By:
On:
In: *Connecting the Dots Blog*, Human Resources, Risk Management

  If you have been following the bullying case in Massachusetts, you know all too well that lack of awareness can kill. Lessons learned clearly show a lack of awareness kills: People Careers Credibility Confidentiality Bottom Lines Reputations Strategies And more…   Lessons learned in schools, banks, hospitals, manufacturing, government and most every other sector continue to demonstrate how lack of awareness creates gaps, poor decisions and unwanted results. There are many different types of awareness: Situational Awareness Security Awareness Privacy Awareness Risk Awareness Customer Awareness Brand Awareness And numerous others…   Does your organization’s management realize they are responsible for awareness?  Awareness must be managedRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Risk Management

  According to a recent article at JournalStar.com, Warren Buffett used his letter to Berkshire Hathaway stockholders to bring attention to corporate responsibility and the government bailout of financial institutions. Warren Buffett wrote: “In my view, a board of directors of a huge financial institution is derelict if it does not insist that its CEO bear full responsibility for risk control.  If he’s incapable of handling that job, he should look for other employment.  And if he fails at it – with the government thereupon required to step in with funds or guarantees – the financial consequences for him and his board should be severe.”Read More →

By:
On:
In: *Connecting the Dots Blog*, Emergency Management, Incident Reporting, Risk Management

  Safety and security programs depend on getting the right information to the right people in the right place at the right time so individuals can make better decisions. Recently, a story involving several schools in Missouri provided multiple lessons learned involving safety. The situation started when a national alert from the FBI was sent out to law enforcement on a tip from the National Center for Missing and Exploited Children. The Missouri School Board Association, who operates the Missouri Alert Network, then issued an alert to schools at 11:50am saying the national alert targeted a Missouri School and as a result three schools inRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Emergency Management, Risk Management

  Reviewing the bipartisan Commission on the Prevention of Weapons of Mass Destruction Proliferation and Terrorism report card reveals lessons learned have not become lessons implemented. The report card included an ‘F’ grade in Biological Risks due to the nation’s capabilities lacking to:  Coordinate and deploy rapid response to prevent biological attacks causing mass casualties   Under Government Reform, the report card included two more ‘F’ grades for: Reform congressional oversight to better address intelligence, homeland security, and crosscutting 21st century national security missions Implement education and training programs to recruit and retain the next generation of national security experts   The two ‘F’ gradesRead More →

By:
On:
In: *Connecting the Dots Blog*, Emergency Management, Incident Reporting, Risk Management

  I re-read this NTSB story a couple times and it still left me scratching my head…installing cameras will prevent what? The USA Today article stated: The NTSB found that the Sept. 12, 2008, crash between commuter and freight trains that killed 25 people was caused by an engineer who sped through a stop signal as he was texting. The engineer, who died in the crash, had been warned about cell phone use on the job twice before. Accident investigators uncovered such egregious behavior by train operators in the fatal 2008 accident near Los Angeles that they suggested Thursday that all railroads monitor crews withRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security, Risk Management

Teachable Moments vs. Ongoing Awareness Reminders As a follow up to the previous blog regarding the sensitive ethics document from the Committee on Standards that ended up in the hands of The Washington Post, I wanted to take a look at teachable moments vs. ongoing awareness reminders. If you go to the Committee on Standards of Official Conduct web site and look up their training requirements for 2009 you will see an example of once-a-year training requirements and you will see individual training requirements are based on pay scales.  This seems ironic to me since the Committee on Standards blamed a low-level staffer for theRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security, Risk Management

Low-Level Staffer Blamed for Committee on Standards Breach In case you missed the story last week, multiple lessons learned and teachable moments have emerged from an incident involving a sensitive ethics committee document that ended up in the hands of the Washington Post.  The ethics document exposed numerous ongoing investigations into the conduct of more than two dozen House members.   Most articles seem to be blaming the unauthorized access to the sensitive ethics document on a low-level staffer working from home on their personal laptop using a peer-to-peer file-sharing program which provided unauthorized access to the ethics document.  Asking good questions can be a greatRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Regulatory Compliance, Risk Management

Yes, I admit it…I was surfing the FDIC web site this past weekend and I was spending some time reviewing past Financial Institution Letters that the FDIC releases to advise the banking industry of supervisory changes and guidelines. I came across a Financial Institution Letter for Newly Insured FDIC-Supervised Depository Institutions that included the new changes, as well as a list of common elements from troubled or failed institutions. The list offers some potential lessons learned for organizational leaders (board of directors, executive management, compliance and others) and so I thought I would share the list. Rapid growth Over-reliance on volatile funding, including brokered depositsRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, Risk Management

According to news reports, a spear-phishing experiment conducted over the past few days has revealed some disturbing new risks for organizations using enterprise e-mail products and services:  Most major enterprise e-mail products and services were unable to detect a fake LinkedIn invitation that looked like it was from Bill Gates inviting people to join his professional network.  Once the ‘victim’ clicked on the ‘invite’ link, they were sent to the phishing site where information about the ‘victim’ was captured. The article in Dark Reading detailed comments from CEO of PacketFocus including: “I tested the spoofed e-mail on six different enterprise networks using the latest e-mailRead More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources, Incident Reporting, Information Privacy, Information Security, Legal, Risk Management

Did you see the story today involving CalOptima (a Medicaid managed care plan) who has notified 68,000 of their members of a potential loss of past medical claims information?  According to CalOptima, the information includes substantial identifying information, such as member names, home addresses, dates of birth, medical procedure codes, diagnosis codes and member identification numbers and even some Social Security numbers. Do you wonder how many other organizations are sending personally identifiable information (PII) and protected health information (PHI) in packages through parcel carriers? Do you wonder how many organizations are sending YOUR personal information through the mail? This story is one of hundredsRead More →