bidder succeeded when another did not performance of the contract; contract itself (in most cases); details of the relationships between officials and the companies who get public sector contracts should be published Tendering Sn43

103 Prejudice Test Whether information is capable of harming someones commercial activity will depend on the circumstances. Should be considered: Whether information relates to or impacts on a commercial activity The level of competition within a sector Whether bad publicity will be caused, damage to reputation or business confidence Whether the public authoritys commercial interests are affected Whether the information is commercially sensitive (relating to the companys know how, practices, etc.) The likelihood of the damage as well as its nature Sn43

104 Compliance Drivers Avoiding business risk and meeting the demands of customers, stakeholders and satisfying the auditors Implementing best practices including segregation of duties Avoiding civil and criminal penalties

105 Complexity Being in compliance does not mean you are secure Being secure does not mean you are in compliance Security involves reaching a standard, then continuous work to stay there, and to raise your security to higher levels Technology is constantly evolving, so security must also react to new challenges PCI is a starting point for security, but many retailers treat it as an ending point

106 Whose responsibility is it? The individual (employee) The head of department (management) Or, the Company (directors) Well, everyone!

107 Making it Happen Values Leadership CultureTrust Collaboration Morale Communication Competence

108 Bored? Use the language of the board The language of business ….ultimately this is the language of RISK Use analogies to clarify unfamiliar Resources: (sign up for free monthly newsletters from both; and free downloads from noticebored) Also

109 DP Recap Fish Swim All Around Reefs Rocks and Sunken Treasures =Fair =Specific =Adequate =Accurate =Rights =Retention =Security =Transfers

110 Information Commission Water Lane Wilmslow Cheshire SK9 5AF Information: To Register: Facsimile: Homepage:http://www.ico.gov.uk/

111 Questions/Comments? Andrea C. Simmons, BA, CISM, CISSP, CITP, M.Inst.ISP, MBCS 25 Barbel Crescent, Worcester WR5 3QU + 44 (0) : + 44 (0)

112 Winning Pitch A Winning Sales Approach Achieving Better Connectivity Gary McQuade – Director, Winning Pitch plc

113 Winning Pitch Aim Today - Getting Better Connected Share with you the practices of high performing SMEs Provide you with a route map to achieve better connectivity Tools that will help you to connect with customers

114 Winning Pitch High Performing SME - DNA of the Best 1.Clear Vision Crystal clear end point 2.The Competitive Edge Innovation and differentiation 3.Hunger Driven by success and achievement 4.Passion A desire to make a difference 5.Live In The Customers World Understand the customers thought processes and press the right buttons

115 Winning Pitch The Landscape - things are changing Competitive pressures - More for less Customers want to work with fewer providers More suppliers, service differentiation becoming difficult Longer lead times to winning business Embracing new technology to connect with customers Emergence of new business models Ers vs Is

116 Winning Pitch An Innovative Sense of Urgency

117 Winning Pitch Business As Usual?

118 Winning Pitch Sameness vs Differences

119 Winning Pitch Company A unique brand IMPACT Differentiation Yourself Personal brand IMPACT Product Avoid price IMPACT Customer Service Deliver on promises IMPACT Partnerships Punching above IMPACT Do you have a clear value proposition?

120 Winning Pitch Applying the Memorable Principle We remember the things that are outstandingly different Doing something or giving something that was not expected Going the extra mile Rapid response - levels of customer service A company representative and our people The product knowledge and level of understanding customer needs Providing details of colleagues that can help in other ways JUST CARING ABOUT WHAT YOU DO !

121 Winning Pitch Always Look for For New Ways

122 Winning Pitch Remember the Old School Company Products/services You

123 Winning Pitch So, What Behaviours And Skills Are Needed For Improved connectivity ?

124 Winning Pitch The Starting Point - Sell..Sell……Sell…. Y C D B S O Y A

125 Winning Pitch The Fundamentals Functional Mastery - We really do know what we are talking about and we understand the products and services we offer. We are well respected. Customer Connectivity - An effective process for securing Win - Win outcomes with customers Momentum - Individual, team and organisational fire in the belly!

126 Winning Pitch The Link MFMCC More Sales Inspires Trust/ Credibility Drive

127 Winning Pitch Another View Success = F M x C C x M

128 Winning Pitch Connectivity - Engaging the customer Preparation Win - Win Product Knowledge Customer Thinking Objections Prepared Pitch Ready For Action!! Customer Interaction Find out Match Close Driving The Deal Open Whats In it For Them?

129 Winning Pitch Momentum - Human Performance An ability to consistently perform at personal peak performance THE INSPIRED YOU!

130 Winning Pitch Getting into the Winning Zone The Ideal Performing State Self belief and awareness Focus Attitude Balance Personal responsibility Work ethic and hard graft

131 Winning Pitch The Winning Formula - It works !! Success = F M x C C x M

132 Funded by: Questions & Discussion

133 Funded by: Presentation to newly certified companies Vaughan Shayler, Accredit UK

134 Funded by: Accredit UK Conference, 24 th June 2008 The Heritage Motor Centre Close


Download ppt "Funded by: www.accredituk.com Accredit UK Conference, 24 th June 2008 The Heritage Motor Centre."

Similar presentations


Ads by Google