The Accidental Insider and the Cyber War
At Digital BrainFest 2013, Infinitive Insight CEO Ray Vazquez moderated a lively panel discussion on risk management — Put Your Hands Up! Cyber War: Winning the Arms Race. Dr. Eric Cole, Founder, Secure Anchor Consulting and an industry-recognized security expert, discussed the changing face of cyber security and how attacks have shifted from disruptive and opportunistic to more targeted and data-focused. Continue reading
What’s Your Appetite (or Thirst) for Risk?
This recent Facebook post caught our eye and might give pause for thought when you uncork, or unscrew, tonight’s bottle of wine. Here’s our take:
A great example of an internal control is the cork. With a potential failure rate of 3-10 percent, why is it still chosen over the screw cap? Continue reading
The Role of Boredom in Risk Management
A senior executive once told me that the goal for the head of operations was to achieve boredom. Boredom as in no big risks, no unpleasant surprises. This WSJ article enlightened me as to the depth of research into boredom. How does boredom impact your role as a risk professional? Continue reading
Automated vs. Manual Controls
A thought occurred to me the other day while traveling. Right after I heard the announcement that “we will be landing shortly,” it dawned on me that most airline passengers would be very afraid if the pilot announced that “the autolanding system will be landing us shortly.” Many of us discuss the benefits of automated controls all the time, but somehow I found myself asking why do we have more comfort over a manual control landing an airplane than an automated control? Continue reading
Cybercrooks Follow the Money
The good news is that bank robberies are on the decline in the U.S., according to this Real-Time Risk at the Super Bowl
There’s no doubt that the NFL’s risk management team had a conversation on the likelihood that the Super Dome would lose power. Someone might even have speculated that Beyonce would blow a fuse with the halftime show. Or that someone (a gambler, perhaps, or seriously committed fan) would sabotage the power if the game got out of control — as it was on the verge of doing. But power failure was probably a “green light” item on the dashboard. Continue reading
The Sandy Aftermath
In the aftermath of Hurricane Sandy, our thoughts and prayers remain with all those who are suffering, including the many who lost homes or loved ones. Because of the extent of the damage and the historical nature of the storm, it has led many in the media to ask about preparedness for the future. Unfortunately, tragedies are the only time we begin to ask the tough questions. What could we have done to minimize the impact? And are we prepared for next time? Continue reading
Are You Ready for Frankenstorm? What About “Frankenrisks”?
Don’t look now, but here comes a very scary storm just in time for Halloween! As hurricane Sandy blows northward up the East Coast, an Arctic blast of a storm will come screaming across from the West. And when they meet – Boo! A very scary Frankenstorm!
From a risk perspective, this is the equivalent of a major security breach occurring at the same time as a major financial audit. Continue reading
Digital Bank Robbery: “Because That’s Where the Data Is.”
Data breaches and security incidents are a constant in the headlines these days. Wells Fargo, U.S. Bancorp and PNC Financial Services have all been hit with attacks that prevented customers from banking online. While large financial services firms generally have robust security programs – especially when it comes to information security and data protection – hackers and cybercriminals never tire of “innovating” with new and more creative attacks, even if they’re making a political statement and not looting the vaults. Continue reading
Risk Management’s Role: Growing More Important, Still Not Formalized
The 2012 State of the CSO Survey highlights the ever evolving role of risk management in the C-suite and across operations. First the good news: 66% of respondents said their organization has placed more value or risk management in the last 12 months. Of course, given the huge range of risks – from threats to information security to the high costs of SOX compliance to malicious insiders – risk management should be growing in culture at closer to 100% of companies.
However, little more than half – only 56% — had formalized enterprise risk management process incorporating multiple types of risks. And 42% saw security budgets decrease. Not that higher budgets are automatically equivalent to effective ERM, but still …
