Are you Monitoring Important Systems?

New York is replacing their payphones with LinkNYC access points providing free calls, 911 calls, free WiFi, charging, and more. You would think such a system would warrant professional monitoring. Nevertheless, some of these devices just show a blue screen of error messages followed by a Linux login prompt.

  • Monitoring of crucial systems must include an automated mitigation action and reporting to a 24/7 operations center.
  • Monitoring of important systems needs immediate alerting to staff on call.
  • Monitoring of normal systems only needs to log a trouble ticket to be addressed by regular staff during working hours.
  • Low-priority systems do not need active monitoring.

It seems these kiosks are not as important to the company running the system as they were to the Mayor promising them.

Does every system on your central system list have a monitoring priority? When was the last time you checked with the person with the technical responsibility what monitoring is in place?

Are you Releasing Sub-Standard Systems?

Out of a sample of 5,000 apps, 80% did not live up to a reasonable standard. Are you releasing sub-standard apps or systems?

A company the reviews healthcare apps for the UK National Health Service found many bad examples, including apps that provided complex medical advice without any expert backup, or apps without security updates for several years. They’ve been though 5,000 apps, but there are 370,000 health-themed apps out there.

As a CIO, look in your systems list for information about applicable regulation. For every system, you should see a list of what regulations (GDPR, CCPA, HIPAA etc.) apply to that system, and the name of the person who has certified that this list is complete. For every regulation, you should also see the name of the person who certify that the system complies. If you don’t have that information in your systems list, you are probably releasing sub-standard systems.