michael werneburg

index of site content.

the economics of IT systems reliability

article - 2023.01.15

Making an investment in reliable systems can be difficult if the leadership can't put a price on the value of that reliability. By depicting the economics of recovery accurately, you can help clarify the problem and produce an accurate decision.

the trouble with Tenable

article - 2022.05.15

Automated vulnerability and configuration/hardening scanning can be a boon but can also go wrong in many ways. These are my recommendations.

the project graveyard

article - 2021.11.18

A catalog of past projects is a document or collection of documents that lists and provides information about the various projects that have been completed - and importantly, those that failed.

balancing projects with operations

case study - 2021.08.21

Following fifteen years of high management turnover, the IT operations division of a financial institution faced multiple urgent matters. Normalizing change in a sustainable way became a priority.

a non-profit risk management process manual

article - 2019.07.22

Non-profits require processes monitoring the enterprise for loss, including missed opportunity. I have written a manual for doing so that avoids common pitfalls in risk management.

writing a risk manual for a non-profit

case study - 2019.07.21

I wrote a manual on risk management for non-profits that makes optimal use of common organization structures and avoids common risk management mistakes.

evaluating vendor cyber security readiness

case study - 2019.07.02

The Investment Industry Association of Canada needed guidance for their member broker-dealers on evaluating vendor cyber security readiness. I co-authored that work.

agile in a regulated environment

case study - 2018.09.29

Agile software delivery is about quick increments of software, while regulated environments like checks and controls. Reconciling them is the trick.

fracking the human being

article - 2018.09.18

Don't treat people like they're expendable, treat them like you want to be treated–with respect and dignity.

SDLC in a regulated environment

case study - 2018.08.24

Regulated industries cannot tolerate failed software releases. For a software vendor in a regulated industry, the challenge is to deliver new software with assurance.

article - 2018.08.23

A technology provider can get nowhere in a regulated industry despite having a great product if the clients lack trust. This is where a SOC-2 audit report can help.

implementing PHI de-identification

case study - 2018.08.23

US-based multinational specializing in health information required a data anonymization process to replace a legacy system.

IT compliance at a Japanese bank

case study - 2018.08.22

Instituting the ITIL functions of incident management and change management at a Japanese bank.

tracking vulnerability fixes to production

article - 2018.08.22

Application vulnerability fixes should be a no-brainer, right?

third party risk

article - 2017.04.22

This guide on third party risk was written towards controlling a range of risks can possibly arise from the outsourcing of core functions

Peter Drucker on risk

article - 2015.02.04

Peter Drucker was a prolific and talented business writer who has much to teach us about strategic risk.

on strategic risk management

article - 2015.02.02

Strategic risk management is a hard subject to grasp. These matters are so big it's a problem even understanding where to start.