GAO Report Stresses Need to Address Flu Related Network Congestion Fears

Officials at the U.S. Government Accountability Office (GAO) recently released a report entitled, "Influenza Pandemic: Key Securities Market Participants are Making Progress, but Agencies Could Do More to Address Potential Internet Congestion and Encourage Readiness". (Read this Report) The Department of Homeland Security (DHS) responded to this report by stating, "An expectation of unlimited Internet access during a pandemic is not realistic -- any more so than an expectation that traffic congestion on hurricane evacuation routes can be completly avoided.  All users which rely on the … [Read more...]

Security Policy — Components of a Good Policy

By:  Lisa DuBrock, CPA, CBC Whether you are tasked with writing your organization’s Information Security Policies or updating an existing security policy or security policies, knowing what is in a well crafted policy is important.  Below are details of many of the areas you should include: Security Definition – All security policies should include a well-defined security vision for the organization.  The security vision should be clear and concise and convey to readers the intent of the policy.  Also included in this section should be details of what if any security standards your … [Read more...]

"Red Flag Rules": Exemption Ruling Announced

By an overwhelming vote of 400-0, the U.S. House approved legislation on October 20, 2009, that exempt certain businesses from the Federal Trade Commission's Red Flag Rules.  As part of that legislation, the FTC is also required to issue new regulation setting out the exemption processes that allow any business to apply for an exemption. With November 1, 2009 as an announced Red Flag Rule compliance deadline, it is very likely that this new ruling will cause the FTC to at least consider the announcement of another delay for this compliance deadline. Under the current ruling, health care, … [Read more...]

Supply Chain Risk Leadership Council – What Is It and Why Should I Know About It?

The Supply Chain Risk Leadership Council is a group of companies that meet four times a year to discuss how to incorporate standardized best practices into their supply chain.  Some of the companies that sit on the council are industry heavyweights, such as CISCO, GE, Boeing, Coca-Cola, Merck and FedEx.  Their mission as stated on their website is to: “Work together to create best-practice supply chain risk management standards, processes, capabilities and metrics to be adopted within our respective organizations. Leverage this best practices effort to proactively … [Read more...]

Standards Announced for PS-Prep by DHS

On October 15, 2009, Janet Napolitano, Secretary of the Department of Homeland Security (DHS) identified three standards to be included in the PS-Prep; Private Sector Preparedness Program.  The PS-Prep program was created under Title IX of Public Law 110-53: Recommendations from the 9/11 Commission and is a partnership between DHS and the private sector that enables private entities - including businesses, non-profit organizations and universities - to receive emergency preparedness certification from a DHS accreditation system created in coordination with the private sector. The three … [Read more...]

Study Finds Security Experts and Regular Users Differ in Approach

Sally Smoczynski, a contributing writer for this website, recently read a story about a Google sponsored survey report which attempted to compare and contrast responses from security experts and non-security expert Internet users regarding what they do to stay safe online. Given that you can find more online security tips in a few seconds than you could use in a lifetime, and, given that security hacks and breaches continue to be a security threat for everyone using the Internet, Smoczynski was convinced that perhaps the results of this survey would be helpful to both her clients and the … [Read more...]

Cloud Computing – {Need to Keep Up with Terminologies}

by: Ben J. Carnevale Cloud computing remains a strong topic of interest for organizations big and small. And, as with many topics and developing technologies concerned with use of the internet, risk management and cyber-security preparedness teams struggle to keep up with the terminology and risk mitigation strategies needed in order to make cloud technologies work successfully and effectively for your organization.   To help that process along, our staff has recommended adding a recent article dealing with “cloud computing terms you need to know” to your organization’s … [Read more...]

Business Disaster Recovery & Continuity Plan [Infographic]

Thinking about the day your business is destroyed from a natural disaster is about as fun as thinking about cleaning up the Christmas tree needles come Valentines day when you finally decide to take the tree down. However, like life insurance, it's something important to think about, and plan for, or you could end up in a lot of trouble. In the infographic below, we break down common disasters that can happen to a business, their potential costs, and give some great ideas on how to to plan for them. Feel free to share the inforgraphic on your site or social media, please just mention … [Read more...]

ANSI/ASIS PSC.1-2012; Implementation Recommendations

              Lisa DuBrock, CPA, CBCP, MBCI, is a Managing Partner for Radian Compliance, LLC, where she specializes in implementing private security company management system standards as well as information security standards for her clients. She is also a contributing writer to this website. Given some of the recent comments and questions presented to our staff regarding the steps needed to implement the ANSI/ASIS PSC.1-2012, Management System for Private Security Operations (soon to be released as a standard under ISO), our staff … [Read more...]

Data Breach Costs now Average $154 per Record

In a recently published benchmark research report it was found that executives in 2015 – motivated by growing concerns from ongoing data breaches and other cyber-attacks to their organizations – are now paying greater attention to the security practices of their organizations. To that point, research from that report also indicated that the average total cost of a data breach for the 350 companies participating in this research increased from $ 3.52 to $ 3.79 million US dollars (e.g. a 23% increase in total cost of data breach since 2013). The average cost paid for each lost or stolen … [Read more...]

Certification Body: Good Resource for Learning about PSC.1

By: Ben J. Carnevale In support of our staff’s efforts to further expand on the topic of the most recognized certifiable standard related to private security companies --- ANSI/ASIS PSC.1 – 2012: Management System for Quality of Private Security Company Operations --- this posting will introduce and offer our readers additional information and a beginning of a series of steps in the process of bringing a private security company (PSC) into compliance with and/or certification to this standard. One of our contributing writers on this topic-- Lisa DuBrock CPA, CBCP, MBCI, MBA– Managing … [Read more...]

Supply Chain Disruption Report Just Released

For many of our readers and the organizations where they work, any kind of supply chain disruption could easily qualify as a serious incident and one that would easily have been discussed and included in their disaster preparedness planning process. With that thought in mind, our staff recommends reading and potentially adding a recent EventWatch™ 2014 Supply Chain Disruption report to your organization’s business continuity and disaster preparedness team’s reading resource library. This report  This report was funded and supported by Resilinc’s database of over 40,000 suppliers and over … [Read more...]

Private Security Companies and PSC.1

As follow-up to an earlier posting on this website, and to several requests for more information regarding information and background on the ANSI/ASIS PSC.1-2012: Management System for Quality of Private Security Company Operations standard, our staff would like to direct our readers to an article recently posted by James Schmitt from the Human Analytics group. As reported earlier, members of the Human Analytics group participate often as contributing writers to this website and with a rising interest in our readership of standard related activities and private security companies, Schmitt’s … [Read more...]

Emergency Management and America’s PrepareAthon! Campaign

by Ben J. Carnevale Business Continuity, Resiliency and Emergency Management Planning teams are often looking for additional ideas, programs and campaigns to help those teams be more prepared and ready to mitigate losses from potential disasters affecting the organization where they work, and the community where they work and live with their families. Our staff believes that the America’s PrepareAthon™ campaign qualifies as one of the best resources for those teams to look for ideas and assistance for taking action to increase emergency preparedness and resilience. America’s … [Read more...]