Thursday, 4 April 2013

Operational Risk

There are variety of ways to define operational risk. One can find different definitions in different books and over internet. I will quote some of the most common and authentic definitions here for you to have a better understanding. In simple terms "An operational risk is defined as a risk incurred by an organization's internal activities".

From an academic point of view "A form of risk that summarizes the risks a company or firm undertakes when it attempts to operate within a given field or industry. Operational risk is the risk that is not inherent in financial, systematic or market-wide risk. It is the risk remaining after determining financing and systematic risk, and includes risks resulting from breakdowns in internal procedures, people and systems. "

A most famous and widely used definition of operational risk is the one written in the Basel II regulations. Basel II is the second of the Basel Accords, (now extended and effectively superseded by Basel III), which include recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision. The Basel II Committee defines operational risk as "The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events." However, for internal purposes organizations are permitted to adopt their own definition but they should have a minimum set of elements from the Committee's definition.

Basel II divides operational risk into seven different event type categories which are as follow:

  • Internal Fraud: Bribery, intentional mis-marking of positions, tax evasion and mishandling of assets
  • External Fraud Hacking damage, theft of information, forgery and third-party theft
  • Employment Practices and Workplace Safety: Workers compensation, discrimination, employee health and safety
  • Clients, Products and Business Practice: Account churning, fiduciary breaches, product defects, improper trade, antitrust and market manipulation
  • Damage to Physical Assets: Natural disasters, terrorism and vandalism
  • Business Disruption and Systems Failures: Hardware failures, software failures and Utility disruptions
  • Execution, Delivery and Process Management: Negligent loss of client assets, data entry errors, failed mandatory reporting and accounting errors

Today's class is over dear readers :). Now you can sit back and relax. I will discuss methods of operational risk management in the very next post. Stay in touch and keep visiting the Microcom IT's blog.

Tuesday, 2 April 2013

Business Continuity Guidelines

"Guidelines are those procedures and activities which are recommended in a preset design plan. However depending upon the needs and requirements of the target business function, these items may or may not be performed, or may be altered during implementation."


British Standard 25999-2 and other standards provide a specification for implementing a business continuity management systems within an organization.

Business Impact Analysis (BIA):

The BIA can be used to identify extent and timescale of the impact on an organization. For example it can examine the effect of disruption on strategic, functional and operational activities of an organization. BIA can determine the effect of disruption on major business changeswhich include introducing new product or services. Most of the standards require that business impact analysis should be reviewed from time to time appropriately for each organization and whenever any of the following occur:

  • Major changes in the internal business location, process or technology
  • Major changes in the external business environment – i.e market

Security Management:

Security is the top priority in today's global business environment. Security is mandated by law, and conformance to those mandates is investigated regularly in the form of audits. If an organization fails to pass security audits, financial and management changes may impact upon an organization.

Documentation Management:

Complete and up-to-date documentation is the ultimate solution to ensure sustainable growth in business turnover or profit. In today's large information technology environment profit or business turnover has to be planned as part of the Business Continuity process. Documentation makes sure that new personnel have the information they need in order to become knowledgeable about business functions which they have to take care of.

Change Management:

Regulations require that changes to business functions must be documented and tracked for auditing purposes. This process is designated as "Change Control". This enhances the level of stability by requiring the support personnel to document and coordinate proposed changes to the underlying systems. As this process becomes more and more automated, the emphasis will be more upon regulatory compliance and less upon personnel control.

Audit Management:

Audit Management is the most time consuming activity in the field of information technology. Business functions should be designed to automatically generate documentation and information compliance with audit. This will in turn reduce cost and time consumption associated with manually producing such information.

Communication Systems:

Communication in the time of distress is the most crucial component of Business Continuity. The Disaster recovery team must be able to communicate effectively among themselves as well as with managers, directors, customers, partners, and even with the media.

Service Level Agreement (SLA):

SLA is an interface between the organization (which provides the service) and the client. SLA ensures that the organization continues to maintain a high level of service quality. The organization commits itself to providing that level which is normally given as a percentage out of 100. SLA is a written contract which engages the expectations of clients with regard to the availability of a necessary business function, and the deliverable that information technology provides in support of that business function.

This is it folks. There will be a new topic in the upcoming post. Keep visiting the Microcom IT's blog for more informative posts.

Wednesday, 27 March 2013

Business Continuity - Program Development and Policies

Standards, Program Development, Policies, Guidelines, and Procedures are the foundation of Business Continuity and are needed to ensure that an organization is working without stopping in case of an adverse event. In my last post i discussed a bit about standards. Lets dig a bit more and learn more.

Program Development:

Program Management is an ongoing process to make sure that necessary steps are regularly taken in order to identify disasters, emergencies, threats and accidents. It also involves:

  • Thorough assessment of the possible effects of adverse events
  • Developing plans and recovery strategies
  • Ensure readiness through plan testing and personnel training


Policies are the road-map deputed by the management of an organization that will always be followed according to a preset design plan, and supporting all business functions within an organization.

BCM Plan:

BCM Plan is a set of documents, instructions, and procedures which enable a business to respond to disasters, emergencies, accidents and threats without any hindrance or stoppage in its key operations. BCM plan is also known as business resumption plan, disaster recovery plan, or recovery plan.

BCM Planning:

BCM Planning is the task of identifying, developing, acquiring, documenting, and testing procedures and resources that will ensure continuity of an organization's key operations in the event of a disaster, accident, threat or emergency. It includes:

  • Business Recovery Planning in order to ensure continued operation in the aftermath of a disaster
  • Risk Mitigation Planning in order to mitigate against the risk should an unfortunate event occur

That's it for today folks. I will discuss Business Guidelines in upcoming post. Stay in touch and keep on visiting the Microcom IT's blog

Monday, 25 March 2013

What is Business Continuity - Introduction

"Business Continuity is the activity performed by an organization to ensure that critical business functions will be available to customers, suppliers, regulators, and other entities that must have access to those functions." This include system backups, project management, help desk and change control. Business Continuity is a set of activities performed daily basis to maintain consistency of service, and recoverability.

Standards, Program Development, Policies, Guidelines and Procedures are the foundation of Business Continuity and needed to ensure that an organization is working without stopping in case of an adverse event.


In this section i will provide some of the reference numbers for standards developed by different authorities like ISO, IEC, BSI etc.

  • On 15 May 2012, ISO published the International Standard ISO 22301:2012, "Societal security -- Business continuity management systems --- Requirements". A second International Standard ISO 22313, "Societal security -- Business continuity management systems – Guidance", is in the Draft International Standard (DIS) phase and is expected to be published in late 2012 or early 2013.
  • Produced by the British Standards Institution (BSI), BS 25999 is a business continuity management (BCM) standard in two parts. The first, “BS 25999-1:2006 Business Continuity Management. Code of Practice”, takes the form of general guidance and seeks to establish processes, principles and terminology for business continuity Management.
  • Published by the National Fire Protection Association NFPA 1600: Standard on Disaster/Emergency Management and Business Continuity Programs.
  • Published by Standards Australia HB 292-2006 : A practitioners guide to business continuity management HB 293-2006 : Executive guide to business continuity management In 2010
  • Standards Australia introduced their Standard AS/NZS 5050 that connects far more closely with traditional risk management practices. This interpretation is designed to be used in conjunction with AS/NZS 31000 covering risk management. You can read more about risk management on this blog.

Many businesses which have spent lots of money on creating an IT infrastructure that gives them good performance and reasonable reliability often forget business continuity planning. Business continuity planning is an essential part of an organization’s need to maintain operations should unforeseen circumstances occur. In the event of such a situation if business continuity planning had not been considered the result would be major outage with all systems offline. You would be correct in assuming that this kind of scenario could ruin the reputation of an organization or at worse lead to its collapse.

It is for this reason that businesses that require an added level of assurance of continuity of their operations must devise a robust plan for their organization. At Microcom IT we assist our clients by formulating a concise plan and assist with improving the existing structure to accommodate the added measures. If you have thought about these possibilities and do not have any measures in place, it is still not too late. Contact our specialist team to find out how we can help.

Thursday, 21 March 2013

Potential Risk Treatments

When a risk have been identified and thoroughly assessed, all techniques to manage and mitigate the risk fall into one or more of the following categories:

  • Risk Avoidance
  • Risk Reduction
  • Risk Sharing
  • Risk Retention

Risk Avoidance:

Risk Avoidance includes not performing any activity that could carry risk. For example you should not buy a property or business in order to avoid the legal liability that may come with it. You should not ride a bike in order to avoid road accident. Avoidance may seem the most feasible solution to all risks, but mostly you do not gain anything until you risk some thing. Avoiding risk result in losing potential gain that sometime may make the risk worth taking. In short avoiding risk means not to enter a business in order to avoid the risk of losing and also to avoid the possibility of earning profits.

Risk Reduction:

Risk Reduction or also known as Risk Optimization is a method of reducing the impact and severity of loss from occurring. Halon fire suppression systems may mitigate the risk of fire, but the cost is too high which may prohibit it to be implemented as a strategy.

Software development companies reduce risk by developing and delivering software incrementally. They release a beta testing version so that users can use and identify bugs if any. User testing is very helpful to find errors at different stages of development. Early methodologies suffered from the fact that they only delivered software in the final phase of development. Any problems encountered in earlier phases meant costly rework and often jeopardized the whole project.

There is an another method to reduce risk which is outsourcing. A business owner can outsource manufacturing and customer support to another company which lets him to concentrate more on business development rather than taking care of manufacturing process or to find a physical location for a call center.

Risk Sharing:

"Sharing with another party the burden of loss or the benefit of gain, from a risk, and the measures to reduce a risk." The concept of risk sharing is widely misunderstood. If the insurance company go bankrupt or end up in court, the original risk is likely to still revert to the first party. The purchase of an insurance contract is often described as a "transfer of risk". However, technically speaking, the buyer of the contract generally retains legal responsibility for the losses "transferred", meaning that insurance may be described more accurately as a post-event compensatory mechanism. For example, a personal injuries insurance policy does not transfer the risk of a car accident to the insurance company. The risk still lies with the policy holder namely the person who has been in the accident. The insurance policy simply provides that if an accident (the event) occurs involving the policy holder then some compensation may be payable to the policy holder that is commensurate to the suffering/damage.

Risk retention pools are technically retaining the risk for the group, but spreading it over the whole group involves transfer among individual members of the group. This is different from traditional insurance, in that no premium is exchanged between members of the group up front, but instead losses are assessed to all members of the group.

Risk Retention:

Involves accepting the loss, or benefit of gain, from a risk when it occurs. True self insurance falls in this category. Risk retention is a viable strategy for small risks where the cost of insuring against the risk would be greater over time than the total losses sustained. All risks that are not avoided or transferred are retained by default. This includes risks that are so large or catastrophic that they either cannot be insured against or the premiums would be infeasible. War and natural disasters are examples since most property and risks are not insured against war and natural disaster, so the loss attributed by war and natural disaster is retained by the insured. Also any amounts of potential loss (risk) over the amount insured is retained risk. This may also be acceptable if the chances of a very large loss are rare or if the cost to insure for greater coverage amounts is so great that it would hinder the goals of the organization too much.

That is all for today folks. Keep on visiting the Microcom IT's blog to learn more. I wish you have a very successful day.

Wednesday, 20 March 2013

Risk Management

The process for identifying, assessing, and prioritizing risks of different kinds is known as Risk Management. When risk factors are being identified, the risk manager can make a plan to reduce, avoid or eliminate the impact of negative elements or events. There are several strategies available to manage risk, depending upon the type of business and the type of risk.

Risk Types:

There are different type of risks that a risk manager plans to mitigate. Common risks are like accidents in the workplace or fires, tornadoes, earthquakes, other natural disasters, fraud, theft, sexual harassment lawsuits. Risks can also relate to business practices, uncertainty in financial markets, failures in projects, credit risks, or the security and storage of data and records.


The main goal behind applying risk management practices is to protect businesses from being vulnerable and keeping it viable and reducing financial risks. Risk management also focuses on protecting employees, customers, and general public from accidents and disasters. Risk management practices are also about preserving the physical facilities, data, records, and physical assets a company owns or uses.

Identification and Management:

The process for identifying and managing risk consists of five basic steps. The first step is to identify the risk. The second step is to assess available information about the risk to analyze the level of vulnerability. The third step is to determine the expected consequences of specific threats. The fourth step is to identify ways to reduce those risks. The final step is to prioritize risk reduction measures based on a strategy.

Folks! today you have an introduction to Risk Management. In my next post i am going to discuss some strategies to cope with risks. Keep visiting the Microcom IT blog and do not forget to give your valued feedback in comments.

Monday, 18 March 2013

Off Page/Off Site SEO: Practical Approach with Link Building

Link building in SEO refers to a technique to build inbound links for a website. Inbound links are just like a vote. Through inbound links, search engines can analyze not only the popularity of a website but also its trust worthiness. Trust worthy sites often link to other trust worthy websites while spammy websites do not receive much input from trust worthy websites. Link building is not the only method to judge credibility of a website but it is a very important method. Most SEO pundits consider that search engine algorithms rank a website with respect to the number of quality inbound links and traffic. There are different techniques for link building. Let me explain them one by one.

Reciprocal Link:

Reciprocal link is a link that's mutually shared between two websites. For example if Alexander Solicitors & Advocates is linked to Cheap VPS UK and Cheap VPS UK is linked to Alexander Solicitors & Advocates, it means their both linked reciprocally.

Resource Link:

Resource links are very important and get a lot of attention from search engines. Resource links are suppose to direct visitors to some content which is suppose to be beneficial for the reader. For example if i am writing about Linux hosting, I can direct the reader to Microcom IT's Linux Hosting page by using "Linux Hosting" as anchor text. At this page the reader can know about the Linux hosting service provided by Microcom IT. Alternatively the link can also point to another location where you think the content is more appropriate.

Forum Signature:

Forum signature linking is a technique used to build back links to a website. This is the process of using forum communities that allow outbound hyperlinks in a member's signature. This can be a fast method to build up inbound links to a website and improve the Search Engine Optimization value. It takes a lot of time to build a certain level of profile ranking on a forum before we can put a link into the signature. Secondly, most of the forums do not allow advertising at all or they have a separate section for this purpose where you need a very high forum profile rank for advertising. I would prefer that you use this technique as the last resort.

Directory Posting:

Directory is a link bank which contains many links and categorizes them under the relevant category. Mostly there are three types of directory submissions you can do. One is free submission which does not cost you anything. Second is reciprocal submission which asks you to add their link on your website before you submit your website's link. Third is feature submission for which the directory admin charges you actual money to keep your website link in the feature listings for a certain period of time. With featured submission, your website link will normally be approved within 24 to 48 hours. Otherwise it will take 3 to 7 weeks before the admin reviews your website link and approves it.

Blog Commenting:

Leaving a link in a blogs comment section may get you clicks by readers of the blog if the comment is well-thought-out and pertains to the discussion of the other commentators and the post on the blog. Most blogs provide different options to select for the type of profile such as anonymous or use a name and URL. I prefer the Name and URL. You can use a keyword as the name and the desired website link as URL.

Social Bookmarking:

Social bookmarking is a way of saving and categorizing web pages on the web. Because bookmarks have anchor text and are shared and stored publicly, they are scanned by search engine crawlers and have search engine optimization value.

Stay in touch folks. Hopefully tomorrow there will be a different topic but we will keep on writing on SEO from time to time. May you have a very blessed and successful day.

Friday, 15 March 2013

OnPage/OnSite SEO: Practical Approach with Content Section

Statistics show that my last post regarding choosing Title and Keyword was a success which is a moral booster for me. It seems that the purpose was served and we can move forward. Today i will discuss how you should deal with your website content from an SEO prospective. Content is the most attractive part of a website for a search engine crawler. While writing content for your website you should keep a couple of things in mind.

Content has to be unique and well formatted. Sufficient time should be spent on proof reading to find spelling mistakes and grammatical errors. Make sure that content is relevant to your webpage. Websites with unique and relevant content build a superb impression on search engine crawlers and get indexed with less time and effort. While websites with copied content get degraded by search engine crawlers.

When you are writing content for your website, heading tags are the most important elements to consider. Use of heading tags help users, web browsers and search engines know where the major key points of your website are. It makes it easier for search engines to determine the nature of the content. Use "h1" tag for the main heading which has to be chosen carefully. The main heading should reflect what the content is all about. If there is a sub-heading use "h2" tag. This patronage may be misunderstood so let me simplify it. The "h1" tag is the main heading and the "h2" has to be the sub-heading of "h1" and "h3" has to be the sub-heading of the "h2" and so on.

Keyword density is determined by the number of time a certain keyword is used within the content but be very careful with density. Do not use a keyword more than three times in the first paragraph and only once or twice if necessary in subsequent paragraphs. Using a keyword too many times is a Black Hat SEO technique. Sooner or later search engines will detect it and your website will be considered as spam.

Add as much text as possible on your website because websites with sufficient text quickly grab the attention of search engines. Keep your website up to date. Make changes to the content once a week depending on the type or nature of your website. At least keep on feeding your website so search engines can find new changes every time they pays a visit. If search engines find no activity on your website they will increase the time interval between visits. It is very simple, if you lock up someone in a room without water and food they will get weaker and eventually die. The same thing will happen to your website if you don't keep it up to date.

That's it for today. I will discuss link building in the upcoming post. Stay in touch folks and keep paying us a visit. You are welcome to ask any kind of question regarding SEO in the comment section. I will try my level best to respond to your query as soon as possible.

Thursday, 14 March 2013

OnPage/OnSite SEO: Practical Approach with Title and Keyword

It is time to avoid reading theory :) and move to practical approach towards Search Engine Optimization. Now we will focus on things which we need to take care of while applying tools and techniques of SEO. This post is for those who want to learn how to do certain things in SEO. So i will write stuff which will be precise and to the point. Lets come to the point and let me share my way of doing SEO with you.

Title and Keyword:

Choosing a title for the page is the most important phase of OnSite SEO. It takes some time to figure out a unique and relevant title which attracts users over the internet. You can start doing it on paper. Use your brain and think hard. If you already have the titles and keywords in place on your website then you need not think about this. But in some cases clients ask you to suggest titles and keywords which you think are better for SEO. Use Google Keyword Tool for title and keyword analysis. It will help you figure out titles and keywords. Use a minimum of three of the most important keywords in the title and start working on the first one. Take Alexander Solicitors & Advocates as an example. Open this website and check its page title. A perfect way to make a title. Its title looks like this "Alexander Solicitors & Advocates | Solicitors in Luton | Bedfordshire | UK". Now the title shows that this website requires SEO with geographic constraint. When a user writes a query, the search engine does not compare it as it is or as a whole sentence instead it matches the words in a query with a match in website title and content.

Now check its keyword tag. Keywords are "Leading Law Firm UK,Top Notch Lawyers Luton,Legal Advisors in Bedfordshire,Solicitors Luton Bedfordshire". You can observe that the title and keywords contain almost all possible and common words that can be used for a legal adviser. This is how you should keep the title and keywords of the website you are working on. Don't use too many keywords as keywords are not focused on that much according to some SEO pundits but in my point of view even when they are not worth much they are still in the game. Anyway, it is debatable and we may debate it another time.

In next post i will explain how to work with content. Stay in touch folks. Have a great day.

Wednesday, 13 March 2013

Off Site/Off Page SEO: Types and Techniques

Off Site or Off Page SEO is also a crucial part of Search Engine Optimization. Once you finished with On Site SEO, Off Site SEO phase kicks start. Difference between both is OnPage SEO can be put to rest for some time but Off Page SEO has to keep going on. Most of the Off Site SEO techniques focus on link building and spreading the words on World Wide Web. Your intention should be promoting your business and website on all famous and relevant forums over internet. We will introduce you some commonly use legal practices regarding Off Site SEO. Later in coming posts we will discuss both OnSite and Off Site SEO using practical approach because reading theory about anything is different but we do not just want to fill this blog with commonly known theory which can be found on other blogs easily. We wanted our visitors to get actual knowledge and guidelines for implementing these techniques. Lets have a brief look on Off Page SEO methods because it is always better to know before do.

Link Building:

Link building is a very important if you want to improve traffic and page rank of your website. It is every website owner's dream to have as high page rank and traffic as possible. While the algorithm for determining page rank encompasses many elements, and is constantly changing, one item is the number of links pointing to your web site. Now, you’ll want to steer clear of link farms and other spam attempts at getting links to your site. However there are many reputable and niche directory sites that you can use to submit your web site, or specific blog articles to. With genuine content especially if you have a blog, you’ll be able to generate links with other web sites and blogs, as well. It’s somewhat of a give and take, in that if you link out to other sites, you’ll find sites linking back to you and hopefully see your page rank going up, as well!. Here in this post we are giving you a slight taste of some on commonly used methods but in upcoming posts we will discuss all these things in great detail as already mentioned earlier.


Blogging is a new innovation in cyber world. People can express themselves if they do not have any other forum. But now a day’s use of blogs is getting so common and popular way of sharing your ideas. People from every field of life use and read blogs. Blogging is significant way of letting the world know your existence. Blogs can play a vital role in order to bring traffic to your website and building a back link depository.

Banner and Advertisement Posting:

Blogging is a new innovation in cyber world. People can express themselves if they do not have any other forum. But now a day’s use of blogs is getting so common and popular way of sharing your ideas. People from every field of life use and read blogs. Blogging is significant way of letting the world know your existence. Blogs can play a vital role in order to bring traffic to your website and building a back link depository.

Social Media Promotion:

The year 2011 and 2012, we have observed a significant rise social media usage and sharing. Earlier in 2010, search engines treats the links on social media websites as not of much worth but now search engines especially Google has started incorporating social media weaves in its search results. Simply open Google Search in your browser, type any domain and check the results. Google will show Social Media Sections of your domain if it has any.

Print and Main Stream Media:

Print media and main stream media are the tools of devil. They spread the words more rapidly than any other promotional method. They shouldn’t be ignored. Advertisement is the key of getting fame. So shout out loud. Use both news papers and media advertisements. The more frequently people hear about you the more business you will get. Visit these pages to know about how social media promotion suppose to be done. Microcom IT Facebook, Microcom IT Twitter, Microcom IT Google plus, Microcom IT Linkedin, Cheap VPS UK Facebook, Cheap VPS UK Twitter and Cheap VPS UK Google Plus