RSS subscription

Recent commentary
Skip Navigation Links.
Collapse 20152015
Collapse MayMay
How the breach of IRS tax returns is part of a much bigger problem facing taxpayers
U.N. Resolves to Combat Plundering of Antiquities by ISIS
How the Islamic State could win
Tech Rivalries Impede Digital Medical Record Sharing
Who’s the Watchdog? In Europe, the Answer Is Complicated
Map: The Islamic State’s disturbingly successful week
The Government’s Consumer Data Watchdog
ACLU Recommends New Rules for Police Body Cameras
Making Computer Science More Inviting: A Look at What Works
Up to 1.1 Million Customers Could be Affected in Data Breach at Insurer CareFirst
Tech giants don’t want Obama to give police access to encrypted phone data
5 Banks to Pay Billions and Plead Guilty in Currency and Interest Rate Cases
Snowden Sees Some Victories, From a Distance
Philadelphia’s Emergency Responders Describe Response to the Train Accident
Many on Wall Street Say It Remains Untamed
VA’s ability to increase health professionals is ‘seriously fractured’
Shareholders’ Votes Have Done Little to Curb Lavish Executive Pay
DHS employees receive awards for valor, some performed while off duty
Amtrak Train Derailed Going 106 M.P.H. on Sharp Curve; at Least 7 Killed
Amtrak Train Derails in Philadelphia, Killing at Least 6 and Injuring Dozens
Nepal Hit by Fresh Earthquakes
Influencing the Future
Veterans Battle for Jobs on the Home Front
N.S.A. Collection of Bulk Call Data Is Ruled Illegal
A resilient organization needs a specialist risk leader supporting the board
Lawmakers in France Move to Vastly Expand Surveillance
SEC Backlog Delays Whistleblower Awards
Hacked Firms Could Keep Quiet Under New U.S. Law
We have too little data to know how to help countries like Nepal recover from natural disasters
Patriot Act Faces Revisions Backed by Both Parties
Why the N.S.A. Isn’t Howling Over Restrictions
Expand AprilApril
Expand MarchMarch
Expand FebruaryFebruary
Expand JanuaryJanuary
Expand 20142014

Risk News

5/30/2015
How the breach of IRS tax returns is part of a much bigger problem facing taxpayers

"The data breach at the IRS that left the personal information of 104,000 taxpayers in the hands of thieves is the latest wrinkle in a mammoth problem faced by tax authorities: Identity theft and its crippling consequences."

Annie's take:

This situation needs to be taken seriously by Congress in terms of funding; and also by the executives at the IRS in terms of the size and scope of its information security team.

5/29/2015
U.N. Resolves to Combat Plundering of Antiquities by ISIS

"Increasingly frustrated over the Islamic State’s brazen pillaging and trafficking of artifacts in the Middle East, all members of the United Nations agreed on Thursday to take new steps intended to thwart and prosecute antiquities smugglers, ensure the return of plundered ancient treasures and counter what diplomats described as “cultural cleansing,” a new tactic of war to spread hatred and erase the heritage of civilizations."

Annie's take:

As it turns out, the destruction of cultural heritage is not simply ideological. Money is made by ISIS from trafficking in the sale of such treasures. Though the UN resolution is non-binding, it is nonetheless the right thing to do at this time.

5/28/2015
How the Islamic State could win

"Let’s think the unthinkable: Could the Islamic State win?"

Annie's take:

As the author of this opinion piece points out, there are no easy answers here.

5/27/2015
Tech Rivalries Impede Digital Medical Record Sharing

"Since President Obama took office, the federal government has poured more than $29 billion into health information technology and told doctors and hospitals to use electronic medical records or face financial penalties."

Annie's take:

Evidently it is easier to charge for transferring data among medical institutions than it is to make the systems interoperable.

5/26/2015
Who’s the Watchdog? In Europe, the Answer Is Complicated

"That question lies at the heart of a growing fight here after many of Europe’s privacy watchdogs opened investigations into how the social network obtains and uses individuals’ online data."

Annie's take:

We're going to be keeping an eye on European Union privacy decisions in general, and this one in particular.

5/25/2015
Map: The Islamic State’s disturbingly successful week

"Well, the Islamic State had quite a week.

After more than a year of clashes with Iraqi forces and with opposition groups in Syria, the militant group claimed two major cities, showing both the Iraqi army's weaknesses and the militant group's growing power."

Annie's take:

This isn't a sports championship, it's real life. It seems glaringly apparent that we need to rethink both the threat and engagement levels in the Mideast.

5/24/2015
The Government’s Consumer Data Watchdog

"When does the free flow of personal data benefit consumers, and when might it damage their pocketbooks?"

Annie's take:

Things are looking up!

5/23/2015
ACLU Recommends New Rules for Police Body Cameras

"With more and more police agencies across the country equipping officers with body cameras, and many operating by their own rules, the American Civil Liberties Union on Thursday proposed measures it said all should abide by — quickly raising law enforcement concerns."

Annie's take:

Finally, there has been a set of recommendations made that could lead to regulation, but as you can see here from the example in Iowa City, every state is different where existing laws are concerned around evidence and accessibility.

5/22/2015
Making Computer Science More Inviting: A Look at What Works

"When Sonja Khan started college, she’d never thought of studying computer science. But when she heard from friends that the intro class was good, she decided to give it a try — and then ended up majoring in it."

Annie's take:

As you can read in this article, the University of Washington's Computer Science & Egineering department has made patient, concerted efforts to recruit women to technology. So has the Information School where I teach. #boundless

5/21/2015
Up to 1.1 Million Customers Could be Affected in Data Breach at Insurer CareFirst

"CareFirst, a Blue Cross Blue Shield plan, on Wednesday became the third major health insurer in the United States to disclose this year that hackers had breached its computer systems and potentially compromised some customer information."

Annie's take:

The CareFirst breach evidently took place last June, but it was not until Mandiant was called in that it was found. This article does a good job of summarizing health care breaches in general, and what nation-state player might be carrying out these attacks.

5/20/2015
Tech giants don’t want Obama to give police access to encrypted phone data

"Tech behemoths including Apple and Google and leading cryptologists are urging President Obama to reject any government proposal that alters the security of smartphones and other communications devices so that law enforcement can view decrypted data."

Annie's take:

An excellent article, with a great deal of background information on types of encryption, as well as another type of look at national security vs. personal privacy. I admire Director Comey a great deal for his leadership of the FBI, but not in this arena.

5/20/2015
5 Banks to Pay Billions and Plead Guilty in Currency and Interest Rate Cases

"Adding another entry to Wall Street’s growing rap sheet, five big banks have agreed to pay more than $5 billion and plead guilty to multiple crimes related to manipulating foreign currencies and interest rates, federal and state authorities announced on Wednesday."

Annie's take:

It's evidently easier still to fine the big banks rather than to bring criminal indictments.

5/20/2015
Snowden Sees Some Victories, From a Distance

"For an international fugitive hiding out in Russia from American espionage charges, Edward J. Snowden gets around."

Annie's take:

Though it's a very complex set of intertwined issues and national security is involved, I do believe that if Edward Snowden wants to be believed a patriot, then he should come home and stand trial for his acts of civil disobedience.

5/19/2015
Philadelphia’s Emergency Responders Describe Response to the Train Accident

"Noelle Foizen at first thought the emergency alert of a train wreck must be a continuation of the previous day's mass-casualty training."

Annie's take:

The National Transportation Safety Board has indicated it may take up to a year for it to complete its investigation and offer findings on the accident.

5/19/2015
Many on Wall Street Say It Remains Untamed

"Wall Street has changed. But perhaps not as much as you would think."

Annie's take:

I have used the earlier survey for a couple of years now to talk about how deep the ethical fissures are in the financial sector. Sorkin's piece provides the highlights of the updated survey.

5/18/2015
VA’s ability to increase health professionals is ‘seriously fractured’

"Agency understaffing was a key flaw exposed during last year’s scandal over the cover-up of long patient wait times at the Department of Veterans Affairs."

Annie's take:

We need a real change agent to head the VA -- not just to bring it into the 21st century from a technology perspective, but also to change the culture.

5/17/2015
Shareholders’ Votes Have Done Little to Curb Lavish Executive Pay

"It’s been five years since the Dodd-Frank law required that companies let investors vote on their executive pay practices."

Annie's take:

CEO pay continues to rise, year over year -- and it does not seem to be tied to performance.

5/16/2015
DHS employees receive awards for valor, some performed while off duty

"Even before he took over the Department of Homeland Security in late 2013, Jeh Johnson said one of his top priorities in the job would be improving the department’s perpetually low employee morale."

Annie's take:

ASA strongly recommends such recognition programs for both private and public sector organizations, for morale and for risk mitigation. It is astounding just how few of them there still are.

5/14/2015
Amtrak Train Derailed Going 106 M.P.H. on Sharp Curve; at Least 7 Killed

"An engineer jammed on the emergency brakes just seconds before Tuesday’s fatal Amtrak derailment, but the train — traveling at 106 miles an hour, more than twice the speed limit — slowed only slightly, federal authorities said, before hurtling off its tracks, killing at least seven people and injuring more than 200."

Annie's take:

Thanks to a series of superb contextual reports on CBS-News last night, I can add a few other notes to this article. Evidently over 2000 trains run daily on the Northeast Corridor. On many parts of the track, outside dense urban areas, speeds of 100mph are permitted on many of these trains. As the article here points out, this section of the track did not have "positive train controls" installed yet, which would have automatically slowed the train when it approached curves like this. And on this same day as emergency workers were still checking for bodies, the Congress voted down additional cuts to Amtrack funding.

5/13/2015
Amtrak Train Derails in Philadelphia, Killing at Least 6 and Injuring Dozens

"Emergency workers here on Wednesday searched through the wreckage of a New York-bound Amtrak train that derailed and overturned late Tuesday, killing six people, injuring dozens more, and disrupting train service for thousands of riders in the Northeast region."

Annie's take:

It's very hard to read the headlines, some days more than others. Yesterday, we learned of two more significant earthquakes/aftershocks in Nepal. This morning, we wake to find that an Amtrack train on one of the most heavily trafficked routes in America derailed. The damage is almost incomprehensible. In the interests of customer service, those trains can run at up to 100mph when outside downtown cores. But we have never invested the dollars to upgrade the tracks -- the critical infrastructure, including signaling -- that so desperately needs to be done. This is a very grim reminder to Congress that it's time to act.

5/12/2015
Nepal Hit by Fresh Earthquakes

"Two large earthquakes struck Nepal on Tuesday, killing at least 36 people, just weeks after a devastating earthquake left more than 8,000 people dead."

Annie's take:

We have such short attention spans. It takes so long to do the gritty work of digging out, and that is just what the Nepalese were doing when these two earthquakes hit. Please take a moment to think about this geologically unstable part of the world, and then plan to ensure that your family has food, water and other provisions to get through such a disaster if it happened here.

5/11/2015
Influencing the Future

"I like to tell the story about a client who could not understand why I would honor a commitment to teach rather than give the firm more hours in order to make more money."

Annie's take:

Here's this month's ASA News & Notes, including an excellent research note on the GAO by Andrew Magnusson.

5/9/2015
Veterans Battle for Jobs on the Home Front

"Recently, in the midst of an effort to persuade store managers to hire veterans, I talked to a human resources executive at a major retail chain."

Annie's take:

Today, I could have selected a news article on Britian's election. Or one on the French surveillance legislation. Instead, I'm deviating slightly to offer this article, which goes a long way toward explaining why more veterans aren't getting hired despite the commitments of large corporations like Starbuck. We need to train Human Resources recruiters better -- I'd rather they not think they were exercising good risk management by turning an applicant away if her/his eyebrow twitched during an interview.

5/8/2015
N.S.A. Collection of Bulk Call Data Is Ruled Illegal

"A federal appeals court in New York ruled on Thursday that the once-secret National Security Agency program that is systematically collecting Americans’ phone records in bulk is illegal. The decision comes as a fight in Congress is intensifying over whether to end and replace the program, or to extend it without changes."

Annie's take:

Could it be that the appeals court was giving a little nudge to Congress to just let this section of the Patriot Act expire?

5/7/2015
A resilient organization needs a specialist risk leader supporting the board

"Boards are failing to navigate the changing risk landscape effectively, resulting in significant loss of value, according to research from leading players in the business community."

Annie's take:

Continuity Central has provided a summary and a link to a most interesting piece of work from the forum called Tomorrow's Good Governance, in response to England's Financial Reporting Council.

5/6/2015
Lawmakers in France Move to Vastly Expand Surveillance

"At a moment when American lawmakers are reconsidering the broad surveillance powers assumed by the government after Sept. 11, the lower house of the French Parliament took a long stride in the opposite direction Tuesday, overwhelmingly approving a bill that could give the authorities their most intrusive domestic spying abilities ever, with almost no judicial oversight."

Annie's take:

And here, in a microcosm, the debate that still reverberates in this country around the Patriot Act is playing out in France. The big difference for France is that the process that the legislation outlines involves very little judicial review. We'll be watching closely to see how this plays out.

5/5/2015
SEC Backlog Delays Whistleblower Awards

"As part of its popular whistleblower program, the Securities and Exchange Commission promises to move swiftly on useful information about potential wrongdoing. But the agency isn’t as speedy when it comes to paying off its tipsters."

Annie's take:

As if there were not already enough dis-incentives for reporting unethical behavior, here's another: the length of time it could take for the SEC to review your claim and then the amount of time it takes to pay that claim. We have data on retaliation for reporting, but until now we did not have this data on processes that need to be streamlined at the SEC.

5/4/2015
Hacked Firms Could Keep Quiet Under New U.S. Law

"A proposed U.S. national privacy law would let some companies that find their systems hacked off the hook from notifying customers."

Annie's take:

I am ambivalent on this legislation because I am not sure that firms who are hacked are capable of making this determination or not. I understand how expensive it is to notify clients/customers and to offer them credit reporting for a year, but at least in this scenario customers are placed at the forefront of the decision.

5/3/2015
We have too little data to know how to help countries like Nepal recover from natural disasters

"It hasn’t even been a week since Nepal’s massive earthquake killed thousands and destroyed businesses, homes, roads and hospitals across the country."

Annie's take:

We have become quite skilled at our response efforts, but we have a long ways to go to plan effectively and implement long term recovery plans after disasters. So far at least, Japan has set the standard. Dr. Kirsch is raising some unpleasant truths in his opinion piece here.

5/2/2015
Patriot Act Faces Revisions Backed by Both Parties
Annie's take:

It's hard to see how this will play out. These modifications are, at best, incremental and insufficient.

5/2/2015
Why the N.S.A. Isn’t Howling Over Restrictions

"For years after the attacks of Sept. 11, 2001, even as the National Security Agency fiercely defended its secret efforts to sweep up domestic telephone data, there were doubters inside the agency who considered the program wildly expensive with few successes to show for it."

Annie's take:

This is another question of incremental action. No surprise that NSA suggested the data be stored elsewhere, as the one piece they were willing to give up.