April 27, 2021
Cyber Security, Data Management, Data Privacy, Information Technology, Managed IT Services, Ransomware, Risk Assessment
Need IT support? Here are some questions to ask when looking for a Managed IT Services firm to make sure they provide comprehensive services to keep your business secure. Contact us to learn more about our IT Services.
May 15, 2020
Communications, KAI Partners, Risk Assessment, Sacramento, Strategic Plan
By Stephen Alfano, PMP®, CSM, Prosci
There is no sure-fire way of predicting when (or how) a crisis will occur in an organization or a business environment. Crises, by their very nature, are all too often unpredictable and all-consuming events.
However, with the practice of risk management, organizations and business leaders can assess potential crises and quantify their ensuing impact. More important, they can use the assessments to create mitigation plans to prepare for potential emergencies.
One such mitigation plan is preparing a crisis communications plan.
A crisis communications plan provides a framework for timely and clear messaging from when the crisis hits through its evolution. A crisis communications plan often extends well beyond the end of the crisis to ensure that everything and everyone is on the same page or narrative. Like most proactive business management strategies, crisis communications plans fall into categories that mirror the most critical operations and functional areas.
Pre-crises Phase
Step 1: Identify Potential Crises Risk
Step 2: Designate and Educate Potential Crises Risk Owners and Spokespeople
Step 3: Standup Notifications and Monitoring Systems
Step 4: Test Response Regularly
Post-crises Phase
Step 5: Assess the Situation
Step 6: Create and Rollout Key Messaging
Step 7: Wind down/Wrap up Response as Quickly as Possible
Step 8: Perform Postmortem of Response Steps
Step 9: Revise Plans with Postmortem Insight
For more insight into Crisis Communications, check out these links:
Your Survival Guide to Crisis Communication – HubSpot
3 Best Practices For An Effective Response Plan – Business 2 Community
Crisis Management: Communications Best Practices – Department of Energy
If you need additional information or support creating crisis communications plans explicitly designed to fit your organization or business, contact us to learn more! We would love to help!
About the Author: Stephen Alfano is an Organizational Change Management Consultant and Communications Expert. He has over 30 years of experience in leading and managing initiatives for both private and public-sector clients. His résumé includes providing both new business and business process improvement services to Apple, American Express, AT&T, California Department of Transportation, Chevron, Entergy, Levi Strauss & Co., Louisiana Office of Tourism, Mattel, Microsoft, Novell, SONY, Sutter Health, and Wells Fargo. Stephen currently works as an Executive Consultant with KAI Partners, Inc., providing change management and communications expertise and project management support services on several active contracts.
June 5, 2019
Cyber Security, Data Management, Government, Information Technology, Innovation in the Public Sector, IT Modernization, KAI Partners, Public Sector, Ransomware, Risk Assessment, Sacramento, Technology
By Jamal Hartenstein, JD, CISSP, CGEIT, PMP
The Greater Sacramento Capitol Chapter of ARMA recently held its annual Records Knowledge Conference, which brought together records managers from city, county, and state clerk offices.
According to our local ARMA chapter, ARMA is dedicated to providing education and resources to those in the Records Management and Information Governance fields. They are committed to enhancing Records Management and Information Governance professionals through training, networking, leadership, and outreach.
The conference attendees brought a sense of eagerness to learn and share—ARMA chapter leadership gave event attendees a special opportunity to hear from world-class speakers—including and a lead researcher on the IBM Watson project, Dr. Ashish Kundu—on some of the most important and cutting-edge topics.
Along with a formidable group CEOs, I was honored to be asked to speak about Cybersecurity Threats to Information Governance. Highlights of the event and major takeaways included:
Public sector IT innovation and modernization means systems and processes change rapidly. One example of this is California Assembly Bill 2658, recently signed into law by the governor. This new law updates the definition of an Electronic Record to include blockchain and smart contracts as legally recognized records. It sends a clear signal that digital records management, particularly blockchain technology and smart contracts, are priorities for a more innovative and dynamic public sector.
This new law impacts public records requests because entries logged in public agency-owned private blockchains are electronic records. These records are susceptible to the Freedom of Information Act (FOIA). Records Managers may benefit from technology that makes the identification and delivery of public records to requestors easier. It may also create convenience for those exercising Public Records Act (PRA) requests. It’s a double-edged sword; it streamlines the processes but increases PRA volume at the same time.
The discussion of the California blockchain law was one most important topics discussed at the ARMA event. Another popular topic was IT Security Assessments.
The urgency in public sector data governance and records management is an incredible opportunity to embed IT security controls for the public sector personnel working at the heart of the ever-expanding challenges.
KAI Partners performs security assessments to address the multitude of challenges facing the public sector. Our assessments help ensure secure and efficient delivery systems where the organizational objectives align with the development of strategic plans and programs. In addition, KAI Partners’ training division—KAIP Academy—works to address technical skills gaps. Our training courses include ITIL, Project Management, Agile/Scrum, and more.
Were you at the ARMA Conference? What were your biggest takeaways about public sector innovation?
About the Author: IT Security Program Manager at KAI Partners, Jamal Hartenstein is a cybersecurity legal expert who has helped some of the country’s largest financial institutions, healthcare companies, and federal agencies develop their IT Security Roadmap programs. In his current role, Jamal provides guidance to executive staff and security professionals on laws, frameworks, and policies that help shape their strategic plan, and helps organizations innovate safely and securely. Prior to working for KAI Partners, Jamal served as an Electronic Warfare Sergeant in the U.S. Army Military Intelligence Corps, where he was a steward for Defense Information Systems Agency (DISA) framework. He earned his undergraduate degree from Georgia Military College and his Juris Doctorate from University of the Pacific, McGeorge School of Law in California.
March 19, 2019
Cyber Security, Information Technology, Project Management, Project Management Professional (PMP), Public Sector, Ransomware, Risk Assessment, Sacramento, Technology
By Jamal Hartenstein, JD, CISSP, CGEIT, PMP
If organizations don’t have IT Security governance, risk management, and compliance measures in place, they are susceptible to breach, dissemination of data, or regulatory violations that can cripple the organization.
A regulatory violation (i.e., if an organization does not meet deadlines for disclosures) can mean legal penalties. Enterprises without an IT Security Strategic Plan are poorly suited to assess and manage IT related risks, in alignment with business objectives.
In any of these events, consequences include brand/reputational damages, increased cybersecurity insurance premiums, legal fees, and injunctions.
In addition to those risks, there’s a regulatory component to IT Security—the state of California mandates periodic risk assessments for public sector groups at the state, county, and city levels. To keep up with ever-changing mandates and to successfully meet regulatory mandates, you might need Strategic Risk Management Planning.
So, where do you begin to start this planning and make sure your organization is protected?
KAI Partners is your one-stop shop for IT Security services.
Whether public sector, private sector, non-profit, or small business, KAI Partners can offer IT Security services that allow your organization to operate and innovate safely.
Our IT Security services help ensure that the software, hardware, and policies you implement not only protect your organization, but also mitigate the threat of catastrophic litigation.
Members of the KAI Partners IT Security team hold credentials in Certified Information System Security Professional (CISSP), Project Management Professional (PMP)®, Certified ScrumMaster®, Certified in the Governance of Enterprise Information Technology (CGEIT), CompTIA Security+, Network+, Project+, A+, Microsoft Certified Professional (MCP), and more.
KAI Partners works together with Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, IT Security Managers, vendors, and other strategic partners to help your organization create and implement a comprehensive IT Security plan.
Some of KAI Partners’ IT Security services include:
Legislation, regulations, and policy shape the way organizations conduct business today. The laws have a hard time keeping up with technology—and technology has a hard time keeping up with threats. KAI Partners can help you create and implement IT Security practices that are unique to your business objectives and help protect the privacy of your organization.
Interested in learning more about how KAI Partners’ IT Security services can help your organization stay safe and compliant? Contact us today!
About the Author: IT Security Director at KAI Partners, Jamal Hartenstein is a cybersecurity legal expert who has helped some of the country’s largest financial institutions, healthcare companies, and federal agencies develop their IT Security Roadmap programs. In his current role, Jamal provides guidance to executive staff and security professionals on laws, frameworks, and policies that help shape their strategic plan, and helps organizations innovate safely and securely. Prior to working for KAI Partners, Jamal served as an Electronic Warfare Sergeant in the U.S. Army Military Intelligence Corps, where he was a steward for Defense Information Systems Agency (DISA) framework. He earned his undergraduate degree from Georgia Military College and his Juris Doctorate from University of the Pacific, McGeorge School of Law in California.
May 10, 2017
Best Practices, Issues and Risks, Project Management, Risk Assessment
By Stephen Alfano, CSM
Full disclosure, I made three assumptions before I wrote this blog post:
If you are still reading this blog post (thank you!), you probably figured out my stratagem quickly and decided to chalk it up to a level-setting parlor trick used to underscore the “tricky” nature of assumptions. (You saw what I did: That statement is an assumption.) So, let’s move on, starting with an official, textbook definition of an assumption.
An assumption is, “a thing that is accepted as true or as certain to happen, without proof.” Of course, how would you know this definition is the definition you seek? How could you be sure it comes from a legitimate and “official” source? (Tricky, right?) In short, an assumption needs to be validated.
For more insight on validating assumptions, check out these links below:
ASSUMPTIONS ARE MADE TO BE VALIDATED via Leading Agile
The Need to Validate Project Assumptionss via Business 2 Community
5 Tips to Make Sure You Are Validating Early and Often via Kissmetrics
Case Study: Using the 5 Whys to Validate Assumptions via iSixSigma
Identifying and Validating Assumptions and Mitigating Biases in User Research via UX Matters
Build Better Products: How to Identify and Validate Assumptions via Users Know / SlideShare
Now it’s your turn—what are some of your best practices to validate assumptions and reduce risk on your projects? Or, what other trouble spots does your project have—we’d love to cover some mitigation techniques in a future blog post!
About the Author: Stephen Alfano is Certified ScrumMaster® (CSM), Organizational Change Management Consultant and Communications Expert. He has 30 years of experience leading and managing internal and external program initiatives for both private and public-sector clients. His résumé includes providing both new business and business process improvement services to Apple, American Express, AT&T, California Department of Transportation, Chevron, Entergy, Levi Strauss & Co., Louisiana Office of Tourism, Mattel, Microsoft, Novell, SONY, Sutter Health, and Wells Fargo. Stephen currently works as Marketing and Communications Manager for KAI Partners, Inc., spearheading business development and leading the firm’s marketing and communications practice and line of business.