GAO Report Stresses Need to Address Flu Related Network Congestion Fears

Officials at the U.S. Government Accountability Office (GAO) recently released a report entitled, "Influenza Pandemic: Key Securities Market Participants are Making Progress, but Agencies Could Do More to Address Potential Internet Congestion and Encourage Readiness". (Read this Report) The Department of Homeland Security (DHS) responded to this report by stating, "An expectation of unlimited Internet access during a pandemic is not realistic -- any more so than an expectation that traffic congestion on hurricane evacuation routes can be completly avoided.  All users which rely on the … [Read more...]

Security Policy — Components of a Good Policy

By:  Lisa DuBrock, CPA, CBC Whether you are tasked with writing your organization’s Information Security Policies or updating an existing security policy or security policies, knowing what is in a well crafted policy is important.  Below are details of many of the areas you should include: Security Definition – All security policies should include a well-defined security vision for the organization.  The security vision should be clear and concise and convey to readers the intent of the policy.  Also included in this section should be details of what if any security standards your … [Read more...]

"Red Flag Rules": Exemption Ruling Announced

By an overwhelming vote of 400-0, the U.S. House approved legislation on October 20, 2009, that exempt certain businesses from the Federal Trade Commission's Red Flag Rules.  As part of that legislation, the FTC is also required to issue new regulation setting out the exemption processes that allow any business to apply for an exemption. With November 1, 2009 as an announced Red Flag Rule compliance deadline, it is very likely that this new ruling will cause the FTC to at least consider the announcement of another delay for this compliance deadline. Under the current ruling, health care, … [Read more...]

Supply Chain Risk Leadership Council – What Is It and Why Should I Know About It?

The Supply Chain Risk Leadership Council is a group of companies that meet four times a year to discuss how to incorporate standardized best practices into their supply chain.  Some of the companies that sit on the council are industry heavyweights, such as CISCO, GE, Boeing, Coca-Cola, Merck and FedEx.  Their mission as stated on their website   http://www.scrlc.com/ is to: “Work together to create best-practice supply chain risk management standards, processes, capabilities and metrics to be adopted within our respective organizations. Leverage this best practices effort to proactively … [Read more...]

Standards Announced for PS-Prep by DHS

On October 15, 2009, Janet Napolitano, Secretary of the Department of Homeland Security (DHS) identified three standards to be included in the PS-Prep; Private Sector Preparedness Program.  The PS-Prep program was created under Title IX of Public Law 110-53: Recommendations from the 9/11 Commission and is a partnership between DHS and the private sector that enables private entities - including businesses, non-profit organizations and universities - to receive emergency preparedness certification from a DHS accreditation system created in coordination with the private sector. The three … [Read more...]

Cyber Security Federal Workforce — Key to Reducing Federal Cyber Security Incident Levels?

In a recent report entitled “Keeping Talent” it was found that the federal cyber security workforce in the U.S. will erode due to fragmented governance and uncoordinated leadership, a complicated federal hiring process, a disconnect between hiring managers and the government's human resource specialists, and more importantly, a lack of qualified and skilled talent to fill these jobs. This report was sponsored and written by the cooperation of the Partnership for Public Service (PPS) and Booz Allen Hamilton groups, and, while it certainly talked of an apparent pending HR risk, of lacking … [Read more...]

FTC Allowed to Proceed with Lawsuit against Hotel Group after Information Security Breaches

This website and its readers are well aware of the risk management challenges and opportunities for companies to make decisions over the growing number of information security breaches related activities. Unfortunately, many of these concerns can easily be lost over these risk mitigation topics for small business firms. Nonetheless, supply chain management dynamics can often force even small business firms to have to pay attention to recent developments in this area of information security enforcement--- and --- it is with this point in mind that our staff focused its attention on the … [Read more...]

2014 US State of Cybercrime Survey Report Now Available

Recently, a report entitled the “2014 US State of Cybercrime Survey” was released and made available to the public.  This survey was co-sponsored by PwC, CSO magazine, The CERT® Division of the Software Engineering Institute at Carnegie Mellon University, and the United States Secret Service.  Cybersecurity leaders from these organizations worked together to evaluate survey responses from more than 500 executives of US businesses, law enforcement services, and government agencies where they identified requirements for effective cyber security processes and procedures and evaluated these … [Read more...]

Emergency Management Planning Guide — Useful Writing Tips

Often our staff tries to avoid a “re-inventing the wheel” approach when addressing inquiries from our readers.  To that point and answering several inquiries of “how do I?” organize an Emergency Management or Disaster Preparedness guide for where I work, and for where I live …our staff reviewed its inventory of past articles and disaster recovery materials and decided to focus on a recent project completed in the Santa Rosa County in the state of Florida. Knowing that emergencies and disasters can happen anywhere and anytime, the Santa Rosa County Board of Commissioners supported and … [Read more...]

Cyber Intelligence Sharing Website Newly Launched

Our staff would like to bring your attention to the fact that U.S. retailers have recently joined forces and have launched a website called “Retail Cyber Intelligence Sharing Center”. In order to create a structure for this website and to better address the needs of the retail industry, the R-CISC was developed with input from more than 50 of America’s largest retailers, and in consultation with key stakeholders including federal law enforcement, government agencies and subject matter experts. For the record, the R-CISC is an independent organization, the focus of which is a Retail … [Read more...]

Business Continuity Management Systems Planning

Following the occurrence of a disruptive incident to your organization, what is your perception of how prepared your organization is to properly respond to that event and to provide a repeatable approach to minimize downtime resulting from that event? Do you believe that disaster preparedness is present in the planning capability or culture of your organization? Unfortunately, observed results of organizations reactions to disasters in many organizations, indicate that a “business continuity management” "BCMS) awareness is often not given enough attention. Once your organization is able to … [Read more...]

Crisis Communications and Social Media Strategies — Free Webinar

Get tips on creating a crisis communications plan using social media during the Feb. 11th 2014 webinar from 2 to 3 p.m. EST and co-hosted by Agility Recovery and the U.S. Small Business Administration. Communicating a key message to your staff, clients and business partners in a timely and accurate manner is essential when a disaster strikes. Increasingly, organizations are relying on social media to get ahead of and dispel misinformation that can lead to a tarnished reputation, and even failure of the company. The discussion will include: Effective uses of various social media … [Read more...]

Disaster Preparedness Teams Can Benefit from a Recent World Economic Forum 2014 Risks Report

In an earlier posting on this website, our staff published a story reviewing the consensus for listing the threats of 2013 which impacted many organizations.  In this posting, the point addressed is that very often risks of threats or incidents can impact an organization because of the occurrence of some global size event that would appear to be beyond the scope of an organization’s disaster preparedness planning. With that thought in mind, our staff would like you to be aware of a recently released World Economic Forum report which attempts to size up the impact of some all-too-real … [Read more...]

Risk Frontier Survey 2013 — What Really Matters to Risk Management Professionals

Many of our readers should find the topics and outcomes of the 2013 Risk Frontier Survey interesting reading.  Although largely centering of matters of the European risk and insurance management community, this survey has valuable information that applies to all organizations in all parts of the world. New risks require new thinking – and, this is why “The Risk Frontiers Survey” is so worthwhile as it delivers an in-depth picture of the current state of the risk management profession, gleaned from its leading practitioners.  It also outlines the big risk issues and ideas on how risk … [Read more...]

Information Security Scams This Christmas

With the holiday season upon us once again, our staff would like to focus some of your attention on some information security concerns regarding the likely use of digital devices as each of us try to make our Christmas buying lists and plans for upcoming holiday festivities.  Our point is that for every Santa there is a Grinch, and a cybercriminal is most likely waiting in the wings to turn all that holiday cheer into fast cash as he spreads his scams and malware. To help you stay protected as you search high and low both on and offline for the perfect presents for your loved ones, McAfee … [Read more...]