Risk News

Conflict Over How Open ‘Do Not Track’ Talks Will Be

"Technology companies want to talk with the government about protecting privacy on the Internet. They just want those talks to be private."

Annie's take:

There are many moving pieces to consumer privacy efforts, and "do not track" is one of them. Here's an update on where things stand.

New U.S. Research Will Aim at Flood of Digital Data

"The federal government is beginning a major research initiative in big data computing. The effort, which will be announced on Thursday, involves several government agencies and departments, and commitments for the programs total $200 million."

Annie's take:

It is good to see the public sector stepping up to the challenges around big data, particularly where science and technology are concerned.

U.S. Outgunned in Hacker War

"The Federal Bureau of Investigation's top cyber cop offered a grim appraisal of the nation's efforts to keep computer hackers from plundering corporate data networks: "We're not winning," he said."

Annie's take:

We already understand that we have a large problem in this country with hackers. Here's some additional detail along with more information on the bills pending in Congress.

U.S. Agency Seeks Tougher Consumer Privacy Rules

"The government’s chief consumer protection agency said on Monday that it intended to take direct aim at the vast industry that has grown up around the buying and selling of information about American consumers."

Annie's take:

Even in an election year, this is one piece of legislation that may just move forward. There is broad agreement that data collection around consumer information needs more protection.

U.N. Official Calls for 'Drastic' Reform of Financial System

"The international financial system requires "drastic" reform if future crises are to be avoided, including more regional initiatives to tackle misaligned exchange rates and the wider use of capital controls, the head of a United Nations agency said."

Annie's take:

As far as I can recall, here is the first real call for global financial reform.

New counterterrorism guidelines permit data on U.S. citizens to be held longer

"The Obama administration has approved guidelines that allow counterterrorism officials to lengthen the period of time they retain information about U.S. residents, even if they have no known connection to terrorism."

Annie's take:

These guidelines have evidently been in effect for over a year already without being formalized. What do you think?

On Wall St., Keeping a Tight Rein on Twitter

“Next stop Dow 57,757? Don’t count on it but Tuesday’s bullish session is in the books.”

Annie's take:

Social media -- and Twitter in particular -- have the potential to influence and drive change. This article discusses some of the consequences to employers who work in a regulated environment when their employees use Twitter.

Worry About the Hackers You Don't See

"No one who has seen it forgets the "Twilight Zone" episode about a town in Ohio that lives in terror of a 6-year-old born with godlike powers."

Annie's take:

Glorification comes in many forms.

Survey finds that small businesses ignore risks of data protection on mobile devices

"Mozy has released the results of a data protection survey which was produced by Mozy and independent market research firm Compass Partners. This found that an increasing number of professionals (80 percent) work remotely and rely on personal devices such as smartphones (63 percent), iPads (30 percent) and laptops (80 percent) to access company data."

Annie's take:

Mozy's survey is useful for a number of reasons. Though small businesses are the focus of the survey, I would guess the same level of carelessness applies to users from large businesses who are working remotely. Even so, the numbers warrant some training around this issue.

U.S. accelerating cyberweapon research

"The Pentagon is accelerating efforts to develop a new generation of cyberweapons capable of disrupting enemy military networks even when those networks are not connected to the Internet, according to current and former U.S. officials."

Annie's take:

It appears that funds and focus are now being applied to the area of cyberweapons, years after Richard Clarke's book "Against All Enemies," which set out to explain just how far behind we are.

Google in New Privacy Probes

"Regulators in the U.S. and European Union are investigating Google Inc. GOOG +0.83% for bypassing the privacy settings of millions of users of Apple Inc.'s AAPL -0.69% Safari Web browser, according to people familiar with the investigations. Google stopped the practice last month after being contacted by The Wall Street Journal."

Annie's take:

For more background on Google's privacy challenges, see Andrew Hansen's research note in our March ASA newsletter. This appears to be one of the few instances where both U.S. and European regulators are on the same page.

Public Rebuke of Culture at Goldman Opens Debate

"Until early Wednesday morning, Greg Smith was a largely anonymous 33-year-old midlevel executive at Goldman Sachs in London."

Annie's take:

For those who did not read the opinion piece in the New York TImes yesterday by former Goldman Sachs executive director Greg Smith, here's an update as well as early reaction to the piece.

New Interest in Hacking as Threat to Security

"During the five-month period between October and February, there were 86 reported attacks on computer systems in the United States that control critical infrastructure, factories and databases, according to the Department of Homeland Security, compared with 11 over the same period a year ago."

Annie's take:

The gaps in security controls around critical infrastructure is becoming the focus of media and of Congress, with legislation of several types being introduced. We'll keep tracking this isue.

Asleep at the Controls

A searing indictment of the Nuclear Regulatory Commission, especially in light of the failures in Japan a year ago. We all need to pay attention to whether or not anything changes going forward.

Annie's take:

The Nuclear Regulatory Commission has a job to perform in this country as well as around the world. This column indicates that a higher level of practice and service is required.

February’s major disasters

"Impact Forecasting, a division of Aon Benfield, has published its monthly summary of major disasters around the world."

Annie's take:

There's nothing like a report like this to put the last month into perspective. We tend to focus on the disasters that we hear most about. Look at all those of which we were only vaguely aware.


Solar storms ramp up, take aim at Earth

"Since Sunday, the sun has launched a barrage of flares, particle radiation and blobs of plasma that have disrupted some radio communications and forced airlines to reroute northern flights."

Annie's take:

We don't often manage risk around magnetic fields, but here we are again in less than six months. The disruptions, if any, will probably be felt only in discrete instances. But it's a good reminder that the world is larger than the single places we inhabit.

The Inner-Workings Of A Radiological Response Plan

"Last year’s earthquake, tsunami and subsequent partial meltdown of two reactors at the Fukushima Dai-ichi nuclear plant presented numerous challenges for U.S. organizations with employees, facilities or critical suppliers in Japan."

Annie's take:

This is an article well worth saving. In it, Goodyear shares with us the risk based approach they took to putting together plans for event management around a nuclear disaster.

RSA 2012: FBI Chief Touts Partnerships in Cybercrime Fight

"FBI Director Robert S. Mueller believes public-private collaboration is crucial to protect America from cyberattacks — a threat he thinks could become bigger than terrorism itself."

Annie's take:

Of all the government agencies that spend time on Internet-related issues, the FBI has turned out to be one of the most vital partners to the private sector.

The Mission Risk Diagnostic Method

"Although most programs and organizations use risk management when developing and operating software-reliant systems, preventable failures continue to occur at an alarming rate."

Annie's take:

This new Carnegie Mellon paper takes us further down the road to understanding how to identify and mitigate operational risk.

Google’s New Privacy Policy: What to Do

"Google started its unified privacy policy on Thursday.

The company has been telling users of its services — search, YouTube, Gmail, Google Maps and Google Docs, among others — that information it collects about users will be compiled in a single dossier for its use."

Annie's take:

For those who meant to do this before Google's new privacy policy went into effect in the United States yesterday, here are the steps you need to take.