Risk Assessment Practitioners Offered COSO Perspective

by Ben J. Carnevale, Contributing Writer Just recently, the Committee of the Sponsoring Organizations of the Treadway Commission (“COSO”) produced a new “thought paper” on risk management, offering ideas on how companies can better address and implement risk mitigation efforts. The Treadway Commission (… also known as the National commission on Fraudulent Financial Reporting) is a special committee formed in 1985 in the United States to investigate the underlying causes of fraudulent financial reporting. The commission was named after its chairman, former SEC commissioner James … [Read more...]

BS25999 to ISO 22301

by Lisa DuBrock In May 2012, the International Organization of Standards (ISO) released a new standard for Societal Security, ISO 22301:2012.  This standard is intended to provide the global continuity community a baseline standard for best practices in business continuity management systems. The new standard is expected in the near future to replace BS 25999-2:2007.  This standard developed by the British standards Institution is closely aligned with the Business Continuity Institute's – Good Practices Guideline. It is expected that in the near future, BS 25999 will be retired.  … [Read more...]

Private Sector & Government Experts Present Continuity Planning and Management Conference

For many of our readers who are in charge of disaster preparedness, crisis management and contingency planning teams for their organizations or communities within which they live or work, an upcoming event is being offered 2-4 April 2012. For the first time in its history, the Contingency Planning and Management Conference and Expo is taking place in Washington, D.C., and collocating with GovSec– the Government Security Conference & Expo featuring the U.S. Law Enforcement Conference & Expo – to give attendees more robust free programming and entry to the larger GovSec trade … [Read more...]

DHS 2011 Data Mining Report Released

The Federal Agency Data Mining Reporting Act of 2007, 42 U.S.C. § 2000ee-3, requires DHS to report annually to Congress on DHS activities that meet the Act’s definition of data mining. For each identified activity, the Act requires DHS to provide: 1) a thorough description of the activity; 2) the technology and methodology used; 3) the sources of data used; 4) an analysis of the activity’s efficacy; 5) the legal authorities supporting the activity; and 6) an analysis of the activity’s impact on privacy and the protections in place to protect privacy. This is the sixth … [Read more...]

Risk Assessment’s Common Myths

While we might all agree that risk assessment remains an important part of the business continuity planning process,  we might also agree that risk assessment is an elusive one for many managers to perfect.  And, to that very point, our staff came across a recent article written by David Lacey, where he states, “…I cringe when I hear experienced professionals suggest that risk assessments must be objective and repeatable. Where on earth did they get that impression? Were they taught this in a course? Or did they read it in a standards document? It's not something that occurs in … [Read more...]

Cybersecurity and Advanced Persistent Threats (APT’s)

In a recent search for relevant cyber security related stories that might have an impact on the business continuity and risk management processes, the topic of APT’s or Advanced Persistent Threats was consistently presented as a potential threat that should be included in nearly all organization’s business impact analysis exercises. One of the most impressive articles on APT's found was written by Amichai Shulman, CTO of Imperva and posted on the Continuity Central website. While this APT threat has been in the background for several years now, it is rather important to note that in the past … [Read more...]

Business Continuity and Insurance Options for Nuclear Reactor Accidents in the U.S.

Given the recent nuclear disaster in Japan, along with the risk assessment and business impact analysis reports addressing organizations in the United States who have to fact unique risks from potential nuclear reactor accidents in the U.S., one of our readers asked if we could comment upon the question of insurance plans to cover nuclear reactor accidents and disasters. In response to that request, we point our reader’s attention to a recent posting published 30 March 2011 on the Homeland Security Newswire website. As you will read in the article, a little-known insurance pool in the U.S. … [Read more...]

Business Continuity and Threats of Solar Flares

by; Lisa DuBrock, Contributing Writer and Editor The last time I did a BIA and risk assessment, I don’t remember considering the effects of solar flares in my analysis.  But apparently the sun has just recently had its largest eruption of solar flare activity in about 4 years.  In fact that solar storm occurred on February 14, 2011.  According to what I’ve been reading in both the Huffington Post  and ABC News accounts, the sun moves through cycles, where over time, there may be more or less solar flare activity levels occurring that would affect our planet earth.  The next peak of potential … [Read more...]

Cyber Security: Internet Protocol version 6 (IPv6)

With so much attention given to the topic of cybersecurity, it is no wonder that our staff paid particular attention to the presentation, papers, and demonstrations at the recently held Black Hat-DefCon Conference from July 30th to August 1st, 2010.   A particular case in point was the presentation and discussion by Sam Browne about the topic of IPv6 – the Internet Protocol version 6.  Our staff believes that this presentation should make all of us even more uneasy about the current state of cybersecurity – hopefully enough to spur more of us into action so as to better address both the … [Read more...]

Preparing for PS-Prep

In a recent article written by Bob Connors, posted on the America First website and entitled “Preparing for PS-Prep – Voluntary Private Sector Preparedness Certification”, we came across a great summary of past events/content and hopefully future events/content which will help our readers better understand the current state of PS-Prep, the expectations of the future state of PS-Prep, and what this PS-Prep program  is and what it is not. First of all Mr. Connors wants to make it very clear that PS-Prep “…will not and is not intended to prevent a disaster like the BP oil spill in the Gulf of … [Read more...]