Annie Searle & Associates, LLC

If you are a mobile phone user who loves third party applications, then you may want to read this article and try one of the security applications discussed.

For those who wonder what the real costs are for businesses during a natural disaster, here's an up-close look. One wonders if there are improvements that could be made to our insurance system.

Here's one of the most read articles this month in the Wall Street Journal, presented here, tongue-in-cheek, to those of you who wonder if worst case thinking is harmful to the spirit. An early Happy New Year, everyone!

Tuberculosis seemed for many years to be largely eliminated because of the vaccine available. Here is a sobering story.

A look ahead just before the end of the year. IBM still runs a world class research operation.

It is an interesting approach to use some of the techniques worked out for identifying terrorists on potential mass shooters. Certainly combing through postings on social media sites and certain special interest sites using algorithms is an avenue to explore, though it may butt right up against first amendment rights.

For those who have had difficulty understanding what the Libor scandal was all about, here's an excellent article and Frankel's own perspective on how far we can trust bankers these days.

One wonders how the fines are divided out among the countries.

In a week where most of the news is not good, the three new tools that Pittman describes here are welcome news.

Will this penalty make a difference in how the Bank Secrecy Act (BSA) is understood and enforced?

There's a lot we really don't understand about BIg Data -- see Devin Luco's research note this month in ASA News & Notes -- but this article makes clear that there are even more issues at stake.

Julia Angwin has written a dense, compelling article that clearly lays out the risks and rewards of intelligence gathering. I'll have to give a lot more thought to this -- it is certainly sitting squarely in one of the topic areas I'll be coverning in a university course this winter that looks at ethics, policy and law around information use.

This editorial says it all, except, perhaps, to ask where is the U.S. Department of Justice in all this?

This is most probably an early version of a story that will continue to be told, especially the complex discussions that led authorities to let HSBC settle rather than be prosecuted for its money laundering activities -- activities it had been warned about over and over. Here the reasons seem to be connected to the impacts that would have been felt throughout the entire global financial system if HSBC were prosecuted.

ASA publishes a newsletter that features a front page column from me each month. Here's a link to our most recent issue, and some specific recommendations on how to set up lasting ethical practices for your company, via an excerpt from an article I wrote for the November issue of Risk Universe magazine.

This article indicates just how very far we are still from approving and funding a national network. One wonders just how many more disasters have to occur before we fix this -- were 9/11, Hurricane Katrina, and Super Storm Sandy not large enough disasters?

We urge the administration to move quickly to make the changes recommended by this prestigious federal panel. It will make a world of difference, and eliminate a whole layer of prosecution as well.

Once, trust from the customer was everything. But over the past several years, we have come to believe that banks cannot be trusted. The reasons are not so hard to see. This editorial makes the case from another perspective than my own, perhaps even more effectively.

To the list of qualifications for CEOs, especially in the financial sector, we should add "the ability to see a problem and self-correct before the worst happens, without having to be bullied into admissions by oversight committees after the fact."

Booz Allen Hamilton has worked on cyber issues with both the government and the private sector longer than nearly any other consulting firm. This is a summary of their latest findings on trends going into next year.

This bill looks timely and would prevent the government from going directly to cloud providers without a search warrant.

This is a whole new world for data design and analytics. Please look for Devin Luco's research note on Big Data in the December issue of ASA News & Notes.

It evidently takes a long time for internal investigations to conclude. Here we have the reported results from both Deutsche Bank and Barclays over the Libor debacle.

There's a link in the article directly to the Christchurch report, in all its detailed findings. A key finding is apparently the level of duplication of effort among government emergency management teams. We can learn from this report.

A phone is no longer a record of the calls you have made. It is also the repository of text messages, email, Facebook and Twitter posts. What this means for legal purposes is no longer so clear.

It's hard to feel sorry for those who work deals on Wall Street.

Usually I leave market and credit risk to others, but here we have a convergence of market, credit and operational risk. There is no room for political posturing, just a large impetus to get the work done for the good of the country.

It's good to see the Advertising Council begin to assess the effectiveness of messaging around disaster preparedness.It does seem that "threat," "fear" then "overwhelmed" or "paralyzed" is the cycle around how messages are conveyed and then not acted upon. This is a challenge I've struggled with for years, in trying to lay out the case for preparedness, whether it's to neighbors or readers or clients.

A sobering discussion of what's needed in a director of the CIA.

There's plenty of blame described in this report, including for CEO Jon Corzine. But the most troubled aspect of the findings have to do with the poor relationships between regulators who oversaw MF Global.

A long-awaited report has just been released that identifies vulnerabilities to the nation's electrical/power infrastructure. The report comes at a time when residents of New York and New Jersely can personally attest to the hardships caused by losing power for an extended period of time.

Even former FDIC chair Sheila Bair, now head of the nonprofit System Risk Council, agrees that the SEC must do more to protect these funds.

This whole program is in severe need of overhaul. It's to be hoped that this overhaul can take place very soon, though the acrid Congressional climate means that bipartisan efforts like this will take are increasingly rare.

There are probably only three elected officials who have the credibility and courage to speak up now on how to restore our broken East Coast infrastructure, and Andrew Cuomo is one. Though he rarely uses the words "climate change," he does hit all the right points about an outmoded power grid and other pieces of our infrastructure that are due for overhauls. The other two officials are also overseeing Hurricane Sandy response -- Governor Chris Christie and Mayor Michael Bloomberg.

This editorial indicates how much there is still to be done, separate from the overall recovery effort, to help those in New York City still without power. So much time has gone past since Hurricane Sandy hit that we have forgotten how much basic front line work there is not yet done.

The scale of devastation to New York City and New Jersey is almost unimaginable. The photos in newspapers or the images on television just don't do the trick. This will be a recovery effort at least as long as from Katrina, perhaps more.

As New York City struggles to understand the migration of rats out of the subways and sewers that flooded with Hurricane Sandy, millions are at risk from a new outbreak of dengue fever, which is a mosquito-carried disease, in India.

Could there be worse weather news than this for those in New York and New Jersey?

A forward-looking editorial from The Financial Times. No additional words necessary.

Nowhere are critical infrastructure interdependencies clearer than on the East Coast right now, in the wake of Hurricane Sandy. In New Jersey, for instance, there may not be power, but most cell phones work. In parts of New York, there may be no power and no cell phone service either. The loss of power and the work that will need to be done to restore it is massive, and is at the foundation of recovery -- along with other priorities like water purification and rodent control after the flooding.

Large internet companies have a promising role to play in disaster response. Google has stepped up before in Haiti and in Asia. It's good to see these new resources being made available during such dark times.

Here's a look at some of the thinking now becoming more prominent in New York City in particular: the increasing frequency of such large storms means that more permanent measures should be taken to protect a city that is barely above sea level.

Over seven million people are without power at this time. The author here provides us with some of the costs associated with hurricanes or big storms in the past years. We are going to see more big storms like this one for reasons outlined in the article. Perhaps it is time we begin to address climate change issues.

It's pretty clear by now that climate change is real and present, and that large storms are becoming more frequent. Our thoughts are with all those in the path of the hurricane and its side effects.

If there are any corporations left who do not believe that it is their job to monitor social media commentary about their companies, this should be enough to change their minds. The size of the fine points to the severity of the act. If the Raj Gupta case did not aleready make the point, we need to think and act more responsibly when speaking to our "friends."

Raj Gupta had wanted to spend his prison time in a public service project in Africa. It does not appear that he will get that opportunity. This case sharpens the definition of casual conversation where insider trading issues are concerned.

Another disappointing piece of news on security procedures used by the Transportation Security Administration (TSA). One would hope this is a simple gap to fix.

It's still difficult for the consumer to understand the privacy policies of large companies like Microsoft and Google. Let's hope that someone designs a tutorial on how to be sure your personal data is not tracked.

Here's an early review of Windows 8 that outlines some of its new features, including Microsoft's bet that they can design one operating system that will work well across multiple surfaces. It remains to be seen whether large corporate clients will buy in to this radical departure from a familiar interface that has always had at least a slight learning curve with each of its releases.

JPMorgan Chase CEO Jamie Dimon is leading the charge here. Let's hope that efforts to make clear the need for action to Congress are effective.

I dislike providing any publicity to the efforts of terrorists, but post this to remind us all that the FBI is doing an outstanding job of intelligence gathering and risk mitigation.

It's not just Europe that wants to know -- all of us who use Google in this country want to know as well!

Surely there will be a great deal of analysis of this announcement. Pandit was one of three CEOs at the nation's largest banks who survived the 2008 economic meltdown. Citigroup had certainly been improving its numbers. That the resignation took place effective immediately, that Pandit also resigned from the board, and that it took place the day after reporting third quarter results reminds us that boards of directors still call the shots -- something that Lloyd Blankfein and Jamie Dimon would do well to remember.

It's good to see that the brakes are slowly being applied to this risky form of trading. There aren't enough trained banking examiners who can understand how it works or how to see if the controls are in place.

Most testimony from military officials on the cyber issue has taken place in front of Congressional committees. Panetta's more explicit description in this public address highlights how much more significant cyber threats are growing, in particular attacks on banks in the past month, attributed to elements upset about the you tube video excerpt of a movie made in this country.

JPMorgan Chase is still in flux from its London Whale trading loss earlier this year. The CFO's resignation is one of a number, including more still to come. This morning's other story, about the investigation that regulators are conducing by tracking emails and instant messages bouncing around the trading floor in London, amplifies what we learned last Sunday in the "Swallowed by the London Whale" story on Ina Drew and her team in the New York Times magazine. All worth reading as cautionary tales.

This is a report fit for reading by CFOs wondering if it's worth it to beef up their supply chain management program.

Eric Holdeman's column draws attention to a question many of us have about fusion centers and their funding, irrespective of the new Senate report. He's asking just the right question: if there were no federal funds, would the centers survive? That is, would cities and states fund the fusion centers?

This marks the last issue in the third year of continuous monthly publication of the ASA newsletter. This month, we're discussing how the definition of operational risk continues to expand. #riskdetective

Robinson makes solid points in his arguments to advance an investment in business continuity. One not mentioned: that businesses who have good plans usually see their business insurance costs drop by as much as 20%.

One hardly knows what to make of this new financial services operation from Amazon, aimed directly at small businesses. How will regulation and oversight affect these services?

Here's another source of data collection about you. Cameras are more prolific in large cities like London or New York City, where such images are made available to police on a regular basis. Is this an invasion of privacy or a necessary security tool?

Two big operational risks converge here in a discussion that the SEC is about to formally have -- people and systems. You could probably throw in processes as well. When even the traders begin to agree on the risk level, it's pretty clear that formal guidance will be forthcoming.

Better communications with its front lines and with customers are in order when these sorts of cyber attacks make it impossible for customers to do business with their respective banks. Here's where alternate modes of communication like social media could come in handy.

As the British government steps in to take a greater role in the rate setting, manipulation will now become a criminal offense. All in all, quick work by the British once the scandal was uncovered -- especially compared to the glacial pace at which things move on regulation in this country.

Technology has made these high speed trades possible. In fact, they're not well understood by traders, regulators or public officials. Popper examines how other countries are handling the issue, given some well known glitches that have occurred on Wall Street.

Occupational fraud continues to be a major source of financial loss. A report from the US Association of Certified Fraud Examiners estimates that 5% of revenues can be lost this way. The report is interesting when combined with findings and recommendations of this new UK special interest group report.

Depending upon where you live, this story will either fill you with concern about the quality of trauma response in your city, or pride that the hospitals in your area also practice their responses to a variety of emergency scenarios.

I'm lucky enough to live in the city that created Medic One, that is the home of the Harborview Medical Center and the University of Washington Medical Center and its affiliates. I had 12 stitches embroidered through my eyebrow by the head of the emergency room at Northwest Hospital a few years ago, and discussed with him the preparations that hospitals as colleagues of one another are making for a time when they might need them. Certainly response to mass shootings is one of the scenarios for which they prepare.

In the meantime, congratulations to the University of Colorado Hospital!

Here's a description and a link to a new PriceWaterhouseCoopers white paper on unexpected risks -- a good source for those looking for external references to cite on the value of enterprise risk management.

We're going to be hearing more and more about "big data." Here's a use to which such data is being put for HR departments as companies seek to make the best possible hiring decisions.

Change is everywhere. As one who once headed an orderly program for making technology changes in a complicated infrastructure, I highly recommend Eric's interview here.

Is a risk professional the same as a business continuity specialist, or an information security professional? Though we'd sometimes like to think so, the risk profession continues to evolve. Take a look back and forward in this new RIMS report.

With this decision, Google has set itself up as a censor and violated its own policy on what constitutes material that can be blocked. No matter how much we might agree with the practicality of the decision, questions persist: could this decision have been made without recrimination by a smaller internet company?

Here's an update on a range of viruses that have presented themselves recently.

A thoughtful article that explores both sides of the social media challenge and how far a company can go in examining the content of an employee's digital devices.

There are many editorials published today. I picked this one because of its key recommendation.

Our September newsletter offeres some tips on preparedness, and a new research note on the energy sector by Ilya Krivulin.

A first-rate practical guide to assessing your current data protection program.

Nash makes an interesting argument for integration of two very different types of security functions that are normally housed in different parts of a business.

Going through exercises or scenario tests is not of much use to participants or to the strength of your plans unless you make continuous improvements from lessons learned during the exercise.

Thanks to Eric Holdeman for this article and the questions he continues to ask the emergency managment community.

Ben Bernanke has served two presidents and will be watched eagerly today to see what he and the Federal Reserve Bank propose to do for an economy that has clearly stalled out.

The checklists contained in this new mobile application are a big step forward. Now, the challenge is to get everyone to utilize the application.

This slow-moving hurricane continues to dump water over affected Gulf Coast areas. Our thoughts are with all those who live in the region.

As the leader of a neighborhood preparedness group, I can attest to how difficult it is to get attention on the issue of preparedness. We need to rethink the argument.

For those who wondered what the fallout would be -- aside from regulatory investigations and probable fines -- here's a detailed sampling of other lawsuits that are in play.

Much of the advice to businesses from the National Fire Protection Agency can apply also to those who live or have vacation homes near fire areas. Long term, we need to revisit the issues of both both building permits and firefighting budgets, especially given the toll that climate change is taking on our environment.

Continuity Central has published a link to the new COSO white paper on managing risk around cloud computing.

We had a terrific presentation from Colorado authorities on this very topic at the 2012 "Building Resiliency through Public-Private Partnerships" conference last month in Colorado Springs. Here's a high level of summary of lessons learned on the public safety side.

Here's a report on a new strategy that many large banks are using to defeat cyberthieves who set up phony websites to divert their customers.

It's clearly difficult to prosecute such cases as MF Global, and it may be that the firm is not yet out of the woods for other forms of litigation. But what is clear is the public disgust will once again be reinforced when no one is punished for the collapse of still another firm and of investors' money.

Though there may be questions about which regulator should have filed charges, there is no doubt that swift action here by the State of New York has drawn sharp attention to a problem that many thought had been eliminated with money-laundering regulations.

Many government officials, especially regulators, are faceless. But here is a good profile of Gary Gensler and his approach to the work that his new agency is doing.

This month's newsletter includes a research note on risks in the oil and gas industry.

This Pentagon proposal is indeed an interesting one, and should be studied further. It's possible that lines could blur between worlds.

How far is too far? Google's recent demonstration makes us wonder what we really want out of a search engine.

The British financial sector is further tainted with the news on Standard Chartered.

We like to feature programs that are truly leading edge in this column -- and our metaphorical hat is off to the City of San Diego for this new inclusive alerting program.

How the Libor is set has been only vaguely understood outside professional banking circles. Before regulators are done, all of us will understand more than we ever wanted to about this rate. This article examines the scramble among banks to cover their own activities.

Here's a clearer look at what challenges companies are facing from cyberterrorists. This discussion makes even clearer how lobbyists have muddied the waters around these issues.

Many of us who work on critical infrastructure issues know that the tension in the discussion(s) comes down quite often a debate about whether it is better to maintain all civil liberties or to be safe. It's never quite that simple, though, as you can see from the readers who are quoted in this article.

Most of the issues at stake in considering improvements to a shaky power grid are outlined in this article, including the cost. What's new is that the costs of such outages can now, in some cases, be quantified. With drought conditions this summer in so much of the country, it's likely that we'll see more attention paid to the issues at stake.

As the editorial points out, not all businesses oppose this bill -- in particular, those businesses whose services extend outside this country need it. Though the bill has been significantly watered down, we agree that it should be enacted.

This is an amazing step forward in community preparedness, one of the last priorities for those who think "it could never happen here" or "it could not happen to me."

The results of this survey should be surprising, but they are not.

No one much likes discussing the vulnerabilities of our critical infrastructure, but General Alexander has done a good job here of outlining the problem we face.

Both Weill and his counterpart at Citigroup at that time now feel that some version of Glass Siegall should be reenacted. I think they are right.

Another look inside the world of regulation. Meanwhile Treasury Secretary and former head of the New York Fed Timothy Geithner testified in front of Congress on what he and others new in 2008 about price fixing around the libor.

Here is a review of the book. Readers may also be interested to go to www.riskuniverse.com and look over the entire excellent magazine, and sign up for a 3 month no cost subscription.

Johnson's blog questions the relationships among regulators, in this case between the Federal Reserve and the British banking system. It is hard to know at this point just how confidence in the global banking system can be increased.

A thoughtful piece that certainly applies to more than the libor issues....worth considering against all the fines and hearings being levied on the financial sector at this time.

So begins Bill Longbrake's most recent economic forecast, just as Ben Bernanke delivers a similar message on Capitol Hill this morning. Longbrake's entire analysis is worth reading.

I'm not sure everyone understands how interconnected the U.S. financial system is with other parts of the globe. Though the inquiry is being conducted in England, its ripple effects will be felt here: banks that do business internationally are affected.

Such massive breaches remind us to change our passwords frequently, and not to use the same password for all our logins.

The publication of this story a day before JPMorgan Chase reports quarterly results will put CEO Jamie Dimon in the position of having to take questions on the bank's willingness to provide information to its regulators.

This article nicely compliments a discussion yesterday on Warren Ulney's NPR program in which four or so financial writers commented upon what it would take -- more regulation or self-policing or a different set of incentives -- for bankers and other professionals to do the right thing.

Looks like a case of the pot calling the kettle black. One thing is for sure: there are large liability issues looming for all banks who participated in libor reporting.

Better to have "overblown fears" than 42,000 users unable to get to the Internet.

Even if you regularly scan your computer for viruses or other forms of malware, you should probably also run this DNS check before Monday, July 9.

The Barclays scandal was further amplified yesterday by the testimony of it its former CEO.

There's nothing pretty about cleanup efforts after devasting natural disasters, whether it's wildfires in the West or ongoing power outages in the East.

Here's the first large decision from the Barclays board, with more certainly to come.

It's difficult to be proud of the banking profession these days. Here's an editorial in the Financial Times that gives you a couple of reasons why.

I learned a lot reading this article, which describes various tools available for incident managers (or the rest of us) to monitor breaking news on platforms like Twitter.

Jamie Dimon has moved his strongest managers in to work through what went wrong in the Chief Investment Office and to unwind the rest of the position. He's been in worse spots before -- I'm just finishing "Last Man Standing" -- and I'm betting Chase will come through this a stronger company.

I've just made a note not to stay in Wyndham Hotels. This is a massive number of breaches for any one institution to have over an extended period of time.

The state of Colorado has been punished by wildfires for at least a month, and they appear to be increasing now. Experts say they have arrived a month early, which leads one to wonder what the months of July and August will look like.

From the report, this looks to have been a terrific exercise. I especially like the recommendations in the article.

It remains to be seen just how impactful this downgrade will be.

Hats off to EBay!

Now that Jamie Dimon has completed testimony in front of both the House of Representatives and the Senate, regulators will once again attempt to fine tune both Dodd-Frank and the Volcker Rule. Though the questions were tougher yesterday for Dimon, the fact remains that JPMorgan Chase has a well-oiled lobbying machine in place.

An inside look at how two large banks are slowly evolving their cloud strategies.

The costs seemed to have escalated rapidly over the past several years. Is this still a good investment in risk management?

It's not easy to pick out the essential characteristics of members of a crisis managment team, or even of the team leader. I like this summary of characteristics. For another view, see my own article on parallel topics in Continuity Insights.

The public health field continues to lead the way in situational awareness tools

Background screenings are among the most complicated tools used by corporate recruiters. This case should set some precedent in the online arena.

JPMorgan Chase CEO Jamie Dimon testifies in front of Congress tomorrow. This article, written by three of the Wall Street Journal's best reporters, will complicate his testimony. Chase leadership clearly did not execute well on advice and concurrence it had on strategy to reduce these large positions.

I have not asked for addional regulation, but rather to consider what is necessary. Regulatory reform might in fact reduce some of the current regulation.

Along with Floyd Norris' searing explanation and indictment of GAAP in his column this morning, this article shows why there is still so much to be cleaned up in the world of banking and finance.

The answer to the question in the headline is simple: change your password now. And, as the article points out, no matter how convenient it may seem in our stressed world, don't use the same password across multiple sites.

There's no doubt that this is a big play, and probably an enormous service, being provided by Google. It's worth remembering, though, that in order to provide the service they have tools other companies can only dream of.

Neither public nor private sector owners of infrastructure exposed by Shodan are going to be very happy about this article, but it is probably the only way that such critical infrastructure will become more secure.

It's a pleasure to reprint this thought piece from former colleague James Meacham, who has been writing about business ethics for at least ten years.

One hardly knows what to make of this careful story, that dances around the identification of the malware's creator.

Such proposals are harder to find agreement on when times are tough than when things are going well.

I'm honored to have this piece published here. Continuity Central consistently provides content-rich and cutting edge thought pieces in security, business continuity and operational risk management.

This forecast offers some relatively positive news.

When the industry's most prestigious trade journal writes a piece like this, you know that things may be going to get a lot worse before they get better.

For those of us who have direct experience of the FDIC's ability to handle the failure of a large bank, it's not at all clear that the business process management the FDIC can apply with smaller or regional banks will work with a large one, without large impacts to taxpayers.

Having chaired a panel discussion with Joplin-area bankers last week at the EPCOR spring conference, I can attest to the fact that recovery is indeed proceeding in Joplin. Here's part of the remarkable story of that recovery.

Almost all operational risk failures have at their heart an issue involving people and processes. This story that examines the cast of characters involved, together with an earlier one that indicated JPMorgan Chase was without a treasurer to oversee this unit for five months, reinforces the point.

We're thrilled to have a major premise of our consulting practice confirmed by Thomas Curry, Comptroller of the Currency. That operational risk could exceed credit risk in the eyes of the regulators of financial safety and soundness, even while we are still slowly making our way out of the 2008 financial meltdown, is an indicator of how much instability we still have in this sector.

It is to be hoped that banking regulation will not become a political football this election season. Here's a preview, though, of how it's lining up.

See my ASA newsletter column today for more examples of history-making losses like this one. This is not simply poor execution, it is also the failure of alarms or alerts in systems to throw up intelligible messages.

An exhaustive set of checklists around large events where chaos may ensue.

We've known for years that there are gaping holes in the security infrastructure of the energy sector. Let's hope this marks the beginning of a new public-private partnership.

Many of us in the business know how Wal-Mart stepped up during Hurricane Katrina, but here's a way to put into perspective that effort and those that the writer argues have grown since that time.

This is a 2011 article from McKinsey Quarterly, but extremely relevant today.

An incisive piece from Richard Levick, where he also places Google's evolution in the context of how companies grow -- very much worth reading.

It appears that the financial sector has not been able to slow down the July deadline for regulators to have completed writing a final version of the Volcker Rule, despite a meeting yesterday at the Federal Reserve in New York.

This refreshing article, written by one of our own, echoes themes strick in Richard Levick's work as well as my own. In particular, see Levick's "The Communicators: Leadership in the Age of Crisis."

There's no doubt that earlier weather warnings save lives and allow for some preparation time.

In the race to pass cyber legislation, Congress is hearing from a range of experts.

Enacting a bad piece of legislation does nothing to avert cyberthreats, especially since all information sharing from the private sector is voluntary.

Here's a bit of an update on the cybersecurity discussion and debate going on in Congress this week, including a pretty comprehensive list of how companies are targeted.

Though the SEC has worked hard to incentivize whistleblowers, especially because of the complexity of transactional platforms, this gaff will set the program back significantly.

Here's the full survey that over 2,000 information security professionals took, as well as the results of the survey.

This new study by Varonis is yet another indicator that data is at high risk in many enterprises, not to mention in small and mid-sized businesses.

Here's where things stand in the Gulf two years later. People, whether workers or regulators, are often still at the center of operational risk failures. There's also a editorial today on this topic in the New York Times worth reading.

The times, they are a changin'. I seem to be one of the few pessimists in this interview.

Are we surprised by the results of this survey?

I must confess that I am, especially since I regularly find myself warning people that there is still risk around mobile platforms like banking.

One hardly knows what to make of this new development, especially since it's been characterized as risk management. Iraq will now be a series player in both the energy and telecommunications sectors.

Though the property destruction from tornadoes over the weekend was heavy, the number of lives lost were significantly reduced becasuse of the revised alerting system now being tested. I expect to learn a lot more about tornadoes as I prepare to lead discussions in May and October at EPCOR on lessons learned from the 2011 Joplin tornado.

As it readies itself to go public, Facebook has been trying to conform to European data privacy laws as well as requests in this country for a greater level of transparency on the data it collects about its users. See the comment in the article that there are 80+ categories that Facebook collects data in, and that it is proposing to share only half of those categories in its new offer.

The results of this survey are disappointing but not surprising. There is still significant resistance to the use of social media tools around emergency management. For one of the most interesting blogs by those actively using the tools see a site used by roughtly 1700 emergency managers, to be found at http://idisaster.wordpress.com/.

By virtue of its nature, a university campus is wide open. In the last several years, we've seen incidents at Virginia Tech and, more recently in Oakland, where shooters were able to take advantage of that openness. At Pitt, the sheer volume of the bomb threats is enough to disrupt campus life for teachers, students and campus police. The New York City slogan, "If you see something, say something" might be a good tool to use to identify the disruptors.

This is an interesting new development. It would have been helpful to have an example of what a cyberweapon might be.

If you wish to keep details of your preferences and your personal life as private as it is possible to do with social media, then don't subscribe to third party applications available with Facebook. And double check your privacy settings at least once a month to be sure that the security choices you have made are still current.

This is a good summary of the IBM report, and highlights the need for information security professionals to establish the protections on their data before they move it to the cloud.

Here's one professional security person's take on a bill pending in Congress, along with links to some additional information you may want to review.

Impacts to Washington State's emergency management program are discussed first in this quite depressing article.

Richard Clarke, former presidential adviser, has written several books that cover this important topic. Here he critiques the forms of congressional legislation pending as really not dealing at all with problems like Chinese cyber threats.

This is a terrific interview with economist Robert Shiller that covers a lot of ground, including current legislation moving into law.

There are many moving pieces to consumer privacy efforts, and "do not track" is one of them. Here's an update on where things stand.

It is good to see the public sector stepping up to the challenges around big data, particularly where science and technology are concerned.

We already understand that we have a large problem in this country with hackers. Here's some additional detail along with more information on the bills pending in Congress.

Even in an election year, this is one piece of legislation that may just move forward. There is broad agreement that data collection around consumer information needs more protection.

As far as I can recall, here is the first real call for global financial reform.

These guidelines have evidently been in effect for over a year already without being formalized. What do you think?

Social media -- and Twitter in particular -- have the potential to influence and drive change. This article discusses some of the consequences to employers who work in a regulated environment when their employees use Twitter.

Glorification comes in many forms.

Mozy's survey is useful for a number of reasons. Though small businesses are the focus of the survey, I would guess the same level of carelessness applies to users from large businesses who are working remotely. Even so, the numbers warrant some training around this issue.

It appears that funds and focus are now being applied to the area of cyberweapons, years after Richard Clarke's book "Against All Enemies," which set out to explain just how far behind we are.

For more background on Google's privacy challenges, see Andrew Hansen's research note in our March ASA newsletter. This appears to be one of the few instances where both U.S. and European regulators are on the same page.

For those who did not read the opinion piece in the New York TImes yesterday by former Goldman Sachs executive director Greg Smith, here's an update as well as early reaction to the piece.

The gaps in security controls around critical infrastructure is becoming the focus of media and of Congress, with legislation of several types being introduced. We'll keep tracking this isue.

The Nuclear Regulatory Commission has a job to perform in this country as well as around the world. This column indicates that a higher level of practice and service is required.

There's nothing like a report like this to put the last month into perspective. We tend to focus on the disasters that we hear most about. Look at all those of which we were only vaguely aware.

We don't often manage risk around magnetic fields, but here we are again in less than six months. The disruptions, if any, will probably be felt only in discrete instances. But it's a good reminder that the world is larger than the single places we inhabit.

This is an article well worth saving. In it, Goodyear shares with us the risk based approach they took to putting together plans for event management around a nuclear disaster.

Of all the government agencies that spend time on Internet-related issues, the FBI has turned out to be one of the most vital partners to the private sector.

This new Carnegie Mellon paper takes us further down the road to understanding how to identify and mitigate operational risk.

For those who meant to do this before Google's new privacy policy went into effect in the United States yesterday, here are the steps you need to take.

As the story says, privacy is in the eye of the beholder. This is a never-ending story.

It's worth comparing the various congressional bills, the White House proposal, and the voluntary "do not track" offer from major web firms. It's your data that is at stake here.

We'll have to wait for more details, but this does look like a large step forward -- and could, presumably, be applied globally so as to satisfy stricter European privacy laws as well.

Every once in awhile, I like to pick out an article that makes me laugh out loud for review. Do we really need more data flowing to our eyeballs? I do understand that is a question not unlike "Do we really need a tablet to do our work?"

Is two years long enough for a DHS grant to make progress and lasting change in a region? That is the question.

The amount of time that has passed since the Tohuku Earthquake and tsunami in Japan has allowed scientists to gather even more data on assumptions; and to apply those assumptions to the Cascadia subduction zone in the Pacific Northwest. This information should be read against what research information ASA had when Andrew wrote his research note this month on Pacific Northwest Earthquake Risk. That note can be found on the ASA website in the "Research" section.

Google had announced March 1 as the date it would implement its sweeping new privacy policy. It looks as if that date and the policy itself may be subject to additional scrutiny based upon this discovery by the Wall Street Journal.

We are certainly learning a lot about privacy in recent days.

It's hard to know this early just what the implications of this discovery are, or how one would argue that their transaction was not adequately protected on the Internet.

Here is what is probably the most accurate list of costs associated with 2011 disasters. What should we be prepared for in 2012?

It's amazing how many of these dinosaur processes and platforms are still present in large companies. In this article, Jennie Clinton presents a methodology for moving forward with them.

This slideshow takes you through the basics of fixing the new Facebook Timeline. For me, it's easiest to turn off any interface with outside applications and to lock all my settings to "friends only." Others may wish to take more time to remove old posts that they now regret.

One would wish for a more enlightened Congress.

There are dozens of articles appearing recently on the use of social media with emergency management. Here's the first of a multi-part article from Continuity Insights magazine that is worth reprinting.

There's not much to add to what Craig Fugate says here, except to commend him for his inclusion of the whole community in recovery efforts after disasters.

This opinion piece from the New York TImes should cause everyone to think more carefully about what they post on Facebook.

I must admit we spend most of our time commenting here on issues around risk. Here is a thought piece on innovation that expands our notion of what is possible.

Mr. Honour has identified a key risk, not just for cloud vendors, but with all vendors.

The uncertain fate of data on the Megaupload platform makes this story even more relevant today. It appears that there will be an attempt to preserve the Megaupload data for at least several more weeks.

These story picks from the staff of Government Technology are not necesarily the same as would be made on the private sector side, but they are certainly each worth reading about.

A sobering look at how much your personal data is worth on the open market. At least one study shows that 40% of those who receive pfishing emails will click through on a link and compromise their own data.

This article offers a mapping of the services that will be included in Google's new privacy policy, as well as the location of settings that allow the Google-ite to turn settings on or off. Just as with Facebook, it's probably a good idea to plan to spend time reviewing and adjusting your settings on a regular basis.

In the online chapter of Advice From A Risk Detective, I wrote about the enormous potential of social media for good, especially in helping to shoulder the communications load during disasters. Though Craig Fuguate, director of FEMA, is a walking example of how to effectively use social media, many in the emergency management profession still resist it. Here's a book, written especially for emergency managers, that could be persuasive.

Reading this article, I was struck by how few of us actually understand what is done with data we post on the Internet. Google+ is a service I signed up for but rarely use, at least at this point. But it is only one of a range of services connected with Google. When the new policy comes out, it will behoove each of us to read it.

The last piece in Pittman's article is the most significant: when data was rerun without the satellite data input, the forecast was off by 50%. That's a graphic demonstration of how valuable the satellites are in forecasting severe weather. Funding the program as it has been designed should be continued.

Every once in awhile an article comes along that nearly perfectly captures all of the issues around a single topic. This is one such article. Sommer has captured the key benefits and risks of bringing in a "big player."

Whether you're in the public or privat sector, you'll want to review this new FEMA document.

It's hard to see just yet what the effect of yesterday's technology campaign will be on members of Congress. At least it should be enough for them to reconsider both badly written antipiracy bills.

Take some time today to read the two anti-piracy bills as well as the reasons that so many organizations oppose both of time.

As I said yesterday, both anti-piracy bills are badly written and would cause un-thought-out consequences. Wednesday could be a lonely day on the Internet.

These are badly written bills, and this article lays out some of the ground that is being disputed in the discussion.

This is a major breakthrough. Storage and storage devices will become smaller and run with less power in the future.

Thousands, perhaps millions, signed up for Google+, but don't have time or energy to post to the site. Now Google is upping the ante with its new personal search tool. Add that to a standoff with Twitter as to whether or not tweets should be indexed, and you have a whole new playing field.

But is this enough for Facebook users to move to Google+? It's hard to remember that there is still a whole world out there that does not know how to use Facebook or Twitter. Those who do use those sites would have to significantly modify their habits to also post to Google+, or to use it rather than Facebook.

Using the "ideashare" tool, you are invited to agree or disagree or to add your own ideas to the National Preparedness Report developed by FEMA and its partners. For some, this is as close as you'll ever get to using a social media tool. I'm delighted to see FEMA using this approach to collect additional data, and hope that you'll consider participating.

The banking and financial sector has for years led other critical infrastructure sectors in this country where information security is concerned. It's been under seige for at least ten years from hackers, pfishers and now cyber-terrorists as well. The move to share information among institutions with a goal to reducing incidences of online theft is a logical next step.

Sydney Finkelstein did this research and published it in 2004. Forbes reprinted it recently, and it is as relevant today as it was then. On the basis of my own work, I have to say that I believe he has all seven of these habits right.

Our hope is that more people recognize "Get your free iPad here" as exactly what it is -- a form of spam.

One hardly knows what to make of this development, especially since it is government-sanctioned. It is certainly worth tracking.

Continuity Central is one of the world's most respected publications. Here, its editor David Honour makes big predictions for 2012.