Category Archives: Security

Want to scan your crypto wallet for risks? Check: AML crypto BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money.

Resiliency in 2018: Q&A With BCI’s David Thorp

Posted on by

Organizational resiliency is a focus of the Business Continuity Institute (BCI) and executive director David Thorp. It was the theme of this year’s annual Business Continuity Awareness Week, which Risk Management Monitor covered in May, and was the focus of BCI’s updated manifesto.

We reached out to Thorp to get his insight on organizational resiliency, how businesses can improve their continuity plans and for ways to better incorporate them into their culture.

Risk Management Monitor: What companies have best demonstrated resilience?

David Thorp: A few examples of organizations that have displayed a high level of resilience are Apple, TomTom, and PostNL.

Apple displayed resilience when they reemployed Steve Jobs to reshape the company.

TomTom started by making software for Palm computers. It has dealt with a rapidly changing marketplace and over the years it has:

  • produced navigation software for PDAs (personal digital assistant)
  • produced its own navigation devices
  • developed live traffic information
  • acquired a digital mapping company
  • developed navigation software for smartphones
  • struck up deals with car manufacturers

PostNL (formerly TNT) has had to adapt to the decline in regular mail as well as tapping into the requirement to deliver more packages (outside working hours) as a result of an increase of web shops.

RMM:  What do organizations most commonly overlook in their continuity planning?

DT: Two most commonly overlooked aspects are keeping plans up to date and exercising/testing.

Business continuity management is often initiated as a project, usually assisted with external expertise. Internal personnel frequently have this role in addition to their “normal” functions. As the organization changes, these plans often get overlooked. After one or two exercises have been carried out, the focus on exercising quickly diminishes.

Unfortunately, these two aspects have a large impact on the ability to recover as planned. It could be argued that this is an indication of a lack of management commitment.

RMM: Why do so many companies overlook their continuity planning and emergency preparedness?

DT: The biggest reason is that it is not a requirement for many organizations. When not required by a regulator or a customer, the organization must:

  1. know about continuity planning and emergency preparedness
  2. understand their risk
  3. understand its value before there is a possibility of it being implemented

By not having done a risk or impact analysis, it is also easy for organizations to think that a disruptive event will not happen to them and therefore not worth the hassle and investment.

RMM: How much time and effort does creating and initiating a business continuity plan take?

DT: This depends on the size and complexity of the organization, the ambition level and the resources available. For small organizations, it is possible to create and exercise plans within a month—but this would typically take a little longer as the required people will also have other tasks. For a large and more complex organization, it may take two-to-three years to reach the desired maturity level.

RMM: What advances would you like to see the global risk management community achieve with regard to planning and preparedness?

DT: I would like to see a better understanding of each other’s disciplines and a better collaboration between them. There is much overlap between the two disciplines and with better collaboration, we can more efficiently and effectively minimize risks and improve the continuity. We are currently working on better understanding how we achieve synergy between business continuity and risk management. We see this as being a prerequisite for achieving organizational resilience. Collaboration with other disciplines is also necessary.

RMM: We’ve seen examples of reputation crises that have in some cases forced companies to close. How can organizations avoid these pitfalls?

DT: A major factor in managing the extent of the reputation damage is the quality of the crisis communication. How well and honestly you inform those affected and of course how you deal with social media makes the difference in how you are perceived. The subsequent actions need to be in line with the messages communicated.

RMM: What has changed in the BCI’s Manifesto for Organizational Resilience that risk professionals should know about?

DT: The manifesto is built on the simple premise that resilience is not the responsibility of one part of the organization—it is the responsibility of discipline within an organization working closely together toward a common purpose. Risk Management, emergency planning, disaster recovery, security, facilities management, business continuity management, supply chain management, IT management, HR management…all have an equal role to play in delivering resilience.

The manifesto contains our undertaking to seek out alliances with other professional bodies along the spectrum of what might be termed “resilience disciplines” in order to work collaboratively. This would make organizations more resilient than if we each work within our own silo.

Multiple Risks to Watch Out For at 2018 World Cup

Posted on by

Above: Luzhniki Stadium in Moscow 

The 2018 World Cup tournament began on June 14 and lasts until July 15. Thousands of fans will travel to Russia for the event, which consists of 64 matches and 32 teams in 11 cities. Like other mega events, it presents countless challenges for a number of industries including construction, travel, hospitality and security.

Circuit Magazine for security specialists reports that threat for terrorism is high, as there have been attacks in Moscow and the North Caucasus and most recently, a suicide attack on a Metro Train in St. Petersburg. It notes, however, that “Past performance in security terms of Russia at large events has been very strong, the Sochi Olympics was well controlled with no terrorist incidents affecting fans.

Based on our assessment we continue to recommend that any attendance at large events, or corporate travel in Russia is supported by additional risk management measures.”

The article also recommends that attendees remain vigilant in public places, adding that to address this risk, security has been increased at airports and transportation hubs. It warns of street crime, including pickpocketing, that targets tourists. “Bogus police officers have harassed and robbed tourists.

If you are stopped always insist on seeing identification. Avoid openly carrying expensive items, or anything that might easily identify you as a tourist. Avoid walking about late at night alone,” Circuit warned.

Not to be overlooked are health concerns.

The European Centre for Disease Prevention and Control (EU/EEA) recommends in a recent report that anyone traveling to Russia for the games make sure their vaccinations are up-to-date, particularly for diphtheria, hepatitis A, hepatitis B, measles, meningococcal infection, mumps, pertussis, poliomyelitis rubella and tetanus. According to the EU/EEA:

“As is often the case with mass gathering events, during the 2018 FIFA World Cup in Russia visitors may be most at risk of gastrointestinal illness and vaccine-preventable infections. The risk of being affected by gastrointestinal illness can be reduced by employing standard hygiene measures including regular hand washing with soap, drinking safe water (bottled, chlorinated or boiled before consumption); eating thoroughly cooked food and carefully washing fruit and vegetables with safe drinking water before consumption.”

It added that while outbreaks and spread of vaccine-preventable diseases are of particular concern during such mass gatherings. “there are no indications that the risk is higher than usual.”

Beazley notes that many of the 2018 World Cup’s risks impacting various industries will be covered by the London insurance market. The insurer outlines some of the key risks and their likely insured values:

LIRR Misses Critical Juncture for Positive Train Control

Posted on by

Last week, the Long Island Rail Road (LIRR) confirmed interruptions in its ability to fully install positive train control (PTC) across its system by the end of the year. Newsday reported that the LIRR system, which is a unit of the Metropolitan Transportation Authority’s (MTA) network, failed 16 out of 52 factory tests performed in early March using a computerized simulation of the new technology.

Although its PTC contractor continues to investigate the cause of the failures, MTA officials said they believe it stems from the complexity and density of the LIRR, which is the busiest commuter railroad in the country averaging more than 311,000 daily riders.

PTC is designed to eliminate human error by using four components: GPS satellite data, onboard locomotive equipment, the dispatching office and wayside interface units. The system communicates with the train’s onboard computer, allowing it to audibly warn the engineer and display its safe braking distance based on its speed, length, width and weight, as well as the grade and curvature of the track, according to railroad operator Metrolink.

buy xifaxan online rxbio.com/images/milestones/jpg/xifaxan.html no prescription pharmacy

If the engineer does not respond to the warning, the onboard computer will activate the brakes and safely stop the train.

An approved PTC System must protect against:

  • Passing a stop signal.
  • Train-to-train collision.
  • Overspeed on curves and other civil restrictions.
  • Unauthorized incursions by a train into a work zone.

The installation began in January as part of a $1 billion safety upgrade, although it had been on the LIRR’s strategic plans for years. So far, substandard testing results are not instilling much confidence that PTC will be complete by the federal deadline of Dec. 31, 2018. If that deadline is missed agencies without properly-installed PTC may face fines of up to $25,000 per day, as enforced by the U.S. Rail Safety Improvement Act of 2008.

MTA Board member Neal Zuckerman told Newsday he is less concerned about meeting a federal deadline than he is about “having a system that works for riders.”

“It is better to have this right than fast,” Zuckerman said. “A nonfunctioning system is not worthwhile. It’s a waste of money and time and ultimately will not serve the needs of the riders.”

The LIRR is not the only major transit system to be missing the mark. Risk Management Monitor reported on Amtrak’s struggle to meet the deadline in February and that by the end of 2017, only 8% of NJ Transit’s locomotives and none of its tracks were updated with PTC.

Efforts to upgrade train technology has been a nationwide priority. There have been a number of accidents in recent years. The most recent was a major derailment occurring on Dec. 18, 2017 when an Amtrak train derailed near Tacoma, Washington, killing three passengers and injuring about 100. That crash was the result of excessive speed in a steep curve, which experts suggested could have been prevented with PTC’s automatic braking technology. Amtrak Train No. 501, on its inaugural run, was traveling 80 miles per hour in an area limited to 30 miles per hour when it derailed on an overpass, sending the train’s 12 coaches and one of its two engines careening onto the highway below.

As previously reported in Risk Managementa similar derailment in Philadelphia in May 2015 that killed eight, was also blamed on excessive speed and could have been avoided if PTC had been in place.

After Congress passed the PTC Enforcement and Implementation Act of 2015 it also authorized the FAST Act, which allocated $199 million in PTC grant funding and specifically prioritized PTC installation projects for Railroad Rehabilitation and Improvement Financing funding. The Association of American Railroads estimates that freight railroads will spend $10.6 billion implementing PTC, with additional hundreds of millions each year to maintain.

buy nizoral online rxbio.com/images/milestones/jpg/nizoral.html no prescription pharmacy

 The American Public Transportation Association has estimated that the commuter and passenger railroads will need to spend nearly $3.6 billion on PTC.

Copycat Threats Escalate After Fla. School Shooting

Posted on by

Numbers of bomb threats and false alarms following the deadly Feb.

online pharmacy levofloxacin with best prices today in the USA

14 shooting at the Marjory Stoneman Douglas High School in Parkland, Florida have jumped, causing fear and panic across the U.S. and creating havoc for school personnel and law enforcement.

The threats are mostly carried out by students too young to realize the repercussion of their comments—which most often are posted on social media sites.

The sharp rise in false alarms, from 10 to about 70 a day, has left school administrators and authorities with the precarious job of determining the threat’s credibility. Worried parents often fear sending their children to school.

online pharmacy lasix with best prices today in the USA

The New York Times reported:

Every school day in the week after Feb. 14, the day of the attack at the Florida high school, at least 50 threats or violent incidents at schools were reported across the country, according to the Educator’s School Safety Network, an advocacy organization that has tracked news reports of threats and violence since 2016. Normally, the group records an average of 10 to 12 incidents a day.

online pharmacy cellcept with best prices today in the USA

The group’s count includes many incidents that turn out to be false alarms or hoaxes.

Since the shooting, Texas has had the most threats, with 55 reports, followed by Ohio, California, Florida and Pennsylvania, according to data from the Educator’s School Safety Network, which tracks such incidents and also trains schools on how to handle them. Because of the threats, at least 33 schools closed and more than 15 others were locked down, according to the USA Today Network.

The threats have sparked a legal debate over what penalties kids should face. Authorities have yet to determine, however, how to deal with such threats, as an arrest could jeopardize a student’s future.

These types of threats are not new. Following the massacre at Columbine High School in 1999, hundreds of threats were sent to schools across the country, leading to more than 350 arrests. USA Today notes that even with jail as a penalty, threats have been widespread for decades and are not letting up.