RSS subscription

Recent commentary
Skip Navigation Links.
Collapse 20142014
Collapse JulyJuly
Fear of Ebola Breeds a Terror of Physicians
A Stronger Bill to Limit Surveillance
Proliferation of new online communications services poses hurdles for law enforcement
4 senators raise alarm about NSA collection of Americans’ e-mails, phone calls
Senator’s Bill Is Stricter on N.S.A. Than House’s
How to bullet-proof your incident response plans
Inside Companies Twitter, Like Other Big Tech Companies, Comes Up Short on Diversity
Information risk management lessons
Goodwill Investigating Possible Theft of Credit Card Data
9/11 Commission report authors warn nation of cyberattack threats
A Tough Corporate Job Asks One Question: Can You Hack It?
Pathogen Mishaps Rise as Regulators Stay Clear
Microsoft imposes new rules on contract workers, requiring 6-month break from access
SEC urged to restrict employee nondisclosure agreements
‘There is no such thing as Ebola’
V.A. Official Says Fixing Issues at Root of Waiting-List Scandal Will Cost Billions
Documents Show General Motors Kept Silent on Fatal Crashes
Citigroup Settles Mortgage Inquiry for $7 Billion
After Lapses, C.D.C. Admits a Lax Culture at Labs
CEOs -- Gracious? Or Oblivious?
UnGoogled: The disastrous results of the ‘right to be forgotten’ ruling
C.D.C. Closes Anthrax and Flu Labs After Accidents
Amazon Asks Permission From F.A.A. to Test Drone Delivery System
Google to Tour Europe to Discuss Privacy
Chinese Hackers Pursue Key Data on U.S. Workers
If Tuberculosis Spreads ...
New T.S.A. Rules for Electronics on Flights Bound for U.S.
Officials Defend N.S.A. After New Privacy Details Are Reported
In NSA-intercepted data, those not targeted far outnumber the foreigners who are
Google Reinstates European Links to Articles From The Guardian
Google Starts Erasing Links for Searches in Europe
U.S. Privacy Panel Backs N.S.A.’s Internet Tapping
How to Digitally Avoid Taking It to the Grave
We are the product that Facebook has been testing
Jamie Dimon of JPMorgan Says He Has Throat Cancer
Court gave NSA broad leeway in surveillance, documents show
Expand JuneJune
Expand MayMay
Expand AprilApril
Expand MarchMarch
Expand FebruaryFebruary
Expand JanuaryJanuary

Risk News

12/31/2012
Safeguard Your Phone from Malware

"If you think that only computers can get viruses, think again."

Annie's take:

If you are a mobile phone user who loves third party applications, then you may want to read this article and try one of the security applications discussed.

12/28/2012
After the Storm, Suits Roll In

"When a 5-foot surge from superstorm Sandy washed over 200 acres of low-lying parking lots at New Jersey's Port Newark, a fleet of vehicles belonging to International Motor Freight Inc. was damaged."

Annie's take:

For those who wonder what the real costs are for businesses during a natural disaster, here's an up-close look. One wonders if there are improvements that could be made to our insurance system.

12/27/2012
The Power of Negative Thinking

"The holiday season poses a psychological conundrum. Its defining sentiment, of course, is joy—yet the strenuous effort to be joyous seems to make many of us miserable."

Annie's take:

Here's one of the most read articles this month in the Wall Street Journal, presented here, tongue-in-cheek, to those of you who wonder if worst case thinking is harmful to the spirit. An early Happy New Year, everyone!

12/26/2012
Awakening to Crisis, India Plans New Push Against TB

"India plans to launch a massive initiative to combat deadly strains of drug-resistant tuberculosis, tackling a medical crisis the full scope of which is only now coming into focus."

Annie's take:

Tuberculosis seemed for many years to be largely eliminated because of the vaccine available. Here is a sobering story.

12/24/2012
I.B.M. Looks Ahead to a Sensor Revolution and Cognitive Computers

"The year-end prediction lists from technology companies and research firms are — let’s be honest — in good part thinly disguised marketing pitches: These are the big trends for next year, and — surprise — our products are tailor-made to help you turn those trends into moneymakers."

Annie's take:

A look ahead just before the end of the year. IBM still runs a world class research operation.

12/21/2012
Police Dept. to Use Internet to Try to Stop Mass Shootings

"Top intelligence officials in the New York Police Department met on Thursday to examine ways to search the Internet to identify potential “deranged” gunmen before they strike, Police Commissioner Raymond W. Kelly said."

Annie's take:

It is an interesting approach to use some of the techniques worked out for identifying terrorists on potential mass shooters. Certainly combing through postings on social media sites and certain special interest sites using algorithms is an avenue to explore, though it may butt right up against first amendment rights.

12/20/2012
After Libor, arguments against financial regulation are a joke

"Everyone who has ever claimed that the financial industry is overregulated should be forced to read the final notice on UBS’s manipulation of the London interbank offered rate issued Wednesday by the United Kingdom’s Financial Services Authority."

Annie's take:

For those who have had difficulty understanding what the Libor scandal was all about, here's an excellent article and Frankel's own perspective on how far we can trust bankers these days.

12/19/2012
UBS to Pay $1.5 Billion to Settle Libor Charges

"UBS AG UBSN.VX +0.13% became the second bank to settle accusations that it tried to rig benchmark interest rates, agreeing to pay roughly $1.5 billion in a deal with authorities in multiple countries that points to a broader manipulation scandal than previously known."

Annie's take:

One wonders how the fines are divided out among the countries.

12/18/2012
3 Emerging Technologies That Will Impact Emergency Management

"Albert Einstein once said: “The true sign of intelligence is not knowledge but imagination.”"

Annie's take:

In a week where most of the news is not good, the three new tools that Pittman describes here are welcome news.

12/17/2012
HSBC to Pay Record U.S. Penalty

"HSBC Holdings HSBA.LN -0.02% PLC on Tuesday acknowledged that for years it ignored possible money laundering as part of a record $1.9 billion settlement with U.S. authorities that caps the bank's disastrous foray into the U.S. market."

Annie's take:

Will this penalty make a difference in how the Bank Secrecy Act (BSA) is understood and enforced?

12/14/2012
Data open doors to financial innovation

"The exposed brick walls, open work benches and large flat screens in the San Francisco office of Sasha Orloff’s start-up make it feel like any other trendy young Californian internet company."

Annie's take:

There's a lot we really don't understand about BIg Data -- see Devin Luco's research note this month in ASA News & Notes -- but this article makes clear that there are even more issues at stake.

12/13/2012
U.S. Terrorism Agency to Tap a Vast Database of Citizens

"Top U.S. intelligence officials gathered in the White House Situation Room in March to debate a controversial proposal. Counterterrorism officials wanted to create a government dragnet, sweeping up millions of records about U.S. citizens—even people suspected of no crime."

Annie's take:

Julia Angwin has written a dense, compelling article that clearly lays out the risks and rewards of intelligence gathering. I'll have to give a lot more thought to this -- it is certainly sitting squarely in one of the topic areas I'll be coverning in a university course this winter that looks at ethics, policy and law around information use.

12/12/2012
Too Big to Indict

"It is a dark day for the rule of law."

Annie's take:

This editorial says it all, except, perhaps, to ask where is the U.S. Department of Justice in all this?

12/11/2012
HSBC to Pay $1.92 Billion to Settle Charges of Money Laundering

"State and federal authorities decided against indicting HSBC in a money-laundering case over concerns that criminal charges could jeopardize one of the world’s largest banks and ultimately destabilize the global financial system."

Annie's take:

This is most probably an early version of a story that will continue to be told, especially the complex discussions that led authorities to let HSBC settle rather than be prosecuted for its money laundering activities -- activities it had been warned about over and over. Here the reasons seem to be connected to the impacts that would have been felt throughout the entire global financial system if HSBC were prosecuted.

12/10/2012
We Can Do Better

"I made a presentation in November at a regional risk forum on ethical misconduct and, for the first time, got a question on how I could possibly suggest that Washington Mutual had any best practices since thousands of shareholders had lost their investments and at least 5,000 employees in the Greater Seattle Area had lost their jobs."

Annie's take:

ASA publishes a newsletter that features a front page column from me each month. Here's a link to our most recent issue, and some specific recommendations on how to set up lasting ethical practices for your company, via an excerpt from an article I wrote for the November issue of Risk Universe magazine.

12/7/2012
National Network for First Responders Is Years Away

During Hurricane Sandy, New York police commanders could talk by radio with fire department supervisors across the city, to officials battling power failures in nearby counties and with authorities shutting down airports in New York and New Jersey.

Annie's take:

This article indicates just how very far we are still from approving and funding a national network. One wonders just how many more disasters have to occur before we fix this -- were 9/11, Hurricane Katrina, and Super Storm Sandy not large enough disasters?

12/6/2012
Federal Plan Calls for Overhauling Secrecy Policies

"Declaring the current system for classifying information dysfunctional, a federal advisory panel is calling for the most thorough overhaul of government secrecy since classification procedures were established 70 years ago."

Annie's take:

We urge the administration to move quickly to make the changes recommended by this prestigious federal panel. It will make a world of difference, and eliminate a whole layer of prosecution as well.

12/5/2012
Rigging the Financial System

"The report this week that UBS, the Swiss bank, may be close to a deal with American and British authorities to settle charges that its employees manipulated interest rates to increase the bank’s trading profits signals incremental progress in the global investigation into rate rigging at more than a dozen big banks, including Citigroup, JPMorgan Chase and Deutsche Bank."

Annie's take:

Once, trust from the customer was everything. But over the past several years, we have come to believe that banks cannot be trusted. The reasons are not so hard to see. This editorial makes the case from another perspective than my own, perhaps even more effectively.

12/4/2012
HBOS ex-chiefs admit taking too much risk before bailout

"Two former bosses of HBOS, the bank which had to be bailed out by the government and taken over by Lloyds at the height of the financial crisis, today admitted that it had taken greater risks than it should."

Annie's take:

To the list of qualifications for CEOs, especially in the financial sector, we should add "the ability to see a problem and self-correct before the worst happens, without having to be bullied into admissions by oversight committees after the fact."

12/3/2012
The Top ten financial services cyber risk trends for 2013

"Booz Allen Hamilton works with financial services firms to identify and benchmark best practices and challenges for long-term cybersecurity prevention and protection."

Annie's take:

Booz Allen Hamilton has worked on cyber issues with both the government and the private sector longer than nearly any other consulting firm. This is a summary of their latest findings on trends going into next year.

11/30/2012
Panel Approves a Bill to Safeguard E-Mail

"The Senate Judiciary Committee on Thursday approved a bill that would strengthen privacy protection for e-mails by requiring law enforcement officials to obtain a warrant from a judge in most cases before gaining access to messages in individual accounts stored electronically."

Annie's take:

This bill looks timely and would prevent the government from going directly to cloud providers without a search warrant.

11/29/2012
Big Data Is on the Rise, Bringing Big Questions

"The next Next Big Thing is Big Data. Evangelists claim it has the power to reveal hidden truths about our companies, about our lives, about society as a whole."

Annie's take:

This is a whole new world for data design and analytics. Please look for Devin Luco's research note on Big Data in the December issue of ASA News & Notes.

11/28/2012
Barclays Disciplines 13 Staff Over Libor Case

"Barclays BARC.LN -1.55% PLC has disciplined 13 members of staff in relation to allegations of rate-fixing, the head of its investment bank said, as the U.K. bank seeks to rebuild its reputation following its involvement in the Libor scandal."

Annie's take:

It evidently takes a long time for internal investigations to conclude. Here we have the reported results from both Deutsche Bank and Barclays over the Libor debacle.

11/27/2012
What the U.S. Can Learn from the Christchurch Earthquake

"Learning from experience, including that of other countries, is an important element of our knowledge about earthquakes and other disasters that affect major urban areas."

Annie's take:

There's a link in the article directly to the Christchurch report, in all its detailed findings. A key finding is apparently the level of duplication of effort among government emergency management teams. We can learn from this report.

11/26/2012
Courts Divided Over Searches of Cellphones

"Judges and lawmakers across the country are wrangling over whether and when law enforcement authorities can peer into suspects’ cellphones, and the cornucopia of evidence they provide."

Annie's take:

A phone is no longer a record of the calls you have made. It is also the repository of text messages, email, Facebook and Twitter posts. What this means for legal purposes is no longer so clear.

11/23/2012
Banned on Wall St.: Facebook, Twitter and Gmail

"For young Wall Street employees who live their lives through social media, working at a big bank can feel as if the plug has been pulled."

Annie's take:

It's hard to feel sorry for those who work deals on Wall Street.

11/21/2012
Warning of Consequences, Bernanke Urges Swift Action on a Fiscal Deal

"The Federal Reserve chairman, Ben S. Bernanke, again strongly urged Congress on Tuesday to ward off the sudden and severe combination of tax increases and spending cuts coming at the end of the year."

Annie's take:

Usually I leave market and credit risk to others, but here we have a convergence of market, credit and operational risk. There is no room for political posturing, just a large impetus to get the work done for the good of the country.

11/20/2012
The Preparedness Message Isn’t Reaching the Public

"Americans have a false sense of security when it comes to disasters, and should they become victims, most haven’t taken steps to help themselves during the first few days after one strikes."

Annie's take:

It's good to see the Advertising Council begin to assess the effectiveness of messaging around disaster preparedness.It does seem that "threat," "fear" then "overwhelmed" or "paralyzed" is the cycle around how messages are conveyed and then not acted upon. This is a challenge I've struggled with for years, in trying to lay out the case for preparedness, whether it's to neighbors or readers or clients.

11/19/2012
The C.I.A.’s Next Leader
"The office of the Director of the Central Intelligence Agency sits on the seventh floor of the old headquarters building at Langley."
Annie's take:

A sobering discussion of what's needed in a director of the CIA.

11/16/2012
Report on MF Global faults regulators

"Regulators failed to adequately protect customers of the failed brokerage MF Global because they did not communicate with each other leading up to the firm’s collapse, a report released Thursday by Republicans on a House panel concluded."

Annie's take:

There's plenty of blame described in this report, including for CEO Jon Corzine. But the most troubled aspect of the findings have to do with the poor relationships between regulators who oversaw MF Global.

11/15/2012
Terrorist Attack on Power Grid Could Cause Broad Hardship, Report Says

"Terrorists could black out large segments of the United States for weeks or months by attacking the power grid and damaging hard-to-replace components that are crucial to making it work, the National Academy of Sciences said in a report released Wednesday."

Annie's take:

A long-awaited report has just been released that identifies vulnerabilities to the nation's electrical/power infrastructure. The report comes at a time when residents of New York and New Jersely can personally attest to the hardships caused by losing power for an extended period of time.

11/14/2012
Money Fund Reform Has Top Support

"A council of top financial regulators, upset with the Securities and Exchange Commission for failing to strengthen rules governing money market mutual funds since the financial crisis, is trying to force the S.E.C. to adopt stricter regulations."

Annie's take:

Even former FDIC chair Sheila Bair, now head of the nonprofit System Risk Council, agrees that the SEC must do more to protect these funds.

11/13/2012
Flood Insurance, Already Fragile, Faces New Stress

"The federal government’s flood insurance program, which fell $18 billion into debt after Hurricane Katrina, is once again at risk of running out of money as the daunting reconstruction from Hurricane Sandy gets under way."

Annie's take:

This whole program is in severe need of overhaul. It's to be hoped that this overhaul can take place very soon, though the acrid Congressional climate means that bipartisan efforts like this will take are increasingly rare.

11/12/2012
Cuomo to Seek $30 Billion in Aid for Storm Relief

"Gov. Andrew M. Cuomo plans to ask the federal government for at least $30 billion in disaster aid to help New York City and other affected areas of the state recover from the devastation of Hurricane Sandy, according to top administration officials."

Annie's take:

There are probably only three elected officials who have the credibility and courage to speak up now on how to restore our broken East Coast infrastructure, and Andrew Cuomo is one. Though he rarely uses the words "climate change," he does hit all the right points about an outmoded power grid and other pieces of our infrastructure that are due for overhauls. The other two officials are also overseeing Hurricane Sandy response -- Governor Chris Christie and Mayor Michael Bloomberg.

11/9/2012
Where Hurricane Sandy Still Hurts

"For all the efforts of federal, state and local officials to help people after Hurricane Sandy, unacceptable pockets of suffering remain "

Annie's take:

This editorial indicates how much there is still to be done, separate from the overall recovery effort, to help those in New York City still without power. So much time has gone past since Hurricane Sandy hit that we have forgotten how much basic front line work there is not yet done.

11/8/2012
Northeaster Adds to Misery, Dumping Rain and Snow

"A northeaster threatened to unravel progress made since Hurricane Sandy ravaged the New York area, delivering a second angry serving of howling wind and high water on Wednesday in places where misery and frustration had yet to recede."

Annie's take:

The scale of devastation to New York City and New Jersey is almost unimaginable. The photos in newspapers or the images on television just don't do the trick. This will be a recovery effort at least as long as from Katrina, perhaps more.

11/7/2012
As Dengue Fever Sweeps India, a Slow Response Stirs Experts’ Fears

"An epidemic of dengue fever in India is fostering a growing sense of alarm even as government officials here have publicly refused to acknowledge the scope of a problem that experts say is threatening hundreds of millions of people, not just in India but around the world. "

Annie's take:

As New York City struggles to understand the migration of rats out of the subways and sewers that flooded with Hurricane Sandy, millions are at risk from a new outbreak of dengue fever, which is a mosquito-carried disease, in India.

11/6/2012
Midweek Northeaster May Stymie Recovery Efforts With Floods and Loss of Power

"The Northeast is now bracing for a potentially dangerous northeaster expected to bring rain, punishing winds and high tides that could add to the misery of residents still reeling from Hurricane Sandy and set back the restoration of power."

Annie's take:

Could there be worse weather news than this for those in New York and New Jersey?

11/5/2012
Restoring trust in the banking sector


Since the financial crisis, banks have talked a lot about the need to restore trust and prove their social usefulness. But the protestations of reform have often seemed pro forma, concealing a real desire to return as swiftly as possible to pre-crunch business as usual.

Annie's take:

A forward-looking editorial from The Financial Times. No additional words necessary.

11/2/2012
What Cellphone Carriers Say About Hurricane Recovery

"Three days into the aftermath of Sandy, wireless service is still lacking in parts of New York City and other hard-hit areas, according to people living in those areas."

Annie's take:

Nowhere are critical infrastructure interdependencies clearer than on the East Coast right now, in the wake of Hurricane Sandy. In New Jersey, for instance, there may not be power, but most cell phones work. In parts of New York, there may be no power and no cell phone service either. The loss of power and the work that will need to be done to restore it is massive, and is at the foundation of recovery -- along with other priorities like water purification and rodent control after the flooding.

11/1/2012
Google Introduces New Emergency Resources in Response to Sandy

"Google has scrambled to post online resources for people who want information about the deadly storm Sandy, including maps showing evacuation routes and shelters and a new service that sends emergency alerts to Google users."

Annie's take:

Large internet companies have a promising role to play in disaster response. Google has stepped up before in Haiti and in Asia. It's good to see these new resources being made available during such dark times.

10/31/2012
For Years, Warnings That It Could Happen Here

The warnings came, again and again.

Annie's take:

Here's a look at some of the thinking now becoming more prominent in New York City in particular: the increasing frequency of such large storms means that more permanent measures should be taken to protect a city that is barely above sea level.

10/30/2012
You Will Pay For Hurricane Sandy—Even If You Live Nowhere Near It

"By now you've already heard about Hurricane Sandy. Or Frankenstorm. Or the Snowincane, if you prefer."

Annie's take:

Over seven million people are without power at this time. The author here provides us with some of the costs associated with hurricanes or big storms in the past years. We are going to see more big storms like this one for reasons outlined in the article. Perhaps it is time we begin to address climate change issues.

10/29/2012
Hurricane Sandy Eyes DC, Baltimore, Philadelphia And New York

"Hurricane Sandy bore down on the Eastern Seaboard's largest cities Monday, forcing the shutdown of mass transit, schools and financial markets, sending coastal residents fleeing, and threatening a dangerous mix of high winds, soaking rain and a surging wall of water up to 11 feet tall."

Annie's take:

It's pretty clear by now that climate change is real and present, and that large storms are becoming more frequent. Our thoughts are with all those in the path of the hurricane and its side effects.

10/26/2012
Citi Analyst Fired After Facebook Disclosure

"Massachusetts' securities regulator fined Citigroup Inc. $2 million for failing to supervise technology analyst Mark Mahaney and an unnamed junior research analyst who improperly disclosed confidential information about Facebook Inc.'s initial public offering and unpublished revenue estimates for Google Inc.'s YouTube."

Annie's take:

If there are any corporations left who do not believe that it is their job to monitor social media commentary about their companies, this should be enough to change their minds. The size of the fine points to the severity of the act. If the Raj Gupta case did not aleready make the point, we need to think and act more responsibly when speaking to our "friends."

10/25/2012
Ex-Goldman Director to Serve 2 Years in Insider Case

"Rajat K. Gupta, the former Goldman Sachs director, was sentenced to two years in prison on Wednesday for leaking boardroom secrets to the former hedge fund manager Raj Rajaratnam."

Annie's take:

Raj Gupta had wanted to spend his prison time in a public service project in Africa. It does not appear that he will get that opportunity. This case sharpens the definition of casual conversation where insider trading issues are concerned.

10/24/2012
Experts warn about security flaws in airline boarding passes

"Security flaws in airline boarding passes could allow would-be terrorists or smugglers to know in advance whether they will be subject to certain security measures, and perhaps even permit them to modify the designated measures, security researchers have warned."

Annie's take:

Another disappointing piece of news on security procedures used by the Transportation Security Administration (TSA). One would hope this is a simple gap to fix.

10/23/2012
Microsoft Tightens Personal Data Rules

"Microsoft said on Monday that it would change its new disclosure policy to tell consumers explicitly that it would not use personal information it collects from users of some Microsoft products to produce or promote targeted online advertising."

Annie's take:

It's still difficult for the consumer to understand the privacy policies of large companies like Microsoft and Google. Let's hope that someone designs a tutorial on how to be sure your personal data is not tracked.

10/22/2012
Fresh Windows, but Where’s the Start Button?

"Over the years, Keith McCarthy has become used to a certain way of doing things on his personal computers, which, like most others on the planet, have long run on Microsoft’s Windows software."

Annie's take:

Here's an early review of Windows 8 that outlines some of its new features, including Microsoft's bet that they can design one operating system that will work well across multiple surfaces. It remains to be seen whether large corporate clients will buy in to this radical departure from a familiar interface that has always had at least a slight learning curve with each of its releases.

10/19/2012
CEOs warn Obama, Congress to avoid ‘fiscal cliff’

"The largest U.S. financial firms warned Thursday of dire consequences if Washington fails to head off year-end tax hikes and spending cuts, saying they could jolt the economy into recession and prompt a new and dangerous downgrade of the U.S. credit rating. "

Annie's take:

JPMorgan Chase CEO Jamie Dimon is leading the charge here. Let's hope that efforts to make clear the need for action to Congress are effective.

10/18/2012
FBI Foils New York Fed Bomb Plot

"A Bangladeshi man was arrested Wednesday and charged with trying to detonate a 1,000-pound car bomb outside the Federal Reserve Bank of New York, a target he chose in a bid to disrupt the U.S. economy, authorities said."

Annie's take:

I dislike providing any publicity to the efforts of terrorists, but post this to remind us all that the FBI is doing an outstanding job of intelligence gathering and risk mitigation.

10/17/2012
Europe Presses Google to Change Privacy Policy

"What does Google know about its users and how does it know it?"

Annie's take:

It's not just Europe that wants to know -- all of us who use Google in this country want to know as well!

10/16/2012
Citigroup CEO Vikram Pandit Resigns

Citigroup Inc. C +1.50% announced the sudden departure of Chief Executive Vikram Pandit, saying he would be succeeded by longtime executive Michael Corbat.

Annie's take:

Surely there will be a great deal of analysis of this announcement. Pandit was one of three CEOs at the nation's largest banks who survived the 2008 economic meltdown. Citigroup had certainly been improving its numbers. That the resignation took place effective immediately, that Pandit also resigned from the board, and that it took place the day after reporting third quarter results reminds us that boards of directors still call the shots -- something that Lloyd Blankfein and Jamie Dimon would do well to remember.

10/15/2012
High-Speed Trading No Longer Hurtling Forward

"High-frequency trading firms — the lightning-quick, computerized companies that have risen in the last decade to dominate the nation’s stock market — are now struggling to hold onto their gains."

Annie's take:

It's good to see that the brakes are slowly being applied to this risky form of trading. There aren't enough trained banking examiners who can understand how it works or how to see if the controls are in place.

10/12/2012
Panetta Warns of Dire Threat of Cyberattack on U.S.

"Defense Secretary Leon E. Panetta warned Thursday that the United States was facing the possibility of a “cyber-Pearl Harbor” and was increasingly vulnerable to foreign computer hackers who could dismantle the nation’s power grid, transportation system, financial networks and government."

Annie's take:

Most testimony from military officials on the cyber issue has taken place in front of Congressional committees. Panetta's more explicit description in this public address highlights how much more significant cyber threats are growing, in particular attacks on banks in the past month, attributed to elements upset about the you tube video excerpt of a movie made in this country.

10/11/2012
JPMorgan Finance Chief Is Expected to Step Down

"The chief financial officer at JPMorgan Chase is expected to step down by the end of the year in the latest round of executive reshuffling after the bank’s multibillion-dollar trading loss in May."

Annie's take:

JPMorgan Chase is still in flux from its London Whale trading loss earlier this year. The CFO's resignation is one of a number, including more still to come. This morning's other story, about the investigation that regulators are conducing by tracking emails and instant messages bouncing around the trading floor in London, amplifies what we learned last Sunday in the "Swallowed by the London Whale" story on Ina Drew and her team in the New York Times magazine. All worth reading as cautionary tales.

10/10/2012
Supply chain focus can make the difference between organizational growth and failure post-crisis

"When examining the dynamic between corporate reputation and financial performance, it is important to study the effects of large-scale crises, whether manmade or driven by external forces."

Annie's take:

This is a report fit for reading by CFOs wondering if it's worth it to beef up their supply chain management program.

10/9/2012
Fusion Centers Under the Gun

"A new Senate report is highly critical of how the Department of Homeland Security (DHS) has supervised the functioning of the many state and local fusion centers that have been established."

Annie's take:

Eric Holdeman's column draws attention to a question many of us have about fusion centers and their funding, irrespective of the new Senate report. He's asking just the right question: if there were no federal funds, would the centers survive? That is, would cities and states fund the fusion centers?

10/8/2012
Expanding the Definition of Operational Risk
 We finished the upgrade of ASA's website last month, and tweaked our logo as well. 
Annie's take:

This marks the last issue in the third year of continuous monthly publication of the ASA newsletter. This month, we're discussing how the definition of operational risk continues to expand. #riskdetective

10/5/2012
Business continuity and the smaller business

"The value placed on organizational resilience is growing."

Annie's take:

Robinson makes solid points in his arguments to advance an investment in business continuity. One not mentioned: that businesses who have good plans usually see their business insurance costs drop by as much as 20%.

10/4/2012
Small Businesses Are Finding An Unlikely Banker: Amazon

"Lisa Zerr urgently needed funds to upgrade the kids' merchandise carried by her business, Yankee Toy Box, for Halloween and the holiday shopping season. A bank had turned down her request for a loan."

Annie's take:

One hardly knows what to make of this new financial services operation from Amazon, aimed directly at small businesses. How will regulation and oversight affect these services?

10/3/2012
New Tracking Frontier: Your License Plates

"For more than two years, the police in San Leandro, Calif., photographed Mike Katz-Lacabe's Toyota Tercel almost weekly. They have shots of it cruising along Estudillo Avenue near the library, parked at his friend's house and near a coffee shop he likes. In one case, they snapped a photo of him and his two daughters getting out of a car in his driveway."

Annie's take:

Here's another source of data collection about you. Cameras are more prolific in large cities like London or New York City, where such images are made available to police on a regular basis. Is this an invasion of privacy or a necessary security tool?

10/2/2012
Rapid-Fire Traders' Big Fear: Themselves

"High-frequency trading firms, long resistant to tighter oversight of their businesses, are beginning to change their tune amid a spate of high-profile technology failures that have roiled financial markets."

Annie's take:

Two big operational risks converge here in a discussion that the SEC is about to formally have -- people and systems. You could probably throw in processes as well. When even the traders begin to agree on the risk level, it's pretty clear that formal guidance will be forthcoming.

10/1/2012
Attacks on 6 Banks Frustrate Customers

"Six major American banks were hit in a wave of computer attacks last week, by a group claiming Middle Eastern ties, that caused Internet blackouts and delays in online banking."

Annie's take:

Better communications with its front lines and with customers are in order when these sorts of cyber attacks make it impossible for customers to do business with their respective banks. Here's where alternate modes of communication like social media could come in handy.

9/28/2012
British Authorities to Announce Changes in Libor Oversight

"British authorities are set to announce significant changes to the interest rate at the heart of a recent manipulation scandal as they aim to improve the accuracy and reliability of the benchmark."

Annie's take:

As the British government steps in to take a greater role in the rate setting, manipulation will now become a criminal offense. All in all, quick work by the British once the scandal was uncovered -- especially compared to the glacial pace at which things move on regulation in this country.

9/27/2012
Beyond Wall St., Curbs on High-Speed Trades Proceed

"After years of emulating the flashy United States stock markets, countries around the globe are now using America as a model for what they don’t want to look like."

Annie's take:

Technology has made these high speed trades possible. In fact, they're not well understood by traders, regulators or public officials. Popper examines how other countries are handling the issue, given some well known glitches that have occurred on Wall Street.

9/26/2012
Fraud: warning signs and counter strategies

"Fraud can be a big threat to business continuity and with increasing levels being seen UKFraud’s Special Interest Group for Corporate Fraud Prevention has drawn up a new set of benchmarks which will help organizations manage the risk."

Annie's take:

Occupational fraud continues to be a major source of financial loss. A report from the US Association of Certified Fraud Examiners estimates that 5% of revenues can be lost this way. The report is interesting when combined with findings and recommendations of this new UK special interest group report.

9/25/2012
One Hospital’s Incredible Response to the Aurora, Colo., Shooting

"The emergency response to the mass shooting at the movie theater in Aurora, Colo., on July 20 follows a quick timeline — and one that probably saved lives."

Annie's take:

Depending upon where you live, this story will either fill you with concern about the quality of trauma response in your city, or pride that the hospitals in your area also practice their responses to a variety of emergency scenarios.

I'm lucky enough to live in the city that created Medic One, that is the home of the Harborview Medical Center and the University of Washington Medical Center and its affiliates. I had 12 stitches embroidered through my eyebrow by the head of the emergency room at Northwest Hospital a few years ago, and discussed with him the preparations that hospitals as colleagues of one another are making for a time when they might need them. Certainly response to mass shootings is one of the scenarios for which they prepare.

In the meantime, congratulations to the University of Colorado Hospital!

9/24/2012
Innovative strategies for dealing with unexpected risks

"A new PwC US Risk in Review paper entitled ‘Coping with the unknown: Risk management strategies for an uncertain world,’ provides details of innovative strategies for dealing with unexpected risks."

Annie's take:

Here's a description and a link to a new PriceWaterhouseCoopers white paper on unexpected risks -- a good source for those looking for external references to cite on the value of enterprise risk management.

9/21/2012
Meet the New Boss: Big Data

"When looking for workers to staff its call centers, Xerox Corp. XRX -0.64% used to pay lots of attention to applicants who had done the job before."

Annie's take:

We're going to be hearing more and more about "big data." Here's a use to which such data is being put for HR departments as companies seek to make the best possible hiring decisions.

9/20/2012
Change Management: A New Model for Organizations Implementing Change

"The one thing that dominates our modern lives is change."

Annie's take:

Change is everywhere. As one who once headed an orderly program for making technology changes in a complicated infrastructure, I highly recommend Eric's interview here.

9/19/2012
The evolving role of the risk professional

"As the risk management profession evolves from a protective function to one that can create value for an organization, a new RIMS Executive Report ‘The evolving role of the risk professional’ emphasizes that the need for determined and adept risk leaders to build risk management capabilities at every level of an organization has become an essential component to organizational success."

Annie's take:

Is a risk professional the same as a business continuity specialist, or an information security professional? Though we'd sometimes like to think so, the risk profession continues to evolve. Take a look back and forward in this new RIMS report.

9/14/2012
As Violence Spreads in Arab World, Google Blocks Access to Inflammatory Video

"As violence spread in the Arab world over a video on YouTube ridiculing the Prophet Muhammad, Google, the owner of YouTube, blocked access to it in two of the countries in turmoil, Egypt and Libya, but did not remove the video from its Web site."

Annie's take:

With this decision, Google has set itself up as a censor and violated its own policy on what constitutes material that can be blocked. No matter how much we might agree with the practicality of the decision, questions persist: could this decision have been made without recrimination by a smaller internet company?

9/13/2012
Does the West Nile outbreak signal an epidemic of viral epidemics? Yes and no.

"We are swimming in a sea of viruses. A hundred times smaller than bacteria, these tiny things are little more than stripped-down packets of genetic material with some protein padding. By strict definition, they aren’t even alive."

Annie's take:

Here's an update on a range of viruses that have presented themselves recently.

9/12/2012
Reputation management vs privacy rights: where do you draw the line?

"One of the major reputation risks can come from employees using email and social media to bad-mouth their organization, or to release, often inadvertently, information which the organization would prefer to remain confidential."

Annie's take:

A thoughtful article that explores both sides of the social media challenge and how far a company can go in examining the content of an employee's digital devices.

9/11/2012
Editorial - Mark 9/11 with commitment to tolerance

"Eleven years have passed since thousands of our fellow citizens were tragically slaughtered and our nation was shaken to its core."

Annie's take:

There are many editorials published today. I picked this one because of its key recommendation.

9/10/2012
Remembering 9/11-- ASA News & Notes

September is national preparedness month.

Annie's take:

Our September newsletter offeres some tips on preparedness, and a new research note on the energy sector by Ilya Krivulin.

9/7/2012
Preventing data disasters

"The first step in a new data protection strategy is to assess your current data protection capabilities."

Annie's take:

A first-rate practical guide to assessing your current data protection program.

9/6/2012
How Integrating Physical and Information Security Mitigates Risks

"Though both are critical, physical and information security remain separate entities at many organizations. However, you can get a better grip on overall risk by integrating the two."

Annie's take:

Nash makes an interesting argument for integration of two very different types of security functions that are normally housed in different parts of a business.

9/5/2012
Closing the Loop in Preparedness Exercises (Opinion)

"Exercises are an integral part of preparedness in emergency management and homeland security."

Annie's take:

Going through exercises or scenario tests is not of much use to participants or to the strength of your plans unless you make continuous improvements from lessons learned during the exercise.

9/4/2012
Hurricane Katrina and the Lessons Learned from Mississippi’s Recovery

"It’s been seven years since Hurricane Katrina after which Mississippi then-Gov. Haley Barbour created the state’s Disaster Recovery Division and placed Jon Mabry as its chief operations officer."

Annie's take:

Thanks to Eric Holdeman for this article and the questions he continues to ask the emergency managment community.

8/31/2012
Bernanke's Dilemma Over His Legacy

"Fed Chairman Ben Bernanke wasn't expecting he would have to make another speech like the one he will deliver here Friday."

Annie's take:

Ben Bernanke has served two presidents and will be watched eagerly today to see what he and the Federal Reserve Bank propose to do for an economy that has clearly stalled out.

8/30/2012
Mobile Disaster App Prepares the Public for the Worst

"A new mobile app helps citizens prepare for potential disasters, the latest threat-remediation strategy from the Insurance Institute for Business and Home Safety (IBHS) that could save residents and emergency managers time and money when catastrophe occurs."

Annie's take:

The checklists contained in this new mobile application are a big step forward. Now, the challenge is to get everyone to utilize the application.

8/29/2012
Hurricane Isaac Makes Landfall Along Gulf Coast

"On the eve of the seventh anniversary of Hurricane Katrina, which brought widespread devastation after the colossal failure of the system built to protect the city, New Orleans on Tuesday night once again found itself facing the impending arrival of a huge and deadly storm."

Annie's take:

This slow-moving hurricane continues to dump water over affected Gulf Coast areas. Our thoughts are with all those who live in the region.

8/28/2012
Who’s Prepared? Not Many (Opinion)

"How many hands would go up if you asked any audience the question: Do you have an emergency kit or would you be self-sustained for at least 72 hours during an emergency?"

Annie's take:

As the leader of a neighborhood preparedness group, I can attest to how difficult it is to get attention on the issue of preparedness. We need to rethink the argument.

8/27/2012
Suits Mount in Rate Scandal

"Banks being probed for interest-rate manipulation face potentially tens of billions of dollars in claims from dozens of lawsuits in the U.S. from cities, insurers, investors and lenders who say they were hurt by the allegedly fudged rates."

Annie's take:

For those who wondered what the fallout would be -- aside from regulatory investigations and probable fines -- here's a detailed sampling of other lawsuits that are in play.

8/24/2012
Reducing wildfire risks to business premises

"Dozens of fires sparked by high temperatures, severe drought conditions and strong winds have blanketed the western part of the US, including Washington, Montana, Oregon, Idaho, Nevada and California, making this fire season one of the worst in history for this area."

Annie's take:

Much of the advice to businesses from the National Fire Protection Agency can apply also to those who live or have vacation homes near fire areas. Long term, we need to revisit the issues of both both building permits and firefighting budgets, especially given the toll that climate change is taking on our environment.

8/23/2012
‘Enterprise risk management for cloud computing’

"In response to the growing number of organizations utilizing cloud computing as a viable alternative for meeting their technology needs, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) has published a new thought paper entitled ‘Enterprise Risk Management for Cloud Computing’."

Annie's take:

Continuity Central has published a link to the new COSO white paper on managing risk around cloud computing.

8/22/2012
CEO says Citigroup is going back to basics
"Citigroup Chief Executive Officer Vikram Pandit said emerging markets, including business in China, would be the focus of the bank's growth."
Annie's take:

Vikram Pandit has steered Citigroup through the financial meltdown, and now signals a return to "basics." Though his view is not quite the same as former CEO Sanford Weill, the man who almost singlehandedly broke the Glass-Siegal Act, it does appear that Pandit is prepared to chart the course for some years to come at Citigroup.
8/21/2012
The Need For Cyber Defense Program Management
"After years of the public and private sectors having listened to the nearly constant cyber threat warnings issued by military and government officials, as well as industry experts, over the past few years, addressing the threats posed to our systems by cyber attacks is now appropriately considered as a work-in-process."
Annie's take:

Here's a good analysis of the challenges facing the establishment of an effective cyber defense program.
8/20/2012
Emergency Managers’ Best Practices for Evacuating Communities

"With wildfires displacing tens of thousands in Colorado and other Western states, evacuation is on the minds of many in the emergency management community. In Colorado, what’s being called the most destructive wildfire in the state’s history forced the evacuation of more than 35,000 residents and destroyed nearly 350 homes "

Annie's take:

We had a terrific presentation from Colorado authorities on this very topic at the 2012 "Building Resiliency through Public-Private Partnerships" conference last month in Colorado Springs. Here's a high level of summary of lessons learned on the public safety side.

8/17/2012
No 'Phishing': Banks Try to Sink Scammers

"If banks have their way, Internet scammers soon may have a tougher time deceiving people with bogus bank websites."

Annie's take:

Here's a report on a new strategy that many large banks are using to defeat cyberthieves who set up phony websites to divert their customers.

8/16/2012
No Criminal Case Is Likely in Loss at MF Global

"A criminal investigation into the collapse of the brokerage firm MF Global and the disappearance of about $1 billion in customer money is now heading into its final stage without charges expected against any top executives."

Annie's take:

It's clearly difficult to prosecute such cases as MF Global, and it may be that the firm is not yet out of the woods for other forms of litigation. But what is clear is the public disgust will once again be reinforced when no one is punished for the collapse of still another firm and of investors' money.

8/15/2012
British Bank in $340 Million Settlement for Laundering

"Standard Chartered, the British bank, has agreed to pay New York’s top banking regulator $340 million to settle claims that it laundered hundreds of billions of dollars in tainted money for Iran and lied to regulators."

Annie's take:

Though there may be questions about which regulator should have filed charges, there is no doubt that swift action here by the State of New York has drawn sharp attention to a problem that many thought had been eliminated with money-laundering regulations.

8/13/2012
Libor Case Energizes a Wall Street Watchdog

"Months after he arrived in Washington in 2009, Gary Gensler knew he had a big case. "

Annie's take:

Many government officials, especially regulators, are faceless. But here is a good profile of Gary Gensler and his approach to the work that his new agency is doing.

8/13/2012
August issue of ASA News & Notes
"In a country as diverse as the United States, we sometimes forget how many things we agree upon."
Annie's take:

This month's newsletter includes a research note on risks in the oil and gas industry.

8/10/2012
Pentagon proposes more robust role for its cyber-specialists

"The Pentagon has proposed that military cyber-specialists be given permission to take action outside its computer networks to defend critical U.S. computer systems — a move that officials say would set a significant precedent."

Annie's take:

This Pentagon proposal is indeed an interesting one, and should be studied further. It's possible that lines could blur between worlds.

8/9/2012
New Google Tools to Make the Search Engine More All-Knowing

"When Google imagines the future of Web search, it sees a search engine that understands human meaning and not just words, that can have a spoken conversation with computer users and that gives users results not just from the Web but also from their personal lives. "

Annie's take:

How far is too far? Google's recent demonstration makes us wonder what we really want out of a search engine.

8/8/2012
Once-Mighty British Banks See Reputations Soiled by Scandals

"In the past six weeks, the three big British banks that had survived the financial crisis relatively unscathed have been immersed in scandal—further soiling the British banking industry's already marred reputation and undercutting the sector's efforts to fend off tougher regulations."

Annie's take:

The British financial sector is further tainted with the news on Standard Chartered.

8/7/2012
San Diego Launches Alerting Program for the Whole Community

"A big challenge for public safety officials is getting emergency alerts to citizens who may not understand traditional notifications. "

Annie's take:

We like to feature programs that are truly leading edge in this column -- and our metaphorical hat is off to the City of San Diego for this new inclusive alerting program.

8/6/2012
As Libor Fault-Finding Grows, It Is Now Every Bank for Itself

"Major banks, which often band together when facing government scrutiny, are now turning on one another as an international investigation into the manipulation of interest rates gains momentum."

Annie's take:

How the Libor is set has been only vaguely understood outside professional banking circles. Before regulators are done, all of us will understand more than we ever wanted to about this rate. This article examines the scramble among banks to cover their own activities.

8/4/2012
Silicon Valley Sounds Off on Failed Cybersecurity Legislation

"A cybersecurity bill that would have set security standards for the computer networks that govern the nation’s critical infrastructure was blocked by a Republican filibuster in the Senate on Thursday. "

Annie's take:

Here's a clearer look at what challenges companies are facing from cyberterrorists. This discussion makes even clearer how lobbyists have muddied the waters around these issues.

8/3/2012
Readers Debate Trade-Offs Between Security and Civil Liberties

"Does more liberty necessarily mean less security, and vice versa? "

Annie's take:

Many of us who work on critical infrastructure issues know that the tension in the discussion(s) comes down quite often a debate about whether it is better to maintain all civil liberties or to be safe. It's never quite that simple, though, as you can see from the readers who are quoted in this article.

8/2/2012
Aging power grid on overload as U.S. demands more electricity

"They began to bend in the roaring wind, then their steel girders snapped like twigs, the towers toppled and the lights went out."

Annie's take:

Most of the issues at stake in considering improvements to a shaky power grid are outlined in this article, including the cost. What's new is that the costs of such outages can now, in some cases, be quantified. With drought conditions this summer in so much of the country, it's likely that we'll see more attention paid to the issues at stake.

8/1/2012
Cybersecurity at Risk

"Relentless assaults on America’s computer networks by China and other foreign governments, hackers and criminals have created an urgent need for safeguards to protect these vital systems. "

Annie's take:

As the editorial points out, not all businesses oppose this bill -- in particular, those businesses whose services extend outside this country need it. Though the bill has been significantly watered down, we agree that it should be enacted.

7/31/2012
Community-Based Program Prepares Californians for a Disaster

"In April 2011, the American Red Cross announced a multiyear initiative designed to improve the disaster readiness of more than 50 communities throughout central and Northern California."

Annie's take:

This is an amazing step forward in community preparedness, one of the last priorities for those who think "it could never happen here" or "it could not happen to me."

7/30/2012
Risk monitoring is not yet being widely embraced

"A new Deloitte and Forbes Insights survey has found that fewer than 25 percent of executives report that their organizations continuously monitor risk."

Annie's take:

The results of this survey should be surprising, but they are not.

7/27/2012
Rise Is Seen in Cyberattacks Targeting U.S. Infrastructure

"The top American military official responsible for defending the United States against cyberattacks said Thursday that there had been a 17-fold increase in computer attacks on American infrastructure between 2009 and 2011, initiated by criminal gangs, hackers and other nations."

Annie's take:

No one much likes discussing the vulnerabilities of our critical infrastructure, but General Alexander has done a good job here of outlining the problem we face.

7/26/2012
Weill Calls for Splitting Up Big Banks

"In politics, it is called flip-flopping. In banking, it is called postcrisis regrets. "

Annie's take:

Both Weill and his counterpart at Citigroup at that time now feel that some version of Glass Siegall should be reenacted. I think they are right.

7/25/2012
New York Fed Faces Questions Over Policing Wall Street
"As the Federal Reserve Bank of New York faced criticism for missing a multibillion-dollar trading loss at JPMorgan Chase, the regulator convened a town hall meeting in May to bolster employee morale."
Annie's take:

Another look inside the world of regulation. Meanwhile Treasury Secretary and former head of the New York Fed Timothy Geithner testified in front of Congress on what he and others new in 2008 about price fixing around the libor.

7/23/2012
Reflections on "The Lost Bank"

Searle reviews the new book about the collapse of Washington Mutual Bank -- the largest bank failure in American history.

Annie's take:

Here is a review of the book. Readers may also be interested to go to www.riskuniverse.com and look over the entire excellent magazine, and sign up for a 3 month no cost subscription.

7/19/2012
The Federal Reserve and the Libor Scandal

"On June 1, 2008, Timothy F. Geithner – then president of the Federal Reserve Bank of New York – sent an e-mail to Mervyn A. King and Paul Tucker, then respectively governor and executive director of markets at the Bank of England "

Annie's take:

Johnson's blog questions the relationships among regulators, in this case between the Federal Reserve and the British banking system. It is hard to know at this point just how confidence in the global banking system can be increased.

7/18/2012
Tricky lessons for the players in Liborgate

"What can shareholders and regulators reasonably expect of boards and non-executive directors of large, complex financial institutions? "

Annie's take:

A thoughtful piece that certainly applies to more than the libor issues....worth considering against all the fines and hearings being levied on the financial sector at this time.

7/17/2012
The Longbrake Letter July 2012

"Nothing particularly dramatic occurred in June...for better or worse."

Annie's take:

So begins Bill Longbrake's most recent economic forecast, just as Ben Bernanke delivers a similar message on Capitol Hill this morning. Longbrake's entire analysis is worth reading.

7/16/2012
Focus Shifts to Regulators in British Inquiry on Rate-Fixing

British regulators will face further scrutiny for their role in a rate-manipulation scandal when top officials at the Financial Services Authority testify on Monday before Parliament.

Annie's take:

I'm not sure everyone understands how interconnected the U.S. financial system is with other parts of the globe. Though the inquiry is being conducted in England, its ripple effects will be felt here: banks that do business internationally are affected.

7/13/2012
Yahoo Breach Extends Beyond Yahoo to Gmail, Hotmail, AOL Users

"Another month, another major security breach."

Annie's take:

Such massive breaches remind us to change our passwords frequently, and not to use the same password for all our logins.

7/12/2012
Regulators’ Shake-Up Seen as Missed Bid to Police JPMorgan

"After the financial crisis, regulators vowed to overhaul supervision of the nation’s largest banks. "

Annie's take:

The publication of this story a day before JPMorgan Chase reports quarterly results will put CEO Jamie Dimon in the position of having to take questions on the bank's willingness to provide information to its regulators.

7/11/2012
The Spreading Scourge of Corporate Corruption

"Perhaps the most surprising aspect of the Libor scandal is how familiar it seems. "

Annie's take:

This article nicely compliments a discussion yesterday on Warren Ulney's NPR program in which four or so financial writers commented upon what it would take -- more regulation or self-policing or a different set of incentives -- for bankers and other professionals to do the right thing.

7/10/2012
Bank Scandal Turns Spotlight to Regulators

"As big banks face the fallout from a global investigation into interest rate manipulation, American and British lawmakers are scrutinizing regulators who failed to take action that might have prevented years of illegal activity."

Annie's take:

Looks like a case of the pot calling the kettle black. One thing is for sure: there are large liability issues looming for all banks who participated in libor reporting.

7/9/2012
No signs of trouble from 'Internet Doomsday' virus

"Fears that a computer virus might cut Internet access around the world appeared to be overblown  Monday after U.S. authorities removed a safety net that had protected infected machines for months."

Annie's take:

Better to have "overblown fears" than 42,000 users unable to get to the Internet.

7/6/2012
What the ‘Internet doomsday’ virus is and how to fix it

"Thousands could lose access to the Internet on July 9 due to a virus, DNSChanger, that once infected approximately 4 million computers across the world."

Annie's take:

Even if you regularly scan your computer for viruses or other forms of malware, you should probably also run this DNS check before Monday, July 9.

7/5/2012
Barclays’ Ex-Chief Spreads the Blame in Rate-Rigging Scandal

Robert E. Diamond Jr., the former chief executive of Barclays, told a British parliamentary committee on Wednesday that the manipulation of global interest rate benchmarks involving 14 traders at the bank had made him “physically sick.”

Annie's take:

The Barclays scandal was further amplified yesterday by the testimony of it its former CEO.

7/4/2012
Utilities Struggle to Restore Power in East

"Utility crews struggled to catch up with a backlog of millions of people without electricity for a fourth hot day Tuesday as frustration grew and authorities feared the toll of 23 deaths could rise because of stifling conditions and generator fumes."

Annie's take:

There's nothing pretty about cleanup efforts after devasting natural disasters, whether it's wildfires in the West or ongoing power outages in the East.

7/3/2012
Barclays CEO Robert Diamond Resigns

"The chief executive of Barclays BARC.LN +1.67% PLC, Robert Diamond, resigned Tuesday amid intense political and investor pressure from the British bank's involvement in rigging an important interest-rate benchmark—and another senior executive appeared close to following him out the door."

Annie's take:

Here's the first large decision from the Barclays board, with more certainly to come.

7/2/2012
Shaming the banks into better ways
"The Barclays affair may lack the spice of some recent banking scandals, involving as it does the rather dry “crime” of misreporting interest rates."
Annie's take:

It's difficult to be proud of the banking profession these days. Here's an editorial in the Financial Times that gives you a couple of reasons why.

6/29/2012
Social media and incident management: making things easier

"Social media tools such as Twitter and Facebook are rapidly gaining acceptance as useful tools in the armoury of the incident manager".

Annie's take:

I learned a lot reading this article, which describes various tools available for incident managers (or the rest of us) to monitor breaking news on platforms like Twitter.

6/28/2012
JPMorgan Trading Loss May Reach $9 Billion

"Losses on JPMorgan Chase’s bungled trade could total as much as $9 billion, far exceeding earlier public estimates, according to people who have been briefed on the situation."

Annie's take:

Jamie Dimon has moved his strongest managers in to work through what went wrong in the Chief Investment Office and to unwind the rest of the position. He's been in worse spots before -- I'm just finishing "Last Man Standing" -- and I'm betting Chase will come through this a stronger company.

6/27/2012
FTC sues Wyndham Hotels over hacker breaches

"Lax corporate security allowed hackers to steal credit card and other personal information from more than 600,000 customers of Wyndham Worldwide hotels, resulting in at least $10.6 million in fraudulent charges, the Federal Trade Commission alleged in a lawsuit Tuesday."

Annie's take:

I've just made a note not to stay in Wyndham Hotels. This is a massive number of breaches for any one institution to have over an extended period of time.

6/26/2012
Heat-Driven Wildfires Continue to Consume the West

"Already choking through one of the worst wildfire seasons in recent memory, Colorado found itself dealing with a new series of blazes this week, driven by a relentless heat wave that has threatened to further fan the flames."

Annie's take:

The state of Colorado has been punished by wildfires for at least a month, and they appear to be increasing now. Experts say they have arrived a month early, which leads one to wonder what the months of July and August will look like.

6/25/2012
Lessons Learned From The Social Media Tabletop Exercise

"Today, within minutes of a disaster, the public begins to self-manage response via Facebook, Twitter, Open Street Map, and other social media systems."

Annie's take:

From the report, this looks to have been a terrific exercise. I especially like the recommendations in the article.

6/22/2012
Moody’s Cuts Credit Ratings of 15 Big Banks

"Already grappling with weak profits and global economic turmoil, 15 major banks were hit with credit downgrades on Thursday that could do more damage to their bottom lines and further unsettle equity markets."

Annie's take:

It remains to be seen just how impactful this downgrade will be.

6/21/2012
EBay Plans Data Center That Will Run on Alternative Energy Fuel Cells

"EBay plans to build a data center to handle its billions of dollars in retail transactions that will draw its power from alternative energy fuel cells rather than the national power grid, which is heavily dependent on coal plants."

Annie's take:

Hats off to EBay!

6/20/2012
Dimon, Testifying Before House, Stays on Message

"Jamie Dimon, the chief executive of JPMorgan Chase, tussled with lawmakers on Tuesday in his second showdown in Washington since JPMorgan, the nation’s largest bank, disclosed a multibillion-dollar trading loss."

Annie's take:

Now that Jamie Dimon has completed testimony in front of both the House of Representatives and the Senate, regulators will once again attempt to fine tune both Dodd-Frank and the Volcker Rule. Though the questions were tougher yesterday for Dimon, the fact remains that JPMorgan Chase has a well-oiled lobbying machine in place.

6/19/2012
Public Cloud or Private? Banks Map a Path Towards Both

"Most banks know about the cloud, and many have even started to develop limited private clouds, leveraging the massive computing power of their internal data centers."

Annie's take:

An inside look at how two large banks are slowly evolving their cloud strategies.

6/18/2012
Anthrax alert system at risk as cost estimate hits $5.7 billion

"Funding for BioWatch, an early warning system to detect deadly pathogens in 30 U.S. cities, may be in jeopardy after cost estimates surged to $5.7 billion, six times the initial assessment."

Annie's take:

The costs seemed to have escalated rapidly over the past several years. Is this still a good investment in risk management?

6/15/2012
Choosing a successful crisis management team leader

"Your organization has spent considerable resources preparing for disruptive events, and now a crisis is looming."

Annie's take:

It's not easy to pick out the essential characteristics of members of a crisis managment team, or even of the team leader. I like this summary of characteristics. For another view, see my own article on parallel topics in Continuity Insights.

6/14/2012
Real-Time Public Health Data Improves Situational Awareness

"When an ice storm hit Austin, Texas, in February 2011, Judy Henry decided it was time to provide real-time public health data to officials in the EOC. "

Annie's take:

The public health field continues to lead the way in situational awareness tools

6/13/2012
U.S. Penalizes Online Company in Sale of Personal Data

"The Federal Trade Commission assessed an $800,000 penalty on Tuesday against Spokeo, a data collector that the commission said violated federal law by compiling and selling people’s personal information for use by potential employers in screening job applicants."

Annie's take:

Background screenings are among the most complicated tools used by corporate recruiters. This case should set some precedent in the online arena.

6/12/2012
J.P. Morgan Knew of Risks

"Some top J.P. Morgan Chase JPM -0.02% & Co. executives and directors were alerted to risky practices by a team of London-based traders two years before that group's botched bets cost the bank more than $2 billion, according to people familiar with the situation."

Annie's take:

JPMorgan Chase CEO Jamie Dimon testifies in front of Congress tomorrow. This article, written by three of the Wall Street Journal's best reporters, will complicate his testimony. Chase leadership clearly did not execute well on advice and concurrence it had on strategy to reduce these large positions.

6/11/2012
JP Morgan Chase Example Suggests That We Hasten Regulatory Reform

"The month of May was the beginning of what the oil business would call “a big gusher.” "

Annie's take:

I have not asked for addional regulation, but rather to consider what is necessary. Regulatory reform might in fact reduce some of the current regulation.

6/8/2012
In a Trustee’s Report, Some Light on MF Global’s Actions

"If the collapse of the commodities brokerage firm MF Global were a murder mystery, the revelation that $1.6 billion of customer money had disappeared would be the equivalent of finding the corpse."

Annie's take:

Along with Floyd Norris' searing explanation and indictment of GAAP in his column this morning, this article shows why there is still so much to be cleaned up in the world of banking and finance.

6/7/2012
LinkedIn Was Breached. Now What Do You Do?

"Security researchers have confirmed that a file containing 6.5 million encoded LinkedIn passwords has been posted to a Russian hacker site."

Annie's take:

The answer to the question in the headline is simple: change your password now. And, as the article points out, no matter how convenient it may seem in our stressed world, don't use the same password across multiple sites.

6/6/2012
Google to alert users about state-sponsored cyberattacks

"Google said Tuesday that the company will alert its users when it thinks they may be the target of a state-sponsored cyberattack."

Annie's take:

There's no doubt that this is a big play, and probably an enormous service, being provided by Google. It's worth remembering, though, that in order to provide the service they have tools other companies can only dream of.

6/4/2012
Cyber search engine Shodan exposes industrial control systems to new risks

"It began as a hobby for a ­teenage computer programmer named John Matherly, who wondered how much he could learn about devices linked to the Internet. "

Annie's take:

Neither public nor private sector owners of infrastructure exposed by Shodan are going to be very happy about this article, but it is probably the only way that such critical infrastructure will become more secure.

6/1/2012
Corporate Culture as Ethical Firewall

"There are rarely yelling matches in business ethics."

Annie's take:

It's a pleasure to reprint this thought piece from former colleague James Meacham, who has been writing about business ethics for at least ten years.

5/31/2012
Researchers Find Clues in Malware

"Security experts have only begun examining the thousands of lines of code that make up Flame, an extensive, data-mining computer virus that has been designed to steal information from computers across the Middle East, but already digital clues point to its creators and capabilities."

Annie's take:

One hardly knows what to make of this careful story, that dances around the identification of the malware's creator.

5/30/2012
EU Proposes 'Banking Union'

"The 17 countries that use the euro should consider setting up a "banking union" that allows them to share the burden of bank failures, the European Union's executive arm said Wednesday in a report on the currency union's crisis-fighting efforts."

Annie's take:

Such proposals are harder to find agreement on when times are tough than when things are going well.

5/29/2012
Operational risk management is on the line

"Most of us spend our days with our heads down, on behalf of our employer or our client, dealing with one of the practice areas where the usual aberrations present themselves in the larger context of operational risk management (ORM)."

Annie's take:

I'm honored to have this piece published here. Continuity Central consistently provides content-rich and cutting edge thought pieces in security, business continuity and operational risk management.

5/25/2012
NOAA issues 2012 hurricane season forecasts

"NOAA has released its forecasts for the 2012 hurricane season. It currently predicts a near normal season in the Atlantic and Eastern Pacific areas and a below-normal season in the Central Pacific."

Annie's take:

This forecast offers some relatively positive news.

5/24/2012
OCC Needs to Speak Up About the JPMorgan Chase Mess

"Everyone in Washington is talking about JPMorgan Chase's botched hedge. Everyone, that is, but the federal regulators who actually know what's going on."

Annie's take:

When the industry's most prestigious trade journal writes a piece like this, you know that things may be going to get a lot worse before they get better.

5/23/2012
FDIC Says It Can Handle Failure of Giant Bank

"A top U.S. banking regulator said his agency could handle the failures of large, complex banks including J.P. Morgan Chase JPM -1.32% & Co., the nation's largest bank by assets, if they faltered and presented a risk to the broad financial system."

Annie's take:

For those of us who have direct experience of the FDIC's ability to handle the failure of a large bank, it's not at all clear that the business process management the FDIC can apply with smaller or regional banks will work with a large one, without large impacts to taxpayers.

5/22/2012
Rebuilding Joplin: Nonprofit Attacks the Hurdles of Long-Term Recovery

"It was a typically hectic weekend for Kate Massey with her son’s third birthday on Sunday, May 22, and the impending family party. Nothing seemed out of the ordinary that day as the family left for the party site, a bounce-house facility in Joplin, Mo."

Annie's take:

Having chaired a panel discussion with Joplin-area bankers last week at the EPCOR spring conference, I can attest to the fact that recovery is indeed proceeding in Joplin. Here's part of the remarkable story of that recovery.

5/21/2012
Discord at Key JPMorgan Unit Is Faulted in Loss

"Ever since JPMorgan Chase disclosed a multibillion-dollar trading loss this month, the central mystery has been how a bank known for its skill at risk management could err so badly."

Annie's take:

Almost all operational risk failures have at their heart an issue involving people and processes. This story that examines the cast of characters involved, together with an earlier one that indicated JPMorgan Chase was without a treasurer to oversee this unit for five months, reinforces the point.

5/18/2012
'An Extraordinary Thing': OCC's Curry Sees Operational Risk as Top Concern

"Operational risk has replaced credit risk as the major safety and soundness challenge for national banks, Comptroller Thomas Curry said at a speech in Washington on Wednesday."

Annie's take:

We're thrilled to have a major premise of our consulting practice confirmed by Thomas Curry, Comptroller of the Currency. That operational risk could exceed credit risk in the eyes of the regulators of financial safety and soundness, even while we are still slowly making our way out of the 2008 financial meltdown, is an indicator of how much instability we still have in this sector.

5/17/2012
White House Steps Up Push to Toughen Rules on Banks

"In the wake of losses at J.P. Morgan Chase JPM 0.00% & Co., the White House is seeking to ensure a tough interpretation of a regulation designed to prevent banks from making bets with their own money, according to people familiar with the matter"

Annie's take:

It is to be hoped that banking regulation will not become a political football this election season. Here's a preview, though, of how it's lining up.

5/16/2012
F.B.I. Inquiry Adds to JPMorgan’s Woes
"Investors and federal investigators turned up the heat on JPMorgan Chase on Tuesday, as shareholders called for pay givebacks from executives responsible for a stunning $2 billion trading loss and the Federal Bureau of Investigation opened a preliminary review of the debacle."
Annie's take:

Jamie Dimon hung on to both of his titles yesterday at the annual shareholders meeting, but those votes had been tallied before last week's announcement on the $2B loss. Stand by for more details as the story continues to unfold, and Dimon taps two of his heir apparents to help fix these issues.
5/15/2012
Red Flags Said to Go Unheeded by Bosses at JPMorgan
"In the years leading up to JPMorgan Chase’s $2 billion trading loss, risk managers and some senior investment bankers raised concerns that the bank was making increasingly large investments involving complex trades that were hard to understand."
Annie's take:

Though the unfolding story of the $2 billion in losses may have some elements of "pile on," this story indicates just how easy it is for something like this to happen when the chief executive is distracted with other fires that need to be put out. Most shocking (to me) is that the risk officer was simply replaced when he got in the way of the investment office. And, of courses, that the losses may be double what they are today.
5/14/2012
3 JPMorgan Chase execs may depart as CEO Jamie Dimon acknowledges ‘terrible, egregious mistake’ on trading

"The embarrassing losses at megabank JPMorgan Chase reverberated in Washington, Wall Street and on the campaign trail Sunday, with JPMorgan Chase chief executive Jamie Dimon acknowledging that the bank “made a terrible, egregious mistake” by dismissing worrisome signs earlier this year about the bank’s trading strategy."

Annie's take:

See my ASA newsletter column today for more examples of history-making losses like this one. This is not simply poor execution, it is also the failure of alarms or alerts in systems to throw up intelligible messages.

5/11/2012
Business continuity considerations for the Chicago NATO summit

"On 20 and 21 May 2012 Chicago will host a NATO summit. The North Atlantic Treaty Organization (NATO) will have representatives from approximately 70 nations attending the summit. Known as a National Special Security Event (NSSE) by the US Secret Service, Federal Bureau of Investigation (FBI) and Federal Emergency Management Agency (FEMA); the NATO summit will require coordination of a large array of public sector resources."

Annie's take:

An exhaustive set of checklists around large events where chaos may ensue.

5/9/2012
Homeland Security Investigates Cyber Attacks on Gas Pipelines, NGI Reports

"There has been an "active series" of cyber attacks on natural gas pipeline companies' computer networks over the past four months, according to the Department of Homeland Security (DHS)."

Annie's take:

We've known for years that there are gaping holes in the security infrastructure of the energy sector. Let's hope this marks the beginning of a new public-private partnership.

5/8/2012
Industry Perspective: The Importance of Public-Private Partnerships

"Hurricane Katrina changed everything in emergency management, especially the private sector’s role in disaster response."

Annie's take:

Many of us in the business know how Wal-Mart stepped up during Hurricane Katrina, but here's a way to put into perspective that effort and those that the writer argues have grown since that time.

5/7/2012
Have you tested your strategy lately?

"Ten timeless tests can help you kick the tires on your strategy, and kick up the level of strategic dialogue throughout your company."

Annie's take:

This is a 2011 article from McKinsey Quarterly, but extremely relevant today.

5/4/2012
Big Google Is Watching You

"One way or another Google has a problem."

Annie's take:

An incisive piece from Richard Levick, where he also places Google's evolution in the context of how companies grow -- very much worth reading.

5/3/2012
Progress Is Seen in Advancing a Final Volcker Rule

"A major new rule that has drawn the ire of Wall Street is on track for completion sooner than some bankers had expected, dashing the hopes of financial industry lobbyists, who have pressed for a delay."

Annie's take:

It appears that the financial sector has not been able to slow down the July deadline for regulators to have completed writing a final version of the Volcker Rule, despite a meeting yesterday at the Federal Reserve in New York.

5/2/2012
New thinking for new media

"Business continuity managers have traditionally seen the media as something of a threat; but a different approach can bring big benefits."

Annie's take:

This refreshing article, written by one of our own, echoes themes strick in Richard Levick's work as well as my own. In particular, see Levick's "The Communicators: Leadership in the Age of Crisis."

5/1/2012
Could Early, High-Risk Weather Warnings be on the Rise?

"The series of tornadoes that killed at least six in Oklahoma and raised havoc in other parts of the Central Plains April 14-15 was preceded by a rare early, high-risk warning."

Annie's take:

There's no doubt that earlier weather warnings save lives and allow for some preparation time.

4/30/2012
Security Experts Warn of Cyber Threats From Iran

"Cyber experts press for greater efforts on the part of civilian and military agencies to address threats from Iran, warning a joint House subcommittee that the Islamic Republic continues to expand its cyber arsenal."

Annie's take:

In the race to pass cyber legislation, Congress is hearing from a range of experts.

4/27/2012
House Votes to Approve Disputed Hacking Bill

"Defying a veto threat from President Obama, the House on Thursday passed a bill that encourages intelligence agencies and businesses to share information about threats to computer systems, including attacks on American Web sites by hackers in China and other countries."

Annie's take:

Enacting a bad piece of legislation does nothing to avert cyberthreats, especially since all information sharing from the private sector is voluntary.

4/26/2012
Who is Threatening the Security of Your Network?

"The myriad threats to public, private and U.S. government networks is getting a ton of attention in Washington, D.C., this week as the House gets ready to debate yet another cybersecurity bill."

Annie's take:

Here's a bit of an update on the cybersecurity discussion and debate going on in Congress this week, including a pretty comprehensive list of how companies are targeted.

4/25/2012
Source's Cover Blown by SEC

"Federal securities regulators, in a sensitive breach, inadvertently revealed the identity of a whistleblower during a probe of a firm that ran a stock trading platform."

Annie's take:

Though the SEC has worked hard to incentivize whistleblowers, especially because of the complexity of transactional platforms, this gaff will set the program back significantly.

4/24/2012
61% of IT Security Professionals Are Concerned About Attacks From Anonymous and Hacktivists

"Concerns over hacktivism and targeted state-sponsored attacks are at the top of security professionals’ minds according to a new survey and research report sponsored by Bit9. The 2012 Cyber Security Survey of nearly 2,000 IT security experts set out to gauge the current state of enterprise security and identify the attack methods and cybercrimal groups that keep IT executives up at night."

Annie's take:

Here's the full survey that over 2,000 information security professionals took, as well as the results of the survey.

4/23/2012
Data protection lessons not being learned

"A survey conducted by Varonis has found that 70 percent of organizations storing third party data are not ‘very confident’ that the sensitive data stored within their organization is protected."

Annie's take:

This new study by Varonis is yet another indicator that data is at high risk in many enterprises, not to mention in small and mid-sized businesses.

4/20/2012
Two years after BP oil spill, offshore drilling still poses risks

"Two years after a blowout on BP’s Macondo well killed 11 men and triggered the largest oil spill in U.S. history, oil companies are again plying the waters of the Gulf of Mexico."

Annie's take:

Here's where things stand in the Gulf two years later. People, whether workers or regulators, are often still at the center of operational risk failures. There's also a editorial today on this topic in the New York Times worth reading.

4/19/2012
Risk Management Makeover

"It's little wonder risk managers are accustomed to remaining behind the scenes. One need only look to Congress grilling Enron's former risk manager about his role -- or lack thereof -- in the company's out-of-control corruption to see that the spotlight can quickly become uncomfortable when it is pointed at risk management."

Annie's take:

The times, they are a changin'. I seem to be one of the few pessimists in this interview.

4/18/2012
Consumers Have Concerns About Mobile Banking Security, Survey Finds

"Roughly one of every five Americans used their mobile phone for some sort of banking activity last year, and about the same proportion say they will probably use mobile banking in the future, a recent survey from the Federal Reserve found."

Annie's take:

Are we surprised by the results of this survey?

I must confess that I am, especially since I regularly find myself warning people that there is still risk around mobile platforms like banking.

4/17/2012
Iraq Emerges From Isolation as Telecommunications Hub

"Iraq, cut off from decades of technological progress because of dictatorship, sanctions and wars, recently took a big step out of isolation and into the digital world when its telecommunications system was linked to a vast new undersea cable system serving the Gulf countries."

Annie's take:

One hardly knows what to make of this new development, especially since it's been characterized as risk management. Iraq will now be a series player in both the energy and telecommunications sectors.

4/16/2012
100 Tornadoes in 24 Hours, but Plenty of Notice

"The tornadoes were unrelenting — more than 100 in 24 hours over a stretch of the Plains states. They tossed vehicles and ripped through homes. They drove families to their basements and whipped debris across small towns throughout the Midwest. In some areas, baseball-size hail rained from the sky."

Annie's take:

Though the property destruction from tornadoes over the weekend was heavy, the number of lives lost were significantly reduced becasuse of the revised alerting system now being tested. I expect to learn a lot more about tornadoes as I prepare to lead discussions in May and October at EPCOR on lessons learned from the 2011 Joplin tornado.

4/13/2012
Facebook Offers More Disclosure to Users

"Facebook, seeking to address concerns about the personal information it collects on its users, said Thursday that it would provide any user with more about the data it tracks and stores. "

Annie's take:

As it readies itself to go public, Facebook has been trying to conform to European data privacy laws as well as requests in this country for a greater level of transparency on the data it collects about its users. See the comment in the article that there are 80+ categories that Facebook collects data in, and that it is proposing to share only half of those categories in its new offer.

4/12/2012
Crisis Communications 2012: Social Media & Notification Systems

"Continuity Insights’ first in-depth survey for 2012 looks at the growing use of social media as a crisis communication tool. Respondents from over 250 organizations were asked to provide data about their organization’s social media accounts and usage, which was then used to indicate the reach and target audience — key factors when using social media in a crisis."

Annie's take:

The results of this survey are disappointing but not surprising. There is still significant resistance to the use of social media tools around emergency management. For one of the most interesting blogs by those actively using the tools see a site used by roughtly 1700 emergency managers, to be found at http://idisaster.wordpress.com/.

4/11/2012
Nerves Are Rattled After Bomb Threats at Pitt

"Dozens of bomb threats at the University of Pittsburgh since mid-February have disrupted classes and dormitory life and prompted some students to find housing off campus just weeks before the semester ends."

Annie's take:

By virtue of its nature, a university campus is wide open. In the last several years, we've seen incidents at Virginia Tech and, more recently in Oakland, where shooters were able to take advantage of that openness. At Pitt, the sheer volume of the bomb threats is enough to disrupt campus life for teachers, students and campus police. The New York City slogan, "If you see something, say something" might be a good tool to use to identify the disruptors.

4/10/2012
Pentagon to fast-track cyberweapons acquisition

"The Pentagon is planning to dramatically speed up the development of new cyberweapons, giving it the ability in some cases to field weapons against specific targets in a matter of days, according to a new Pentagon report to Congress."

Annie's take:

This is an interesting new development. It would have been helpful to have an example of what a cyberweapon might be.

4/9/2012
Selling You on Facebook

"Many popular Facebook apps are obtaining sensitive information about users—and users' friends—so don't be surprised if details about your religious, political and even sexual preferences start popping up in unexpected places."

Annie's take:

If you wish to keep details of your preferences and your personal life as private as it is possible to do with social media, then don't subscribe to third party applications available with Facebook. And double check your privacy settings at least once a month to be sure that the security choices you have made are still current.

4/6/2012
Cyber-Criminals Change Tactics as Network Security Improves

"IBM in its X-Force security report for 2011 said security efforts have cut spam and improved vulnerability patching, but attackers are now targeting mobile devices and the cloud."

Annie's take:

This is a good summary of the IBM report, and highlights the need for information security professionals to establish the protections on their data before they move it to the cloud.

4/5/2012
New Bill Lets Gov't Collect All Your Private Cyber Info

"The Cyber Intelligence Sharing and Protection Act (CISPA) is getting a lot of bipartisan support, but in reality it’s a nightmare that makes SOPA look practically benign in comparison. "

Annie's take:

Here's one professional security person's take on a bill pending in Congress, along with links to some additional information you may want to review.

4/4/2012
DHS Budget Trends Jeopardize Partnerships and Collaboration

"Jim Mullen likely won’t drown in the emergency management bloodbath that is the U.S. Department of Homeland Security (DHS) budget, but he may have a hard time staying afloat."

Annie's take:

Impacts to Washington State's emergency management program are discussed first in this quite depressing article.

4/3/2012
How China Steals Our Secrets

"For the last two months, senior government officials and private-sector experts have paraded before Congress and described in alarming terms a silent threat: cyberattacks carried out by foreign governments."

Annie's take:

Richard Clarke, former presidential adviser, has written several books that cover this important topic. Here he critiques the forms of congressional legislation pending as really not dealing at all with problems like Chinese cyber threats.

4/2/2012
In Person: Bubble-spotter Shiller says consumers need more protection

"In the course of his four-decade career, Yale economist Robert Shiller has seen enough financial folly to make anyone cynical. Instead, he thinks the industry can and should be reformed to serve ordinary people, not just the superrich."

Annie's take:

This is a terrific interview with economist Robert Shiller that covers a lot of ground, including current legislation moving into law.

3/30/2012
Conflict Over How Open ‘Do Not Track’ Talks Will Be

"Technology companies want to talk with the government about protecting privacy on the Internet. They just want those talks to be private."

Annie's take:

There are many moving pieces to consumer privacy efforts, and "do not track" is one of them. Here's an update on where things stand.

3/29/2012
New U.S. Research Will Aim at Flood of Digital Data

"The federal government is beginning a major research initiative in big data computing. The effort, which will be announced on Thursday, involves several government agencies and departments, and commitments for the programs total $200 million."

Annie's take:

It is good to see the public sector stepping up to the challenges around big data, particularly where science and technology are concerned.

3/28/2012
U.S. Outgunned in Hacker War

"The Federal Bureau of Investigation's top cyber cop offered a grim appraisal of the nation's efforts to keep computer hackers from plundering corporate data networks: "We're not winning," he said."

Annie's take:

We already understand that we have a large problem in this country with hackers. Here's some additional detail along with more information on the bills pending in Congress.

3/27/2012
U.S. Agency Seeks Tougher Consumer Privacy Rules

"The government’s chief consumer protection agency said on Monday that it intended to take direct aim at the vast industry that has grown up around the buying and selling of information about American consumers."

Annie's take:

Even in an election year, this is one piece of legislation that may just move forward. There is broad agreement that data collection around consumer information needs more protection.

3/26/2012
U.N. Official Calls for 'Drastic' Reform of Financial System

"The international financial system requires "drastic" reform if future crises are to be avoided, including more regional initiatives to tackle misaligned exchange rates and the wider use of capital controls, the head of a United Nations agency said."

Annie's take:

As far as I can recall, here is the first real call for global financial reform.

3/23/2012
New counterterrorism guidelines permit data on U.S. citizens to be held longer

"The Obama administration has approved guidelines that allow counterterrorism officials to lengthen the period of time they retain information about U.S. residents, even if they have no known connection to terrorism."

Annie's take:

These guidelines have evidently been in effect for over a year already without being formalized. What do you think?

3/22/2012
On Wall St., Keeping a Tight Rein on Twitter

“Next stop Dow 57,757? Don’t count on it but Tuesday’s bullish session is in the books.”

Annie's take:

Social media -- and Twitter in particular -- have the potential to influence and drive change. This article discusses some of the consequences to employers who work in a regulated environment when their employees use Twitter.

3/21/2012
Worry About the Hackers You Don't See

"No one who has seen it forgets the "Twilight Zone" episode about a town in Ohio that lives in terror of a 6-year-old born with godlike powers."

Annie's take:

Glorification comes in many forms.

3/20/2012
Survey finds that small businesses ignore risks of data protection on mobile devices

"Mozy has released the results of a data protection survey which was produced by Mozy and independent market research firm Compass Partners. This found that an increasing number of professionals (80 percent) work remotely and rely on personal devices such as smartphones (63 percent), iPads (30 percent) and laptops (80 percent) to access company data."

Annie's take:

Mozy's survey is useful for a number of reasons. Though small businesses are the focus of the survey, I would guess the same level of carelessness applies to users from large businesses who are working remotely. Even so, the numbers warrant some training around this issue.

3/19/2012
U.S. accelerating cyberweapon research

"The Pentagon is accelerating efforts to develop a new generation of cyberweapons capable of disrupting enemy military networks even when those networks are not connected to the Internet, according to current and former U.S. officials."

Annie's take:

It appears that funds and focus are now being applied to the area of cyberweapons, years after Richard Clarke's book "Against All Enemies," which set out to explain just how far behind we are.

3/16/2012
Google in New Privacy Probes

"Regulators in the U.S. and European Union are investigating Google Inc. GOOG +0.83% for bypassing the privacy settings of millions of users of Apple Inc.'s AAPL -0.69% Safari Web browser, according to people familiar with the investigations. Google stopped the practice last month after being contacted by The Wall Street Journal."

Annie's take:

For more background on Google's privacy challenges, see Andrew Hansen's research note in our March ASA newsletter. This appears to be one of the few instances where both U.S. and European regulators are on the same page.

3/15/2012
Public Rebuke of Culture at Goldman Opens Debate

"Until early Wednesday morning, Greg Smith was a largely anonymous 33-year-old midlevel executive at Goldman Sachs in London."

Annie's take:

For those who did not read the opinion piece in the New York TImes yesterday by former Goldman Sachs executive director Greg Smith, here's an update as well as early reaction to the piece.

3/14/2012
New Interest in Hacking as Threat to Security

"During the five-month period between October and February, there were 86 reported attacks on computer systems in the United States that control critical infrastructure, factories and databases, according to the Department of Homeland Security, compared with 11 over the same period a year ago."

Annie's take:

The gaps in security controls around critical infrastructure is becoming the focus of media and of Congress, with legislation of several types being introduced. We'll keep tracking this isue.

3/13/2012
Asleep at the Controls

A searing indictment of the Nuclear Regulatory Commission, especially in light of the failures in Japan a year ago. We all need to pay attention to whether or not anything changes going forward.

Annie's take:

The Nuclear Regulatory Commission has a job to perform in this country as well as around the world. This column indicates that a higher level of practice and service is required.

3/9/2012
February’s major disasters

"Impact Forecasting, a division of Aon Benfield, has published its monthly summary of major disasters around the world."

Annie's take:

There's nothing like a report like this to put the last month into perspective. We tend to focus on the disasters that we hear most about. Look at all those of which we were only vaguely aware.

 

3/8/2012
Solar storms ramp up, take aim at Earth

"Since Sunday, the sun has launched a barrage of flares, particle radiation and blobs of plasma that have disrupted some radio communications and forced airlines to reroute northern flights."

Annie's take:

We don't often manage risk around magnetic fields, but here we are again in less than six months. The disruptions, if any, will probably be felt only in discrete instances. But it's a good reminder that the world is larger than the single places we inhabit.

3/7/2012
The Inner-Workings Of A Radiological Response Plan

"Last year’s earthquake, tsunami and subsequent partial meltdown of two reactors at the Fukushima Dai-ichi nuclear plant presented numerous challenges for U.S. organizations with employees, facilities or critical suppliers in Japan."

Annie's take:

This is an article well worth saving. In it, Goodyear shares with us the risk based approach they took to putting together plans for event management around a nuclear disaster.

3/6/2012
RSA 2012: FBI Chief Touts Partnerships in Cybercrime Fight

"FBI Director Robert S. Mueller believes public-private collaboration is crucial to protect America from cyberattacks — a threat he thinks could become bigger than terrorism itself."

Annie's take:

Of all the government agencies that spend time on Internet-related issues, the FBI has turned out to be one of the most vital partners to the private sector.

3/5/2012
The Mission Risk Diagnostic Method

"Although most programs and organizations use risk management when developing and operating software-reliant systems, preventable failures continue to occur at an alarming rate."

Annie's take:

This new Carnegie Mellon paper takes us further down the road to understanding how to identify and mitigate operational risk.

3/2/2012
Google’s New Privacy Policy: What to Do

"Google started its unified privacy policy on Thursday.

The company has been telling users of its services — search, YouTube, Gmail, Google Maps and Google Docs, among others — that information it collects about users will be compiled in a single dossier for its use."

Annie's take:

For those who meant to do this before Google's new privacy policy went into effect in the United States yesterday, here are the steps you need to take.

2/29/2012
France Says Google Privacy Plan Likely Violates European Law
"The French data protection authority said on Tuesday that Google’s new privacy policy appeared to violate European Union law."
Annie's take:

This is not a large surprise, and will probably not affect the implementation of Google's new privacy policy in the United States. For those who have not already done so, you may wish to consider going into your google settings and removing your browser history.
2/28/2012
A Peek Into the Future of Emergency Management Solutions
"John Degory has served as Knowledge Center’s chief operating officer for the past seven years."
Annie's take:

I finished an article last evening for Continuity Solutions on understanding crisis management. Here's a related interview that Eric did that gives us another kind of look at crisis management.
2/27/2012
Opt-Out Provision Would Halt Some, but Not All, Web Tracking

"Last Thursday federal regulators, members of advertising trade groups and technology companies gathered in Washington to announce new initiatives to protect consumers’ privacy online."

Annie's take:

As the story says, privacy is in the eye of the beholder. This is a never-ending story.

2/24/2012
FAQ: What’s in the ‘Privacy Bill of Rights?’

"The Obama administration announced what it calls its “Privacy Bill of Rights” Thursday, a long-awaited framework suggesting how companies should protect consumer information online."

Annie's take:

It's worth comparing the various congressional bills, the White House proposal, and the voluntary "do not track" offer from major web firms. It's your data that is at stake here.

2/23/2012
Web Firms to Adopt 'No Track' Button

"A coalition of Internet giants including Google Inc. has agreed to support a do-not-track button to be embedded in most Web browsers—a move that the industry had been resisting for more than a year."

Annie's take:

We'll have to wait for more details, but this does look like a large step forward -- and could, presumably, be applied globally so as to satisfy stricter European privacy laws as well.

2/22/2012
Google to Sell Heads-Up Display Glasses by Year’s End

"People who constantly reach into a pocket to check a smartphone for bits of information will soon have another option: a pair of Google-made glasses that will be able to stream information to the wearer’s eyeballs in real time."

Annie's take:

Every once in awhile, I like to pick out an article that makes me laugh out loud for review. Do we really need more data flowing to our eyeballs? I do understand that is a question not unlike "Do we really need a tablet to do our work?"

2/21/2012
Initial Reviews of 2013 Homeland Security Budget Request are Mixed

"The release this week of the U.S. Department of Homeland Security (DHS) fiscal year 2013 budget request and related documents has elicited praise and criticism as one would expect."

Annie's take:

Is two years long enough for a DHS grant to make progress and lasting change in a region? That is the question.

2/20/2012
Japan quake studies suggest harder jolt to NW possible

"Studies of last year's giant Tohoku earthquake and tsunami in Japan suggest that shaking from a Cascadia megaquake could be stronger than expected along the coasts of Washington, Oregon and British Columbia, researchers reported Sunday at the annual meeting of the American Association for the Advancement of Science."

Annie's take:

The amount of time that has passed since the Tohuku Earthquake and tsunami in Japan has allowed scientists to gather even more data on assumptions; and to apply those assumptions to the Cascadia subduction zone in the Pacific Northwest. This information should be read against what research information ASA had when Andrew wrote his research note this month on Pacific Northwest Earthquake Risk. That note can be found on the ASA website in the "Research" section.

2/17/2012
Google's iPhone Tracking

"Google Inc. and other advertising companies have been bypassing the privacy settings of millions of people using Apple Inc.'s Web browser on their iPhones and computers—tracking the Web-browsing habits of people who intended for that kind of monitoring to be blocked."

Annie's take:

Google had announced March 1 as the date it would implement its sweeping new privacy policy. It looks as if that date and the policy itself may be subject to additional scrutiny based upon this discovery by the Wall Street Journal.

2/16/2012
Mobile Apps Take Data Without Permission

"The address book in smartphones — where some of the user’s most personal data is carried — is free for app developers to take at will, often without the phone owner’s knowledge."

Annie's take:

We are certainly learning a lot about privacy in recent days.

2/15/2012
Flaw Found in an Online Encryption Method

"A team of European and American mathematicians and cryptographers have discovered an unexpected weakness in the encryption system widely used worldwide for online shopping, banking, e-mail and other Internet services intended to remain private and secure."

Annie's take:

It's hard to know this early just what the implications of this discovery are, or how one would argue that their transaction was not adequately protected on the Internet.

2/14/2012
Was 2011 the Costliest Year for Emergencies?

"For those in emergency management, the last calendar year was an unusually busy and costly one."

Annie's take:

Here is what is probably the most accurate list of costs associated with 2011 disasters. What should we be prepared for in 2012?

2/13/2012
How To Identify & Update Dinosaur Processes & Technologies In Your Organization

"As a long-time business continuity professional and self-professed “disaster geek,” I’m intrigued by the way documentaries on the Discovery and History channels often tie into business continuity ideas."

Annie's take:

It's amazing how many of these dinosaur processes and platforms are still present in large companies. In this article, Jennie Clinton presents a methodology for moving forward with them.

2/10/2012
6 Tips to Conquer Facebook Timeline

"Facebook's new profile design, which it calls Timeline, has received mixed reviews from its users: Some like it for the more graphic interface while others prefer the old, streamlined design."

Annie's take:

This slideshow takes you through the basics of fixing the new Facebook Timeline. For me, it's easiest to turn off any interface with outside applications and to lock all my settings to "friends only." Others may wish to take more time to remove old posts that they now regret.

2/9/2012
Security Bills Bruised by Lingering Fight

"The ghosts of two doomed antipiracy bills hang over a new and unrelated issue on Capitol Hill: proposed legislation to help secure the nation’s nuclear plants, water systems and other essential infrastructure from hackers and terrorists."

Annie's take:

One would wish for a more enlightened Congress.

2/8/2012
Intelligence-Based Business Continuity

"There are two opposing approaches to social networking within the business continuity community. One approach advocates embracing social networking in business continuity, while the other stresses the tremendous risks associated with corporate mismanagement of social networking."

Annie's take:

There are dozens of articles appearing recently on the use of social media with emergency management. Here's the first of a multi-part article from Continuity Insights magazine that is worth reprinting.

2/7/2012
FEMA Administrator Craig Fugate Shares 3 Lessons from 2011

"2011 was a memorable year for those of us in the emergency management field — and for the many Americans impacted by disasters."

Annie's take:

There's not much to add to what Craig Fugate says here, except to commend him for his inclusion of the whole community in recovery efforts after disasters.

2/6/2012
Facebook Is Using You

"Last week, Facebook filed documents with the government that will allow it to sell shares of stock to the public."

Annie's take:

This opinion piece from the New York TImes should cause everyone to think more carefully about what they post on Facebook.

2/3/2012
Innovations in Light

"People often write to Fixes telling us of cool new devices made for the poor:  the sOccket soccer ball that stores energy as children kick it; the neoprene LifeWrap that hospitals can use to save women hemorrhaging in childbirth; adjustable eyeglasses."

Annie's take:

I must admit we spend most of our time commenting here on issues around risk. Here is a thought piece on innovation that expands our notion of what is possible.

2/2/2012
Can you trust the cloud mega-companies with critical aspects of your business continuity?

"In December 2010 Google launched Message Continuity, a new cloud-based business continuity service for Microsoft Exchange enterprise users. Now, just over a year later, Google has announced the closure of the service, leaving hundreds of organizations with the headache of finding an alternative Microsoft Exchange business continuity service."

Annie's take:

Mr. Honour has identified a key risk, not just for cloud vendors, but with all vendors.

2/1/2012
As Web sites come and go, so too could the information you entrust them with

"As a flood of family photos, videos and holiday greetings hits the Internet this time of year, online users will be swarming the social-networking and photo-sharing sites that have become the personal scrapbooks of our time."

Annie's take:

The uncertain fate of data on the Megaupload platform makes this story even more relevant today. It appears that there will be an attempt to preserve the Megaupload data for at least several more weeks.

1/31/2012
The 5 Most Important Technology Stories of 2011

"What happened during the past 12 months that will reverberate in 2012 and beyond?"

Annie's take:

These story picks from the staff of Government Technology are not necesarily the same as would be made on the private sector side, but they are certainly each worth reading about.

1/30/2012
Are You at Risk? What Cybercriminals Do With Your Personal Data

"When hackers attack a company's systems and steal your personal data, what risk does that pose to you and other victims?"

Annie's take:

A sobering look at how much your personal data is worth on the open market. At least one study shows that 40% of those who receive pfishing emails will click through on a link and compromise their own data.

1/27/2012
How to choose what you share with Google

"Google’s decision to unify 60 of its services under one privacy policy has set off renewed interest in how, exactly, Google account holders have their privacy settings configured."

Annie's take:

This article offers a mapping of the services that will be included in Google's new privacy policy, as well as the location of settings that allow the Google-ite to turn settings on or off. Just as with Facebook, it's probably a good idea to plan to spend time reviewing and adjusting your settings on a regular basis.

1/26/2012
Social Media Just Won't Go Away

While there are some folks in public safety who embrace the idea, many others are still on the fence or down-right resistant to the whole concept.

Annie's take:

In the online chapter of Advice From A Risk Detective, I wrote about the enormous potential of social media for good, especially in helping to shoulder the communications load during disasters. Though Craig Fuguate, director of FEMA, is a walking example of how to effectively use social media, many in the emergency management profession still resist it. Here's a book, written especially for emergency managers, that could be persuasive.

1/25/2012
Google to Update Privacy Policy to Cover Wider Data Use

Reading this article, I was struck by how few of us actually understand what is done with data we post on the Internet. Google+ is a service I signed up for but rarely use, at least at this point. But it is only one of a range of services connected with Google. When the new policy comes out, it will behoove each of us to read it.

Annie's take:

Reading this article, I was struck by how few of us actually understand what is done with data we post on the Internet. Google+ is a service I signed up for but rarely use, at least at this point. But it is only one of a range of services connected with Google. When the new policy comes out, it will behoove each of us to read it.

1/24/2012
Delay in Satellites Could Jeopardize Severe Weather Forecasts

"2016 is looming as the year during which a gap in weather satellites could leave the nation without some of the severe storm data that’s vital to early warnings. "

Annie's take:

The last piece in Pittman's article is the most significant: when data was rerun without the satellite data input, the forecast was off by 50%. That's a graphic demonstration of how valuable the satellites are in forecasting severe weather. Funding the program as it has been designed should be continued.

1/23/2012
The Big Bank Banker: Handle with Care

Anyone who hasn’t been living under a rock with the Geico gecko has likely noticed that the banking industry has been taking it on the chin for the past couple years.

Annie's take:

Every once in awhile an article comes along that nearly perfectly captures all of the issues around a single topic. This is one such article. Sommer has captured the key benefits and risks of bringing in a "big player."

1/20/2012
‘Crisis Response and Disaster Resilience 2030: Forging Strategic Action in an Age of Uncertainty’

"FEMA has released a new document which looks at the future role of emergency and disaster management in the US."

Annie's take:

Whether you're in the public or privat sector, you'll want to review this new FEMA document.

1/19/2012
Senators drop support of piracy bill after protests

"Support for two online piracy bills in Congress appeared to wane Wednesday after opponents of the legislation staged a dramatic protest in which vast swaths of the Web effectively went dark. "

Annie's take:

It's hard to see just yet what the effect of yesterday's technology campaign will be on members of Congress. At least it should be enough for them to reconsider both badly written antipiracy bills.

1/18/2012
Protest on Web Uses Shutdown to Take On Two Piracy Bills

"With a Web-wide protest on Wednesday that includes a 24-hour shutdown of the English-language Wikipedia, the legislative battle over two Internet piracy bills has reached an extraordinary moment — a political coming of age for a relatively young and disorganized industry that has largely steered clear of lobbying and other political games in Washington."

Annie's take:

Take some time today to read the two anti-piracy bills as well as the reasons that so many organizations oppose both of time.

1/17/2012
Wikipedia to Go Dark on Wednesday to Protest Bills on Web Piracy

"The wave of online protests against two Congressional bills that aim to curtail copyright violations on the Internet is gathering momentum."

Annie's take:

As I said yesterday, both anti-piracy bills are badly written and would cause un-thought-out consequences. Wednesday could be a lonely day on the Internet.

1/16/2012
Bills to Stop Web Piracy Invite a Protracted Battle

"When the Obama administration announced on Saturday its opposition to major elements of two Congressional bills intended to curtail copyright violations on the Internet, the technology industry, which has been loudly fighting the proposed legislation, could declare victory."

Annie's take:

These are badly written bills, and this article lays out some of the ground that is being disputed in the discussion.

1/13/2012
New Storage Device Is Very Small, at 12 Atoms

"Researchers at I.B.M. have stored and retrieved digital 1s and 0s from an array of just 12 atoms, pushing the boundaries of the magnetic storage of information to the edge of what is possible. "

Annie's take:

This is a major breakthrough. Storage and storage devices will become smaller and run with less power in the future.

1/12/2012
Google launches personal search tool linked with social media

"Google is taking Googling yourself to a whole new level, by folding users’ personal data into Google search results."

Annie's take:

Thousands, perhaps millions, signed up for Google+, but don't have time or energy to post to the site. Now Google is upping the ante with its new personal search tool. Add that to a standoff with Twitter as to whether or not tweets should be indexed, and you have a whole new playing field.

But is this enough for Facebook users to move to Google+? It's hard to remember that there is still a whole world out there that does not know how to use Facebook or Twitter. Those who do use those sites would have to significantly modify their habits to also post to Google+, or to use it rather than Facebook.

1/11/2012
National Preparedness Report : Browse Popular Ideas

"FEMA and its partners are working on the National Preparedness Report, which tracks the progress toward achieving the National Preparedness Goal and will help inform the President’s budget for preparedness efforts."

Annie's take:

Using the "ideashare" tool, you are invited to agree or disagree or to add your own ideas to the National Preparedness Report developed by FEMA and its partners. For some, this is as close as you'll ever get to using a social media tool. I'm delighted to see FEMA using this approach to collect additional data, and hope that you'll consider participating.

1/10/2012
Banks Unite to Battle Online Theft

"Rising cybersecurity threats are pushing big banks to do something that doesn't come naturally for these secrecy-steeped institutions: share information with one another."



Annie's take:

The banking and financial sector has for years led other critical infrastructure sectors in this country where information security is concerned. It's been under seige for at least ten years from hackers, pfishers and now cyber-terrorists as well. The move to share information among institutions with a goal to reducing incidences of online theft is a logical next step.

1/6/2012
The Seven Habits of Spectacularly Unsuccessful Executives

"In it, he shared some of his research on what over 50 former high-flying companies – like Enron, Tyco, WorldCom, Rubbermaid, and Schwinn – did to become complete failures.  It turns out that the senior executives at the companies all had 7 Habits in common.  Finkelstein calls them the Seven Habits of Spectacularly Unsuccessful Executives."

Annie's take:

Sydney Finkelstein did this research and published it in 2004. Forbes reprinted it recently, and it is as relevant today as it was then. On the basis of my own work, I have to say that I believe he has all seven of these habits right.

1/4/2012
Spam Finds New Target

"Facebook Inc. and Twitter Inc. are building up their forces to fight an emerging enemy: "social" spam."


Annie's take:

Our hope is that more people recognize "Get your free iPad here" as exactly what it is -- a form of spam.

1/3/2012
Japan tasks Fujitsu with creating search-and-destroy cyber-weapon

"Fujitsu has been commissioned to develop ‘seek and destroy’ malware, reportedly designed to track and disable the sources of cyber-attacks."

Annie's take:

One hardly knows what to make of this development, especially since it is government-sanctioned. It is certainly worth tracking.

1/2/2012
2012’s top stories…

"Continuity Central makes five predictions for the big issues that may impact the business continuity profession in 2012."

Annie's take:

Continuity Central is one of the world's most respected publications. Here, its editor David Honour makes big predictions for 2012.