Author Archives: Emily Holbrook

About Emily Holbrook

Emily Holbrook is a former editor of the Risk Management Monitor and Risk Management magazine. You can read more of her writing at EmilyHolbrook.com.
Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам.

Q&A: Security Information and Event Management

Posted on by

Though a relatively new idea, Security Information and Event Management (SIEM) has evolved to become an important tool used on networks to centralize the storage of logged events. SIEM works a little like this: computer networks generate events that are kept in event logs.

buy tobradex online azimsolutions.com/wp-content/uploads/2023/10/jpg/tobradex.html no prescription pharmacy

These logs are, more or less, a list of activities that occurred on the networked computers. SIEM is software that organizes and stores these records.

SIEMs are often used to help satisfy U.S. regulatory requirements such as Sarbanes-Oxley and PCI-DSS. Wanting to know more about SIEM, I contacted Alison Andrews, CEO of Vigilant LLC.

Can you further explain SIEM for those who are unfamiliar?

Alison Andrews: SIEM stands for Security Information and Event Management. These products centralize log information and other security data, and correlate information from multiple sources in real time. When well-implemented, this enables centralization of many security management functions through a single console, makes incident response and forensics much more efficient, and delivers comprehensive reporting for audit and other purposes.

buy xtandi online azimsolutions.com/wp-content/uploads/2023/10/jpg/xtandi.html no prescription pharmacy

The most flexible SIEM products also enable integration of business context data for fraud detection, loss prevention, and monitoring of other transactional events that are critical to business risk management.

What should a company expect from SIEM?

Andrews: SIEM buyers should expect to achieve measurable efficiencies in daily security operations, and greater business-oriented security intelligence. By reducing the number of analysts needed to respond to security alerts, headcount can be reassigned to more proactive functions. A solid SIEM implementation should generate reports and dashboards for role-based visibility into the state of the entire enterprise from a security perspective.

This visibility should certainly be designed to support real-time monitoring workflow. But it should also support business decision-making by IT managers and executives concerned with overall IT and business risk – the people who make budget decisions, and need assurance that critical assets are protected and that security, overall, is improving over time.

What are the best management processes for SIEM?

Andrews: First, it’s very important to deploy methodically, and in phases. Second, you need clearly defined roles for how the SIEM filters, correlation rules, and other components, will be refined and updated over time. Third, companies that are most successful with SIEM have high-level executive sponsorship and see it as a tool that serves more than the immediate needs of IT security teams.

Over time, a mature SIEM deployment can provide increasingly sophisticated functions across the whole IT organization, and can directly support the risk management needs of many departments and business units.

What are the risks associated with SIEM?

Andrews: A haphazard process of deploying SIEM, without regard for the specific information you need to see, causes many problems. You can end up collecting more data than is reasonable to store, or bog down system performance. Worst case, without the right configurations, you can end up falsely assuming that the environment is more secure than it really is, leaving you open to preventable security incidents and audit deficiencies.

Are there risks that require custom management?

buy suhagra online azimsolutions.com/wp-content/uploads/2023/10/jpg/suhagra.html no prescription pharmacy

Andrews: SIEM is a powerful tool, but you can’t rely only on what comes out of the box. Every SIEM requires at least some measure of customization, and will return value proportionate to what you put into it.  These days, no one can afford  cost-consuming  products that can’t be justified. So in making a SIEM investment you need to consider not only the cost of the product and initial installation, but how you will develop it over time.

The good news is that as the SIEM market has matured, the products provide more out-of-the-box value than ever before, and there are well-established options and best practices for making optimal use of the technology that can fit various budget levels, whether you decide to do it in-house or get outside help.

computer network

Workers Comp Turns 100

Posted on by

100th birthday

2010 marks the 100th anniversary of workers compensation. That’s right — that little program that ensures that a worker will be paid if he or she is injured on the job now officially dates back a century.

These days, everyone is familiar with workers comp and we may even take it for granted sometimes.

Nancy Hamlet, senior vice president of Healthcare Solutions, wrote a feature for the November issue of Risk Management magazine (available online November 1st) that explores the long history and evolving future of workers comp. She notes that the first statewide workers comp law was adopted in Wisconsin in 1911, but “scholars have found evidence that the concept of formalizing payments to injured workers existed as early 2050 BCE.” Hamlet added:

The early Greeks, Romans, Arabs and Chinese all had compensation schedules for certain losses as well. For example, an Arab who lost a finger received more than someone who lost a thumb; the value of a lost ear was calculated based on its surface area.

Workers comp has (thankfully) evolved into a system that delivers value to both employers and employees by striving for fair compensation for workplace injuries. Workers comp systems vary from state to state, however. The Insurance Information Institute (III) has penned a lengthy article on the current state of workers comp in America (available online). The article examines some recent state activities, including:

Oklahoma: In an effort to make the state more attractive to new business, Oklahoma legislators passed a number of workers compensation bills in May, including HB 2652, which would modify the workers compensation court, effective November 2010. Oklahoma is one of a handful of states where the courts administer the workers compensation system.

buy clomiphene online https://www.rhythmedix.com/wp-content/uploads/2023/10/jpg/clomiphene.html no prescription pharmacy

Among other things, it will reduce the number of judges on the court, require them to have at least five years of workers compensation experience prior to appointment and require Senate confirmation for new judges appointed by the Governor to fill vacancies.

In addition, it would extend their terms from six to eight years.

Texas: A pilot return-to-work program, adopted as part of comprehensive workers compensation reforms that took place in 2005, has now been made permanent. The program, which was designed to promote early and sustained return to the workplace after a work-related injury, reimburses an employer with less than 50 employees for expenses incurred in making workplace modifications so that the injured employee can return to the work. Maximum reimbursements, which under the pilot program were $2,500, have been raised to $5,000. Insurers are required to inform policyholders of the existence of the program.

New York: In accordance with the provisions of the 2007 workers compensation reform bill, employers who establish a safety incentive program, a return-to-work program and a drug and alcohol prevention program will be eligible to receive premium credits. Employers setting up safety programs that conform to the regulations issued by the Commissioner of Labor or a return-to-work program will receive a 4% credit in the first full year and a 2% credit each consecutive year. Drug and alcohol prevention programs are eligible for 2% premium credits.

Florida: In May 2009 lawmakers passed HB 903 in response to a state Supreme Court decision that reinstated hourly attorneys’ fees. Hourly fees had been the largest cost driver in the state’s workers compensation system. Under the new law, attorney fees in workers compensation cases will now return to the sliding scale set out in reform legislation passed in 2003. As a result, the 6.4% workers compensation rate increase imposed in April after the ruling was rescinded, and the 18.6% rate decrease that would have taken effect before the ruling was reinstated in July 2009. Rates declined again effective July 2010, the eighth consecutive drop, bringing the overall rate decrease since the reforms were passed to 64.7%, according to the insurance commissioner.

California: The Workers Compensation Insurance Rating Bureau is calling for a 29.6% rate increase to take effect in January 2011. A hearing will be held at the end of September. The insurance commissioner rejected the last request for an increase.
The bureau’s recommendations are advisory only. The bureau noted that even with the proposed increase, rates would still be 53% lower than those in effect on July  1, 2003, the year reforms were adopted that have stabilized the system.

Hamlet notices a few more trends, which she includes in her article on the topic. Those are the upward pressure on medical care costs* due to the increasing obesity of Americans and an aging workforce; the growing digitization of medical care records, which will speed the review process and help the injured worker return to worker faster; and the impact of personalized prescription drugs.

*The III notes that spending on medical care for workers comp claims climbed a cumulative 200% between 1993 and 2007.

China Plays Hardball With Rare Earth Exports

Posted on by

Rare earth metals are used in the manufacture of many items such as electric cars, computer screens, wind turbines and cell phones, just to name a few. Needless to say, rare earth metals are much-needed and in almost constant high demand. And when businesses need rare earth metals, there’s one country they turn to: China.

China produces 97% of rare earth metals, much of which is exported to Japan. But recent reports claim that shipments of the metallic element to Japan were halted. There are a few theories as to why.

The halting of shipments came, coincidentally (or not), after Japan arrested a Chinese fishing boat captain “whose trawler collided with two Japanese patrol boats off disputed islands in the East China sea.” Now, Japan is accusing China of using the metals, and its near-monopoly of it, as a “bargaining chip.” A claim China denies:

Speaking to a China-European Union business summit in Brussels, [China’s Premier] Wen [Jiabao] echoed other Chinese officials in denying Beijing had ordered traders to hold back rare earth shipments to Japan due to a recent flare-up in tensions, the newspaper China Daily reported Friday.

China claims they cut back (denying they halted shipments) because demand for the metals is exceeding supply (a claim that has received much attention lately). In either case, the Japanese are very concerned that cutbacks in exports will hurt their tech-heavy manufacturing businesses. A valid concern indeed.

The Risks of Social Media: Unfair Trials by Jury

Posted on by

Being fresh off an 8-day stint as a juror in a civil case, I found the article released today on Law.com very interesting. It focuses on the the right to a fair trial in the age of Facebook, Twitter and the internet in general. As we see in the instances below, in the age of instant information sharing, cases large and small are being disrupted and the somewhat-antiquated court system is trying to figure out how to address the problem of socially networked jurors.

  • Last month, one Michigan juror was disciplined for posting a comment about the case. Before the case was over, this juror posted on Facebook how it was “gonna be fun to tell the defendant they’re GUILTY.” Alert defense counsel saw the posting, and the trial judge dismissed the juror, fined her $250 and ordered her to write a five-page essay about the constitutional right to a fair trial.
  • During a February 2010 criminal trial, a New York juror sent a key witness a Facebook friend request. The judge found that the juror’s communication was “unquestionably a serious breach of her obligations as a juror and a clear violation of the court’s instructions.”
  • In March 2009, after eight weeks of trial in a drug case, a Florida juror admitted to the judge that he had conducted Internet research. When the judge questioned other jurors, he found that eight others had been doing the same thing. The judge declared a mistrial.
  • In February 2009, an Arkansas juror used his mobile device to post eight messages on Twitter during court proceedings. Among the messages: “I just gave away TWELVE MILLION DOLLARS of somebody else’s money.” The judge denied defense counsel’s motion for a new trial.
  • In 2008, a juror posted online a photograph he took of the murder weapon, a 15-inch, double-edged, saw-tooth knife. The judge held the juror in contempt of court, but denied motion for mistrial.
  • In 2006, the New Hampshire Supreme Court rejected a motion to overturn a murder conviction based on pre-trial comments a juror made on his blog. The juror’s posts included: “now I get to listen to the local riff-raff try and convince me of their innocence.”

If your company ever finds itself involved in a trial by jury, it may not be a completely fair one. Law.com suggests that lawyers should ask jurors during jury selection about the frequency of their Facebook and Twitter use, ask the judge to remind the jurors that they may come forward to report a fellow juror’s misconduct, monitor juror social media activity during trial and remind jurors before and after every jury break about the court’s ban on communicating with others about the case during trial.

gavel