5 lessons for IT from the Boston Marathon bombings

The CIO of Boston's Beth Israel Deaconess Medical Center learned a few things last week

A week after the Boston Marathon bombings, I can take some time to reflect on the lessons learned in my position as CIO of Beth Israel Deaconess Medical Center. I think they apply as well to other IT departments far from Boston.

1. Risk planning is forever altered

To me, risk is calculated by multiplying the likelihood of an event by the impact of that event.

In the BIDMC IT department, risk management is based on the NIST 800 framework. That means areas of risk are formally enumerated, but judgment is still required for mitigation strategies.

At 2:50 p.m. on April 15, when the marathon bombs exploded, seven BIDMC IT staffers were volunteering in the medical tent or working at the finish line, a few feet from the explosions. They were among the first to assist the injured. Their work in a medical facility aided them in staying calm, but nothing could have prepared them for the scene of horror before them.

All my IT staffers at the marathon were unharmed, but given their proximity to the bombs, things could have been devastatingly different. For risk planning, this means that even phrases as innocent sounding as "the majority of the database administration team is going to volunteer at the marathon" will have to be carefully considered.

To continue reading this article register now

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon