Tuesday, July 29, 2014

Travel risk is high

It's not just that airplanes have been disappearing, or shot down, or that the infectious disease Ebola is out of control in parts of Africa, or that Tel Aviv travel was suspended by major airlines when shelling came too close to the airport . Travel risk has always been an issue for corporations whose employees are spread round the globe.  In this morning's New York Times article, Joe Sharkey goes inside a gathering of corporate travel managers to better understand their concerns, including legal and ethical risks, given the last week or so of travel events.

If you're traveling on your own and don't have a corporate travel office to rely upon to filter out threats and make best recommendations, then your best bet is to go to the Department of State's website and read through the threat analysis they perform on countries you might visit. 

If you're just learning to travel, then the "On The Road" chapter of Advice From A Risk Detective will be of use.

No one wants you to stop traveling.  But we do want you to make safe choices at a time when many parts of the world are less stable than usual.

Sunday, July 20, 2014

Happy Fifth Annivesary!

Here's a look back at my blog post from July of 2009, where it all started with the launch of ASA's website and a celebration.

 ASA Launch Photo Essay

As I mentioned yesterday, the launch party was a grand event. All design and details were handled by Lauren.

She persuaded photographer Weston Jandacka to come and shoot the first two hours of the party. These are all his photos.

Lauren and Leroy guarding a tray of chocolate dipped strawberries and Trader Joe's cashews.

ASA logo designer Jesse Brown looking over the website in a moment of quiet...

Mike Crandall and myself....

Another of Lauren's table arrangements...

Mike, Annie and Shelby Edwards.

From the left: Bruno Langevin, Bo Hok Cline, Julie Hillers, Annie and Karen Pierce, right foreground. Al Wilson is in the background.

Shelby Edwards and Fred Pursell.

Greg Harp greets former colleague, Kris Jorgensen.

The First and Union web team....Sherry Stripling, Rick New, and Molly Martin.

Annie and visual artist/architect Bo Hok Cline.

There are always folks in the courtyard, near the food and drink.

Left to right: Molly Martin, Eric Holdeman, Al Wilson, Annie.

Greg Harp, Kris Jorgensen, Steve Hankel, who drove up from Portland.

Susan Hildebrand Stringer.

Al Wilson and Greg Harp.

Jan Reynolds.

Me and my former boss, Deb Horvath, who is always there to support me.

Here are the co-conspirators looking a little punchy: Annie and Lauren, who has made this launch and my summer a truly memorable experience.

Last but by no means least. Tracey Graham. one of my former team, now leading the Washington state financial coalition. She presented me with a three legged frog who has coins in his mouth for good fortune. When we are in the office, the frog looks out the door. When we leave, we face the frog into the office, so as to maintain our good fortune.

It is a pleasure to have friends and colleagues such as those pictured above, especially when you have known many of them through various cycles of their lives.

For a few more thoughts on what we have accomplished this first five years, and how things are about to evolve next month, please take a look at my personal blog, "A Walker's Journal."

Saturday, July 19, 2014

What technology hath wrought....

Last quarter, I received an excellent paper on the risks around robotic surgery.   This morning, I opened my TED summary to find a TED talk about a new and improved trochar, designed by an engineer.  And when I opened the   the Financial Times later this morning, I found "Wear Your Medicine," on new digital tools for those with medical conditions.

We view much of what medicine has to offer with increased trepidation over cost, over whether or not a procedure or medicine is actually necessary, and with suspicion that is a result of having seen too many revisions on instructions on what is or is not good for your health.  As technology has more of an impact on the medical profession and on healthcare in general, costs appear to be rising, not decreasing.

The most egregious example of course is the layers of bureaucracy and incompetence among schedulers for the Veterans Administration.  It's not just that it's difficult to get an appointment.  The computer platforms are  outdated and interconnections with other relevant databases -- like military medical record history -- seem to be painfully slow or non-existent.  Both the military and the Veterans Administration have the same challenges as private hospitals in bringing what were formerly paper records online.

The moral of this reflection is that what technology hath wrought is often peril rather than streamlined ease of use, whether it's in large databases, surgical suites, Google Glass, or even smart contact lenses for diabetics.

Monday, June 23, 2014

On the road again!

I'm off in the morning to Boston, then on to New York City.  I'll actually spend four days away this trip, something not possible during the academic year, when I'm teaching.  Though this is a work trip, it certainly feels more like a vacation in many respects.

I'll be at New York University on Wednesday and Thursday for a gathering called the Global Risk Forum, a group of 50-60 experts from around the world and major critical infrastructure sectors on both the public and private sides that meet once a year.  I've been attending since 2007, when we met in Florence.  This year's forum looks at regional resilience and will feature remarks from colleagues like Pete O'Dell on cyber, Brian Tishuk on coalition building, and Paula Scalingi on regional focus.   The keynote address on the first day will be on climate change, and I'll report back on that and other sessions that take place.

I'll have time to visit the recently completed 911 museum that we saw a year ago under construction on Friday morning.  The museum is mostly underground, with the memorial fountains outside marking the actual footprint of the towers.
Names of those who died are inscribed on the sides of the fountain.

2011 Fountains still under construction

Original WTC slurry wall preserved in museum.
One of the original WTC girders, also preserved in the museum.

Assuming that my faculties are still working after that visit, I hope to work in a trip north to the Metropolitan Museum of Art to see the new roof garden installation as well as a Chinese calligraphy show and an exhibit of wallpapers and textiles from William Morris.  I figure I can go directly from the Met to the airport if necessary.

Post trip postscript:  I just plain ran out of time and energy.  Next trip I will build more time into such visual pleasures.

Thursday, June 12, 2014

Locking your house

Here's a very thorough review, titled "Losing the Key" by Steven Kurutz, of the pros and cons of digital security systems for the home that appeared this morning in the New York Times.  Despite some appealing new features on many of the locks now available, I'm sticking with old-fashioned locks as first line of defense.

Wednesday, June 4, 2014

Is there such a thing as Free Wi-Fi?

Here's a terrific New York Times article on how to think about free wi-fi, and what precautions you can take to be as sure as you can that it's safe to use that service.

Over the next couple of weeks, as we move into summer, we're going to be talking about this type of basic blocking and tackling on the Internet.

Friday, May 9, 2014

Cyber Incident Management

When I was in New Orleans last month at the Continuity Insights conference, I heard Steven Ross from Risk Masters make a presentation titled "Cyber Attacks: Myth and Reality."  Ross has been doing this work for a long time, and much of his talk covered sensible risk management against possible cyber threats.  He hooked me into the discussion once he suggested we get rid of the myth that business continuity and information security are two distinct groups.  Then he backed up and proposed a special crisis management team for cyber.  I was not enchanted with this notion, since the more teams created, the more the confusion reigns about who is in charge.  His proposed team looked a lot like what the standard crisis management team would look like in environments where I am charged with streamlining business processes and corporate functions.  One of his justifications for the creation of a special team was that a crisis management team that usually focused on traditional recovery methods like redundant data centers just wouldn't work for cyber, because it is likely that the software will be infected in both locations.

I came away from that session thinking that even seasoned professionals, in a field where we have a dearth of candidates for actual posted jobs, are still thinking in hierarchies and processes that are not real time where cyber is concerned.  The best possible scenario, at least in my view, would be for there to be a cyber incident response team that worked on the ground up until a point when a trigger (cost, additional resources, reputation, media) kicked the questions that applied up to the regular crisis management team to handle while they kept working on the ground.  Target is a good example of a company that could benefit from this type of streamlining, now that they have shed both CEO and CIO, and become the target of a range of lawsuits.  That corporate sloppiness is going to cost them millions before they are through this problem -- and I would doubt that their insurance company will be paying out against any of the loss, given that their security team ignored alerts about compromises of their systems.

Yesterday, I had the privilege of hosting former Seattle CISO Mike Hamilton in my advanced risk course.Through examples and out of his years of experience,  he made clear to students that firms can avoid financial loss from cyber attacks only if they employ state-of-the-art monitoring (and then pay attention to what the alerts say); and by developing a "rapid-response capability," using on the ground data collectors like help desks and ticketing systems to escalate incidents.  He suggested that key metrics any firm could invest in would be time to incident close, cost per incident,  and incident frequency.

Two thought-provoking takes on the state of the union where cyber is concerned.  I'll get a third perspective later this month from Aaron Weller, head of PwC's information security practice here in Seattle, when he visits the same class.  Along the way, before they here Aaron, they'll hear from Microsoft security chief Mike Howard, who'll describe the global reach of his organization as well as Mary Gardner, head of information security at Fred Hutchinson Cancer Research Center.

Though security isn't the only area of risk we focus on in this course, it's certainly central to many of our discussions.