Category Archives: Reputation Risk

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам.

NFL Admits Game’s Link to Concussion Risk

Posted on by

football

After years of denying that the game of football could have caused degenerative brain disease in some players, the National Football League has finally admitted there is a link connecting the game to chronic traumatic encephalopathy (CTE). According to the New York Times:

Representative Jan Schakowsky, Democrat of Illinois, asked during a round-table discussion about concussions whether “there is a link between football and degenerative brain disorders like CTE,”

Jeff Miller, the NFL’s senior vice president for health and safety policy, said, “The answer to that is certainly, yes.” His response signaled a stunning about-face for the league, which has been accused by former players and independent experts of hiding the dangers of head injuries for decades.

Miller’s comments were backed the next day by league spokesperson Brian McCarthy. Miller’s answer may actually help the NFL, as “It could make it harder in the future for a player to accuse the league of concealing the dangers of the sport,” the Times said.

“Strategically, the NFL’s admission makes a world of sense,” Jeffrey A. Standen, dean of the Chase College of Law at Northern Kentucky University, told the Times. “The league has paid a settlement to close all the claims previous to 2015. For future sufferers, the NFL has now effectively put them on notice that their decision to play professional football comes with the acknowledged risk of degenerative brain disease.”

While CTE has been found in former players, the NFL has for decades denied the danger, even after researchers with Boston University announced in 2014 that, in autopsies of 79 brains of former NFL players, 76 tested positive for CTE. A report in 2003 by the Center for the Study of Retired Athletes at the University of North Carolina found a connection between concussions and depression among former professional football players.

According to a 2007 UNC study, Recurrent Concussion and Risk of Depression in Retired Professional Football Players:

Our observed threefold prevalence ratio for retired players with three or more concussions is daunting, given that depression is typically characterized by sadness, loss of interest in activities, decreased energy, and loss of confidence and self-esteem. These findings call into question how effectively retired professional football players with a history of three or more concussions are able to meet the mental and physical demands of life after playing professional football.

The NFL has directed millions of dollars to research of CTE and head trauma and it gave $45 million to USA Football to promote safe tackling and reassure parents that football’s risks can be mitigated through on-field techniques and awareness, the Times said.

Why You Need a Vendor Management Policy Right Now

Posted on by

In recent years, more and more cybersecurity incidents have taken place as a result of insecure third-party vendors, business associates and contractors. For example, the repercussions of the notorious Target breach from a vulnerable HVAC vendor continue to plague the company today. With sensitive data, trade secrets and intellectual property at risk, hackers can easily leverage a third party’s direct access into a company’s network to break in.

While such incidents may cause significant financial and reputational harm to the first-party business, there is hope.

buy addyi online www.dino-dds.com/wp-content/uploads/2023/10/addyi.html no prescription pharmacy

Regulators are instating a growing number of legal requirements that an organization must meet with respect to third-party vendor riskcybersecurity management. As liability and regulations take shape, it is important to assess whether your company currently employs a vendor risk management policy, and, if not, understand how a lack of due diligence poses significant risk on your organization’s overall cybersecurity preparedness.

A vendor management policy is put in place so an organization can tier its vendors based on risk. A policy like this identifies which vendors put the organization most at risk and then expresses which controls the company will implement to lessen this risk. These controls might include rewriting all contracts to ensure vendors meet a certain level of security or implementing an annual inspection.

All this probably sounds pretty good, but you may still be wondering why you really need a vendor management policy—and why it’s urgent.

Here are four explanations to give you a better idea:

  1. Legal Liability

There are a growing number of legal requirements in a variety of sectors—from finance, to retail, to health care, to energy—on how companies should manage their third-party risk. Regulators have recognized that data breaches through third parties can present significant and sometimes catastrophic consequences to an organization. To deal with this risk, they have created various legal requirements in an effort to have organizations manage their third-party cyber risks more carefully. If you are in a regulated industry and do not currently have a vendor management policy, you could be out of compliance (and in a lot of trouble).

buy reglan online www.dino-dds.com/wp-content/uploads/2023/10/reglan.html no prescription pharmacy

  1. Well-Known Risks

An organization should be concerned about third parties that have either access to their most sensitive data or direct access into their corporate network. So if you work with a lot of third parties, you are naturally creating more targets that hackers and criminals can exploit. This is becoming more common, as organizations are outsourcing to vendors more frequently in an effort to either save costs or capitalize on vendor expertise. While that is all well and good, the more vendors you have, the larger risk landscape you create. This is a well-known risk—but all too many companies don’t give it enough thought.

  1. Unknown Risks

Not all risks are easily understandable. Many organizations today have entered into business relationships with third parties, not fully understanding the risk to their data. What’s more, the first party may not have set requirements for how their vendors should secure their data.

buy flagyl online www.dino-dds.com/wp-content/uploads/2023/10/flagyl.html no prescription pharmacy

A number of organizations struggle to even know who has access to their sensitive data, how much access they have, where it resides, and more. These unknowns give plenty of companies a valid reason for concern.

  1. Significant Consequences

To see how very real the consequences of not managing vendor policy are, simply read some of the latest cybersecurity headlines. An example that demonstrates the significant impact of a third-party breach is the recent Experian breach, which exposed the personally identifiable information of over 15 million consumers. In this case, Experian was holding loads of sensitive T-Mobile customer data, which hackers were able to access. The T-Mobile CEO John Legere expressed how furious he was at Experian for being the source of this compromise. Nothing has been stated yet, but we’re certain that this business partnership will be reevaluated after this experience.

The truth is that if you don’t have a vendor management policy in place today, your company is falling behind the times. Unfortunately, not having such a policy in place also means there is a good chance that your organization’s sensitive data is being handled by someone who shouldn’t have access to it. This puts the health of your entire company on the line.

New York City Mandates Bathroom Access Consistent with Gender Identity

Posted on by

transgender bathroom accessThis week, New York City Mayor Bill de Blasio signed an executive order requiring city agencies to ensure all employees and members of the public can use the restrooms or locker rooms consistent with their gender identity, protecting transgender and gender non-conforming individuals from discrimination in public facilities.

“Every New Yorker should feel safe and welcome in our city—and this starts with our city buildings,” de Blasio said. “Access to bathrooms and other single-sex facilities is a fundamental human right that should not be restricted or denied to anyone. New York City is proud to enforce one of the strongest human rights laws in the country, which protects the rights of transgender and gender non-conforming individuals to live freely and with respect.”

Under the new measure, effective immediately, individuals will not have to provide identification or other proof in order to access bathrooms at any city-owned building, including city offices, public parks, playgrounds, pools, recreation centers and certain museums. It does not require agencies to build single-stall restrooms or locker rooms, though as OSHA noted over the summer in its guidelines on provisions for transgender employees, access to single-occupancy gender-neutral facilities is a safe, easy way to ensure compliance with workplace safety and nondiscrimination policies.

Ensuring a safe and compliant workplace for transgender employees is an increasingly urgent concern for risk managers of public entities and private enterprise alike. The OSHA guidelines, executive orders issued by President Barack Obama, and other emerging guidance from labor-related agencies make clear that federal and state governments are issuing more protections for transgender individuals, and the enforcement actions and reputational damage pose significant risk.

As I reported in the September issue of Risk Management, the president’s April executive order banned federal contractors who do more than $10,000 a year in federal business from discriminating on the basis of sexual orientation or gender identity. Such federal contractors employ more than 20% of the American workforce—28 million workers. The Office of Personnel Management has issued a comprehensive guide for these entities to best ensure that they are compliant and treating all employees with dignity and respect while preventing discrimination in the workplace.

buy strattera online rxbio.com/images/milestones/jpg/strattera.html no prescription pharmacy

OPM also called for all federal agencies to review their anti-discrimination policies as well.

buy symbicort inhaler online rxbio.com/images/milestones/jpg/symbicort-inhaler.html no prescription pharmacy

In addition to restroom access, other issues addressed—and likely to face increasing scrutiny—include employment practices such as hiring and promotion, and the consistent use of preferred pronouns, the subject of a recent EEOC ruling against the Department of the Army.

“One of the encouraging things we’re seeing is that people are not waiting for the laws to change,” said Victoria Nolan, risk and benefits manager at Clean Water Services, who draws upon both her professional background and personal experience to offer private consulting services on transgender and diversity issues in the workplace. “There are companies that are being proactive. In some cases, for example, companies that are functioning in multiple states realize that it is extremely difficult to have a variety of offices and just comply with state law, so they are starting to look at the probable end results and move in that direction now.”

While many issues regarding transgender rights continue to spark controversy in legislatures across the country, almost all of the nation’s 20 largest cities have state or local laws allowing transgender people to use bathrooms corresponding to their gender identity. As CBS reported, Houston voters debated—though ultimately defeated—an ordinance that would have established nondiscrimination protections for gay and transgender people, while just last week, South Dakota’s governor vetoed a bill that would have made the state the first in the U.S. to approve a law requiring transgender students to use bathrooms and locker rooms that match their sex at birth rather than their gender identification.

Following our previous coverage, “Developing a Strategy for Transgender Workers,” there will also be a hot topic session of the same name at the upcoming RIMS Annual Conference and Exhibition in San Diego. Led by Victoria Nolan and employment attorney Liani Reeves, the session will take place on Monday, April 11.

Top Obama Administration Officials, Law Enforcement Reach Out at RSA Conference

Posted on by
loretta lynch at RSA

Attorney General Loretta Lynch addresses RSA Conference 2016

SAN FRANCISCO—Many of the Obama administration’s top brass are here in force, addressing some 40,000 practitioners from every part of the technology and information security industry at the annual RSA Conference. Set against the backdrop of the ongoing fight over between Apple and the FBI encryption and backdoors, the tension ebbed and flowed during sessions with Attorney General Loretta Lynch, Secretary of Defense Ashton Carter, and Admiral Mike Rogers, U.S. Navy Commander, U.S. Cyber Command, and director of the NSA. While many speakers will not address the issue directly, the subtext is clear throughout the show, particularly as the public battle brings considerable interest to the privacy and security issues the RSA has centered on for 25 years.

Indeed, in his keynote address, RSA President Amit Yoran called law enforcement’s current stance on encryption “so misguided as to boggle the mind.” Brad Smith, president and chief legal officer of Microsoft, chimed in as well, asserting that we cannot keep people safe in the real world unless we can keep them safe in the virtual world. He lauded Apple and pledged that the tech giant would stand with Apple in its resistance.

Ash Carter at RSA

Secretary of Defense Ashton Carter in Conversation with Ted Schlein of Kleiner Perkins at RSA

While the gravity of the issue and the massive potential impact for many in the sector are boggling many minds here, the administration officials’ sessions also offered more broadly positive comments for businesses outside the tech sector. The conciliatory tone Lynch and Carter often struck centered on the critical need for partnerships between technology and government. They tried to emphasize the ways the administration is reaching out to private entities, both within Silicon Valley and across corporate America at large.

According to Sec. Carter, for example, the United States Cyber Command has three core missions: defending the Department of Defense’s network; helping American companies, the economy and critical infrastructure; and engaging in offensive cyber missions. The second is a key pillar, he said, as the DoD must keep in perspective that the strength of American entities is the strength of the nation. From threat intelligence to the Defense Innovation Unit Experimental he announced yesterday, to be helmed by Google’s Eric Schmidt, Carter believes there is considerable need for industry to engage with government on cyberrisk, and both parties have valuable assets to contribute. “Data security is a necessity, and we must help our companies harden themselves,” Carter said. Indeed, he wants both help for and from the industry. In closing, he said, “We are you. You pay us. We represent you and our job is to protect you, and we’d love to have your help.”

He also noted that the DoD is trying to learn a bit about managing its cyberrisk from the commercial sector’s best practices. “We do grade ourselves and we’re not getting good grades across the enterprise,” Carter told reporters Wednesday, according to Defense News. “I have these meetings where I call everyone in and we have these metrics which tell us how we’re doing [and] if you don’t score well, that is evident to the Secretary of Defense at those meetings.

“We don’t assume for a minute that we’re doing a perfect job at this,” he added. “That’s the whole reason for me to be here and the whole reason for me to be engaging with this community here at this conference.”

Carter also announced that the Department of Defense will be hosting “Hack the Pentagon,” a bug bounty program offering white hat hackers cash for finding and reporting vulnerabilities in the Pentagon’s websites. Many companies have been offering these programs to try to discover their exposure in a controlled setting, without the risk of reputation damage, personal information exposure and business interruption that accompany an unknown hacker finding them instead. Carter called these a “business best practice” to gauge preparedness.

Federal law enforcement also has a notable presence at RSA and is making a pronounced effort to reach out to businesses regarding cyberrisk, threat intelligence, and managing a cyberattack. Indeed, in one session Tuesday, panelists from the Department of Homeland Security, FBI and the White House urged a call to action for businesses to get serious about proactively building bridges with law enforcement and to make use of the many resources the administration is trying to activate to help private industry fortify against cyber threats. The government is working to make it easier for companies to turn to it for help, they said, and attitudes are shifting to more consistently recognize and respect victimized businesses and minimize business interruption.

Some in the audience expressed skepticism, such as one man who seized upon the Q&A portion of a session on government departments’ specific roles in fighting cyber criminals. He asked how the government can be trusted to help industry when it cannot protect itself. But corporate entities should be taking note, particularly of the services available. While many hesitate to share threat intelligence or even successful attacks, Eric Sporre, deputy assistant director of the FBI’s cyber division, stressed that FBI Director James Comey has made it a directive for FBI field offices to develop relationships with local businesses and to treat businesses as crime victims, not perpetrators. In responding to attacks, he noted, the Bureau sometimes even brings in victim services to holistically approach aiding in the investigation and recovery process.

Andy Ozment, assistant secretary for cybersecurity and communications at the Department of Homeland Security, also highlighted the preventative measures his department offers companies, including personal risk assessment services. In some cases, chief information security officers and other executives engaged in cyberrisk management functions have been getting DHS assessments, using them as a tool to drive investment or otherwise sell cyber upwards with the board or C-suite of their organizations.