ASA's Research Notes speak to the new world of operational risk management. Each research note is designed to provide executives and experts with commentary on single risk topics or events in a short, digestible format. If you are interested in submitting a research note, please review our guidelines closely.
We are in the process of loading PDFs for each of the research notes to this site. If you need one before we have completed our work, please email us for a copy. If you are interested in more than one research note, then all four volumes in the Reflections on Risk series are available on Amazon, with the fifth volume to be published shortly.
2019 Research Notes:
The Implications to the Lack of Ethical Conduct (PDF): Julia Summers explores the growing imperative to define the social and ethical responsibilities that are emerging as advanced technologies are becoming ubiquitous tools in our daily lives. The author examines the ethical practices of International Business Machines (IBM) Corporation throughout the years and across the world, and evaluates the reputational and security implications of company’s past and present decision-making patterns within this context.
The Dubious Merits of Meritocracy (PDF): Melanie Keane discusses the prevalence and impact of the social norm of meritocracy in a variety of social contexts, including the workplace and in the criminal justice system. The paper explores the substantial body of research that reveals how meritocracy is associated with increased acceptance of inequality as well as negative attitudes.
Operational Risks in Healthcare IT (PDF): Elizabeth Crooks discusses the operational risks related to information technology (IT) within the Healthcare and Public Health sector. This critical infrastructure sector’s faces particularly challenging risks due to its size, its diversity of organizations, and its inherently open-to-the-public nature. The analysis examines common operational risks that face both the public and private sides of the healthcare IT subsector across all dimensions of operational risk - people, processes, systems, and external events.
Empowering Students to Prevent School Shootings (PDF): Phoebe Keleman discusses the uniquely American epidemic of gun violence – specifically mass shootings – currently occurring in schools. The author believes that regardless of the cause, a new approach needs to be taken for risk mitigation and prevention within the current context. The recommendations include suggestions for how students can work together with their teachers and administrators to help prevent school shootings.
The Worst Sexual Abuse Scandal in Athletics (PDF): Malory Rose discusses how Dr. Larry Nassar was able to sexually abuse hundreds of underage athletes for over twenty years while under the failed oversight of two organizations. The safety and risk mitigation systems - and the individuals who were responsible for implementing them - failed these athletes. There are lessons to be learned in order to prevent similar abuse from happening in the future.
Operational Risk Challenges for the CDC (PDF): Elizabeth Crooks discusses the major operational risks facing the Centers for Disease Control and Prevention (CDC) – threats of funding cuts, and the impact of political appointments and whims.
Risks within Tesla (PDF): Blake Franzen discusses the growing areas of risk within the progressive automaker industry, of which Tesla and Elon Musk have become synonymous household names. As Tesla has grown, production goals have increased, and their customer base expanded, numerous allegations and control failures within the company have increased the levels of risk within the company.
#DeleteUber (PDF): Lee Segal discusses how the disruptive and once innovation company Uber has continued its downward spiral, with a growing number of stories emerging of executives making unethical decisions that will have lasting consequences for the company’s reputation and bottom-line.
Evaluating the Risks to the National Football League (PDF): Lukas Guericke discusses the various types of risks that the National Football League (NFL) faces, not only its unique risks to its players and fans, but those that stem from the vast number of employees who have built careers around the operations and broadcast of American football. The author evaluates the risk landscape, including the safety of players, the risks arising from player conduct, and the risks of cyber and physical attacks.
2018 Research Notes:
Facebook and Google Data, Privacy and Transparency (PDF): Catherine Bahn discusses how Facebook and Google began to prepare for compliance with the European Union’s General Data Protection Regulation, which began to be enforced in May 2018. The purpose of this new legislation is to “harmonize data privacy laws across Europe”; however, the implications are likely to reach beyond the geopolitical borders of Europe and change the direction of corporate transparency. Facebook and Google have the opportunity to be leaders in building dynamic corporate transparency and considering new economic models with the vast amount of customer data they have and will continue to gather.
The State Department's Leadership Vacuum (PDF): Elizabeth Crooks discusses the implications of President Donald Trump and Secretary of State Rex Tillerson's key goals of reducing the size of the State Department. The resulting organizational and operational changes have both created a leadership vacuum and greatly increased the risks associated with potential process and control failures.
The Internet of Things: A Dark Precursor (PDF): Kyle McNulty explores the growing risks associated with the spreading web of internet-enabled devices across consumers’ lives. The explosive proliferation of Internet-connected devices has resulted from rapid progress in technology and expanding demand for internet-connected capabilities from consumers. However, this technological advancement and consumer behavior has also created a significant vulnerability: cybersecurity. The current risks associated with the Internet of Things will only have more serious consequences if left unaddressed..
Operational Risk Challenges to the U.S. Election Infrastructure (PDF): Jeff Leonard discusses the risks to the most recently identified critical infrastructure sector, election infrastructure (the facilities, technologies, people, processes, political parties, and legal frameworks required to conduct elections). This paper examines the risks, and identifies a system design, the technologies, and an operational architecture that would mitigates the risks to which modern election processes are currently exposed.
Information Security in the Rise of E-Commerce (PDF): Miranda Lin discusses the rising risks associated with the popularity and frequency of online shopping (also referred to as e-commerce) rises across the globe, companies selling products and services online are also gathering, storing, and processing an increasingly massive collection of financial and personal information on their customers. In order to ward off hackers attempting to access this sensitive data, effective management of information security is increasingly important to prevent cyber-attacks.
Risks of Fake News to the American Democracy (PDF): Lukas Guericke discusses the toxic spread of “fake news” into the landscape of legitimate news organizations, and the rising tide of associated risks to government, news organizations, and ultimately each individual citizen. “Fake News” is not simply an inconvenience or insult; it is a threat to the access of U.S. citizens to accurate information, and the fundamental protections a free and independent press provides to a democratic society.
The Black Swan by the Festival (PDF): Emily Ye discusses the operational risks revealed by the outlier event of the Las Vegas shooting in October 2017 where 58 people were killed and more than 500 people were injured. Black swan events - an extreme outlier that is almost impossible to prepare for – such as this shooting reveal their unique risks typically only after the event has happened. The Las Vegas shooting has resulted in discussions on event, public-space, and hotel security; this paper identifies some possible recommendations in order to address these risks.
Privacy in the Age of Big Data (PDF): Zhuo Shan discusses discusses the various elements surrounding the topic of privacy, particularly in relation to the ever-expanding field of “big data. The content includes a high-level examination of various techniques used to collect users’ data and the associated risks for enterprises and individuals, as well as at the applicable government regulations and laws. The discussion concludes with a presentation of possible risk mitigation recommendations.
Life-Critical Applications and Serverless Computing: Developer Usability vs. Public Risk in AWS Lambda (PDF): Kate Schenot discusses the risk arising from the emerging intersection of public safety, emergency response technology, the Internet of Things, and computerless servers such as Amazon Web Services' Lambda. The critical question is: When a product such as Lambda poses such powerful possibilities in the public sphere, at what point is developers’ ease-of-use a liability for the people?
The Airline Industry’s Internet of Things Risks (PDF): Kyle Simpson discusses the Internet of Things (IoT) and the airline industry's unusually slow implementation of IoT applications. In defense of this caution, the paper outlines some potential areas of innovation leveraging the IoT for the airline industry, while highlighting the corresponding risks.
Understanding the SEC’s Inadequate Internal Controls (PDF): Miranda Lin discusses recent risk-related incidents at the U.S. Securities and Exchange Commission (SEC), and the apparent lack of adequate internal controls enforced within the organization. The author identifies some of the possible improvements to be made to the SEC’s internal controls environment regarding their people, process, and systems.
Effective Global Incident Response (PDF): Bruno Langevin discusses some of the critical elements of our increasingly global corporate community, and the additional complexities of incident management across global geographies and cultures. In response to these complexities, the author identifies how companies can better prepare for and manage risk programs at the international level, which require additional awareness and adjustments in order to be successful.
2017 Research Notes:
Arrayent’s Inherent Risks (PDF): Kyle Simpson discusses the operational risks of Arrayent, an Internet of Things (IoT) cloud service company that manages dozens of large companies including Whirlpool, Maytag, Liftmaster, and Febreeze. This paper examines these potential risks, and then makes recommendations for risk mitigation and best practices.
Risks Associated with “Bring Your Own Device” in a Government Agency (PDF): Beth Hutchens explores the practice of “bring your own device” (BYOD), specifically within the public sector. Permitting employees to use their personal technological devices (such as smartphones, laptop computers, and tablet PCs) has been an increasingly popular option within organizations. However, there are significant risks associated with the practice, including legal liability, regulatory scrutiny, data exposure, increased costs and expenses, and potential brand and reputation damage.
An Open Letter to Librarians: Ethical Imperatives in Post-truth America (PDF): Alexander George discusses the growing challenge that librarians face due to inaccurate, misleading, and flat-out false news (“fake news”), which is also creating new issues for our democratic societies in the age of 24-hour, instantly accessible, and always-changing news. The author explores the question of a librarian’s ethical responsibilities related to fake news, and the implications for our society.
Smart Homes: Evaluating Risks and Being Smart in the SmartHome Revolution (PDF): Mikhail Savvateev discusses the emerging risks associated with the “Smart Home” technological advances that are becoming increasingly ubiquitous across the human experience. The author examines how these new technologies have created new security and other technological system risks, and provides some suggestions for industry participants.
Shadow IT and Organizational Risks (PDF): Nicholas Montgomery discusses the rising prevalence of and risks associate with shadow IT - the use of unauthorized devices, software, and services - on organizations. After examining these risks, the author goes on to identify recommendations to help prevent shadow IT and allow organizations to enable business units to be able to make smarter purchases.
Uber Recovery (PDF): Joe Pollock discusses how Uber’s success in disrupting the transportation industry has not prevented the decay of the company’s internal culture and resulting risks to its future success. The author examines how an enterprise risk management plan could be developed by utilizing the COSO framework. Uber will need to implement immediate, drastic, and widespread changes to shift the direction of the company’s future.
Delta Airline’s Power Outage Risk Analysis (PDF): Sukhman Tiwana discusses the power outage that sent shockwaves through Delta Airline’s operations in August 2016 for multiple days, resulting in significant financial and reputational losses. The crisis revealed some underlying system and operational weaknesses. The author examines some of the potential steps Delta can take to reduce risks and improve future operations.
Privacy and Security: The Largest Data Breach in the History of the Internet (PDF): Dominik Żmuda discusses the risks and fallout associated with Yahoo announcing in September 2016 that in late 2014, data associated with more than 500 million user accounts had been stolen. Virtually all possible events associated with risk exposure arose from the biggest data breach in the history of the Internet.
Organizational Risk of Bring Your Own Devices (BYOD) (PDF): Evan Cottingham discusses the rapidly evolving, business-critical issue of “Bring Your Own Device” (BYOD) programs, and the considerations and risks applicable across organizations in all sectors. While the benefits of BYOD programs are clear, the associated risks are clearly documented as well, and must be taken into consideration by any organization considering implementing or with an existing BYOD program.
Understanding the Risks in the Indian Automobile Manufacturing Sector (PDF): Jyotsna Saxena discusses the history and current environment of the automobile-manufacturing sector in India. The analysis begins by providing the historical and cultural context necessary for identifying and understanding the key risks to the sector in both the public and private sectors. Building upon this knowledge, the author explores some of the potential solutions aimed at improving both domestic and international confidence in this key sector, which is a dominant contributor to the country’s economic output.
Cell Site Location Information And Fourth Amendment Protection (PDF): Brian Stanley delves into an in-depth look at implications of government access to and use of cell site location information (CSLI), and the implication for citizens' fourth amendment protection. In 2017, the U.S. Supreme Court will review of Carpenter vs. United States, which argues that CSLI should be protected under the Fourth Amendment.
The Harmonious Blend of Policy and Technology: The Need for an IoT Compliance Framework (PDF): Andy Herman discusses the rising concerns associated with the Internet of Things, and the lack of a comprehensive cybersecurity compliance framework. The rising number of internet-connected devices has created increasing number of cybersecurity risks, as network of devices are hijacked for malicious purposes.
Paying for a Rundown U.S. Surface Transportation System (PDF): Ermenejildo 'Meadow' Rodriguez Jr. discusses the looming financial difficulties facing the U.S. transportation sector, and the glaring lack of a long-term plan to pay for damaged or dilapidated roads, highways, bridges, and tunnels. The paper looks at the risks associated with the U.S. surface transportation system, and financing its improvement within the public and private realms.
Energy Sector Risk Assessment (PDF): Colin Andrade identifies and discusses the key risks the U.S. government and private energy-related corporations face within the Energy Sector. Specifically, the author examines the current risk strategies and controls within the Energy Sector, and then concludes with recommendations about how key stakeholders can improve resiliency.
Development and Technology: How Does the Right to Information and the Spread of ICT Affect Global Society? (PDF): Keith Snodgrass discusses how the framing of the United Nation’s eight Millennium Development Goal, particularly within the context of information and communications technology. The author examines some potential shortcomings of some of these approaches, and how pursuit of these development goals fits within wider efforts to achieve economic development in the poorer parts of the world.
2016 Research Notes:
Mandatory Cybersecurity Risk Management Framework in Healthcare Sector (PDF): Andy Herman discusses the gap in the current healthcare cybersecurity approach – that there is no mandatory risk management framework for healthcare organizations. The author suggests introducing a mandatory implementation of a full cybersecurity framework with monitoring systems before receiving the incentives guaranteed by the meaningful use clause associated with electronic health records.
Food for Energy or Energy for Food: A Chemical Dependency (PDF): Jeffrey Seward explores the risks and the long-term impact of the Oil and Gas Sector on the Food and Agriculture Sector. Agriculture needs the Oil and Gas Sector in order to produce at current levels. If oil and gas were eliminated overnight, our very ability to produce food crops would be gone along with it. One of the most important risks to look at is need to eat versus need consume oil and gas.
New Age of Cybersecurity: Rethink Cybersecurity Strategies and Implementation (PDF): Cory Shyu discusses how the Internet of Things (IoT) has transformed the technology sector profoundly. While companies are rushing to reap benefits from increased productivity and automation by adopting more agile technology solutions, privacy and security issues have risen at an alarming rate. The author addresses the key areas in which companies should rethink cybersecurity strategies and develop appropriate roadmaps to achieve security objectives.
Hypervigilance and the Digital Age (PDF): Matthew Welden discusses the development of a hypervigilant culture within the U.S., with attention-grabbing low-frequency incidents overshadowing the far deadlier but less sensational every day risks. While we now live in a modern world where people are living longer, free-er, and richer than ever before, more of us have become captives of fear. The author defines the condition of hypervigilance, illustrates the condition with historical examples, and then offers some solutions to the condition and ethical arguments for their consideration.
American Dams: Risk Analysis & Recommendations (PDF): Courtney Harris examines dams across the U.S and the risks they impose on the American people. In particular, this paper focuses on the increasing threats to the sector from inconsistent governance, lacking emergency action plans, and growing concerns about the environmental and cultural impact of dams.
Domestic Spheres or Universal Values, & The Future of Internet Governance (PDF): Adam Lewis reviews the actions of major Internet communications companies in China and identifies the ethical framework each has applied while operating in the Chinese market. Specifically, the framework outlined by Michael Quinn in Ethics for the Information Age.
The American Health Care System (PDF): Divya Kothari delves into the complex and most recent evolution of the American Health Care system, and the subsequently evolving risks associated with the Patient Protection and Affordable Care Act of 2010. The growing complexities of this critical sector have added to the existing risks of an already complicated landscape.
Dam Operational Risk (PDF): Iisaaksiichaa Ross Braine examines the U.S. Dams Sector, and identifies potential control failures and identifies the best path for mitigation, specifically in terms of energy. The author uses internal audits of the Homeland Security system, combined with best practices pulled from both the “Dams Sector-Specific Plan” and “Operational Risk Management” written by Philippa X. Girling. Iisaaksiichaa discusses potential solutions and illustrates the steps the Dams Sector could take in order to shore up cyber defenses.
The Big Bad NSA: A Risk Based Analysis of Domestic Spying Practices (PDF): Jared Williams discusses the major risks around government domestic surveillance programs, particularly the U.S. National Security Agency (NSA). While domestic surveillance is not a new practice by governments, technological innovations have changed the game.
Cybersecurity in the U.S. Private Security (PDF): Mark Tchao discusses how incentivizing companies to invest in top cybersecurity measures in the profit-driven market continues to be a challenge. Government compliance can be illusory, but without decisive changes in the landscape of matters, things may only get worse.
Desperate Times Call For the Birth of the ICC (PDF): Ayush Soni dives into the historical background of the creation of the International Criminal Court, and then evaluates the political impact, if any, that the ICC has on U.S. domestic law. Because citizens look to a judiciary body to implement and interpret rulings, this paper also includes details from court cases that have been adjudicated at the ICC.
Ashley Madison and Managing a Risky Business (PDF): Kevin Rawls discusses some of the heightened levels of internal and external risks faced by a business that operates in a legally sound but morally compromised space.The website AshleyMadison.com is a now notorious website built around enabling married people to have extramarital affairs, that in 2015 experienced a very severe data breach of its customers’ data.
2015 Research Notes:
Can the U.S. Treasury Keep Your Money Safe? (PDF): Michael Callier discusses the U.S. Treasury's role in strengthening the security and resilience of the U.S. financial services sector. This paper analyzes the rising risks of cyber-attacks, amplified by resistance to incident information sharing and the lack of third-party vendor cyber controls, and the appropriate risk management strategies.
The Runaway Train (PDF): Kenny Lee discusses the oil boom in America and the extensive use of tank-car trains to transport crude oil, and how this has ushered into an era. Oil-train derailments and the resulting spills have skyrocketed 900 percent in just two years from 2010 to 2012. At the heart of the problem is the common tank cars used by freight train companies known as DOT-111.
Artificial Intelligence as a Weapon (PDF): Jorge Borunda discusses some of the concerns that are on the horizon around the development, implementation, and regulation of autonomous weapon systems. When it comes to military artificial intelligence, Lethal Autonomous Weapons Systems (LAWS) select and engage targets without human intervention. Borunda identifies the concerns that have been raised about the lack of regulations around how these new technologies will be used, as well as a lack of standards and methodologies.
The Digital Divide: Policies, Programs, and Public Education (PDF): Kristine Tomasovic Nelson discusses the efforts made to close the digital divide, an issue now recognized as a more nuanced phenomenon. While more individuals can access the Internet, many lack the motivation, skill, or guidance necessary to use these technologies productively. Within the education realm in particular, policies and programs are working to address this new digital divide but have much work to do.
Social Media and Terrorism (PDF): Kenny Lee examines the exploitation of the power of social media by terrorists in disseminating propaganda and recruitment, and explores the implications of the possibility of keeping the terrorists out of social media through the lens of the law and ethic.
Open Source Policies for Commercial Software Companies (PDF): Mike Kelly discusses the idea that private companies should have an open source software policy in place if they are using free third-party software to produce their own proprietary software for sale or as part of a paid service.
With a Nod and a Shrug: A Flawed Switch and Failures at General Motors and the National Highway Traffic and Safety Association (PDF): Kristine Tomasovic Nelson discusses the faulty ignition switch designed into General Motors’ vehicles that led to thirteen deaths and dozens of accidents.
Quis Custodiet Ipsos Custodes? Operational Risk within the GAO (PDF): Andrew Magnuson discusses how the Government Accountability Office (GAO) has the heavy burden of auditing all use of government funds, but its unique position within the legislative branch leads to some specific, and hard-to-address, operational risks. How can the government both preserve the GAO’s independence and ensure its accuracy and reliability?
Who Needs ID: DNA-fication in the Modern World (PDF): Malavika Ravi discusses the latest battle in the war between privacy and security, this time within the context of genomic information.
Anonymity on the Internet: A Tool for Tyranny? (PDF): Kristine Tomasovic Nelson discusses the challenges of anonymity on the internet, and how the hosts and moderators of internet forums have struggled to protect both the principle of anonymity and victims of its abuse.
The Law: The Right to be Forgotten (PDF): Heather M. Brammer discusses the recent law enacted in Europe, the Right to be Forgotten. The new legislation has raised questions regarding free speech, censorship and legality.
The Conflict of Privacy and Disclosure Law (PDF): Matthew Christian discusses the complex issues surrounding data collection and subsequent privacy issues. In particular, the paper explores the issues surrounding data collection by government agencies and public disclosure laws.
2014 Research Notes:
Astroturfing: 21st Century False Advertising (PDF): Katharine Gallagher discusses how government policies, the law, and individual ethical decision-making can collectively help to make online review sites more reliable for consumers.
Patient Lives In Our [Robotic] Hands: Risks and Implications of Robotic Surgery (PDF): Brooke R. Brisbois explores the risks associated with robotic surgery, as faced by both public and private sector organizations, including patient harm, legal liability and technical challenges.
Privacy Policies and Public Awareness in the Healthcare Industry (PDF): Katharine Gallagher discusses privacy policies in the healthcare sector, particularly as related to how patient personal information is being stored, used, and shared with third parties. Consumers are increasingly concerned with how organizations are protecting personal data.
Innovation and Litigation (PDF): Uma Joshi provides an overview of intellectual property perspectives in literature, and contributes a focused discussion of the landmark Apple vs. Samsung patent trial of 2011.
Not So Smart: Smart Grid and Cybersecurity Challenges of the Department of Energy (PDF): Brooke R. Brisbois explores the challenges faced by the Department of Energy with regard to smart grid technology and cybersecurity. In particular, discusses policy issues surrounding these problems.
Bottling Trouble Waters (PDF): John Cann discusses the the vital role water and wastewater infrastructure plays in any society, and the relationship between public and private sectors in the role of managing water-related resources.
3D Printing and the Future of Intellectual Property (PDF): Carolyn Tweedy provides a brief background of 3D printing, and contributes a focused discussion of the implications of 3D printing technologies in the world of information management and intellectual property, specifically copyright and patent laws and the development of policies to govern this burgeoning domain.
Importance of Compliance, Regulations, and Ethics in the wake of Korean Ferry accident(PDF): Divya Yadav highlights loopholes in the very successful South Korea’s shipping industry and discusses some of these issues in detail in the context of this tragic maritime disaster.
Disappearance of Malaysian Airlines Flight MH 370 (PDF): Divya Yadav discusses some of the social and political issues surrounding the disappearance and what takeaways can be gleaned from the tragedy to better understand similar incidents in the future.
The Future of Bitcoin (PDF): Divya Yadav talks about the impact and future of digital currency in the changing economic landscape.
The Olympics- Impact on Security, Economy and Culture (PDF): Divya Yadav talks about the Winter Olympics at Sochi and the economic, social and cultural impact of the Olympics.
Impact of Data Breaches (PDF): Divya Yadav talks about the business impact of data breaches and what can organizations do to safeguard themselves from this pervasive problem.
2013 Research Notes:
Typhoon Haiyan and Disaster Preparedness (PDF): This research note talks about disaster preparedness strategies in remote areas who don't have access to latest technologies, crisis management resources and pre-positioned relief supply.
Managing Third Party Risks (PDF): This research note talks about how third party risks are emerging with the constantly evolving regulatory environment for business.
Technology Risk and Business Impact (PDF): The research note talks about the dependency of critical businesses on IT and highlights this impact on the healthcare.gov website.
Risk Themes for America's Defense Industrial Base Sector (PDF): This research note outlines three major categorical risk themes and includes assessments and treatment suggestions for each category.
Pandemic Risk Assessment (PDF): Examines influenza as more than simple flu-like symptoms. It conducts a risk assessment that is difficult due to the constantly mutating nature of influenza virus. In order to assess potential risk, organizations must constantly monitor patient data on local, state, national, and worldwide levels. Compilation of data and coordinated responses are necessary to prevent spread of the virus and develop vaccines. Additionally private sectors must coordinate effort with public sectors.
Money From Nothing: The Socioeconomic Implications of "Cyber-currencies" (PDF): Holistically examines the phenomena of "cyber-currencies" by delineating the primary types currently in circulation, identifying the risks associated with each, and ultimately providing a high-level risk assessment of the overall landscape.
Risks in Digital Identity After Death(PDF): Explores the new risks regarding the ethics, legality and privacy of an individual's digital identity after their death.
The Mobile Banking Phenomenon (PDF): Discusses the rising trend in mobile banking, the risks that mobile users should be aware of and how to securely use mobile banking.
Department of Veterans Affairs - Current Challenges, Risks and Mitigation Strategies (PDF): Discusses the current challenges facing the Department of Veterans Affairs with their claim backlog and their transition to a new online Veterans benefit management system.
Bridging the Digital Divide - The African Condition (PDF): Reviews the key tenets of the African Manifesto for Science, Technology, and Innovation and seeks to augment it further by offering concepts with which the foundational impediments preventing the continent from bridging the digital divide can be overcome.
Virtual Currency: The Next Generation Banking Model (PDF): Describes the unique features of virtual currencies, specifically Bitcoin. It also discusses the reasons for its consumer attraction and the associated risks that it faces.
Building Resiliency in the IT Sector(PDF): Identifies key cyber risks that pose a threat to the functioning of Information Technology in the public and private sectors.
Critical Infrastructure Protection Healthcare and Public Health (PDF): Reflects on other risks associated with public and private healthcare in the United States that do not garner as much attention as the issues surrounding rising costs and increasing unafforability for the middle class do.
The Art of Social Engineering (PDF): Defines social engineering and discusses how it negatively affects organizations. Provides recommendations on how to defend and protect against attackers using social engineering techniques.
The Foreign Intelligence Surveillance Act of 1978 (PDF): Reviews the history of FISA, from the foundations of enactment to amendments and decent debates, and how it reflect the system of checks and balances between the three branches of government.
Engaging in Cyber Warfare (PDF): Defines cyber warfare, justifies the need to establish rules for cyber warfare, and briefly discusses the current cyber war between the United States and China.
The Cyber Intelligence Sharing and Protection Act and Online Privacy (PDF): Discusses the arguments for the passage of Cyber Intelligence Sharing and Protection Act (CISPA) and elaborates the criticisms made by privacy advocates.
The Fight to Define US Cybersecurity and Information Sharing Policy (PDF): Reviews the recent political battles over cybersecurity and information sharing policy in the past two years, particularly regarding critical infrastructure.
Machine-to-Machine Communications(PDF): Defines machine-to-machine communications and discusses the benefits and associated risks this technology brings to organizations.
Violence in the Workplace (PDF): Defines workplace violence and discusses ways to identify early warning signs. Also discusses ways that employers and employees can protect themselves from workplace violence.
2012 Research Notes:
What is Big Data? (PDF): Defines the term "Big Data" and discusses the challenges organizations are facing with the increasing amounts of data being created each day.
Crisis Management - What, Why & How? (PDF): Evaluates how crisis responses have evolved over the years and how learning from these events has been effectively utilized to abate losses and fatalities.
Malware Analysis: A Look Into the Past and Future (PDF): Discusses the importance of understanding the different types and effects of malware and mentions easy steps on how to protect against such threats.
BYOD: Organizational Impacts of Mobile Computing and Convergence (PDF): Discusses "bring your own device" policies by providing an in-depth analysis on the associated risks and impacts to businesses.
Whistleblowers and the Dodd-Frank Act (PDF): Discusses the importance of whistleblowing, the difference between internal and external whistleblowers, and the impact the 2010 Dodd-Frank Act has had on whistleblowers.
Risk and the Water Sector (PDF): Discusses the potential operational risks associated with the water sector and the impact those risks create.
Risks In Energy - Oil and Gas Industry (PDF): Discusses the risks faced by the oil and gas industry and how a combined effort between the public and private sectors can effectively mitigate these risks.
Risk and the Communications Sector(PDF): Discusses the key risks, hazards and vulnerabilities related to the Communications sector from both the public and private perspective.
Protecting Critical Infrastructure(PDF):Discusses the critical infrastructures of the United States, emerging hacking resources, new threats to the smart grid introduced by technological advances, and concludes with recommendations for ways risk managers can mitigate these threats.
Early Warning Detection Systems(PDF):Discusses advances in early warning detection systems associated with natural disasters like fires, floods and earthquakes. Also makes recommendations for risk preparedness plans, including the possibility of using social media for crisis communication.
Mobile Payment Trends (PDF): Discusses the mobile payment trends of near field communication and mobile credit card reading applications – including the potential security risks that accompany them.
Pacific Northwest Earthquake Risk (PDF): Discusses geological factors that make the Pacific Northwest particularly vulnerable to earthquakes. Also makes observations and recommendations about behaviors that help mitigate the earthquake threat.
Trends In Data Breaches (PDF): Discusses emerging trends in data breaches, including "hacktivism" and cyber warfare. Also includes recommendations to help organizations prepare for major disruptions in communications.
2011 Research Notes:
Cloud Computing and Cyber Threats (PDF): Discusses the basics of cloud computing, the three major cloud frameworks, as well as looking at some of the cyber threats associated with cloud computing and what companies can do to mitigate these threats.
Navigating the Distinctive Challenge of Insider Crime (PDF): Discusses the different types of insider crime, perpetrator motives and warnings signs, as well as recommending mitigating tactics for employers.
A Glimpse Into the Federal Emergency Management Agency (PDF): Discusses where FEMA came from, how the organization works today, and highlights resources designed to help businesses and individuals prepare for and recover from disaster.
Branding and Managing Reputational Risk (PDF): Discusses the challenges and risks associated with organizational and individual brand and reputation. Focus is on preparing and planning for reputation incidents, and how to strengthen brand and make reputation more resilient.
Community, Collaboration and Crowdsourcing (PDF): Discusses the increasing movement towards harnessing the power of communities and the collaborative work effort of large groups of people through crowdsourcing, using CrisisCommons as an example.
Lessons Learned - Where Are They?(PDF): Discusses the critical lack of the lessons learned from disasters into implemented standards and best practices, and the need for greater collaboration and communication across sectors.
Data Loss & Business Responsibility (PDF): Discusses the risk of data loss in a business, the responsibility to protect data, and suggests some prevention safeguards.
Information Needs & Using Information Audits (PDF): Discusses the role of an information audit as a tool for assessing organizational business information needs.
Social Media, Employees & Workplace Concerns (PDF): Discusses the challenges facing companies in dealing with social media behavior in the workplace.
2010 Research Notes:
Diplomacy & The Law (PDF): Annie Searle discusses data classification types and communications protocols for diplomacy.
Communicating Crisis Management Value(PDF): Discusses the complexities and challenges of communicating the value of crisis management and planning.
Mobile Devices & Business Security Risks (PDF): Discusses smartphones, cybersecurity, and the workplace.
The Proposed FinCEN Reporting Regulations (PDF): Discusses the new proposal from FinCEN to expand international money transfer reporting regulations.
Earthquake Preparedness (PDF): Discusses steps to take to save your business from an earthquake.
Hurricanes and Oil Spills (PDF): Discusses dual risks of an oil spill that persists in hurricane season in the Gulf.
Gulf Oil Spill of 2010 (PDF): Compares the incident with previous oil spills and focuses on its risk-management aspect.
Disaster Preparedness (PDF): Resources offered by government agencies in the U.S. and Washington state.
Data on Disasters: Before and After (PDF): The cost of disasters such as earthquakes and flooding – in terms of lost gross domestic product as well as spending on relief and rehabilitation – is significant and plays a pivotal role when making a risk-management plan.
Handling a Pandemic (PDF): A review of the flu pandemic in 2009 and some of the preventive measures taken by the CDC and HSS, as well as many other organizations.
2009 Research Notes:
Business Impacts of Social Media (PDF): Social media and social-networking websites as a tool for marketing businesses as well as creating pandemic awareness.
Building a Better BIA (PDF): Three critical functions in a Business Impact Analysis that are essential in keeping a company afloat.
Simpler Internal Controls (PDF): Operational risk controls can be streamlined and simplified by working across platforms.
Pandemic is a Predictable Surprise (PDF): Executives can plan to ensure maintenance of their company's critical operations if a large number of employees are absent during a flu outbreak.