Posts

Why “Human Error” Is Usually a System Design Problem

In complex systems, failure rarely comes from a single bad decision. It comes from problems that evolve slowly, cross boundaries, and remain unresolved while everyone involved behaves reasonably. Managing risk in these environments means managing trajectories, not just incidents. When ownership is divided strictly by role, function, or severity threshold, gaps are inevitable. Those gaps are where issues linger, age, and quietly accumulate risk, not because they were ignored, but because no one was responsible for carrying them forward end to end. This is common in healthcare, where delay is often necessary. A patient may require observation, referrals, or time to clarify diagnosis. The failure is not that care takes time; it is that the trajectory of care becomes fragmented. Each clinician escalates correctly within scope, yet no one owns the evolving picture across visits, domains, and decisions. The patient is evaluated repeatedly, reassured locally, and sent away without continuity ...
Post a Comment
Read more

Modernizing Disaster Recovery: The Shift from Traditional to Cloud-Based Solutions

Image
Strong data protection and disaster recovery measures prevent fraud and cybercrimes that cause considerable financial loss and damage user trust. IBM’s Cost of a Data Breach Report 2023 reports a 15% increase in data breach costs averaging $4.45 million per breach (Pop, 2024). Disaster recovery in cloud computing offers a more flexible, cost-effective approach to disaster recovery that scales according to your resource needs. By enabling organizations to store system backups on multiple servers in different geographic locations, disaster recovery in cloud computing reduces the harm caused when natural disasters affect system backups on physical servers (Veritas Transcend, 2024). Cloud snapshots, incremental backups, and automation improve the speed that data can be stored, whereas physical disaster recovery requires full, less frequent backups (Stringfellow, 2019). Disaster recovery in cloud computing offers additional security in a setting familiar with monitoring disaster recovery, w...
Post a Comment
Read more

Challenges in Prosecuting Deep Web and Darknet Crimes: The Case of Ross Ulbricht and the Silk Road

  The deep web represents online information that is not easily accessible through search engines. Prosecuting crimes on the deep web is no more challenging than prosecuting crimes for any standard website because law enforcement can still track the user's location through a domain or IP address. Alternately, the darknet poses a challenge for law enforcement to address illicit activity because while the darknet is a web-based system, it is accessible only through the Tor protocol that encapsulates HTTP and HTTPS traffic, much like a VPN that hides a user’s location and identity. The Tor protocol, often called the Onion Router, contains methods for encrypting and routing traffic between peers. The purpose of the Tor protocol is to make web browsing anonymous by routing each request through multiple peers and altering encryption at various steps until the request reaches its destination. Subsequent requests may hop through different peers, making traffic appear random, unpredictable,...
Post a Comment
Read more

Bridging the Gap: The Need for Technical Expertise in Auditing Records Management and Security Controls

Image
Evaluating Internal Controls for Records Management To evaluate how management establishes adequate internal controls for records management, an auditor would first consider the information security policy, privacy policies, standards, and procedures. Evaluating the policy against laws, regulations, and best practices provides insights into access control, data protection, incident response, and user responsibilities. However, an auditor cannot adequately assess the adequacy of records management and the records management classification processes for the IT organization. While data classification helps auditors identify the required level of protection and handling, the auditor checks off that the organization has access controls and other policies. However, auditors do not typically verify the correct technical implementation of these controls. This oversight creates potential security gaps when technical implementation during an audit is not validated. The auditor is not a software ...
Post a Comment
Read more

Auditor's Perspective: Responsible Operations and Service-Level Management

Service Level Agreements define service expectations and establish accountability between the service provider and the client. The service level agreement provides baseline metrics for expected performance, whereas KPIs provide data on the operational efficiency of the provider at meeting those expectations. Service Level Agreements address key business needs to protect the organization from financial loss. Ajelix.com identifies the important role of KPIs in “identifying bottlenecks, eliminating waste, maximizing the performance of your equipment, workforce, and processes, discovering actionable strategies to optimize your production flow, minimizing downtime, and driving your operation towards peak performance” (Raza, 2019). It suggests that effectively leveraging KPIs can transform an organization’s operational efficiency and move the organization towards success. The auditor would request to review the SLA agreements, KPI reports, and operational performance data to verify that the ...
Post a Comment
Read more

Challenges in Investigating and Prosecuting Cybercrimes: Insights from the International Target and Lauri Love Data Breach Cases

Investigating and prosecuting cyber crimes presents unique challenges due to the borderless nature of the internet and the complexity of digital evidence. These difficulties are exacerbated by varying international laws and the need for extensive technical expertise to prosecute cyber crimes. Two notable real-world examples, the 2013 Target Data Breach and the 2012 Lauri Love FBI Breach, vividly illustrate these challenges. 2013 Target Data Breach. Red River Security identifies the 2013 Target Data Breach as a real-world case example of the difficulties involved in investigating and prosecuting cyber crimes: “The Target data breach was one of the biggest security breaches in history. Target was required to pay an $18.5 million settlement after hackers stole 40 million credit and debit records. But as with many unprecedented security attacks, Target’s data breach came with both warnings and lessons — which are still valid today” (Jones, 2021). It suggests that we can still learn lessons...
Post a Comment
Read more

Measuring Risk Culture: Company Culture and Security Go Hand In Hand

Image
Organizations set security goals for their departments. One way that they can measure if the departments are reaching those goals is by setting KPIs. KPIs can count the number of employees that have completed their online employee training modules or count the number of systems that keep their patches up to date. This helps organizations quickly measure the work that has been done and the work that still needs to be done in the organization to ensure security. If a KPI indicates one employee still needs to do their employee training for compliance regulations, HR might send the employee a message to remind them to do their employee training modules as it is a part of the companies compliance requirements. If one system shows a need to have updates, the organization may schedule an engineer to complete the work to ensure a secure system. These alerts guide organizations in managing the control environment of large systems to monitor their security culture over time when their focus may...
Post a Comment
Read more