Saturday, February 20, 2021

Incident Response: Lessons Learned Once Again…

If you may be waking up in the U.S. “Lone Star” state this morning, you might realize that we are still working towards a more effective National Incident Management System (NIMS).

It's just another Operational Risk Management (ORM) and National Resiliency wake up call, to remind us how far we have come since the early days after 9/11 and how far we have yet to go, in our United States readiness and preparedness initiatives.

New types of unpredictable emergency disruptions can wreak havoc on any organization, its clients and the public.

As a result, business crisis and continuity management (BCCM) has become a high priority as organizations recognize the importance of responding to an unplanned event, so that employees and personnel remain safe, critical business functions continue, and relevant people are fully informed.

Developed by the Secretary of Homeland Security at the request of the President, the National Incident Management System (NIMS) integrates effective practices in emergency preparedness and response into a comprehensive national framework for incident management.

The NIMS will enable responders at all levels to work together more effectively to manage domestic incidents no matter what the cause, size or complexity.

The benefits of the NIMS system can be significant:

  • Standardized organizational structures, processes and procedures;
  • Standards for planning, training and exercising, and personnel qualification standards;
  • Equipment acquisition and certification standards;
  • Interoperable communications processes, procedures and systems;
  • Information management systems; and
  • Supporting technologies – voice and data communications systems, information systems, data display systems and specialized technologies.
The process of mitigating the risk of hazards/threats before they become disasters, is similar for both natural and human-caused threats; whether you are dealing with hurricanes, earthquakes, tornados, a Polar Vortexor acts of conventional or digital terrorism.

Now that threats to business operations of our vital industry sectors are becoming more prevalent, organizations must plan for every type of business disruption from hardware and communication failures, to natural disasters, to internal or external acts of terrorism.

During these times of emergency, where every second counts, NIMS can continue to play a key role in our organization's vital communication system, and their crisis management and business continuity plans.

When was the last time your entire enterprise had an exercise to “Learn More Lessons” about your Incident Response capabilities?

Saturday, February 13, 2021

HVE: Threat Risk from the Inside Out…

“In times of change learners inherit the earth; while the learned find themselves beautifully equipped to deal with a world that no longer exists.” -Eric Hoffer

Always remember...

At 6:30 AM on December 25, 2020 our United States citizens were just starting to celebrate a Christmas Day holiday morning with family and friends.

To everyone’s surprise, there was tragic news on social media and TV upon our awakening on this Christmas morning. It was reminiscent of other tragic days in history, when suicide bombs exploded or even hijacked planes crashed into downtown populated international cities.

What shall we learn from this particular event in Nashville, Tennessee that was so meticulously planned and executed?

“Anthony Quinn Warner detonated a recreational vehicle (RV) bomb in downtown Nashville, Tennessee, United States, killing himself, injuring eight people and damaging dozens of buildings in the surrounding area. It took place at 166 Second Avenue North between Church Street and Commerce Street at 6:30 am, adjacent to an AT&T network hub, resulting in days-long communication service outages.”

Yet this bomber gave warning to the public nearby and Warner also gave them time to evacuate the area. Similar to the Provisional Irish Republican Army’s behavior, as mentioned in the news by Dr. Erroll G. Southers, security expert and author of Homegrown Violent Extremism (HVE).

A significant component of Operational Risk Management (ORM) continues to focus on People, and for good reason. Insider threat risks are in many cases carried out by existing or former employees, or by close friends, partners and even current or former spouses.

So what?

Insider Threat Risk (ITR) programs help organizations Detect, Prevent, and Respond to an insider incident. To be prepared to handle such events in a consistent, timely, and professional manner, an ITR needs to understand:

  • Whom to involve
  • Who has authority

  • Whom to coordinate with
  • 
Whom to report to

  • What actions to take

  • What improvements to make

Does an effective ITR include previous employees who have left the organization for any reason? YES. This Insider Threat Risk plan should include current and former employees, contractors, and business partners.

As Mr. Warner was claimed to be a former employee of AT&T, one might wonder, if he planned the location next to this particular AT&T building, for an "Inside Known" or an "Outside Unknown" reason?

Remember...we shall always implement a formal insider threat incident response plan.

Establish an insider threat oversight body, that includes Senior Executives from the company’s HR, Security, Legal, Privacy, Ethics, Incident Response team, Information Technology, and Public Relations departments.

An effective and comprehensive ITR integrates and analyzes technical and nontechnical indicators, to provide a holistic view of an organization’s insider threat risk, from all individuals identified as potential threats.

Never forget...

Saturday, February 06, 2021

Dialogue: Insight in a World of Risk…

As you walk out the door this evening, what made you look up? Is there a wonderful sunset in your neighborhood? Were you thinking about the day ahead and saying a silent prayer?

When you enter your next meeting with a co-worker, or a new prospective business partner take a deep breath and really focus on enhancing the relationship.

This simple step could make all the difference in your life. New doors may open or unexpected opportunities shall appear, simply because your own mindset was more aware.

  • How do you ask questions effectively and answer others with genuine interest?
  • Are you displaying your own patience to truly listen, to understand thoroughly?
  • How much of your own empathy is on visible display in your dialogue?

Our world is slowly recovering from a global pandemic disaster and yet there still remains signs of hope and new found signs of human progress.

What will you do today to make a difference? You understand that it won’t cost you anything to smile. It will not be a tremendous burden to demonstrate your interest in really learning from someone else.

Who do you know who: __________________?  So much of our Life is about building valuable relationships, so that you may answer this question with certainty.

Otherwise, how will you solve your next real problem-set? The next crisis in your business or your own personal life without a solid portfolio of trusted people you can count on, people you can call, people you can even iMessage?

Unfortunately, these past 365 days may be full of shallow interactions and distracted interest, in building solid relationships with others. Or perhaps our lives may find hours or days of loneliness and despair.

Yet you have the ability to change this with your next encounter Face-to-Face, or on the phone, or across your encrypted social media platform.

Is it Zoom, Go-to-Meeting, Webex or Wickr? Or are you sitting next to someone you have never met before, on a United 777 over the Pacific Ocean for 6 hours?

Randall Murphy, a founder of Acclivus always taught us this. “Successful dialogue is primarily a process of actively Listening to a persons ideas or information and it is comprised of three components:

  • Active
  • Empathic
  • Insightful

“Active Listening” is understanding what the person is “saying” and why. “Empathic Listening” is understanding what the person is “feeling” and why.

"Real Insight" is gained by combining both, to understand the persons attitude about YOU, your Role and your Organization or what you are truly Advocating.”

Finally, 2021 will be the year we find greater appreciation for things like:

The evening glimmer of sunlight on clean water. The wave from the neighbor who lives next door.

Our faith in what or whomever we believe in. Those who serve, so we can remain free of threats or illness to our loved ones and our own well-being.

The signs that our bodies are healthy. The hope that exists in all of us for finding peace of mind.

In 2021, look with fresh eyes on everyday things…