Tag: risk management

No more paper/hand-written ISO certification exam!

  • FLEXIBILITY: Schedule your individual online exam pretty much anytime, during regular work hours, from your home or the office;
  • SHORTER TRIPS FOR YOUR TRAINING: Do not stay on the 5th day to sit an exam because you can schedule it anytime later;
  • REMOTE INVIGILATOR: External USB camera replaces the invigilator physically on site;
  • SECURITY: Better protection against the potential loss of your written exam;
  • EFFICIENCY: No more paper to print, distribute, collect, send and shuffle around;
  • ENVIRONMENT: No shipping, no paper to recycle;
  • AND THE LAST ONE: Writing answers with a pen instead of a keyboard… Seriously!

This applies to all Self-Training and all public classes as of 01 August 2019.

Register for your training today >

Advertisements

Only six months remain until the end of Windows 7 support

Despite the awareness that in six months Microsoft will officially end its support for its nearly 10-year-old operating system, Windows 7, 18% of large enterprises have not yet migrated to Windows 10, according to new research from Kollective.

At the start of 2019, researchers found that 43% of companies were still running Windows 7. Of those, 17% didn’t even know about the end of support. In its most recent analysis of 200 US and UK IT decision makers, the report revealed that organizations have a long way to go to prepare for the much anticipated end of Windows 7 support.

https://resiliencepost.com/2019/07/09/one-in-10-it-pros-would-steal-data-if-leaving-a-job/

Six months later, 96% of IT departments have started their migration, and 77% have completed the move. However, given that the migration from Windows XP to Windows 7 reportedly took some firms more than three years to complete, companies that have not started migration are at risk of missing the final deadline.

Read entire post Nearly 20% of organizations still run Windows 7 | Kacy Zurkus | InfoSecurity

One in 10 IT pros would steal data if leaving a job

In addition, the survey found that 15% of participants would delete files or change passwords upon exiting.

While a number of organizations have invested in technologies to help detect and defend against external attackers, many companies are starting to better understand the risks from insider threats, which a recently published whitepaper said may actually be a larger issue.

https://resiliencepost.com/2017/07/18/more-than-half-of-ex-employees-still-have-access-to-corporate-networks/

According to the report insider attacks are more difficult to detect and prevent than external ones, with 91% of respondents in a similar survey of IT and security professionals reporting they feel vulnerable to both malicious and accidental insider threats.

Read entire post One in 10 IT pros would steal data if leaving a job | Kacy Zurkus | InfoSecurity

Episode 13 – Jewish Extremism

While we normally see Jews as victims of terrorism, it is nevertheless true that they are also perpetrators. This podcast will look at the phenomenon of Jewish terrorism.



Be featured in August podcast

QuestionsforPhil - An intelligent look at terrorism podcastWe hope you are enjoying the content of the podcast. Now it is your turn to suggest topics or ask questions.

Follow us on Twitter @LookatTerrorism and tweet us your question with the hashtag #QuestionsforPhil. We will adress all questions in the August podcast.

Let us know what you want to hear!

Nine business lessons we’ve learned from each Star Wars movie

In honor of May the 4th, we’re ready to get in the spirit for Star Wars day! With its classic storyline of good vs. evil among the cosmos, Star Wars has inspired generations of fans both young and old… including business owners! Let’s take a journey through the story of Star Wars, with business lessons that we’ve learned from each movie that every entrepreneur needs to know.

phantom menace

1) The Phantom Menace – Be Willing to Take A Risk

In Episode I: The Phantom Menace, Qui-Gon Jinn goes with his gut and takes a chance on Anakin Skywalker, making the risky gamble of offering up his ship in exchange for the boy’s freedom. Despite the fact that many would have counseled him otherwise, Qui-Gon saw something in Anakin and was willing to risk it all in order to see his vision for Anakin’s future become a reality. For business owners, this is a reality that likely sounds very familiar.

In order to see your dreams for your business come to fruition, you often must take a risk first. Whether it’s quitting your day job, securing financing, or making a long-term investment, running a business can require taking leaps of faith. But, as many business owners would agree, the risk is often worth the reward.

attack of the clones

2) Attack of the Clones – Take Initiative

In Episode II: Attack of the Clones, Anakin Skywalker’s grown quite a bit since his last appearance inThe Phantom Menace. If there’s one thing he’s learned to do well in the timespan between the two movies (which take place ten years apart), it’s how to take initiative, sometimes to Obi-Wan’s chagrin. While this occasionally can lead to trouble, Anakin’s initiative is the catalyst for quite a few victories in the Star Wars universe, including chasing down and catching a bounty hunter and saving Obi-Wan from captivity on Geonosis.

A good business owner knows that sometimes, in order to see things done, one has to take matters into their own hands. Taking initiative to make that sale, purchase that new piece of equipment, or arrange that business partnership you’ve been thinking of will lead to big payoffs down the road for your business.

Read entire post Nine Business Lessons We’ve Learned from Each Star Wars Movie | Amerifund

The value of an outside-in perspective

Following my article: Reflecting on the past 365 days! I’d like to deliver here some reflections around the following…

The value of an outside-in perspective

The concept of taking an outside-in perspective to leadership and management first started gaining traction around 2010. At that time, George Day and Christine Moorman published their book “Strategy from the Outside In”, explaining the value of strategy development based on market insights and customer value. The book gained massive success for its insights into how companies such as P&G ride out the storms of multiple market down cycles and somehow remain profitable.

The concept of taking an outside-in perspective to leadership and management first started gaining traction around 2010

In 2011, renowned psychologist Daniel Kahnemann published his bestseller “Thinking, Fast and Slow”. In the book, he told a story about a group he had previously worked with, which had made some errors in forecasting due to an inward-looking approach.

Kahnemann’s story made a compelling case for collecting as much external information as possible to aid the process of making decisions. Not just strategy-level decisions as in the 2010 book, but as Kahnemann himself said: “the argument for the outside view should be made on general grounds”.

Recently, I’ve been considering how learning the value of the outside-in perspective has guided my career journey from the corporate world to full-fledged entrepreneurship.

Breaking Silos for Better Decision Making

During my corporate career, I had the opportunity to create and facilitate a discussion forum for peers in the risk management area, many of whom were working in large Swiss companies. The forum was very well received among the colleagues who attended, with many people asking for repeat events or organizing separate meetups. The main reason the event was so successful was down to people from different organizations, and across different sectors, finding common threads in the discussions.

The opportunity to talk to people who had a different perspective gave participants fresh ideas about how to approach their own particular challenges. In some cases, understanding that others share the same issues gave participants some reassurance that their problems weren’t unique, echoing Kahneman’s advice about collecting external metrics in order to define your own yardsticks.

The reactions from the forum participants gave me a deeper understanding of the value of developing connections across boundaries. The experience gave me a more profound realization that working without silos isn’t a nice-to-have — it’s a key enabler of effective risk management.

No alt text provided for this image
Credit: http://www.ecosia.org

Leveraging the Entrepreneurial Mindset

When I left the corporate world to start my own consultancy business, an inevitable part of the journey to becoming an entrepreneur involved changing my mindset. A corporate entity operates on rules, policies, procedures and fixed governance processes that are (to a greater or lesser extent) documented, known and followed by everyone. While these rules are necessary to running a company, they can also have the unfortunate side effect of limiting creative thinking.

As an entrepreneur, there are no rules, no policies or procedures or instruction manuals

As an entrepreneur, there are no rules, no policies or procedures or instruction manuals. I had to navigate my own way through all the new and unfamiliar activities involved with setting up a business from scratch. While it can be daunting at times, it’s also exciting. I found that with total freedom to operate, I could think more creatively. I developed the mindset that nothing is impossible and became more proactive in bringing my ideas to fruition.

With this shift of mindset, I decided that I wanted to funnel my energy and experience into some kind of a platform for risk professionals to share knowledge and expertise. Recalling my experience with the discussion forum and throughout my professional life, I’ve always enjoyed and found value in developing networks, connecting other people and creating a sense of community between peers.

Connecting people across boundaries

So, the idea for Risk-!n came about, thanks also in part to my associate Antoine Lacombe who persuaded me to step out on a limb and start this new adventure.

At the time we were very open-minded about the direction Risk-!n might have taken. Thankfully and to my delight, the first event was a resounding success. We had close to 200 participants from three continents representing multiple industry sectors. 98% of participants said they would attend again, and 98% also said they would recommend the event to a friend. Suffice to say, I’m very much looking forward to opening the doors on the second Risk-!n conference just two months from now.

No alt text provided for this image

Seeing through the eyes of others

Over the last decade, the value of the outside-in perspective is better understood and accepted, and not just on the macro level. Collaboration is more powerful when individuals and teams within an organization take an outside-in view of their own work.

Building connections, talking to those outside of your regular circles and finding common threads all help us as individuals to gain an outside-in perspective. Seeing through the eyes of others enables us to find new ways of solving problems, driving decisions and taking action.

This is the guiding principle of the Risk-!n event – breaking down silos to better manage risks. Across two days, participants from different disciplines and organizations will have the opportunity to share experiences and learnings in the areas of risk, resilience, insurance and, security. Registration for the 2019 Risk-!n conference is now open and spaces are selling out fast. Make sure you register today to secure your spot!

No alt text provided for this image

Orgs grapple with pros and cons of remote workers

Despite the growing number of employees that work remotely, security professionals fear that remote workers pose risks to the enterprise, according to a new study published by OpenVPN.

An overwhelming majority (90%) of survey respondents said that remote workers are a security risk to the organization, according to the report Remote Work Is the Future – But Is Your Organization Ready for It? The report’s findings are based on a survey of 250 IT leaders, from the manager level through the C-suite.

Still, 92% of respondents agreed that the benefits of remote work outweigh the security risks. “For employees, it provides greater efficiency and lower stress levels: 82% of telecommuters reported less stress and 30% said it allowed them to accomplish more work in less time,” the report said. In addition, companies reportedly save an average of $11,000 per year per remote employee.

Read entire post Orgs grapple with Pros and Cons of remote workers | Kacy Zurkus | InfoSecurity

The new dawn of disease control

In our evermore complex, interconnected world, with health systems undergoing new challenges and stresses, risk management in the healthcare industry has never been more important. Three ISO standards play a significant role in matching clinical quality with patient safety and best practice, helping not only to deal with risks but also to prevent them in the first place.

ISO 14971 is a standard for the application of risk management to the design and manufacture of medical devices

Only the lucky few get through life in continuous good health, free from the pains and aches of growing older. Not many of us escape painful and debilitating ailments, such as sore joints that eventually require artificial replacements, and most of us, at some time or other, have to resort to health professionals and the healthcare industry in search of cures.

And it is reasonable for us to expect that those healthcare solutions and treatments will return us to our lives as healthier people, feeling better and fit for daily tasks. We put our trust in health professionals when we are at our most vulnerable and the health professionals, for their part, try to ensure that patient safety is paramount and aspire to best practices to reduce medical errors.

Read entire post The new dawn of disease control | Ann Brady | ISO.org

Preparedness and the Myth of Knowledge

Have you ever met someone who’s never ridden a bike, heard a song on the radio, received a piece of mail, pet a cat, eaten an apple, caught a cold or seen an ice cube? That’s because you’ve never been to North Sentinel Island, nor should you ever go.

A missionary recently learned, as many others had before him, that visitors here are greeted with spear tips. As one of the most isolated people in the world, the Sentinelese have honed an unyielding reflex for self-preservation, which is buttressed by the Indian government’s effort to benevolently quarantine the tiny island from the invasive cultures and diseases that traditionally drive traditional cultures to extinction.

On one of humanity’s darkest days, this endangered tribe emerged unscathed

But there are forces against which Sentinelese spears and Indian ships offer no protection. On December 26th, 2004 at 7:58am, a 9.1M earthquake off the coast of Banda Aceh, Indonesia triggered a tsunami that took 230,000 lives in countries throughout the Indian Ocean. The first massive wave would have struck North Sentinel Island at approximately 8:33am.

As a fishing population numbering in the dozens on an island that peeks at 400 feet, the Sentinelese’ survival seemed impossible in a disaster where casualties were rounded to the nearest thousand. Yet, on one of humanity’s darkest days, this endangered tribe emerged unscathed, and with vigor enough to fire arrows at the Indian helicopter sent to check on them. The Great Andamanese, Onge, Jarawa and Shompen tribes similarly thrived where “civilizations” buckled.

“The Knowledge Myth: If we have knowledge, we will act in our best interests based on that knowledge. Therefore, the distribution of knowledge will save us.”

As one of the few feel good stories to emerge from the Boxing Day tragedy, the triumph of these tribes over nature’s wrath made headlines: “Traditional knowledge saved ancient tribes from tsunami.” Headlines like that, which we typically swallow without hesitation, reflect what I call the Knowledge Myth. The Knowledge Myth goes something like this: If we have knowledge, we will act in our best interests based on that knowledge. Therefore, the distribution of knowledge will save us. 

What saved the Sentinelese? “Knowledge did”, said the Knowledge Myth, as we nodded in agreement, missing half the story.

The Knowledge Myth

The Knowledge Myth is pervasive in the arena of public safety. Let’s take it for a test drive to see how it holds up. The first Model T was manufactured in 1908, the summer of which saw 30 auto fatalities in Detroit alone. I’d argue that we had a working knowledge of auto hazards almost from day one. Even so, seatbelts only became standard in 1958, and only in 1998 did the actual usage of seatbelts by people like you and me become practice among 70% of Americans, heralding a precipitous and overdue drop in needless fatalities. Knowledge Myth: busted. Why did it take 90 years to address an undisputed and universally acknowledged risk?

I’m guessing you said stupidity. They were stupid and I am not stupid, therefor past mistakes do not apply to me. The Stupidity Myth is a convenient culprit when the Knowledge Myth fails. I get that the Stupidity Myth is comforting. I hear it often and call upon it myself when I’m feeling pissy and disappointed in our collective failings. But it’s a BS answer. Stupidity is not what kept us from buckling our seatbelts in the 70s and knowledge is not what saved the Sentinelese in 2004. Culture is the answer in both cases. And culture, simply put, is the product of what we expect of one another. I concern myself with one type of culture in particular: preparedness culture.

As FEMA has confessed, you can shower the public with resources, slogans and warnings over two decades without yielding results.

One year ago, I spoke to a packed auditorium in Portland, Oregon, where I provided a well-resourced and educated audience a vivid and irrefutable picture of the massive earthquake that will one day befall the Pacific Northwest. When asked if we should individually prepare for the event of a Cascadia Subduction Zone earthquake, 3,000 hands shot up. When asked if they expected one another to prepare for this same earthquake, four hands timidly rose. When there’s incongruity between individual commonsense and actual societal behavior, culture is the most likely culprit. History has proven countless times that culture determines which ideas, knowledge and practices are discarded and which become our salvation.

As FEMA has confessed, you can shower the public with resources, slogans and warnings over two decades without yielding results. If the soil isn’t there, the seeds won’t grow.

What can we learn from the Sentinelese – an isolated, spear-wielding, pre-industrial tribe whose way of life is utterly divorced from our own experience?

1.      The messenger of knowledge is at least as important as the knowledge itself:
Everything the Sentinelese knew about tsunamis they learned from someone they knew and trusted, a community member with a shared experience. Like the Sentinelese, you are influenced most by those whom you know, love and trust, and you have the most influence over those who know, love and trust you.

2.      Culture isn’t found in what we know, it’s found in what we expect of one another:
The Sentinelese clearly expected one another to run for high ground when they saw signs of the tsunami’s approach. I doubt they were mocking anyone’s paranoia. This is particularly remarkable as none of them would have personally witnessed those signs before 8:30am on that fateful day.

3.      Culture is a survival mechanism:
“Preparedness” is too small a word for the Sentinelese – they are living in a state of adaptation, like gills to a fish. Their adherence to their culture and its transmission from generation to generation – even through the generations that never saw a tsunami – has allowed them to continuously inhabit this remote corner of the world for 70,000 years.

Many of us are waiting for a disaster event that we have never personally experienced

Like the Sentinelese before the Boxing Day Tsunami, many of us are waiting for a disaster event that we have never personally experienced. Unlike the Sentinelese, we have not taken ownership of the cultural practices that might save us. Fortunately, our culture is not locked and isolated in time. Culture can and does change quickly when regular people make a conscious and courageous effort to stand as counter-cultural ambassadors of commonsense.

Those ambassadors influence those who know, love and trust them best, who themselves can become examples for others, and so forth. As the dominoes of social influence tumble, our perceptions evolve. Weird becomes normal, normal becomes expected, and somewhere along the way a tipping point is reach when the expected becomes cultural. Preparedness is too small a word for us.

This is about adaptation. It’s time for us to grow our own set of gills.

Security and Resilience – Guidelines for complexity assessment process

According to ISO, “This document gives guidelines for the application of principles and a process for a complexity assessment of an organization’s systems to improve security and resilience. A complexity assessment process allows an organization to identify potential hidden vulnerabilities of its system and to provide an early indication of risk resulting from complexity.“

The ISO 22375 originates from the UNI 11613 published in 2015 and impulsed by Ontonix. Ontonix is principal co-author of UNI 11613.

Complexity-induced risk is today the most insidious form of risk

“We are pleased to have contributed to the ISO 22375” said Dr. J. Marczyk, the founder and President of Ontonix. “Complexity-induced risk is a new form of risk, introduced by Ontonix and the management of which Ontonix has pioneered since its founding in 2005. Complexity-induced risk is today the most insidious form of risk”, he added. “We do, however, have reservations as to ISO 22375.

First of all, it provides a subjective assessment in that it is based on arbitrarily assigned weights. Second, the analysis procedure has a stong linear flavour and discounts the presence of critical complexity. This last fact indicates that the standard leans heavily towards a qualitative analysis, neglecting such fundamental principles of physics as the Second Law of Thermodynamics. Finally, the standard speaks of resilience but no measure of resilience is proposed or discussed”, he concluded.

FDA strategy for the safety of imported food

Last week, the U.S. Food and Drug Administration (FDA) released a new outline of the agency’s comprehensive approach to helping ensure the safety of food imported into the U.S. The document is FDA’s “Strategy for the Safety of Imported Food“.

For imported food, the volume and variety of imports and the complexity of global supply chains make food safety a challenging issue to address. Further complicating the issue, some exporting countries may have food safety systems that differ from U.S. food safety systems, and differing levels of regulatory capacity.

FDA has been provided with a range of tools and authorities to address the situation both domestically and in the foreign arena.

  • The U.S. imports about 15% of its overall food supply from more than 200 countries or territories
  • The U.S. received 13.8 million food shipments in 2018. Between 14-15 million are expected in 2019
Read entire post FDA Strategy for the Safety of Imported Food | Food Safety Magazine

How to tackle today’s IT security risks

The attraction of cybercrime to criminal hackers is obvious: tangled webs of interactions, relatively low penalties, disjointed approaches on money laundering and potentially massive payouts.

The key is preparation and seeing vulnerabilities, and resilience, in terms of interactions with overall management systems, and that’s where Information Security Management Systems (ISMS) standard ISO/IEC 27001 comes in.

This is the flagship of the ISO/IEC 27000 family of standards, which was first published more than 20 years ago.

It has been constantly updated and expanded to include more than 40 International Standards

Developed by ISO/IEC JTC 1, the joint technical committee of ISO and the International Electrotechnical Commission (IEC) created to provide a point of formal standardization in information technology, it has been constantly updated and expanded to include more than 40 International Standards covering everything from the creation of a shared vocabulary (ISO/IEC 27000), risk management (ISO/IEC 27005), cloud security (ISO/IEC 27017 and ISO/IEC 27018) to the forensic techniques used to analyse digital evidence and investigate incidents (ISO/IEC 27042 and ISO/IEC 27043 respectively).

Read entire post How to tackle today’s IT security risks | Katie Bird | ISO.org