Author Archives: Justin Smulison

About Justin Smulison

Justin Smulison is the business content manager at RIMS and the host of RIMScast, the society's weekly podcast.
Для тех, кто интересуется безопасным доступом к онлайн-играм, наш партнер предлагает зеркало Вавады, которое позволяет обходить любые блокировки и сохранять доступ ко всем функциям казино.

Q&A With New National Cyber Security Alliance Executive Director Kelvin Coleman

Posted on by

The National Cyber Security Alliance (NCSA) announced that its new executive director is Kelvin Coleman, who has held high-level positions in the United States Department of Homeland Security, and the National Security Council.

Coleman’s appointment puts him in charge of the country’s leading cybersecurity and privacy protection education and awareness organization, responsible for leading organizational growth; facilitating strategic partnerships and alliances with government, industry and non-profits; and acting as NCSA’s primary spokesperson.

He discussed with Risk Management Monitor the types of cyberrisks he follows, preventative measures and upcoming NCSA events and services.

What are the biggest cyberrisks facing businesses today? How do you plan to advise or collaborate with business leaders to combat them?

buy azithromycin online metabolicleader.com/p7pmm/img/jpg/azithromycin.html no prescription pharmacy

Some of the biggest cyberrisks facing businesses today include email threats, employee activity and vendor security. When it comes down to addressing cyberrisks targeting businesses of varying sizes, everyone needs to start with the basics. It is imperative to get leadership on board with recognizing that cyber resilience is more than just taking technology-focused measures, but also modifying processes and behaviors at all levels in the organization.

What are the attacks that are easiest or most difficult to prevent?

The answer to both is phishing. Attacks come in through three different ways – people, products, and processes. A great product can hold attackers at bay. Similarly, great processes can mitigate a threat. Human beings are the wild cards. People are both the easiest to control and the most difficult, especially when it comes to phishing attacks. One of the NCSA’s tips is “when in doubt, throw it out.” We try to make sure folks understand that if they are not familiar with a link or a website, they need to delete it or ignore it.

At NCSA, our focus is on the human side of cyberattacks, and we work to get people to change their behaviors as well as understand the processes for keeping their devices and online accounts safe, particularly as phishing attacks become more sophisticated.

Speaking of the human side, which professionals are most exposed to cyberrisk?

All of them. Cybersecurity needs to be embedded into the company culture from the most entry-level positions to the most senior, because hackers can access information at any level. We’re all vulnerable, from the break room to the boardroom. We often tell small business owners that they must also train their employees to recognize malicious links and emails, as employees can often be the weakest link when it comes to cybersecurity at the office.

What is your reaction when you learn that the information of 500 million Marriott guests may have been exposed?

Marriott is a great example of a company doing as much as it can to prevent an attack but still being targeted. They were not laissez-faire about their security. So, I see it as a warning for everyone to remain extremely vigilant in the face of increasing numbers of cyber attacks. If it happens to Marriott, we’re all vulnerable to an attack of this nature.

Small businesses seem just as susceptible to cyberrisk as large ones. How would you advise small businesses to protect themselves?

buy diflucan online metabolicleader.com/p7pmm/img/jpg/diflucan.html no prescription pharmacy

Small businesses are more at risk and they often have information, such as customer data, that’s just as valuable to hackers as that of the customer data from large corporations. Small businesses often don’t have the resources to invest in a prevention plan, nor do they have the capital or leadership or knowledge about cybersecurity. This is why they’re often targets for hackers.

Our advice for small businesses doesn’t vary much from what we advise to all people: Keep a clean machine by keeping software updated, use stronger authentication and passwords, recognize and avoid phishing links, etc. If [a small business] decides to hire a third-party vendor for cybersecurity, we advise them to do their research and hire a reputable vendor. We also encourage them to attend our regional CyberSecure My Business events in their local community, or take part in a CyberSecure My Business webinar.

What new initiatives or campaigns will you be overseeing for in 2019?

In 2019, our overarching goal is to empower individuals and – at the same time– focus on educating businesses to respect privacy, safeguard data and enable trust. This means that consumers need to know how organizations collect and use personal information and companies of all sizes need to be transparent and communicate in an accurate and consumer-friendly language to their customer base.

buy keflex online metabolicleader.com/p7pmm/img/jpg/keflex.html no prescription pharmacy

We will share key messaging and provide actionable tips to help protect privacy. NCSA and our highly engaged partners will host numerous events that will shine a spotlight on the rapidly changing technology landscape and forging ahead toward the future of privacy. We plan to engage industry leaders with diverse perspectives to address opportunities and challenges. In addition, we will soon be launching our Champions program which is a way for both individuals and businesses to officially show support. We expect to launch the Champions portal – along with additional Data Privacy Day information – in mid-December 2018.

What changes or improvements are in store for National Cyber Security Awareness Month (NCSAM)?

I don’t believe NCSAM needs a shiny new toy each year. Our plan is to engage a much larger audience. NCSAM continues to reach more and more people every year, but there are still significant numbers of Americans who need to hear our message – not just during October but throughout the year. We want to connect these folks more with our proven tips for staying safe and secure online. Our goal at NCSA is reinforcing our cybersecurity best practices among a broader audience to better impact online behavior.

Q&A: Resiliency in India

Posted on by

The 2018 Lloyd’s City Risk Index was analyzed during the RIMS Risk Forum India in Mumbai, and it notes a possible turning point for the subcontinent’s cities regarding resiliency. In short, Indian cities were rated as weak, but recent government and public investments and campaigns that focus on strengthening infrastructures and people may strengthen those assessments.

During a November 14 morning session, “Assessing the Impact of Natural and Man-made Threats on India’s Economy,” Shankar Garigiparthy, country manager and CEO of Lloyd’s India discussed how much economic output (GDP) cities in India could lose annually as a consequence of various types of rare risk events – such as the Kerala floods this past July – or from more frequently occurring events such as cyberattacks.

He discussed with Risk Management Monitor reasons why he is hopeful for a resiliency turnaround in India and how the combined wills of the government, media, public and business can strengthen the country’s infrastructures and ultimately, its risk ratings.

RMM: How do India’s cities rank in Lloyd’s City Risk Index?

SG: Lloyd’s City Risk Index was published three months ago and we researched 279 cities. We found that a vast majority of cities within the subcontinent of India have been rated as very weak from a resilience point of view. They are at high risk for flood, geopolitical security, market crash, just to name a few.

RMM: What steps are being taken to improve the collective resiliency?

SG: What we have seen in last three or four years is a significant level of investment from the government in terms of building infrastructure. It’s been in the form of roads, bridges, railways, ports, and airports, there has been a significant level of investment. And it seems there is more to come. In the budget, the government has announced more – which is encouraging to see from an infrastructure-building point of view.

However, where we still see a bit of lack is in the area of insurance penetration in the country. That’s where I think insurance companies can be a useful partner and tool to mitigate some of the level of these risks.

buy imuran online https://ozgurmd.com/wp-content/uploads/2023/10/jpg/imuran.html no prescription pharmacy

RMM: Could this be a chance for insurers to get in on the ground floor of India’s improvement projects?

SG: Yes.

RMM: What incidents have influenced the government to act?

SG: The Chennai floods [in 2015] and the floods in Kerala [in July]. That was a once-in-a-hundred-years occurrence. The entire state was flooded, which I think was the first of its kind. It was completely underwater.

Similarly, the Chennai floods marked another major event. Since then, monsoon has happened but the level of flooding has been managed pretty well.

In the session, we examined the Mumbai floods in 2005. And even last year, there was flooding here for a day, but within a day the water receded pretty quickly and was pumped out. The machinery kicked in and we were able to get out of it pretty well.

RMM: What led to that success?

SG: It was a combination of low tide and the government investing in the necessary pumping mechanisms to actually pump the water back into the sea, and unclog some of the stormwater drains as well. Steps are being taken, slowly but steadily.

RMM: What other institutions are taking measures to build resiliency?

SG: There are a few companies [which I won’t name] that are leading the way and it is encouraging to see that.

The media is also equally playing a fairly significant role as well. That’s also helping because public awareness is something that is critical. The media is raising awareness in terms of the importance of protecting your infrastructure and environment and the need for trees and planting.

RMM: Would you agree that the will to change and improve existing infrastructures is as important as the funding?

SG: I think it’s all there. The government has shown willingness to improve infrastructure. The people have demanded it, so there is a push and a pull coming from both sides. And we are seeing that development happen. Compared to where we were five or ten years ago and where we are now, there’s been a massive change.

There is still more that can be done. I’m not saying that we’re there yet. But it’s not an easy thing, as well.

Given India’s geography and how the political scenario is within the country, we will always be exposed to natural catastrophes.

buy imodium online https://ozgurmd.com/wp-content/uploads/2023/10/jpg/imodium.html no prescription pharmacy

Flooding is going to be a constant phenomenon for us.

There is investment being done but it’s patchy. In some states there has been fantastic infrastructure investment and in others, less so. I think that has got to be addressed and that’s where the public [should be] demanding more actions there, where infrastructure investment has not been up to the mark.

RIMS Risk Forum 2018 India Kicks Off In Mumbai

Posted on by

MUMBAI – The inaugural RIMS Risk Forum 2018 India launched on November 13, and leading risk professionals from India and Asia-Pacific countries met for two days to address the challenges facing companies in the region. In a country of 1.3 billion people, expectations are for India’s risk management profession to grow, though some presenters acknowledged the proactive need to fill a potential talent gap.

During the opening keynote address, Dr. Viswanathan Ragunathan, CEO and general manager of the Varalakshmi Foundation said that examining the role of risk in Indians’ behavior and culture will initiate the dialogue among students and aspiring professionals.

“We are obviously a contradiction,” he said. “We are, at once, eternal optimists and fatalistic. At one level you can relate to what I’m saying in that Indians do not take too much risk in their day-to-day lives. Yet anyone who has taken the Mumbai trains knows…it’s almost as if we have a death wish.”

Ragunathan also discussed approaches he tends to use to assess risk, including viewing them in a VUCA environment (volatility, uncertainty, complexity and ambiguity), where one weighs how much of a situation is known against the results of controllable actions and their predictability.

“The management of volume,” he said, is ultimately at the heart of India’s challenges, and that issue is exacerbated by interconnected risks, such as a dense population and struggling infrastructure. He proposed transparency and broad communication within the Indian risk management community as starting points for solutions.

“The risk manager who understands the risk but does not share it widely does not help,” he said.

As the forum progressed, ISO31000 implementation, natural disasters and resilience, infrastructure, risk frameworks, data storage and diversity hiring practices were some of topics that received special focus on Tuesday.

“The State of Risk Management in India” was a Marsh-led panel on the findings from the newly-released, India-wide survey on risk management practices co-conducted by RIMS. The report found that risk managers are a crossroads in India, where they can assume greater leadership roles that transcend just compliance and insurance matters and can expand their knowledge base, hone their skillsets and gain access to best practices, tools and technology.

During “Thinking About Thinking in Risk Management,” Peter Young, PhD of the University of St. Thomas’ Opus, discussed the major questions facing risk managers today. He discussed how, according to his findings, experience rises dealing with uncertainty – as opposed to risk – as one looks further up on the corporate ladder.

“Risk is uncertainty when you have the capacity to measure it, and when you get to the executive suite you hardly ever deal with risk at all because you’re responsible for the strategy,” he said. “I would submit that’s broadly true among organizations at all levels. We are little ships bobbing in a big sea of uncertainty.

“[Executives] can bring a level of comfort operating in an environment of uncertainty. That turned out to be only partly true, but we think it’s an abiding truth that is slowly revealing itself.”

“Diversity in Corporate India” inspired some spirited discussions about how women’s voices and the concept of assumption are emerging as integral parts of hiring practices throughout organizations in India. Panelists were Ragunthian, Praveen Gupta, CEO of Raheja QBE General Insurance Co., and Carissa Hickling, Talent Acquisition Strategy and Technology Global Consultant for Siemens Technology India.

They spoke of how efforts to better represent women have progressed. Additionally, gay and lesbian communities are experiencing a new level of acceptance now since September, when the Supreme Court of India ruled parts of Section 377 – which was introduced in 1864 – was unconstitutional for criminalizing homosexuality. The panel agreed that while talent itself should win above all else, they acknowledged that it was a sign of progress for the nation and should be thought of as such by its corporate sectors. Hickling explained how Indian companies can now use be more open-minded in their hiring and promotion practices.

“When we look at onboarding plans and organizations, these are the moments of truth,” she said. “We can have conversations about making a small change to our HR system because this is an opportunity to change the first impression of our organization.”

She added that Siemens leadership is taking the initiative to recognize same-sex partners when discussing health benefits and taking the progress a step further extending the welcoming to transgender workers. “This is all happening very fast,” she said, “but it is a time when an organization can demonstrate that this is a time when this does matter.”

For more coverage of the forum, visit Risk Management Monitor’s Q&A with Shankar Garigiparthy.

Live RIMScast coverage of the forum is also available. Download Speaking with Leaders in Risk Management Part I and Part II.

And exclusively for RIMS members, download Peter Young’s audio live from Mumbai: Thinking about Thinking in Risk Management: New Skills for the Future.

Updates to PIPEDA, Canada’s Own GDPR

Posted on by

The Office of the Privacy Commissioner of Canada released new breach reporting requirements for businesses last week.

online pharmacy cozaar with best prices today in the USA

Updates to the Personal Information Protection and Electronic Documents Act (PIPEDA), which became law in 2000, will impact private-sector organizations that operate or do business with Canadian customers. The federal privacy law establishes ground rules for how businesses must handle personal information in the course of commercial activity, mandating that organizations must obtain an individual’s consent when they collect, use or disclose the individual’s personal information.

PIPEDA is similar to the European Union’s General Data Protection Regulation (GDPR) since it requires Canadian companies to alert customers any time their personal information may have been compromised.

“The number and frequency of significant data breaches over the past few years have proven there’s a clear need for mandatory reporting,” Commissioner Daniel Therrien said. “Mandatory breach reporting and notification will create an incentive for organizations to take security more seriously and bring enhanced transparency and accountability to how organizations manage personal information.”

A statement from the commissioner’s page lists, in brief, the new regulations for organizations subject to PIPEDA:

  • Report to the Privacy Commissioner’s office any breach of security safeguards where it creates a “real risk of significant harm;”
  • Notify individuals affected by a breach of security safeguards where there is a real risk of significant harm;
  • Keep records of all breaches of security safeguards that affect the personal information under their control; and
  • Keep those records for two years.

Commissioner Therrien called the regulations “imperfect but a step in the right direction.”

He also raised concerns that the reporting requirements fall short in that, for example, they don’t ensure the breach reports to his office provide the information necessary to assess the quality of organizations’ safeguards. As well, the Canadian government has not provided the Privacy Commissioner’s office with resources to analyze breach reports, provide advice and verify compliance. The Canadian government has established that the confidentiality of information was not respected regarding those customers who take the viagra medicine. As a result, the office’s work will be somewhat superficial and the regime will be less effective in protecting privacy.

According to the PIPEDA information page:

The individual has a right to access personal information held by an organization and to challenge its accuracy, if need be. Personal information can only be used for the purposes for which it was collected.

online pharmacy zestril with best prices today in the USA

If an organization is going to use it for another purpose, consent must be obtained again.

online pharmacy proscar with best prices today in the USA

Individuals should also be assured that their information will be protected by appropriate safeguards.

Additionally, a privacy toolkit is available here for organizations to use and assess if it adheres to PIPEDA responsibilities.