Risk mitigation: a myth of infinite cost and finite risk

You are all familiar with a typical presentation on risk management where we see the same old graph that depicts the risk as finite on one side and the costs of mitigation as infinite on the other side and attempts to show us a balance between the two where the costs are minimal. Well, the idea is correct but guess what? The graph is wrong. The graph is wrong and it gives you a wrong idea of cost distribution which in turn causes you to bias towards more risk. That graph actually makes you and your business less risk-averse. How?

A “traditional” risk cost versus mitigation cost trade off graph.

You see, the idea that the risk is finite while the risk mitigation cost is infinite is a myth.

Risk mitigation cost is only infinite when your resources are lower than those required for mitigation. So, yes, this is possible but unlikely. There are limits to our technology and there are limits to the investment effectiveness but there is a limit to the numbers of risks and mitigation techniques that a business can apply. So the risk mitigation costs may be very high and you may be unwilling to pay …
Read the full article ->

Will Sony Corporation be up for grabs soon?

Did you notice a recurring theme in corporate takeovers these years? Now we see at Sony Corporation what we saw not so long ago at Nokia. The company received a new top management team that cut all investment into the advanced research and development of new products. The company sells a lot of its assets bringing the value of the company down and the resulting cash is quickly used up. Then, more cuts are executed among product development teams, causing the company to stall and fall behind the competition. The company then suffers a few bad publicity events, causing the share price to drop and leaving the company strapped for cash in the wake of damage compensation payouts. The company is up for grabs and we finally learn who planned and executed the hostile takeover.

The scenario worked well on the mobile phones icon Nokia and may soon play out on the consumer electronics icon Sony.

It was on November 25 that Sony Pictures hacking first emerged. On November 29, copies of Sony’s unreleased movies Annie and The Interview appeared on some sites. Last week, salaries of some executives were revealed, followed by personal data of other employees. Some …
Read the full article ->

The story of economic sanctions as told by PMI

While the world is watching the civil war in Ukraine the European economics is sliding into oblivion. The Manufacturing PMI tells a story that should scare the hell out of the politicians of EU – so bad the business dynamics in manufacturing looks.

In August, out of 26 countries, only 9 reported improvement in the index, 15 recorded a slowdown in the two countries has not changed. In fairness it should be noted that 21 countries report PMI is still above the level of 50 points, and below only 5. But it is not so important, because the dynamics is still downward. There are those who are moving in the right direction: in Greece and Turkey business activity index in August was able to finally overcome the mark of 50 points. The rest of Europe presents a serious reason for concern, whether peripheral or central: everywhere there are signs of a serious recession.

United States, on the other hand, sports the best activity indicator in the world. PMI index has reached its highest level since April 2010 and reached 57.9 points. In case of U.S., the export orders component grew at the fastest pace in three years, and the employment …
Read the full article ->

Externalities are crucial for the software industry

Externalities exist in any business. We are very familiar by now with the externalities of the manufacturing industries – air and water pollution, noise pollution, depletion of resources etc. But what about the software industry? How bad is the industry’s addiction to the externalities?

In economics, an externality is a cost or benefit which affects a party who did not choose to incur that cost or benefit.[1]

For example, manufacturing activities which cause air pollution impose health and clean-up costs on the whole society, while the neighbors of an individual who chooses to fire-proof his home may benefit from a reduced risk of a fire spreading to their own houses. If external costs exist, such as pollution, the producer may choose to produce more of the product than would be produced if he were required to pay all associated environmental costs. If there are external benefits, such as in public safety, less of the good may be produced than would be the case if the producer were to receive payment for the external benefits to others. For the purposes of these statements, overall cost and benefit to society is defined as the sum of the imputed


Read the full article ->

Microsoft strategy success: Nokia no more

Now it should be painfully obvious to everyone that the long-term strategic plan of Microsoft to bring down and absorb Nokia worked. Many years of hard work by high-profile managers and large investments are finally set to bring home profit for Microsoft.

Now that Nokia is bought by Microsoft, Microsoft can finally make the mobile devices that are, well, mobile devices. They will have the technology, the market, and the people. Unfortunately, they still have to make it all work. They still may run this very successful business of Nokia into the ground. And there is a high chance they will.

There was a time when I was wondering if it was just a Microsoft venture, or a joint venture by Microsoft and Samsung. Actually, no, I would not go as far as to say it is all clear now. We will see how things pan out.

The hole in the market remains though and the market share of Nokia is still up to grabs. The biggest problem is really the patent pool. This is the time when you wish there were no such things as patents. The market could flood with new and exciting mobile phones now if …
Read the full article ->

Insourcing – a new fashion trend

There is a new trend, a new fashion in the high-tech industry. They already coined the most natural term for it and it is called “insourcing”. A recent article was called “Insourcing QA to gain more control over the resources”. Yes, indeed, so outsourcing has outlived its hype by far and we need a new something for the managers to get bonuses about.

Not surprisingly, the new trend is a direct reversal of the previous trend. So, there is nothing new there really. In a decade or so we will be high on outsourcing again, so the Indians and others should just hang in there for a while and we’ll be back.

Reality is that neither outsourcing nor insourcing are the ultimate answer to anything. No magic bullet is going to cure an ineffectively managed business. The best one can do is ignore these fashions completely. Unless you are a consultant of outsourcing, of course, because now you will be consulting with equal vigour on insourcing.

 …
Read the full article ->

Negotiations and Expectations

Some negotiations are like sailing in and out. Others – not quite. Why do so many negotiations fail and other, while successful, still present a thorny winding road to the participants? Why should people suffer through negotiations instead of just talking?

While there may be many reasons for not actually getting what you wanted in the first place in the negotiations and feeling frustrated about the results, should we actually make our lives harder than needed? What is the reason that many people think negotiations are a hard job? Why do they get drained out in a course of a short two hour business meeting that happens to be labeled “negotiation”?

I have a theory. It all has to do with expectations. Should you come to the meeting without particular expectations, you would be fairly objective and could actually follow the logic of the arguments on both sides, see compromises, do your job. But what happens when you come to such a meeting carrying expectations?

Expectations can never be met. It’s a rule and it is dead simple. We are all different people and different organizations. It is extremely unlikely that we think in entirely similar ways and will form …
Read the full article ->

Mitigating risks … is a waste of money?

There was an interesting talk at one of the panels at the RSA Conference, where SilverSky and Adobe claimed that investing in security is a waste of money. Their message is simple and compelling:

“For most companies it’s going to be far cheaper and serve their customers a lot better if they don’t do anything [about security bugs] until something happens. You’re better off waiting for the market to pressure on you to do it.”

Although they say that this was all in pretense, we all know it was not, companies large and small try to avoid fixing problems as long as they can, waiting for customers to complain loud before ever doing anything. Basically, this is a risk that companies rate as unimportant because of its low perceived rate of occurrence.

The problem with this kind of risks that they cannot be properly rated. The probability of these risks is hard to rate because the data is basically unavailable. And the impact of the risk is underrated because of low perceived probability. People tend to ignore such risks.

But the companies, can they also afford to ignore such risks? What has to be considered is that a …
Read the full article ->

Everything is a hammer…

It looks like for Stephen Elop, the Microsoft  manager in charge of Nokia, everything looks like a Windows computer. What is all this nonsense about Nokia delivering cheap smartphones in developing countries? That market is already taken, first by LG and Samsung and then a couple times over by Chinese manufacturers. He ran the most successful mobile company in the world into the ground and he should be proud of that achievement. I am sure he is. Can you imagine what it takes, what kind of dedication, to actually take the market leader and run it into the ground, destroy everything very quickly and systematically? It is a mind-boggling achievement. We will be watching Stephen for his next career move to see what company will be brought to its knees next.


Read the full article ->

State of security – still miserable

Even after all these years the software industry seems to be ever in a state where we believe that if vulnerability exists but is unknown to the public it cannot be exploited, so our software is “practically secure.” In theory this is true, but the problem is that once someone finds the vulnerability, the finder may just exploit the vulnerability instead of reporting it or helping to fix it. Having “hidden” vulnerabilities doesn’t really make the vulnerabilities go away; it simply means that the vulnerabilities are a time bomb, with no way to know when they will be exploited.

Security is a fascinating subject even for uninitiated not to mention Bruce (who makes money with it no slower than the US Treasury printing presses) that may be looked at from different perspectives and talked about in several management dialects, including McKenzie (I do not speak it but I can understand it in a round-about sort of ways). Talking about security often gives you a cozy feeling. And all those diagrams, tables and, oh my, vectors and mitigations, they are so neat and kosher… until someone starts asking hard questions. Pray this someone is not your customer.

Talking about security does …
Read the full article ->