RSS subscription

Recent commentary
Skip Navigation Links.
Collapse 20152015
Collapse JulyJuly
Why the fear over ubiquitous data encryption is overblown
Hackers Trick Email Systems Into Wiring Them Large Sums
OPM hackers are more likely to get counterintelligence action than criminal charges, report says
F.B.I. Emphasizes Speed as ISIS Exhorts Individuals to Attack
Deregulator of Banks Set to Testify Before House
U.S. Fears Data Stolen by Chinese Hacker Could Identify Spies
VA whistleblowers, punished for revealing excessive opiate use and infestation, are finally exonerated
New bill strengthens DHS role in federal cybersecurity
Banks’ New Messaging Startup Gets Questions from Regulator
Data Breach at UCLA Health Exposes 4.5 Million People's Personal Information
Fed Lifts Capital Requirements for Banks
Lack of digital talent adds to cybersecurity problems
U.S. vs. Hackers: Still Lopsided Despite Years of Warnings and a Recent Push
N.S.A. Summer Camp: More Hacking Than Hiking
Federal personnel files still very vulnerable and ‘prime targets’ for hackers, audit finds
Darkode computer hacking forum shuts after investigation spanning 20 countries
TSA tightens security amid discovery of airport gun smugglers
It’s not just OPM: Cybersecurity across the federal government is pretty awful
A Whole New World of Data Breaches Leads to More Risks
This is why the government keeps getting hacked
FBI: Breakdown in background check system allowed Dylann Roof to buy gun
Hacks of OPM databases compromised 22.1 million people, federal authorities say
China's draft cybersecurity law could up censorship, irk business
10 Years After London Bombings, Warnings of a Greater Threat
Code Specialists Oppose U.S. and British Government Access to Encrypted Communication
The OPM cyberattack was a breach too far
The ‘new’ type of war that finally has the Pentagon’s attention
On this July 4th, the task of maintaining a united nation remains
Jitters in Tech World Over New Chinese Security Law
BP to Pay $18.7 Billion for Deepwater Horizon Oil Spill
Surveillance Court Rules That N.S.A. Can Resume Bulk Data Collection
Expand JuneJune
Expand MayMay
Expand AprilApril
Expand MarchMarch
Expand FebruaryFebruary
Expand JanuaryJanuary

Risk News

6/29/2012
Social media and incident management: making things easier

"Social media tools such as Twitter and Facebook are rapidly gaining acceptance as useful tools in the armoury of the incident manager".

Annie's take:

I learned a lot reading this article, which describes various tools available for incident managers (or the rest of us) to monitor breaking news on platforms like Twitter.

6/28/2012
JPMorgan Trading Loss May Reach $9 Billion

"Losses on JPMorgan Chase’s bungled trade could total as much as $9 billion, far exceeding earlier public estimates, according to people who have been briefed on the situation."

Annie's take:

Jamie Dimon has moved his strongest managers in to work through what went wrong in the Chief Investment Office and to unwind the rest of the position. He's been in worse spots before -- I'm just finishing "Last Man Standing" -- and I'm betting Chase will come through this a stronger company.

6/27/2012
FTC sues Wyndham Hotels over hacker breaches

"Lax corporate security allowed hackers to steal credit card and other personal information from more than 600,000 customers of Wyndham Worldwide hotels, resulting in at least $10.6 million in fraudulent charges, the Federal Trade Commission alleged in a lawsuit Tuesday."

Annie's take:

I've just made a note not to stay in Wyndham Hotels. This is a massive number of breaches for any one institution to have over an extended period of time.

6/26/2012
Heat-Driven Wildfires Continue to Consume the West

"Already choking through one of the worst wildfire seasons in recent memory, Colorado found itself dealing with a new series of blazes this week, driven by a relentless heat wave that has threatened to further fan the flames."

Annie's take:

The state of Colorado has been punished by wildfires for at least a month, and they appear to be increasing now. Experts say they have arrived a month early, which leads one to wonder what the months of July and August will look like.

6/25/2012
Lessons Learned From The Social Media Tabletop Exercise

"Today, within minutes of a disaster, the public begins to self-manage response via Facebook, Twitter, Open Street Map, and other social media systems."

Annie's take:

From the report, this looks to have been a terrific exercise. I especially like the recommendations in the article.

6/22/2012
Moody’s Cuts Credit Ratings of 15 Big Banks

"Already grappling with weak profits and global economic turmoil, 15 major banks were hit with credit downgrades on Thursday that could do more damage to their bottom lines and further unsettle equity markets."

Annie's take:

It remains to be seen just how impactful this downgrade will be.

6/21/2012
EBay Plans Data Center That Will Run on Alternative Energy Fuel Cells

"EBay plans to build a data center to handle its billions of dollars in retail transactions that will draw its power from alternative energy fuel cells rather than the national power grid, which is heavily dependent on coal plants."

Annie's take:

Hats off to EBay!

6/20/2012
Dimon, Testifying Before House, Stays on Message

"Jamie Dimon, the chief executive of JPMorgan Chase, tussled with lawmakers on Tuesday in his second showdown in Washington since JPMorgan, the nation’s largest bank, disclosed a multibillion-dollar trading loss."

Annie's take:

Now that Jamie Dimon has completed testimony in front of both the House of Representatives and the Senate, regulators will once again attempt to fine tune both Dodd-Frank and the Volcker Rule. Though the questions were tougher yesterday for Dimon, the fact remains that JPMorgan Chase has a well-oiled lobbying machine in place.

6/19/2012
Public Cloud or Private? Banks Map a Path Towards Both

"Most banks know about the cloud, and many have even started to develop limited private clouds, leveraging the massive computing power of their internal data centers."

Annie's take:

An inside look at how two large banks are slowly evolving their cloud strategies.

6/18/2012
Anthrax alert system at risk as cost estimate hits $5.7 billion

"Funding for BioWatch, an early warning system to detect deadly pathogens in 30 U.S. cities, may be in jeopardy after cost estimates surged to $5.7 billion, six times the initial assessment."

Annie's take:

The costs seemed to have escalated rapidly over the past several years. Is this still a good investment in risk management?

6/15/2012
Choosing a successful crisis management team leader

"Your organization has spent considerable resources preparing for disruptive events, and now a crisis is looming."

Annie's take:

It's not easy to pick out the essential characteristics of members of a crisis managment team, or even of the team leader. I like this summary of characteristics. For another view, see my own article on parallel topics in Continuity Insights.

6/14/2012
Real-Time Public Health Data Improves Situational Awareness

"When an ice storm hit Austin, Texas, in February 2011, Judy Henry decided it was time to provide real-time public health data to officials in the EOC. "

Annie's take:

The public health field continues to lead the way in situational awareness tools

6/13/2012
U.S. Penalizes Online Company in Sale of Personal Data

"The Federal Trade Commission assessed an $800,000 penalty on Tuesday against Spokeo, a data collector that the commission said violated federal law by compiling and selling people’s personal information for use by potential employers in screening job applicants."

Annie's take:

Background screenings are among the most complicated tools used by corporate recruiters. This case should set some precedent in the online arena.

6/12/2012
J.P. Morgan Knew of Risks

"Some top J.P. Morgan Chase JPM -0.02% & Co. executives and directors were alerted to risky practices by a team of London-based traders two years before that group's botched bets cost the bank more than $2 billion, according to people familiar with the situation."

Annie's take:

JPMorgan Chase CEO Jamie Dimon testifies in front of Congress tomorrow. This article, written by three of the Wall Street Journal's best reporters, will complicate his testimony. Chase leadership clearly did not execute well on advice and concurrence it had on strategy to reduce these large positions.

6/11/2012
JP Morgan Chase Example Suggests That We Hasten Regulatory Reform

"The month of May was the beginning of what the oil business would call “a big gusher.” "

Annie's take:

I have not asked for addional regulation, but rather to consider what is necessary. Regulatory reform might in fact reduce some of the current regulation.

6/8/2012
In a Trustee’s Report, Some Light on MF Global’s Actions

"If the collapse of the commodities brokerage firm MF Global were a murder mystery, the revelation that $1.6 billion of customer money had disappeared would be the equivalent of finding the corpse."

Annie's take:

Along with Floyd Norris' searing explanation and indictment of GAAP in his column this morning, this article shows why there is still so much to be cleaned up in the world of banking and finance.

6/7/2012
LinkedIn Was Breached. Now What Do You Do?

"Security researchers have confirmed that a file containing 6.5 million encoded LinkedIn passwords has been posted to a Russian hacker site."

Annie's take:

The answer to the question in the headline is simple: change your password now. And, as the article points out, no matter how convenient it may seem in our stressed world, don't use the same password across multiple sites.

6/6/2012
Google to alert users about state-sponsored cyberattacks

"Google said Tuesday that the company will alert its users when it thinks they may be the target of a state-sponsored cyberattack."

Annie's take:

There's no doubt that this is a big play, and probably an enormous service, being provided by Google. It's worth remembering, though, that in order to provide the service they have tools other companies can only dream of.

6/4/2012
Cyber search engine Shodan exposes industrial control systems to new risks

"It began as a hobby for a ­teenage computer programmer named John Matherly, who wondered how much he could learn about devices linked to the Internet. "

Annie's take:

Neither public nor private sector owners of infrastructure exposed by Shodan are going to be very happy about this article, but it is probably the only way that such critical infrastructure will become more secure.

6/1/2012
Corporate Culture as Ethical Firewall

"There are rarely yelling matches in business ethics."

Annie's take:

It's a pleasure to reprint this thought piece from former colleague James Meacham, who has been writing about business ethics for at least ten years.