May 17, 2012

Posts Comments

You are here: Home / Archives for PS-Prep / PS-Prep Program

DHS 2011 Data Mining Report Released

March 5, 2012 By Leave a Comment

Photo courtesy of searchterms.com

The Federal Agency Data Mining Reporting Act of 2007, 42 U.S.C. § 2000ee-3, requires DHS to report annually to Congress on DHS activities that meet the Act’s definition of data mining. For each identified activity, the Act requires DHS to provide:

1) a thorough description of the activity;

2) the technology and methodology used;

3) the sources of data used;

4) an analysis of the activity’s efficacy;

5) the legal authorities supporting the activity; and

6) an analysis of the activity’s impact on privacy and the protections in place to protect privacy.

This is the sixth comprehensive DHS Data Mining Report, and the fourth report prepared pursuant to the Act. Two Annexes to this report that include Law Enforcement Sensitive Information and Sensitive Security Information, respectively, are being provided separately to Congress as required by the Act.

The 2011 Data Mining Report, was recently provided to Congress and describes Department of Homeland Security (DHS) programs, both operational and in development, that involve data mining as defined by the Federal Agency Data Mining Reporting Act of 2007.

Mary Ellen Callahan, Chief Privacy Officer, U.S. Department of Homeland Security states in this report, “…when it created DHS, Congress authorized the Department to engage in data mining and other analytical tools in furtherance of Departmental goals and objectives. Consistent with the rigorous compliance process applied to all DHS programs and systems, the DHS Privacy Office has worked closely with the programs discussed in this report to ensure that they employ data mining in a manner that both supports the Department’s mission to protect the homeland and protects privacy. “

This year’s report also includes a new section on the Land module of the Automated Targeting System (ATS-Land), which now uses vehicle licensing information and ATS risk-based rules to assess the risk posed by vehicles and their occupants at U.S. land borders, and a brief summary of U.S. Customs and Border Protection (CBP’s) Analytical Framework for Intelligence (AFI), a strategic intelligence program currently in development.

In addition, and as part of this reports process, the DHS Privacy Office’s compliance process requires systems and programs using Personally Identifiable Information (PII) to complete federally-mandated privacy documentation, consisting of a Privacy Impact Assessment (PIA), as required by the E-Government Act, and a System of Records Notice (SORN), as required by the Privacy Act, before they become operational. With the exception of AFI, all programs discussed in this report have issued PIAs and are covered by SORNs. AFI, which is not yet operational, is currently working with the Office to complete its PIA and SORN.

There is also an Acronym Listing on Page 27 of the report which might be a good tool to add to your organizations’ HR privacy issues related resource library.

Click here  to read the full report.  Please pass this information along to those information security, privacy control and risk assessment or management teams in your organization.

If applicable, it might also be good additional reading materials for business continuity and PS-Prep strategy planning groups.

Inquiries relating to this report may be directed to the DHS Office of Legislative Affairs at 202-447-5890.

Filed Under: Cybersecurity, Information Security, PS-Prep Program, Regulatory Compliance, Risk Management Tagged With: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

E-Discovery — A Recent Court Decision to Adopt Default Standards is Made by the District of Delaware

February 28, 2012 By Leave a Comment

Photo courtesy of blog.advanceddiscovery.com

Judging from several comments received, it appears that many of our readers are taking a “side lines” approach to just watching the e-discovery dynamic develop its own way to walk and talk as remains only a potential risk mitigation event for them as either individuals or as associates of the organizations for which they work.

While there is nothing wrong with that approach, it behooves them to stay informed to stay current and “safe” and, to that point, our staff has made e-discovery a part of its “watch list” of internet content search efforts, so that as relevant material issues are reported, our staff may share that information with our readers on a timely basis.

Such is the case in a recent posting by the Morgan, Lewis & Bockius LLP group announcing that the District of Delaware has adopted a set of default standards for E-Discovery.

Time will tell if this decision by the District of Delaware will impact the continuation of an apparent recent trend on the part of the federal courts, and an attempt to lower the costs associated with e-discovery by offering guidelines designed to streamline the process of e-discovery.

Click here to read the full comments of the Morgan, Lewis & Bockius LLP group.

Click here to also read the Default Standard referenced in this reported event.

If applicable, please pass this information along to those associates in your organization who are responsible for e-discovery related risk management.

Perhaps business continuity planning, crisis management or PS-Prep strategy planning team members may also have a long-term interest in these developments and would want to add this content to their resource reference libraries.

Filed Under: Corner Office Viewpoint, Cybersecurity, Information Security, Organizational Resiliency, PS-Prep Program, Regulatory Compliance, Risk Management Tagged With: , , ,

FEMA Petitions for Private and Nonprofit Sector Input to Latest PPD-8 National Framework Documents

February 23, 2012 By Leave a Comment

Photo courtesy of FEMA

Private sector awareness and preparedness have always been a prime focus of FEMA’s  “National Frameworks” programs  — which are part of the Presidential Policy Directive 8 / PPD-8: National Preparedness initiatives.

In an earlier posting on this website (“National Preparedness System Description Announced by FEMA”), FEMA clearly stated its position that our nation will be best prepared when we all work together to make that happen.

To keep that focus FEMA is once again seeking information and feedback from the whole community regarding what they think about a series of new documents related to how private sector plays a role in national preparedness.

FEMA will be hosting several webinars and in-person workshops for people to provide their thoughts once again on the private sector and nonprofit roles and responsibilities identified in the most recent working draft “National Frameworks” documents.

FEMA is interested in validating content, identifying gaps and discussing new ideas.

The in-person workshops part of this effort are scheduled as follows:

  1. March 5th in Arlington Virginia
  2. March 16th in Atlanta, Georgia
  3. March 20th on the West Coast with the final location to be announced.
  4. March 22nd in Chicago, Illinois

Other opportunities will be also available for input and engagement – for an example visit www.fema.ideascale.com (Click on PPD-8 to share ideas) or try to attend one of the following webinars:

1.   March 7th – Prevention Framework

2.  March 12th – Mitigation Framework

3.  March 14th – Protection Framework

4.  March 21st – Response Framework

Click here to refresh you awareness of and to learn more about PPD-8.

Registration for these engagement opportunities are available on a first come, first serve basis.

Click here to view and download the formal FEMA announcement sheet about all of the engagement opportunities for private sector and nonprofit sector.

Filed Under: Business Continuity Info, PS-Prep Program, Regulatory Compliance, Risk Management

Business Continuity Awareness Week 2012 — Reminder — March 19-23

February 21, 2012 By Leave a Comment

 

Photo courtesy of blog.clearrisk.com

Business Continuity Awareness Week (“BCAW”)  2012 is fast approaching and with this year’s BCAW 2012 theme about time, we should all be aware of the fact the time is not usually on your side in a crisis — therefore our staff recommends participation in BCAW 2012 for all business continuity planners.

First a few general reminders:

  1. the Business Continuity Awareness Week (BCAW) is the global educational event for people to learn more about Business Continuity Management (BCM).
  2. BCAW is facilitated by the Business Continuity Institute (BCI), the prestigious international membership body for BCM — approaching 7,000 members in some 100 countries.
  3. In a crisis, people are making decisions under pressure, options are reduced and media scrutiny may be at its greatest.  Indeed, how well or badly a crisis is managed may have greater consequences for the organization than the original incident.  Whether a small business or a major multi-national, the challenges are the same, it’s just that some have further to fall!

Our staff supports the premise of BCAW 2012 – i.e. …dealing effectively with an incident on any scale requires Business Continuity Management (BCM) – a set of practices and capabilities, which have been crafted into a tried and tested framework to help you identify and manage the consequences of disruption to your organization regardless of cause.

BCAW 2012 will provide the opportunity for disaster preparedness and risk management teams to;

  1. engage with business continuity professionals from around the world,
  2. learn about the importance of dealing effectively with incidents on varying scales, and,
  3. develop methodologies and strategies on how to make an organization more resilient.

Some of the highlights of BCAW 2012 will include: (a) New research: The BCI and its partners will be publishing new research and papers throughout the week, (b) BC24: the ground breaking, multi-role, online incident simulation game to test your organization’s crisis management skills, and informally benchmark with organizations across the world, (c) New webcasts: A multiple free offering of webcast presentations which will run throughout the week, (d) BCAW 2012 Forum: a LinkedIn Forum for newcomers to ask questions of the BC community and for more experienced practitioners to debate the hot topics in the industry, and, (e) In-house Awareness Opportunities – This will be an opportunity for existing BCM practitioners who are looking to run awareness raising activities within their own organizations.

If you are interested in participating, sponsoring or just being an active listen to these valuable opportunities, or, if you have any questions about BCAW 2012CLICK HERE.

If applicable, please pass this information along to those business continuity or crisis management planning groups in your organization, and, to those PS-Prep strategy planning teams in private sector companies.

Filed Under: Business Continuity Info, Corner Office Viewpoint, Organizational Resiliency, PS-Prep Program, Risk Management Tagged With: , , , , , , , , , , , , , , , , , , , , ,

Compliance Officer and In-House Counsel — Synergies and Conflicts

February 20, 2012 By 1 Comment

Amy E. Hutchens, a frequent contributing writer for this website and the National Contract Management Association (NCMA), has written an interesting article entitled “Wearing Two Hats: The Dual Roles of In-house Counsel and Compliance Officer”, and, given the fact that corporate regulatory and enforcement authorities have become more active and aggressive in the past several months, our staff would like to encourage a more detailed reading of Amy’s approach to this dual challenge often facing a new arrival to a new in-house counsel appointment.   Of course, economic constraints can often be their own motivation(s) for trying to combine these often conflicting roles in an organization.

As Amy states in her article, “…wearing the hats of both in-house counsel and compliance officer can be challenging and rewarding at best and can become a nightmare at worst.”

The question(s) Hutchens addresses in this article speak to the very realistic world challenges of risk that organizations –both large and small – live with every day, and, in doing so, they also raise the possibilities of real world consequences that often result from a decision to unify the roles of in-house counsel and compliance officer within any one organization.

Let us know your thoughts and comments as you read more of how Hutchens attempts to answer the following questions:

  1. Given today’s business environment, is it realistic to expect a general counsel to operate as a great compliance officer?
  2. Are the inherent conflicts reconcilable?
  3. Is executive management deprived of a valuable perspective when the roles are combined?

Click on the following link Wearing Two Hats by Amy E Hutchens to read the full article.

If applicable, please pass this information along to those business continuity, disaster preparedness, risk management or even PS-Prep strategy planning teams, as well as, compliance officer or general counsel individuals in your organization.

Click here to view the National Contract Management Association website for more related articles and information on the topic of compliance and in-house counsel activities. (Registration Required)

Amy E. Hutchens is general counsel and Vice President of Compliance and Ethics Services for Watermark Risk Management International, LLC.

Photo courtesy of National Contract Management Association (NCMA) Magazine – Feb 2012

Filed Under: Business Continuity Info, Corner Office Viewpoint, PS-Prep Program, Regulatory Compliance Tagged With: , , , , , , ,

Threats for 2012 Global Business Continuity — New Survey Results Released

February 17, 2012 By Leave a Comment

Photo courtesy of gpnetnow.com

Business continuity and risk management planning groups would benefit from reviewing the results of a new survey report recently released by the Business Continuity Institute and given the title “Horizon Scan 2012”.

In this report, four hundred and fifty eight (458) organizations — reporting from the U.K., USA, Australia, Canada and South Africa — during the period of 5-20 December, 2011, have indicated that business continuity practitioners are applying business continuity management to a wider range of threat categories than those with which the BC discipline is more traditionally associated, and, perhaps, equally important, it raises the question as to the extent that individual organizations can deal with these challenges by themselves.

A short list of the threats identified by survey participants in this report would include: unplanned IT/Telecom outage(s), adverse weather, cyber-attack, acts of terrorism, utility interruption(s), availability of workforce(s), new laws and/or regulations, social/civil unrest, major customer/supplier disruption(s), or the availability/cost of credit/finance.

Of particular importance and/or interest is the section dealing with the evaluation of threats as perceived by the primary activities of operational groups within an organization — e.g. the top three threats as seen by the information and communications group are stated as: (1) unplanned IT / Telecom outage, (2) Data breach and (3) Cyber-attack …..While the top three evaluated threats as seen by the manufacturing group are: (1) Supply chain disruption, (2) Unplanned IT/Telecom outage, and (3) Product safety incident.

Our staff recommends that this report be added to the reading resource libraries of those disaster preparedness, crisis management and/or risk management planning teams in your enterprise level organizations.  And, if you are a private sector smaller company, please share this information with your PS-Prep strategy planning groups.

Click here to read more, and to download and view the full report.

Again, we thank the Business Continuity Institute for making this resource available to all BC/DR planning teams.

Filed Under: Business Continuity Info, Organizational Resiliency, PS-Prep Program, Risk Management Tagged With: , , , , , , , , , , , , , ,

Risk Management and Crisis Response Traits

February 7, 2012 By Leave a Comment

In a recent article written by Kevin M. Quinley, entitled “Avoid These Seven Traits that Will Sink Your Risk Management Program!”, the topic of organizational crisis management in the context of product liability is addressed from an interesting adaption of consultant Jim Lukaszewski’s presentation identifying seven behaviors that spell trouble when it comes to how an organization will act when faced with an unexpected crisis or disruptive event.

Quinley’s article should focus our readers’ attention on several perceived typical reactions by organizations when faced with a disruptive event — like a product liability claim or law suit.  And, by learning from this information, it could be a first important step for an organization to take toward building a strong corporate risk management and mitigation plan against these potential threats.

A quick summary of those typical reactions expressed by both Llukaszewski and Quinley are:

  1. Denial
  2. Victim Confusion
  3. “Testosterosis”
  4. Arrogance
  5. Scapegoating
  6. Media-Phobia
  7. Whining Parties

Click here to read Quinley’s full article.

If applicable, please pass this information along to those risk management team members in your organization.  And, in some cases for smaller companies in the private sector, PS-Prep strategy and business continuity planning groups could add this content to their library of available reference materials as well.

Filed Under: Business Continuity Info, Corner Office Viewpoint, Organizational Resiliency, PS-Prep Program, Risk Management Tagged With: , , , , , , , , , , ,

PRIVATE SECTOR UPDATE — DHS Presents State of America’s Homeland Security

January 29, 2012 By Leave a Comment

Photo courtesy of DHS

PS-Prep strategy planning groups, along with all business continuity and risk management members of teams in organizations of all sizes should be interested in listening to Janet Napolitano, Department of Homeland Security Secretary (DHS), as she delivers the second annual State of America’s Homeland Security address, on Monday, January 30 2012 at 1:00 PM EST.

Increasing our nation’s security and resilience remains a goal achieved through strong connections between DHS and our nation’s private sector.

Click here to watch Janet Napolitano’s presentation LIVE on Monday, January 30 2012 at 1:00 PM EST.

Filed Under: Business Continuity Info, Homeland Security Dpt, Organizational Resiliency, PS-Prep Program, Risk Management Tagged With: , , , , , , , ,

Business Continuity and Emergency Management Plan Testing — Need Help Pitching the Need?

January 28, 2012 By Leave a Comment

Photo courtesy of blog.abn.org.au

Many of the readers of this website belong to emergency management and business continuity planning teams.  And, hopefully, those disaster preparedness focused teams are testing their emergency, continuity and disaster recovery plans regularly.

But if not, or if those risk management centered groups are looking for some useful information to assist the testing of those BC/DR plans, then, an article written by Jim Satterfield is a valuable resource to turn to when you need content and reasons to convince your fellow BC/DR team members – or even upper management — that funding and support is justified to test your plans.

As Satterfield says, “Everyone has a role in a crisis. Some are strategic, some are tactical. How decisions are made in a crisis is critical to the outcome. Because of this, the following holds true:

  1. Practicing emergency response helps assure that the response can proceed predictably during a crisis or disaster;
  2. Participation in exercises familiarizes everyone with the vulnerabilities, impacts, plans, mitigation strategies, incident management and crisis communications;
  3. Testing allows problems or weaknesses to be identified and used to stimulate necessary and appropriate changes; and
  4. Errors committed and experience gained during testing will provide valuable insights and lessons learned that can be factored into the planning/updating process.”

The full posting by Satterfield is in two parts, so be sure to read the entire posting, and, if applicable, pass this info on to those associates in your organization or even those disaster recovery and first responder teams in your community’s Emergency and Crisis Management Response areas.  And if your organization is in the private sector, please get this info to in-house team members of the PS-Prep strategy planning leaders.

Click here to read Part 1 and Click here  to read Part 2 of Satterfield’s postings.

Filed Under: Business Continuity Info, Homeland Security Dpt, Organizational Resiliency, PS-Prep Program, Risk Management Tagged With: , , , , , , , , , , , , , , , , , ,

New Members Named to 2012 ASIS Commission on Standards and Guidelines

January 19, 2012 By Leave a Comment

ASIS recently announced the selection of members that have been named to the 2012 ASIS Commission on Standards and Guidelines.  This commission has the responsibility to advance the practice of security management through the development of standards and guidelines within a voluntary, nonproprietary and consensus-based process, utilizing the knowledge, experience and expertise of ASIS membership, security professionals and the global security industry.

One of those members named to the commission is Lisa DuBrock, CPA, Managing Partner, Radian Compliance, LLC, and, a contributing editor and writer for this website.  Lisa provides our readership with her views on the topics of business continuity management systems and PS-Prep related standards and guidelines such as BS25999-2, SPC.1:2009, NFPA 1600:2010,  and ASIS/BSI BCM.01:2010.

We congratulate Lisa DuBrock along with the other members of the 2012 ASIS Commission on Standards and Guidelines.

Click here to read the full press release of this announcement.

Filed Under: Business Continuity Info, PS-Prep Program Tagged With: , , , , , , , , , , , ,
« Older Posts
Newer Posts »