e-Risk: Liabilities in a Wired World. (Book Reviews).
This text examines six broad topics of importance to managers and business professionals, with particular value for those responsible for organizational risk management. It begins by reminding readers of the rapid nature of change in contemporary Western civilization and the opportunity for economic growth that developed nations are enjoying. Readers learn that the microprocessor is the tool that has enabled rapid acceleration of change in our environment by facilitating access to information and knowledge. We are reminded of the way that Western culture values its intellectual assets as potentially more important than our tangible assets. This text focuses on the importance the Internet has in the distribution of and access to intellectual assets. While technology accelerates the development of and value given to intellectual assets, it exponentially expands and redefines the risk that must be identified, analyzed, quantified, and managed. The text addresses fundamental areas of concern for those who must r espond to the increasing value and vulnerability of our intellectual property Six chapters present essays on the following:
1. an overview of states of maximum change
2. emerging versus traditional liabilities
3. implications of intellectual property
4. privacy issues
5. security management
6. quantification challenges
The authors are risk management practitioners. We learn of their frustrations and successes as they deal with varying levels of understanding for the complexities of managing e-risk.
Lange was director of risk management for Microsoft Corp. from 1990 until his retirement in 1998. During his years with Microsoft, he elevated the role of risk management from a functional role to a level of involvement throughout the organization (enterprise risk management). In this book's introductory chapter, he describes a world in which businesses are dependent on the technology that enables accelerated product design and life cycles. He contextualizes the expectations of Wall Street investors within the accelerated technology of business. Given the rapid increase in productivity that is possible with evolving technology, the growing expectation of investors, and the increasing dependency on technology by businesses, it is easy to understand the author's sense of urgency for adopting enterprise e-risk management practices.
While those who hold responsible positions in today's technology-driven organizations do not need to read this chapter to appreciate the need for managing technology risk, this opening to the book is valuable for the wider audience of business students and nonprofessionals who may not appreciate the magnitude of this dependency. In addition to emphasizing the concerns of dependency and velocity of change, the author describes issues of bad or ineffective technology and the effects of underperformance. He also discusses the impact of connectivity, hardware breakdowns, and intellectual property issues such as the problems of preserving brand equity, identifying fraud, and impersonation, and 20 other e-risk concerns. This chapter provides good material to raise the awareness of senior executives for the importance of enterprise e-risk management practices.
Leo Clarke and Martin Loesch are partners in a law firm that specializes in technology legal issues. Most of business's commercial code has its roots in responding to property rights and liability issues grounded in the production and use of tangible property and the consequences of such production and product use. Consequently, students of e-risk should have an introduction to some of the legal issues surrounding the increasing intangibility of business property. This chapter helps us recognize e-torts, e-pacts, and e-risks, concepts that may seem alien to managers who are grounded in concepts of tangible property. Technology gives us new intellectual properties, untested contractual language embedded in software, potentially unrealistic product performance expectations by customers, and a host of legal issues demanding evaluation, if only for the defense aspects of potential claims. Clearly, technology has brought business a new encyclopedia of plaintiff claims, most of which are not yet addressed by the c onventional risk transfer mechanisms of tangible property-based contracts and standard liability insurance. Readers are introduced to the Uniform Computer Information Transactions Act (UCITA) and the Uniform Electronic Transactions Act (UETA), which have been adopted by the National Conference of Commissioners on Uniform State Laws (NCCUSL). The effects of these attempts to establish uniform governance of technology on business will have far-reaching effects on business regulation and compliance that are likely to dwarf the influence on business practices from common components of today's uniform commercial code. This second chapter will cause many a sleepless management night.
Readers who have understood the exposure implications of the first two chapters may be wondering why their organizations accept such risks. Julie Davis's chapter describes some of the competitive necessities that present little choice to contemporary organizations. From the perspective of an executive vice president for Aon Technology Consultants, the author can credibly explain the competitive pressures motivating businesses to accept responsibility for the expanding and frequently unintended risk associated with technology applications and the growth of intellectual products. Her chapter is structured to present common technology concerns, mitigation options, and what happens when e-risks are not effectively managed. This chapter concludes with seven guidelines for corporate managers to use in establishing enterprise-wide accountability for managing exposure to intellectual property (IP).
In 2001, the insurance industry, along with other financial institutions, found itself responding to the effects of the Graham-Leach-Bliley bill, the intent of which was to require organizations that gather, use, and retain confidential data to establish and maintain appropriate standards of behavior to respect the confidentiality of such data. Daniel Jaye's chapter helps us understand the magnitude of privacy issues that technology's unprecedented access to information has only begun to create. How do organizations market their products online, and how do they gather and use customer data? In what ways is it appropriate for this information to be used and in what other ways does the use of data create potential infringements? The author suggests that organizations may want to rethink the depth of data they wish to collect. While technology makes the gathering and storage of vast amounts of information, if business decisions can prudently be made with minimal data, perhaps it is best to limit what is collecte d, thereby mitigating exposure for the organization. A brief discussion at the end of the chapter examines some of the privacy implications of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Computer Fraud and Abuse Act, section 1030 of Title 18 of the U.S. Code, and the Electronic Communications Privacy Act of 1986.
As if the first four chapters were not daunting enough for those who manage information technology exposures, Dan Ervin gives us a look at the expanding need for comprehensive information security measures. He reminds us that the purpose of technology is for business to take advantage of increased productivity from information systems "while protecting the integrity, confidentiality, and availability of our business critical information" (p. 121). The author, who has earned the Certified Information System Security Professional (CISSP) designation, is an employee of information security strategy and planning at Dow Chemical Company global headquarters in Midland, Michigan. For any reader interested in a serious approach to identifying, assessing, mitigating, and institutionalizing risk management practices for the purpose of protecting intellectual property, this chapter is a must-read. This chapter alone is worth the cost of the book and could easily form the foundation for a comprehensive course in managing e-risk security issues.
In addition to a well-crafted analysis process, the author gives the readers a collection of horror stories to impress the uninitiated with the importance of information security. His risk analysis matrixes and 14 control elements for managing e-risk exposure would satisfy even the critical editorial eye of Dr. George Head.
It is difficult to write a book addressing any aspect of technology without producing a product that is inherently obsolete by the time it is in print. However, this text is likely to have value for many years as a guide to shifting organizational perspective and raising consciousness among managers for the rapidly escalating and diversifying range of exposures to loss that our expanding technology is creating. In the last chapter, James Mullarney helps us conceptualize technology's "real time" as a redefinition of the amount of reaction time available to today's businesses. Because products are intellectual in nature and their utility is available instantly, the consequences of their use are also instant. The effect of technology is therefore to continually reinvent the nature of products, potentially generating an endless stream of new opportunity along with unintended and unanticipated risk. The author, assistant vice president for F & D/Zurich e-Business Solutions, tells us that we need to become aware of these differences in the nature of e-risk. We must assess and analyze these differences and develop and implement methods of handling e-risk. While these concepts are fundamental even in brick-and-mortar business issues, the rapid velocity with which e-risk can impact an organization's intellectual property portfolio and the organization's financial results mandates senior management commitment to meaningful and evolutionary enterprise e-risk management.
|Printer friendly Cite/link Email Feedback|
|Author:||Watson, Leonard J.|
|Publication:||Journal of Risk and Insurance|
|Article Type:||Book Review|
|Date:||Sep 1, 2002|
|Previous Article:||From Mutual Aid to the Welfare State: Fraternal Societies and Social Services, 1890-1967. (Book Reviews).|
|Next Article:||Personal Insurance, 4th edition. (Book Reviews).|