Yonas Tibebu

Negativity bias is the tendency of humans to place more significance on negative events than neutral or positive ones.  Negativity bias is an important concept for marketers to understand, because it plays an important role in customer experience management. When a customer perceives something negative about a product or service, it takes more than one positive event to restore balance because humans will naturally place more emphasis on the negative experience. Many psychologists believe that negativity bias evolved as a survival technique. Quite simply, those humans who didn't pay enough attention to negative outcomes were less likely to survive. In business, the same concept can be applied to customer service -- those companies who don't pay enough attention to negative customer outcomes are less likely to survive in the marketplace. Unhappy customers often choose to share their negative impressions with friends and family on social media. It's important for...

Penetration testing, also called pen testing or ethical hacking, is the practice of testing a  computer system, network or web application to find security vulnerabilities that an attacker could exploit. Penetration testing can be automated with software applications or performed manually. Either way, the process involves gathering information about the target before the test, identifying possible entry points, attempting to break in -- either virtually or for real -- and reporting back the findings.  The main objective of penetration testing is to identify security weaknesses. Penetration testing can also be used to test an organization's security policy, its adherence to compliance requirements, its employees' security awareness and the organization's ability to identify and respond to security incidents. Typically, the information about security weaknesses that are identified or exploited through pen testing is aggregated and provided to the organization's ...

C2C backup (cloud-to-cloud backup) is the practice of copying data stored on one cloud service to another cloud service. The backup stored on the second cloud service serves the same purpose as an off-site backup.  Cloud-to-cloud backup is important for organizations that rely on software-as-a-service (SaaS) applications like Microsoft Office 365, Box and Zendesk. SaaS vendors back up their customers' data, but any system can fail, and restores can be difficult if the SaaS vendor's backup software is fairly basic. As more software applications are being delivered as services, there are an increasing number of vendors who are specializing in C2C backups for specific applications. In this scenario the C2C provider manages both the backup software and its implementation for the C2C customer. Typically, C2C backups are run automatically without manual intervention. Customers can restore data from the target cloud if it is no longer available through the SaaS app. W...

Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings. These threats, or risks, could stem from a wide variety of sources, including financial uncertainty, legal liabilities, strategic management errors, accidents and natural disasters. IT security threats and data-related risks, and the risk management strategies to alleviate them, have become a top priority for digitized companies. As a result, a risk management plan increasingly includes companies' processes for identifying and controlling threats to its digital assets, including proprietary corporate data, a customer's personally identifiable information (PII) and intellectual property. Every business and organization face the risk of unexpected, harmful events that can cost the company money or cause it to permanently close. Risk management allows organizations to attempt to prepare for the unexpected by minimizing risks and ex...

Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business. These assessments help identify these inherent business risks and provide measures, processes and controls to reduce the impact of these risks to business operations. Companies can use a risk assessment framework (RAF) to prioritize and share the details of the assessment, including any risks to their information technology (IT) infrastructure. The RAF helps an organization identify potential hazards and any business assets put at risk by these hazards, as well as potential fallout if these risks come to fruition. In large enterprises, the risk assessment process is usually conducted by the Chief Risk Officer (CRO) or a Chief Risk Manager. Risk assessment steps How a risk assessment is conducted varies widely depending on the risks unique to the type of business, the industry that business is in and the compliance rules applied to that ...

  The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information. The PCI DSS was created jointly in 2004 by four major credit-card companies: Visa, MasterCard, Discover and American Express. The PCI DSS specifies and elaborates on six major objectives. 1.  A secure network must be maintained in which transactions can be conducted. This requirement involves the use of firewalls that are robust enough to be effective without causing undue inconvenience to cardholders or vendors. Specialized firewalls are available for wireless LANs, which are highly vulnerable to eavesdropping and attacks by malicious hackers. In addition, authentication data such as personal identification numbers (PINs) and passwords must not involve defa...

  A maturity grid, also called a maturity model, is an assessment tool for evaluating an organization's level of progress towards a goal. The grid, which is a matrix laid out in rows and columns, typically lists the criteria that will be evaluated in the left-hand column. Each column's corresponding row has cells that describe, in a few words, the typical behavior exhibited by an organization at each level of development. Typically, a maturity model has ten rows or less, with the first row defining entry level and the last row defining fully-developed best practice. Maturity grids can be used to provide an organization with an initial benchmark for how close to 'fully developed' an organization is in regards to the criteria being assessed. They are also useful tools for leading discussions and providing management with roadmap for next steps. Sample maturity matrix Here is an example of a maturity grid for disaster recovery. Level 0 Naught ...

Kay performance indicators (KPIs) are business metrics used by corporate executives and other managers to track and analyze factors deemed crucial to the success of an organization. Effective KPIs focus on the business process and functions that senior management sees as most important for measuring progress toward meeting strategic goals and performance targets.  Furthermore, different business units and departments are typically measured against their own KPIs, resulting in a mix of performance indicators throughout an organization -- some at the corporate level and others geared toward specific operations. Importance of KPIs Key performance indicators shine a light on how well a business is doing. Without KPIs, it would be difficult for a company's leaders to evaluate that in a meaningful way, and to then make operational changes to address performance problems. Keeping employees focused on business initiatives and tasks that are central to organizational success could als...

  Prescriptive analytics is the area of business analytics (BA) dedicated to finding the best course of action for a given situation. Prescriptive analytics is related to both descriptive and predictive analytics. Descriptive analytics Provides insight into what has happened. Predictive analytics Helps model and forecast what might happen. Prescriptive analytics Seeks to determine the best outcome among various choices, given the known parameters. Prescriptive analytics is used to suggest decision options for how to take advantage of a future opportunity or mitigate a future risk, and illustrate the implications of each decision option. In practice, prescriptive analytics can continually and automatically process new data to improve the accuracy of predictions and provide better decision options.