All companies know they should abstain from bad business practices, protect their business assets, minimize their risk and make as much money as they can. Most businesses that have a penchant for losing money and a knack for failing to meet their company goals know they should make certain changes to their business plans to improve their bottom line. Yet, I believe far fewer actually do so. So how can CIOs motivate and educate their colleagues to follow through in choosing the behaviors and techniques that help build and promote healthy companies? Let’s take a look at three elements that have a huge impact on the safety, health, profitability and longevity of every company.

 

Doing the right things. It is important for IT organizations to have a consistent set of processes, customs, policies, laws and organizational structures that encourage employees and officers of the company to do the right things. CIOs can ensure the investment in IT generates business value and mitigates the risks that are associated with IT by using proven frameworks and best practices associated with IT governance. Frameworks like COBIT and ISO 38500 can guide CIOs through the PDCA cycle to promote good governance and continuous improvement within their IT environment.

 

Identifying and managing risks. Effectively managing risk provides the foundation for a good security program. All security-related government regulations, industry regulations, privacy requirements, frameworks and best practices identify risk management as a critical need for every organization. CIOs can balance the operational and economic costs of protective measures and the gains achieved in meeting business goals by adopting a meaningful risk management methodology. A meaningful risk methodology is one that provides accurate information, aligns to the business and its critical processes, can be used throughout the organization and is used and understood by key stakeholders to make business decisions.

 

Complying with voluntary and mandatory requirements. Government and industry are beginning to crack down on organizations that have weak or non-existent compliance procedures. More legislation at the federal and state levels is being considered to force companies to comply with industry best practices. In essence, compliance is directly related to corporate integrity and good governance practices. If a company practices what it preaches and follows the rules which govern its business, then doing the right things and managing its risk become standard operating procedures. CIOs should design and implement an IT strategy that promotes and satisfies compliance, ethics, accountability, cultural, financial, business and legal obligations.

 

Taking an integrated approach to governance, risk and compliance (GRC) will help to ensure that CIOs meet their responsibilities for doing the right things, managing risks and complying with voluntary and mandatory requirements. There are a number of frameworks, organizations, technologies and best practices that CIOs can use to design and implement their GRC strategies. It is no longer wise or acceptable to say GRC is not part of our jobs.

 

 

Tags: GRC, IT GRC, risk assessment, ISO38500, COBIT

My First Foray Into Tech Blogging...

Other than drinking inordinate amounts of coffee and cursing at servers the two things I’m typically stuck doing is writing highly scalable multi threaded applications and getting bizarre 3rd party APIs to talk to each other. So, this blog is mostly going to be an adventure into the dark corners of .Net, C++ and other frameworks and platforms that you don’t want to mention in the presence of polite company.

Implementing a Hot-Swap Plugin architecture for .Net (Part 1)

A while back I decided to dabble a bit in Erlang and to be honest I was completely and utterly jealous of the ability to be able to hot-load code on the fly. I wonder how we could do that in C#...

The Interface And The Loader.

Let’s say our pseudo-hypothetical service performs string transformations. There are really only 2 required parts of any .Net based plug-in framework, the interface and the loader. The interface is responsible for describing what needs to be done, a binary contract if you will. The loader, well, loads up plugins so our app can use them. So without further adieu…

public interface IPlugin
{
    string DoSomethingCool(string input);
    string Name { get; }
    int Version { get; }
}

DoSomethingCool is our main method the app will be calling to perform the string transformations. Name and Version are going to be used for diagnostics along with our hot code loading system.

public IEnumerable GetPlugins()
{

    string path;
    //our plugin directory is the current app path + \Plugins
    path = System.IO.Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().GetName().CodeBase) + "\\Plugins";
    if (path.StartsWith("file:\\"))
        path = path.Remove(0, 6);

    DirectoryInfo di = new DirectoryInfo(path);
    if (!di.Exists)
        di.Create();

    var dlls = from fn in Directory.GetFiles(path)
                where fn.EndsWith(".dll")
                select fn;

    foreach (var dll in dlls)
    {
        object o = null;
        try
        {
            Assembly asm = Assembly.LoadFrom(dll);
            Type[] types = asm.GetTypes();
            foreach (Type t in types)
            {
                Type typeInterface = t.GetInterface(typeof(T).FullName, true); //type query
                if (typeInterface != null)
                    o = Activator.CreateInstance(t);
            }
        }
        catch{ /*log this*/ }
        if (o != null)
            yield return (T)o;
    }
}

And that’s our simple loader. All it does is scan and yields a bunch of active instances of our plugins from the target assemblies. In part 2 we are going to look at how to dynamically manage these instances so we can add, remove, modify and upgrade them at runtime.

Tags: code, C#, C Sharp, plugin, .NET

Using NISTIR 7628 and NISTIR 7756

Tags: Energy, CCM, Continuous Control Monitoring, real-time, IT GRC, eGRC, GRC, risk assessment, NISTIR 7628, NISTIR 7756, Smart Grid