tag:blogger.com,1999:blog-57445672012-02-18T12:17:18.865-05:00Ednoreply@blogger.comBlogger10081100tag:blogger.com,1999:blog-5744567.post-44616226210865694302012-02-18T05:08:00.000-05:002012-02-18T12:17:18.872-05:00

Security Governance is a discipline that all of us need to revisit and rededicate ourselves to. The policies and codes we stand by to protect our critical assets should not be compromised for any reasons. More importantly, security governance frameworks must make sure that the management of a business or government entity be held accountable for their respective performance. The stakeholders must

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-3813808996424822322012-02-11T05:08:00.005-05:002012-02-13T11:24:34.296-05:00

The U.S. Homeland Security Intelligence (HSI) priorities are good indicators of what the private sector can expect for government intelligence coordination, cooperation and collaboration in the next few years. Operational Risks to business operations in the United States are ever more so complex and increasingly tied to the security of the homeland.In many cases, the private sector has the

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-82712575908355525302012-02-04T05:06:00.000-05:002012-02-04T12:20:15.540-05:00

The safety and security of your corporate assets is a Board of Directors level issue. The loss events including adversarial litigation for errors, omissions, or just plain ignorance of regulatory compliance are gaining momentum. These Operational Risks associated with human behavior and the daily tasks performed on the job remain a vast vulnerability within the corporate enterprise. Why?The

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-31445014468562573182012-01-28T05:02:00.001-05:002012-02-04T11:53:44.077-05:00

"Just as some things must be seen to be believed, some must be believed to be seen." "...so one way to reduce risk is to learn what risk looks like." --Gavin De BeckerThese words from his book The Gift of Fear reminds us of how many people talk about risk management, mitigation and implementing risk controls and don't have any context. In order to truly understand something, you actually have

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-39886574727357737332012-01-21T05:03:00.002-05:002012-01-21T23:33:38.665-05:00

In the corporate Protective Security environment, the "Advance Work" will ensure your success or contribute to the embarrassment or injury of your client/principal. Professionals in Protective Security Detail's (PSD) realize that your site or lead advance agent can make or break the entire operational risk strategy for your proactive and preventive security measures.Thinking like the DEVGRU

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-31600659989040896142012-01-14T05:07:00.000-05:002012-01-14T12:39:55.430-05:00

There is a scarcity of enlightened organizations who truly understand the root cause of risk in their enterprise. The business assurance they seek and the Operational Risk Management outcomes they receive, are in direct proportion to the "Risk Culture Maturity" within the company. This risk cultures maturity is at the root cause of why certain kinds of risks exist and what ability the

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-25781575215146831382012-01-07T05:02:00.001-05:002012-01-07T12:55:54.722-05:00

Business Resilience in 2012 will continue to be a factor of the private sectors ability to withstand the Operational Risks that it encounters. The strategy for business assurance will be cognizant of the environments developed for preparedness and sustainability set forth by local and federal governments.This bottom up approach to achieving a "Whole Community" resilience depends upon the

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-51236978239901966942011-12-31T05:06:00.003-05:002011-12-31T15:21:59.376-05:00

2011 has been a year of living dangerously. Operational Risks have plagued governments, private sector companies and the citizens of local communities across the globe. The continuous threats from people, processes, systems and external events will become substantially more asymmetric in 2012 and volatility will become the new normal.As professionals plan and budget for the next annual cycle

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-70674391992242028102011-12-18T05:08:00.000-05:002011-12-18T20:11:03.078-05:00

Operational Risk Management in your organization may be in need of a more robust awareness campaign.  Malfeasance and ethical wrongdoing is continuously perpetuated in the workplace when those who are victims or witnesses refuse to speak up. Many fear the retaliation by supervisors or other co-workers. This study emphasizes the issue at hand:Labaton Sucharow LLP yesterday announced the results of

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-79447681758742136942011-12-10T05:02:00.000-05:002011-12-10T13:34:00.416-05:00

Executive SummaryOur corporate assets are under attack by a continuous barrage of new laws, new employees, new competitors and new exploits. Business survival in the next decade will require a more effective and robust risk strategy to deter, detect and defend against a myriad of new threats to the organization.Modern day attackers include hackers, spies, terrorists, corporate raiders,

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-14716961995307068982011-12-03T05:09:00.001-05:002011-12-04T14:00:38.245-05:00

Operational Risks are pervasive in most every business both large and small. A small business can learn a tremendous amount from those failures by large corporate enterprises. Privacy laws in the United States are for all business owners whether they be a sole practitioner or a soon to be corporation with a $100 Billion valuation.Consumer privacy and the risks associated with the protection of

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-18985213823294474922011-11-27T05:08:00.000-05:002011-11-27T13:50:19.367-05:00

Operational Risks are on the rise for Top Secret America. Now that the "Super Committee" has thrown in the towel, there are several companies beginning to ask what it will mean in the next few years. Intelligence Analysis has been a tremendous windfall for large and small businesses especially in the National Capital Region of the United States.The analysis of information, from open sources (e.g.

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-42754945636334984292011-11-20T05:06:00.002-05:002011-11-20T12:30:50.671-05:00

Corporate Directors charged with Operational Risk Management oversight are ultimately responsible for Continuous Continuity (C2) of the Enterprise.The modern enterprise that effectively manages the myriad of potential threats to its people, processes, systems and critical infrastructures stands to be better equipped for sustained continuity. A Business Crisis and Continuity Management (BCCM)

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-22834507090937630582011-11-13T05:02:00.001-05:002011-11-13T21:05:22.934-05:00

The Board Rooms across America are in full tilt mode working hard on risk oversight. The Chairman of the Board (COB) is wrestling with divergent personalities and competing agendas as the organization races towards its next phase of growth.Operational Risks are being presented from all facets of the business and the Board of Directors has a fiduciary responsibility to address them, without

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-60047889623757377122011-11-05T05:04:00.001-04:002011-11-05T15:49:38.369-04:00

Now that the Basel III wheels are in motion and the "Top 29" vital Global banking institutions have been identified, Operational Risk Management is on everyones mind. The capital reserves will continue to assist them in becoming more resilient to the systemic volatility ahead. Are you feeling the uncertainty starting to disappear? Not for a minute.As these banking institutions try to withstand

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-11265550930567902712011-10-30T05:00:00.002-04:002011-10-30T22:40:03.146-04:00

The Operational Risks associated with doing business on an international scale is nothing new. Global companies have for years been subjected to laws in the U.S. that are highly scrutinized by the Treasury Department. The Office of Foreign Asset Control (OFAC) is one such office. Companies in several key industry sectors including financial services have been obligated to know who they doing

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-13301675098403634222011-10-23T05:09:00.002-04:002011-10-26T15:15:02.308-04:00

The Operational Risks associated with the loss of personnel is real. What mechanisms are in place at your organization to ensure that human capital and intellectual capital is being perpetuated? The education of new employees and the processes, systems and core metrics of the business is vital and in many cases an after thought.Organizations today that are establishing robust human capital

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-38826809816086244902011-10-15T05:06:00.001-04:002011-10-15T12:08:08.961-04:00

The discipline of Operational Risk Management is becoming more of a requirement in a multitude of companies outside the financial industry. In the United States, this is due to the fact that Fortune 500 enterprises and even small to medium size businesses, are now disclosing that they are in a silent and soon to be more acknowledged, battle against significant loss events. Information Capital

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-3712566382181325942011-10-08T05:09:00.000-04:002011-10-08T14:21:13.661-04:00

Believe it or not, there are still some Operational Risk Management late bloomers to the "Business Resilience" concept. The topic has been talked about for years and a recent IBM study highlights where risk management has changed and how business resilience is still gaining widespread adoption among large and smaller corporate enterprises.Late bloomers—75 percent of which have revenues of US

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-62469611741311657132011-10-01T05:05:00.002-04:002011-10-01T16:35:38.341-04:00

The Operational Risk professionals are applying the use of effective software tools in the Energy Sector. After all, the core disciplines of OPS Risk lie with safety and security and the current reality of deepwater drilling beyond 8,000 feet of ocean is here now.There are few organizations that understand the risks associated with drilling and capturing precious natural resources under these

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-1720952983863292212011-09-25T05:04:00.003-04:002011-09-25T15:56:11.331-04:00

As this weblog reaches it's 1,000th post in the next few months, much has been documented on the course of "Operational Risk" over the past eight years. We have continuously witnessed the dawn of new threats and vulnerabilities that could only have been imagined in the last millenium.At the same time, we could not have predicted the new found solutions, to many of the same operational risk

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-20030066149162285442011-09-19T05:00:00.000-04:002011-09-19T12:22:25.195-04:00

Kweku Adoboli, is no different than any other person who commits fraud. At UBS, this trader understood the controls that were in place to prevent the kind of naked unhedged bets that he was making in the market. UBS or any other firm is subjected to the testing by those people who are looking for the method and opportunity to circumvent the controls to commit fraud. Motivation is another

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-23201738826202218962011-09-10T05:06:00.000-04:002011-09-10T12:18:27.183-04:00

Tomorrow is the ten year anniversary of the 9/11 attack on the United States. For those people who were put in harms way that day and survived, their lives have changed forever. Have you ever had a near death experience? If you have, then you know what we mean.A near death experience is everything that you have heard people say about it. That visions of their loved ones flashed into their

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-81315246674313934162011-09-02T05:05:00.001-04:002011-09-02T16:37:02.646-04:00

We are approaching the 9/11 anniversary and the images and memories will be revisited. Many of us will shed a tear and millions will recall where they were and what they were doing, on that unforgettable Tuesday morning in September, 2001. The education of "Homeland Security" is taking place on a daily basis in the popular press and on the new social media platforms that have risen and now

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-91866553477036843942011-08-27T05:04:00.000-04:002011-08-27T12:46:53.798-04:00

The Mid-Atlantic of the United States is experiencing the Operational Risks associated with two natural disasters within the span of one week. Virginia has been a bulls eye with an earthquake and a major hurricane. bull's-eye   [boolz-ahy] Show IPAnoun, plural -eyes.1.the circular spot, usually black or outlined in black, at the center of a target marked withconcentric circles and usedin target

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-92078224712020221142011-08-20T05:06:00.000-04:002011-08-20T22:28:36.049-04:00

The Energy Sector has operated for years with an "Operations Integrity Management System" framework. The Operational Risk Factors are spelled out clearly: Behavior-based processes for reducing risks of incidents, including personnel safety, process safety, security, and environmental considerations, are in place. It is expected that:• employees and contractors consistently recognize and

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-20182232280206582762011-08-14T05:07:00.002-04:002011-08-18T15:21:39.236-04:00

Does your organization have a culture of "Corporate Integrity?" The depth and breadth of Operational Risks are apparent in the 2011 CyberSecurity Watch Survey by CSO Magazine, USSS, CERT and Deloitte. 46% of the respondents said damage caused by "Insider Attacks" is more damaging than "Outsider Attacks". The most common insider e-crime at 63% is unauthorized access to / use of corporate

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-84237483373221498292011-08-06T05:02:00.002-04:002011-08-06T10:50:38.506-04:00

Senior executives continue to wonder why they are continually surprised by certain incidents or events that take place within their enterprise. Operational Risk exposure is hard to manage, without a robust risk management system that is constantly monitoring the business environment you operate in and the people that work within that environment.If you asked any CEO of a Fortune 500 company about

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-80882603760614747282011-07-30T05:01:00.001-04:002011-07-30T14:03:27.882-04:00

Operational Risks continue to plague any senior manager with the title of "Corporate General Counsel". "Achieving a Defensible Standard of Care" remains ever so challenging. General Counsel digital leadership is required by the Board of Directors. A recent Corporate Executive Board Report outlined some of their top line issues in a recent Corporate Counsel article by Catherine Dunn: 1.

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-70514557715366865172011-07-09T05:03:00.000-04:002011-07-09T16:26:26.429-04:00

The banking institutions of the globe are on high alert. The Operational Risk doctrine is finally getting beyond the historical threats of fraud and rogue traders to the "New Normal" of other significant business disruptions. It's been on the horizon for some time, yet now Basel is finally enhancing the rules that have so far been ignored or given little consideration:Banks should bolster their

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-18453859359686276042011-07-03T05:08:00.000-04:002011-07-03T12:49:28.402-04:00

This new nation state on the block is turning 235 years old tomorrow, July 4th, 2011. The United States of America will be celebrating another birthday and the Republic will reflect on what we have learned, so far. "Rule of Law" is an ever so powerful component of a democratic way of life and is the envy of so many nations who still seek its most true form. Operational Risk Management permeates

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-34187949289225194752011-06-26T05:06:00.003-04:002011-06-26T20:45:03.719-04:00

Intelligence-led processes applied within the corporate global enterprise, continues its relevance for reasons being published in the popular press. "Operational Risk Specialists" utilize these processes, to mitigate a growing spectrum of domestic and transnational threats:LulzSec Says it's DoneSeattle arrests show how domestic terror fight is evolvingBanks Should Seek Capital Boosts Before

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-48299522998993374812011-06-18T05:08:00.001-04:002011-06-18T13:20:58.725-04:00

Board Directors are ever more tuned into the recent 2011 case settlements in Foreign Corrupt Practices Act (FCPA) violations. This is because Operational Risk Professionals are being much more proactive than years past on uncovering malfeasance in the supply chain operations of major global conglomerates: • Notable 2011 FCPA Settlements. 2010 was a record year for FCPA enforcement, and thus far

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-20665572157593719822011-06-12T05:01:00.000-04:002011-06-12T13:52:43.085-04:00

How robust is your organizations "Information Operations" capabilities? The degree to which the threat to your institution escalates in a war of words is going to be in direct proportion to your ability to monitor and counter the "Powerbase" within your information-centric community. Operational Risk within the institution, the city or the country is a factor of the likelihood of a particular

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-75087798565094900432011-06-04T05:02:00.000-04:002011-06-04T15:15:22.049-04:00

What is the origin of the "Operational Risk Management" discipline? Was it derived from the work within the financial services industry from the Basel II initiatives? The definitions and the actual work towards creating standards of conduct and rule-based design has been evolving for the past decade. Operational Risk and the approach to risk that is not otherwise considered to be market or

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-10996849125867885952011-05-28T05:05:00.000-04:002011-05-28T12:53:35.260-04:00

OPSEC in the Defense Industrial Base (DIB) is on high alert since the RSA SecureID vulnerability was revealed several months ago. The Operational Risks Management discipline is now ever so pervasive in private sector companies who have outsourced national security programs. When top secret information is at risk, the game plan shifts from a single company incident to a federal priority. By Jim

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-27292557216010482712011-05-28T05:04:00.002-04:002011-05-28T12:57:37.952-04:00

OPSEC in the Defense Industrial Base (DIB) is on high alert since the RSA SecureID vulnerability was revealed several months ago. The Operational Risks Management discipline is now ever so pervasive in private sector companies who have outsourced national security programs. When top secret information is at risk, the game plan shifts from a single company incident to a federal priority. By Jim

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-67003642083345959882011-05-22T05:09:00.000-04:002011-05-22T14:22:49.342-04:00

The U.S. Energy companies are getting ready for an audit report on their facilities after the Fukushima Daiichi nuclear plant disasters in Japan. The results will not be an Operational Risk Management executives favorite topic, across the Board Room table of Pacific Gas & Electric (PG&E), Entergy and Duke. In the aftermath of any disaster such as the earthquake in Japan, or the financial

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-29123237739602068562011-05-14T05:09:00.001-04:002011-05-14T13:42:23.698-04:00

The Operational Risks associated with a disruption in a suppliers' "Supply Chain" is now again at the top of the Board of Directors agenda. Economic discussions inside the corporate risk management executives conference rooms are focused on earthquakes in Japan, floods along the Mississippi River in the U.S. and lean supply chain strategies. The art of Risk Assessment and Vulnerability

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-83558085764813708592011-05-08T05:08:00.003-04:002011-09-22T20:55:42.374-04:00

Usama Bin Laden is no longer a risk to the operations of many high value targets across the globe. Yet, now that he is dead, the distributed network of followers may soon carry out his blueprints for destruction. Large U.S. conglomerates doing business overseas are on high alert announced from their 24 x 7 Crisis Operations and Security Risk Management centers.By JANET ADAMY AND COREY BOLESThe

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-32238230669920667152011-05-01T05:05:00.002-04:002011-05-01T13:58:27.248-04:00

Operational Risk in the global economy is migrating to places that 10 years ago would not have been easily forecasted. New countries, financial institutions and software technologies have changed the playing field for risk management executives. Why is this happening? One example is the movement of employment to more emerging markets where corporate tax rates are lower and the supply of

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-1231405997229938672011-04-24T05:09:00.001-04:002011-05-08T13:07:29.772-04:00

You know that the discipline of Operational Risk Management has gained ground in the minds of global executives and Board of Directors when you see growth in organizations that focus on the professional education and standards of conduct of practitioners. The Institute of Operational Risk is one such entity: The Institute of Operational Risk (IOR) is a professional body, existing to serve its

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-24000403631683829102011-04-16T05:03:00.002-04:002011-04-16T16:07:32.963-04:00

In the United States, Operational Risk Management Executives in the private sector are consistently balancing the legal requirements for public safety and their customers right to privacy. The Internet Service Provider (ISP) General Counsel's duty to facilitate the rule of law within the private sector organization, has been on a collision course with protecting the homeland for a decade since 9

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-3481181319487170202011-04-09T05:06:00.003-04:002011-04-10T17:30:09.675-04:00

p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 10.0px Arial; color: #1a1a18} p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 10.0px Arial; min-height: 11.0px} p.p3 {margin: 0.0px 0.0px 0.0px 0.0px; font: 10.0px Arial; color: #1a1a18; min-height: 11.0px} p.p4 {margin: 0.0px 0.0px 0.0px 0.0px; text-align: justify; font: 10.0px Arial; color: #1a1a18; min-height: 11.0px} p.p5 {margin: 0.0px 0.0px

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-47748748935959688572011-04-02T05:01:00.003-04:002011-04-02T13:16:08.783-04:00

When people are faced with increasing uncertainty in their organization, our inherent DNA makes us gravitate towards avoiding new risk at all costs. What any new bold policy shift requires to succeed for the masses is to face risk squarely in the eye and to manage it effectively. This is exactly how many private sector intelligence organizations have evolved and continue to thrive in a vast

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-55727032547984126172011-03-27T05:00:00.000-04:002011-03-27T15:52:47.830-04:00

Levers in the Homeland Security Intelligence (HSI) ecosystem impact the performance and the health of the environment that the entities are sharing their respective insights. These HSI entities are people within the analytic ecosystem who are diverse in the art and science they utilize to create and share insight. The threat to any ecosystem in many cases is "too much" or "too little" of a key

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-46244639274914501632011-03-20T05:02:00.001-04:002011-03-20T15:04:31.615-04:00

The analytic priorities of Homeland Security Intelligence are spelled out on the DHS Intelligence and Analysis web site. These five areas of concern and concentration provide us with a landscape or spectrum of information that is necessary to analyze for us to be right and timely 100% of the time:Threats related to border securityThreat of violent extremismThreats from particular groups entering

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-43511260114154100532011-03-12T05:07:00.001-05:002011-03-12T22:50:10.523-05:00

The U.S. Nationwide SAR Initiative brings the conversation of privacy and intelligence collection to a point of convergence. Guidance for local, regional and state agencies can be found in the "Building Communities of Trust" (BCOT) program being rolled out across the country. The continued priority is to safeguard the privacy, civil rights, and civil liberties of United States citizens (

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-76103504648043860432011-02-27T05:06:00.002-05:002011-02-27T15:31:20.778-05:00

What is the modern definition of U.S. Homeland Security Intelligence (HSI)? Many would differ on the jurisdiction, sources and nexus with specific intelligence that falls outside U.S. borders. The future of sharing relevant pieces of the vast mosaic of information may well lie with the definition and the interpretation of Homeland Security Intelligence. One thing is certain about this topic of

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-31830575598758344312011-02-20T05:03:00.001-05:002011-02-20T21:50:10.010-05:00

The key Operational Risk Management news from this years RSA Conference is now coming in, yet there are inside sources who still need to be interviewed. What did they think was the most brilliant presentation or idea(s) presented? This particular release caught some eyes as it addresses much of the thinking on the latest evolution of the Security Operations Center (SOC): New Vision for Security

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-80715258439758961262011-02-13T05:03:00.000-05:002011-02-13T14:45:52.805-05:00

The last two plus weeks the planet Earth has witnessed the use of Digital Social Media to help facilitate the overthrow of the 30 year reign of Hosni Mobarak in Egypt. Is this the last example of how the use of the Internet combined with the masses of humanity can overthrow government leadership? The Operational Risk to nations states and the implications of the impact on business, commerce and

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-28835720731899618332011-02-07T22:02:00.002-05:002011-02-07T22:05:55.780-05:00

At the speed of the modern global enterprise, cyber incidents are a growing component of operational risk, according to 1SecureAudit Managing Director and Chief Risk Officer Peter L. Higgins. Digital forensics intelligence provides analysts, investigators and management the ability to make more informed decisions regarding a prudent course of action. Utilizing digital evidence can mean the timely

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-88238434065693889192011-01-30T05:02:00.001-05:002011-01-30T13:17:10.539-05:00

Operational Risk Management Executives will be tuning into CBS 60 Minutes Sunday night. If you are a Bank of America stakeholder and your stock dropped 3% on November 30, 2010 because of a WikiLeaks document release, this episode should be on your mind: (Reuters) - WikiLeaks founder Julian Assange says he enjoys making banks squirm thinking they might be the next targets of his website which has

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-73575286279241325102011-01-22T05:08:00.001-05:002011-01-22T16:40:31.624-05:00

The media communications and advertising industries are buzzing over the new U.S. Federal Trade Commission report and framework entitled: Protecting Consumer Privacy in an Era of Rapid Change. The Operational Risk Management implications to your enterprise could be significant if you currently do not understand how your marketing department provides disclosures or manages consumer collected

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-74157126813281454532011-01-17T05:05:00.001-05:002011-01-17T14:16:54.141-05:00

Several months ago, this blog discussed the implications of the "Stuxnet" malware that was being investigated by international authorities. Yesterday, the New York Times published a more detailed set of facts and a hypothesis that the sophisticated "worm code" was tested in Israel.William J. Broad, John Markoff and David E. Sanger.The Dimona complex in the Negev desert is famous as the heavily

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-84469989494648061172011-01-09T05:07:00.005-05:002011-01-09T20:25:36.146-05:00

BSA/AML compliance is an Operational Risk that continues to plague even the largest institutions. The ability to effectively program information systems to address "Politically-Exposed Persons" (PEP) and the risk to the banks reputation are still a challenge for some executives. Why is this still an OPS Risk issue? In many cases, the lack of procedures being followed by adequate staff in the

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-45936483268774332522010-12-31T05:04:00.001-05:002010-12-31T17:40:52.197-05:00

On the eve of the New Year, 2011 approaches with new perspectives and new found learning on the risks before us. Operational Risk is about managing "All Hazards" and "All Crimes" whether you are working within the ranks of the largest global 500 organization, or managing self as J. Q. Citizen. OPS Risk is just not about a government or corporate perspective any longer and is becoming more

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-18571905913794254852010-12-19T05:09:00.001-05:002010-12-19T21:14:23.511-05:00

Operational Risk Management is evolving into a discipline with an over arching set of objectives. The organizations and entities that do not understand the purpose and the reason behind having SMART objectives, might need a refresher: SimpleMeasurableAchievableRealisticTask-oriented Without "SMART" objectives, any project will continue to strive for a purpose and a relevant set of outcomes.

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-89315485049109870152010-12-03T05:05:00.003-05:002010-12-04T16:47:21.038-05:00

What do Operational Risk Management, continuous monitoring and "Remote Digital Forensics" Intelligence have in common? The digital age is challenging the global enterprise and the speed and depth of new found transnational threats requires bold outside-of-the-box thinking. Strategic decisions to prevent incidents of data leakage, theft of trade secrets or corporate espionage are on the minds of

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-40256881174691273572010-11-25T05:05:00.001-05:002010-11-27T16:37:03.224-05:00

Operational Risk Management is a discipline that comprises a spectrum of "All Threats and All Hazards." A "Whole Community" approach to the nexus of national security, economic security and the entirety of our citizens. The resilience factor in your private sector organization or the entire nation will consistently be tied to the weak links in your:

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-81423921916789316612010-11-16T05:08:00.001-05:002010-11-16T14:40:27.488-05:00

Operational Risk Management requires both proactive and passive measures that encompass a comprehensive organizational strategy. Odds are that you have devoted a majority of your time and resources to this point on the passive mode of preparedness and defense. A reactive and alert oriented focus. The time has come to change the priorities and to increase the allocation of strategy on the "Active

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-43803260943659861332010-11-09T05:06:00.001-05:002010-11-12T09:07:49.831-05:00

After writing this blog now since 2003, it is amazing how some items seem to be coming back full circle. Operational Risk does not change; only the places and the particular circumstances change. Do you know where a loss event will impact you and your organization next?Hawala system under scrutinyThe US has intensified its war on terrorism on the financial front, targeting an ancient, informal

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-277754810664197502010-11-04T05:22:00.002-04:002010-11-04T14:55:29.802-04:00

Are you a "Linchpin" in your organization? The person who people may call the "Fixer", "Troubleshooter" or just plain "Rainmaker". Are you considered to be a combination of all three and indispensable? By now hundreds of thousands of people have read Seth Godin's book, Linchpin: Are you Indespensable and are well on their way to becoming more self-aware of their position within their

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-26053157436631300202010-10-24T05:15:00.002-04:002010-10-26T18:57:00.100-04:00

CCreating a "Common Operational Picture" for your organization is an elusive yet attainable goal for your senior management and the Board of Directors. How at a moments notice does the organization provide leadership with the answers to Operational Risk questions such as:How many employees from our company are currently traveling outside your home country?What are their modes of transportation

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-52816146505855948372010-10-19T05:08:00.002-04:002010-10-20T12:56:29.581-04:00

What kind of testing, experiments and operational risk projects are your organization running simultaneously right now? As an example, do you have an OPS Risk project where a business unit has moved entirely to using "Google Apps" for their entire computing utility platform? Migrated the e-mail system to Gmail, eliminated the use of Microsoft Office Suite and Outlook for the purpose of

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-86080925827257766312010-10-11T05:03:00.002-04:002010-10-11T10:15:23.510-04:00

Corporate Executives that are now back pedaling from the past few years need to reassess their position. The Operational Risks that have been the basis for erosion in the public perception of the company must be attended to with a new management point of view. This new perspective can begin by reading the newest Stephen Covey bestseller, "The Speed of Trust."The one thing that changes

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-58528227500888236862010-10-04T05:10:00.000-04:002010-10-04T10:13:28.340-04:00

The Chief Information Security Officer's (CISO) are getting significant new understanding of the new threat emerging in the digital domains. The Energy, Chemical, Water, Transportation and other Critical Infrastructure sectors are on high alert. The Operational Risks associated with their Programmable Logic Controller (PLC) systems using Siemens technologies are being attacked. Stuxnet is

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-8585243253443956762010-09-28T05:00:00.001-04:002010-09-28T16:35:27.181-04:00

Operational Risk Management is your foundation for crisis leadership. All work locations have distinct categories of threats that are relevant to the site, people and type of business. Assessing the violent factors is the role of FBI profiler Mary Ellen O'Toole and there are four categories according to a study entitled: "The School Shooter: A Threat Assessment Perspective."A Direct

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-2226673570744403322010-09-18T05:06:00.001-04:002010-09-18T22:08:24.107-04:00

A modern day "Operational Risk China Syndrome" is making the Board of Directors nervous these days. The new syndrome otherwise called the Foreign Corrupt Practices Act (FCPA) has been the buzz at rating agencies for months. Are you sure about your ability to withstand the scrutiny of a FCPA litmus test? Board Member Magazine explains: On June 2nd, Fitch Ratings agency announced that

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-78422819206758005212010-09-11T22:15:00.001-04:002010-09-11T22:16:51.475-04:00

Where were you on September 11th, 2001? Everyone seems to remember...On a cool sky blue morning, 9 years ago in Northern Virginia, sitting in a hotel restaurant having breakfast around 8:00AM with a business colleague. A little over 40 minutes into our discussion, we heard some people talking quite loud in the bar next to us as they tuned into CNN. As cell phones rang around us, they

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-59162947547720514902010-08-29T05:05:00.002-04:002010-08-29T15:27:23.868-04:00

Operational Risk Management is a continuous process in the context of our rapidly expanding corporate environments. What is one example? People traveling to emerging markets to explore new business opportunities or new suppliers that will be connected by high speed Internet connections to the supply chain management system. These boundaries of managing operational risk, have not only

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-46675500913639323702010-08-23T05:05:00.001-04:002010-08-23T12:27:51.344-04:00

Why is a data-centric network like AboveNet, Inc. with their high bandwith solutions connecting with Terremark's NAP in the Washington, DC region? Operational Risk and Cloud Computing is the answer. Clients and customers are requesting more secure infrastructure to house and store their growing inventory of cloud-based apps and other data requirements for "Business Continuity", Disaster

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-87292699868499367022010-08-13T05:18:00.000-04:002010-08-13T16:20:39.427-04:00

Operational Risk in the corporate enterprise is on the rise and savvy CxO's recognize it. The continuous and advanced schemes, attacks, reputation crises and regulatory compliance changes has the executive suite on full alert.The global news cycle, financial markets in turmoil and a seemingly upset weather pattern on "Planet Earth" has OPS Risk professionals on ready standby. It's 24 x 7 x

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-4246246741863570302010-07-29T05:09:00.001-04:002010-07-29T15:31:14.238-04:00

The new Verizon Cyber Report is a valuable read for OPS Risk professionals that focus on data breach and incident response. The full breach report can be found at this link at Verizon Business.We have to agree with the observations made by Brian Krebs on the following topic in the report:A key finding in this year’s report is that most companies suffering breaches missed obvious signs

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-1817821218778654052010-07-23T05:03:00.013-04:002010-07-25T18:00:12.897-04:00

Operational Risk Management Executives are still digesting the latest Washington Post investigative reporting from Dana Priest and William M. Arkin, "Top Secret America". The U.S. Intelligence Community (IC) and the Defense Industrial Base (DIB) employees in the suburbs of Virginia, Maryland and DC will be debating the impact over whispered dialogue around the weekend BBQ or over a candle light

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-31744083734016198052010-07-12T05:01:00.004-04:002010-07-13T11:21:30.666-04:00

The Enterprise Cloud computing environment is not only a topic of many private sector CIO forums this year, it is also spawning new discussions in government intelligence community circles. Simultaneously, the new economics and the aversion to buying hardware and software to house your own brick and mortar data center, is slowly but surely taking the business community by storm.Companies

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-42083434429631142882010-07-06T05:02:00.001-04:002010-07-06T10:34:05.465-04:00

The Consumer Financial Protection Bureau has been born out of the 2,300 pages of the final US Federal Financial regulation of 2010. The tone on what and how the CFPB operates is spelled out in the legislation and Operational Risk Managers are actively scouring the fine print to determine the compliance and legal ramifications. Yet the new Director's leadership may spell out the impact

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-63579703084323082162010-07-01T05:02:00.003-04:002010-07-01T11:37:08.257-04:00

The ACFE "Report To The Nations on Occupational Fraud and Abuse has been published in the July/August mailing of Fraud Magazine. There are some tell tale signs that Operational Risk Management is working and yet we have so far to go on this journey towards a more transparent, ethical and safe workplace environment.Here are some of the highlights and findings from this annual survey:5% of

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-31544805601927535422010-06-22T05:05:00.001-04:002010-06-22T11:07:20.137-04:00

Operational Risk Management professionals in corporate America have been following the Quon vs. City of Ontario case for five plus years. Now the Supreme Court of the United States has ruled 9-0 to increase the clarity on the new age of electronic privacy in the workplace. The LA Times explains:Washington…In its first ruling on the rights of employees who send messages on the job, the

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-56226267636595601572010-06-14T05:05:00.002-04:002010-06-14T11:38:14.583-04:00

The Operational Risks to your enterprise that are associated with your digital assets, networks and infrastructure are vast. What is your organizations exposure today?The amount of daily "Cyber Intelligence" flowing into the organization is growing exponentially and there are few hours in the day to analyze it. You have invested hundreds of thousands if not millions on cyber security to

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-67914048910660033982010-06-07T05:09:00.000-04:002010-06-07T11:51:27.997-04:00

Operational Risk Management is a topic that rarely comes up at a social event, unless you happen to be talking with a "Naval Aviator". In just a few minutes of explaining the focus of this writers subject matter expertise, the dialogue took on a whole new level. Mike M. immediately began to talk about the many facets of Operational Risk in the context of flying his missions across the

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-6470339262312867062010-05-28T12:00:00.004-04:002010-05-28T22:18:17.241-04:00

What does Memorial Day mean this weekend in the United States? A time to reflect on all those who have served and sacrificed their lives for our freedom and continued way of life. At the same time it is an opportunity to look into the minds of those who will determine the future course for our security strategy. The U.S. National Security Strategy articulates this future vision. How

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-57791374184618595202010-05-19T05:01:00.001-04:002010-05-20T09:59:43.201-04:00

Are a network of "Hawaladars" operating within your organization? Or perhaps your online charity? Maybe it's both. This Operational Risk is real and still not on the radar of many NGO's or charitable non-profits. The clandestine method for moving money without a paper trail is ancient and it is still operating to fuel transnational criminal and terrorist operations in the high tech world

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-51012210510618837822010-05-11T05:18:00.000-04:002010-05-11T11:19:31.461-04:00

What continues to be the greatest economic threat to your organization? Is it "Internal" or "External" to your institution? Could it be both? Insiders rarely work alone and therefore the nexus with some outside influence, whether it be a person, life factors or some other entity are typically in play.Is an engineer in R & D copying precious intellectual property information from within

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-78290976127924267552010-04-30T05:06:00.005-04:002010-05-02T21:38:35.735-04:00

Homeland Security is under siege the past few weeks in the United States. The "Deep Horizon" oil rig disaster in the Gulf of Mexico is threatening the states of Louisiana, Mississippi, Alabama and Florida. The Coast Guard is the lead agency. On the other front is the battle for the southern border with the state of Arizona and their quest to stem the flow of humans and millions of

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-45249939662605406082010-04-24T05:02:00.001-04:002010-04-24T13:24:49.532-04:00

If you are a large U.S. based pharmaceutical company the odds are that over a third of your annual sales are overseas. Selling drugs in the EU, Asia and South America into the health care systems is a tremendous pipeline for Eli Lilly, Pfizer and others who find these markets hungry for their products. What kind of Operational Risks might exist for these firms and should be on "Red Alert"

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-48801172095990651182010-04-21T05:04:00.001-04:002010-04-21T13:06:31.390-04:00

Operational Risk Management is becoming a more relevant topic these days in the Board Room. Does "John Q. Public" realize that these events are the result of "Operational Risk" incidents:Fabrice Tourre, the Goldman Sachs Group Inc. banker at the center of fraudNo doubt, Gizmodo has turned the tech news cycle on its head this week with its exclusive on the iPhone 4G. Everybody from

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-24257075201282959272010-04-10T05:05:00.000-04:002010-04-10T12:09:10.101-04:00

Is there a growing risk to our national security and private sector enterprises as our intelligence communities (IC) continues it's path of convergence? Looking over notes from the i2 Conference in Washington, DC this week there are several items worth exploring further. "Accelerating Your Mission" was the theme of the law enforcement users, military practitioners and intel analysts

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-26957267473459763032010-04-01T05:04:00.003-04:002010-06-13T12:08:41.767-04:00

In a recent 2010 CSO Magazine sponsored eCrime Digital Watch Report and survey of 535 companies there are some observations on Operational Risk Management worth examination.This report was focused on the "Insider Threat" and the area of concern is on "Digital Incidents by Insiders:"Past 12 months the number of incidents reported increased 16%The per incident monetary loss (mean) was

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-89597047540628504622010-03-22T05:07:00.002-04:002010-03-22T16:57:40.078-04:00

A wide spectrum of Operational Risk incidents are in the news. Executive Management in the private sector, law enforcement and the military are investigating cases of identity fraud, cyber hacking and insider digital sabotage, transnational economic crime, intellectual property theft, ACH cyber robbery, counterfeiting, workplace violence and industrial espionage. Government agencies

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-91756142843314158272010-03-08T05:02:00.001-05:002010-03-08T12:25:17.224-05:00

The Operational and Systemic risk is still lurking in the zero's and one's masking itself in the mathematical blur of algorithms designed by the "Quants". Is "SkyNet" just a few lines of computer code away from creating an incident that no insider can reverse?Jeremy Grant and Michael Mackenzie of FT are establishing an argument discussed on this blog soon after the economic meltdown began to take

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-12174518886099216352010-03-02T05:06:00.001-05:002010-03-02T11:59:24.845-05:00

What is your name? Where do you live? What is your phone number? Where were you born? What is your social security number? What is your passport number? Where was it issued? What evidence do you have that this is all true? Your identity is at stake and Operational Risk Management is on the line.These questions and more are asked of us on a regular basis to establish our true identity. The entity

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-64645147993758733542010-02-23T05:00:00.001-05:002010-02-23T13:53:04.704-05:00

The National Intelligence Strategy (NIS) of the United States was published in August of 2009.The tone at the top of your enterprise will go a long way if you ever end up in litigation associated with the Economic Espionage Act of 1996 or even the Foreign Corrupt Practices Act. As a CxO with the ultimate responsibility for the resilience of your organization, pay attention. The internal threats

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-74780997552797620612010-02-15T05:07:00.001-05:002010-02-15T11:19:22.877-05:00

New management and faces around the Bank of America Board room are taking a new approach to Operational Risk Management. Compliance and other Operational Risk functions are being separated. Most importantly and perhaps a lesson for those institutions that are on the ropes, B of A is pushing the risk management debate from the Board Room to the associates on the front lines.A Message from Brian

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-9276769386075469222010-02-08T05:05:00.001-05:002010-02-08T13:48:10.117-05:00

How fast can you and your organization adapt? 5 minutes. 5 hours. Or 5 days. An adaptive enterprise that is capable of rapidly adapting to a continuously changing "Operational Risk Ecosystem" within minutes or hours, will have the highest likelihood to survive. Days could mean the end of the relationship with customers, employees and your vital supply chain. Corporate obituaries are all too

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-40031068740122503072010-02-05T05:03:00.001-05:002010-02-05T17:01:13.005-05:00

After a few days at LegalTech New York this week, it's now confirmed that a very small percentage of small to medium enterprises (SME) are truly ready for the Operational Risk of litigation. How can a General Counsel achieve a defensible standard of care in this vast sea of software, technology and vendors that are trying to address the modern day business problem called "Electronic Stored

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-23688465272961601112010-01-22T05:03:00.002-05:002010-01-22T13:27:32.037-05:00

Operational Risk incidents are surrounding us on a global basis. The continuity of operations in the rescue and relief efforts in Haiti. The security of information and Internet politics with Google and 30+ other companies. A growing AQAP threat after Ft. Hood and NW 253 while Islam converts flock from US prisons to Yemen to drink the "Shariah" Kool-aide. The economic integrity of global

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-11039351402251077302010-01-12T05:03:00.000-05:002010-01-12T15:35:16.884-05:00

The Operational Risks associated with the insider threat of fraud, terrorism, intellectual property theft and economic espionage are a moving target. This variation, deviation and migration from traditional methods of criminal activity has much to do with our systems orientation and reliance on trusted information. Until you miss one step in a process or misspell someone's name.Systems

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-86848011770635324742010-01-05T05:06:00.000-05:002010-01-05T22:17:19.287-05:00

The WWW is dynamic and the operational risks you take while navigating it's vast depth and breadth is part of the process. Who or what should you trust? As an example, at this very moment when you search Google for Operational Risk Management it returns this blog as the number #1 top link. Perhaps that is how you arrived here at this blog on Operational Risk.You trusted Google that when you

Ednoreply@blogger.comtag:blogger.com,1999:blog-5744567.post-9565210091501275602009-12-31T05:01:00.000-05:002009-12-31T16:42:47.107-05:00

It has been six days since one of the latest attempts to compromise the "Air Domain" and attack the United States. Aviation, homeland security and transportation, intelligence and law enforcement officials are burning the midnight oil but this is standard operating procedure. Operational Risk Management is in the cross hairs of the core conversation associated with the threat and the likelihood

Ednoreply@blogger.com