photo courtesy of vpnchoice.com

If your risk management team is trying to put objective measurements to the business impact analysis scenario of what if a data breach exposure happened to your company —-then you might want to visit the www.databreachcalculator.com website.

This data breach calculator, offered by the Symantec group, asks you to answer ten (10) questions which with your answers —then it presents a unique analysis report that will show you: (1) your company’s risk for a data breach, (2) your company’s estimated average cost per compromised record, and (3) your company’s average cost per breach.

This is a totally free report that can help you and your company better understand more about the risks involved,  and, also attempts to deliver the kind of information your business continuity planning or risk management team may need to help justify the budget that might be needed to proactively address this potential happening of such a data breach event.

Even more information is available (registration required) as well to see how your company’s risk profile may compare with:

•             Companies in your industry

•             Companies in other industries

•             Companies that have a CISO

•             Companies that do not have a CISO

•             Companies with same number of employees

•             Companies with operations in one country

•             Companies with operations in multiple countries

Click here to use the calculator.

This 90-minute interactive webinar will be hosted by the Department of Homeland Security and will be about the Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep™), and will also be focusing on AT&T’s experience as the first private sector company to certify to a DHS-adopted preparedness standard.

The presentation will include an update on the PS-Prep Program and AT&T’s firsthand knowledge about preparing for certification to a standard; how certification was achieved; and the value of certifying to a PS-Prep adopted standard.

The speakers for the presentation and interactive webinar will be: (1) Stephen J. Waken, Assistant Vice President, Business Continuity Planning, AT&T, (2) Marcus Pollock, Standards and Technology Branch, National Integration Center, Federal Emergency Management Agency, Department of Homeland Security, and (3) Jim Caverly, Office of Infrastructure Protection, National Protection & Programs Directorate, Department of Homeland Security.

Click here to register to attend this webinar.

The PS-Prep™ program is a voluntary program designed to enhance preparedness and give private sector entities the ability to safeguard their organizations against all-hazards. The program includes standards that will equip decision makers with key processes to improve their organizations abilities to maintain operations before and after an emergency or disaster.

Unfortunately, with a number that appears relatively low (58,978 as reported)  compared to the total number of total Twitter users (reported as over 140 million), the importance of having a breach at all gets lost in the claim that this breach would have affected only about 0.02% of its user base.  If you were one of the victims of the breach, how would you view the fact that your privacy might not or could be considered important enough to cause at least more than a minor claim over this issue?

Another strategy being used by Twitter to play down the importance of this breach is to claim that these passwords are not that “important” — i.e. blocked spam accounts or duplicates.  Isn’t a breach event enough reason to begin a full root cause analysis procedure?

The other issue to be considered is that Twitter is still working thru its settlement with the FTC for a more major privacy violation incident back in 2009 — and, how will this most recent breach event factor into that settlement.

In so many ways our current generation continues to define privacy differently than past generations, and this ongoing change of reference is remains a dynamic influence on the direction that governmental regulatory bodies rely on for determining compliance and regulatory requirements affecting where you work, where you live and how your family’s privacy rights can be protected.

Matthew J. Schwartz has posted more information on this recent Twitter breach and you can read more here.

This program consists of an 80-minute video program and an accompanying PowerPoint program. Firefighters and EMTs can view the video material with the PowerPoint file acting as their hard copy notes, or they can use either resource independently.

As part of this website’s efforts to promote disaster preparedness, business continuity readiness and organizational resiliency in harmony with adequate levels of community, family and personal preparedness, our staff recommends viewing this material and passing this information along others who share the goals and objectives of this free training program.

Click here to read more about this and to download the instructional video and PowerPoint presentation.

We believe the point made by Glendon is that while many aspects of dealing with the human side of major disruption are already covered in an organization through health and safety and crisis management (BCMS) procedures —however, the link between successfully dealing with these issues and still achieving business continuity management system objectives are often less clear.

To that point, Glendon has organized an interesting set of questions to answer along with a scoring method that then determines a ranking which shows if “more thinking needs to be done”, “you are in a good position to push towards excellence”, or in fact you have an “Excellent coverage of the issues”.

Of course, every individual and organization may attempt to answer these questions in their own way given the uniqueness of the markets and environments surrounding each of those organizations.  And, organizational culture, methodology and critical size will matter as well in this situation.

If you think your organization would benefit from this information, please pass it along to your HR manager, and/or your risk and business continuity planning team members.  If your company is part of the private sector, then pass this along to those PS-Prep strategy planning members in that organization.

Click here to read the full article and take the full test to see how you score…..

The topic to be discussed is that of whether or not to have a business continuity plan in place at your company.  For many companies that decision is more often than not determined by a decision based on whether or not there is a mandate or contractual requirement coming from a major client or supply chain member to do so.

This webinar will address an additional element of consideration while trying to answer that question.  That fairly new element of discussion is based on what some attorneys — knowledgeable in this field — are saying – i.e. failure to implement a business continuity or risk management plan could be interpreted as an indication of negligence on the part of that organization.

An interesting twist in the ongoing efforts to convince companies that disaster preparedness and planning is a good investment of that company’s assets.

If this topic is of interest to your team, please pass along this information to them.

Click here to register for this complimentary presentation by John DiMaria, BSI.

John DiMaria is a management system professional, Six Sigma Black Belt, certified Holistic Information Security Practitioner (HISP) and CBCI with 25 years of successful experience in Management System Development, including Information Systems, Quality Assurance, International Quality Standards, Statistical Process Control, Regulatory Affairs, Customer Service, Subcontractor Analysis and Marketing/Sales.

As networks grow more complex, the process of securing and managing endpoints, applications and confidential information has become a stiffer challenge than ever before. The attackers know most organizations are like Swiss cheese when it comes to finding a way in and then exporting out sensitive data. The traditional defenses aren’t working to the degree that company’s demand, so as security becomes more and more tied to business operations, corporations are finding that the best defense is a solid risk management plan that speaks to both asset protection and compliance.  But we all need help getting there. In this webcast, we’ll ask the questions to which you want answers.

Featured speakers will be: Greg Brown, VP, network security, McAfee, and, Illena Armstrong, VP, editorial director, SC Magazine.

Click here to register for this free webcast.

If applicable, please pass this information along to those network security and information security team members in your organization.

Any potential DOL non-compliance by any organization could easily expand into some serious negative cash flow risks to that organization over a short time  — especially given the fact that The DOL (Department of Labor) continues to expand its focus on compliance with labor laws with specific emphasis on wage and hour regulations in additional targeted industries. In 2011, the DOL collected almost $225 million in back wages, up more than 25% compared to 2010.

Amy has a passion for helping organizations do right by their shareholders, employees, clients, customers and communities, and in doing so she can help mitigate the business risks associated with ethical and compliance failures as they relate to them.

If applicable, click here   for more information and to register for this free webinar entitled: “Wage and Hour Compliance: Assessing the D.O.L.’s Enforcement Initiatives for 2012” and to be held May3rd from 2:00-3:00 PM EST.

Photo courtesy of comsparkint.com

As a response to several comments recently received by our staff on the topic of GRC, this posting will address related questions such as:  (1) Why are the areas of organizational compliance and risk requirements becoming more complex?  (2) Where does corporate culture fit into a risk management program? (3) How do you know or measure that risk management programs are performing? Or finally, (4) How do you get all of your organization’s players on the same page regarding how to handle these risk issues?

To best offer that response, our staff would like to direct you to several related postings  that they believe will give you or your organization a good start in trying to answer the kind of questions listed above, as they relate to not just general risks or compliance requirements but more importantly, how those response relate to of may apply to your own particular organization.

Read the following articles to find potential answers to those questions as they might apply to your company:

“Risk Chat: How Do Companies Manage GRC’s Growing Complexity?” by Eric Krell

“The Top GRC Tech Trends for 2012” by Eric Krell

“Risk Chat: How will Dodd-Frank Progress in 2012?” by Eric Krell

If you found this information pertinent to relevant challenges or opportunities in your own organization, then please forward this email (or share the article socially using the links below) to those business continuity, GRC,  or risk management team members  responsible for mitigating and resolving those risks associated with such activities.

• Tweet

Photo courtesy of homebiz-supermarket.com

The distinguishing lines and points of differences between physical and technical or network security are becoming harder to find – in fact, the convergence of these areas of security disciplines has been happening at an accelerated rate for nearly ten years.

And, given the escalation of threats facing many companies today, there is a strong belief that this continued convergence of security disciplines may in fact be causing potentially new challenges for businesses, consumers and the “average person” having to respond to such security related  risks or threats in a timely manner.

The kinds of threats many companies, communities and individuals are falling prey to could be coming from hackers, cyber criminals, thieves, or just plain criminals – and, these threats could include everything from physical security threats at home, at work, at school and in their neighborhoods to cyber security issues such as persistent cyber threats or cyber-attacks, network attacks, theft of information and intellectual property, identity theft to actual cyber terrorism acts.

To assist in the risk mitigation process against these threats or risks, our staff would like you to point you to a recent web posting announcing the launch of the “Security Central Exchange”, which is a central kind of portal point on the internet to bring security minded people, products and professionals together to help improve their security posture against such security related threats.

If this is sounds like something that would like to learn more about and perhaps could be valuable to you, your community or where you work, then click here to read more…..