• Riskope International

    Risk and Crisis Management Decision Making Support Tolerability and acceptability definition Coaching and Skills development
  • Risk and Crisis Management Decision Making Support Tolerability and acceptability definition Coaching and Skills development

  • Archive

  • Categories

  • Meta

  • Flickr Photos

    Economic downturn crisis forecast November 2008

    Contact us to know details on economic downturn crisis forecast

    graphic results of economic downturn crisis forecast November 2008

    Economic Downturn Magnitude and Duration Quantitative Study by Riskope (http://www.riskope.com), November 2008

    More Photos

All posts in category network

Information Security, Cyberwarfare, Security Guidelines.

This year has seen an unprecedented number of highly visible cybersecurity events, entire countries disappear from internet during riots and revolts (North Africa, Egypt, Libya), metropolitan underground e-mails and phones obscured (San Francisco) by the authorities to “protect us”.

Reportedly the hacker group Anonymous has now threatened to take down the New York Stock Exchange‘s computers in what we at Riskope would see as a “logical” development of the Men against Machines War we described in a recent posting in this blog.

A new report from the Georgia Tech Information Security Center warns that the trend will accelerate, and based on our own experience, they are not the only ones to believe so.
Several related studies we are performing are indeed pinpointing risks linked to search poisoning, Mobile Web-based attacks, more conventional hijacked computers (botnets) etc.
Although many believe common sense is the best defence, we are of the opinion that private, institutional and corporate clients should take things way more seriously. Thus, we happy yo see that some of our clairvoyant clients have asked us to perform holistic and full scope risk assessments on their informational systems, as they were feeling the pressure raising in this area.

Today we have decided to publish a short post on a specific aspect of our work, namely third-party review jobs on proposed (Information Security, Information Risk Management, etc. Guidelines).
But before going there, we’d like to point out that Information Security Guidelines and methodologies are the subject of numerous web-based resources, such as for example ANSSI (French), which leads to a qualitative, colour based obsolete risk assessment, or the US-CERT (American) “software”, which apparently only works on Windows based systems (sorry for all the other ones like Apple, Linux, Android) and guides its users to what we consider excessively “light, unfocused and very superficial” reporting.

Well, going back to our Third Party Review Report , which has of course been censored to protect client confidentiality and is based on our client’s new proposed Information Security Guidelines,
we raised the following general four major points:

  • It is essential that all employees clearly understand the value of the Company’s Information and their individual and collective responsibility to protect it. Awareness constitutes the first line of defence
  • Riskope encourages our clients to “break-up the information silos” as Information Security should cover all activities and tasks, including selection, hiring, etc. of personnel, subcontractors and suppliers.
  • Riskope encourages the compilation of several versions of Information Security/Risk Management Guidelines tailored towards the needs of various layers of users.
  • Guidelines should include formal and well structured reference to assessment and resulting protection from physical man-made or natural hazards, business continuity plans, resumption plans, backup capabilities etc.

In the third party review report you will find many more points, bearing on specific Information Security themes.

As you can hopefully “feel” from the reading, unbalanced or weak guidelines can give a wrong sense of security to their users, and actually totally miss their goal.

With our group of experts in Cyber Defence (CYD), Cybersecurity, Riskope can perform audits and penetration tests on your company’s systems, write well-balanced Security Guidelines, review and support your efforts.

Leave a Comment
by foboni on October 26, 2011  •  Permalink
Posted in alternatives, Conflict, corporate, cyber, decision, failure, Financial, Hazard, Information, management, network, pitfalls, reduction, risk, terrorism, Uncategorized, warfare, webdiffusion
Tagged , , , , , , , , , , , , , , ,

Posted by foboni on October 26, 2011

http://foboni.wordpress.com/2011/10/26/information-security-cyberwarfare-security-guidelines/

Our clients beat the trends. We are proud to contribute to their leadership.

We have been reading with a lot of interest Deloitte’s report entitled: Tracking the trends 2011, The top 10 issues mining companies will face in the coming year.
The issues highlighted in Deloitte’s report are summarized below:

1 Financing
2 Volatility
3 Stakeholders engagement
4 Taxes, regulations and governments
5 How to invest more strategically
6 Hiring and retaining talented workers
7 Prospection (in hazardous areas from a geo-climatic-geographic and political point of view)
8 Climate change and other hazards (including regulatory hazards)
9 Infrastructure gap in the countries of operation
10 Exploring new revenues opportunities

As we were reading the report, it became quickly rather obvious that many of the points in the list above had already been covered by recent Riskope’s jobs for international clients.

This proves that our clients are clairvoyant and were “on the trends” way ahead of the pack.
That demonstrates leadership, and we are proud to contribute to our clients’ success.

To be able to brings concrete answers to our clients’ questions we had to develop unconventional and sometimes very innovative approaches, sometimes entire new methodologies.

Here is a summary of some selected jobs summaries, performed in the last few years, covering a number of the issues highlighted by Deloittes’ report.

We have been and still are performing studies related to Cyber War and Cyber Defense for military and Civilian Clients.

Financial Comparison of long term alternatives, including upside and downside risks have been performed for large environmental remediations (asbestos dump, arsenic stocks, etc.).

Alternative ways to work/process in hazardous climate and very diverse geographic areas have been studied in the field of transportation, unexploded ordnance (UXO), landmines etc.

Large multimodal transportation systems have been analyzed  with respect to climate change impacts, special hazards, including terrorism.

B2B, Corporate to Country solutions to reduce impact of seismic events, ingress/egress problems have been analyzed, prioritized, using Risk Based Decision Making (RBDM).

Cleantech solutions (disposal of waste oils, reduction of carbon footprint, alternative transportation modes, etc.) have been weighted and compared to standard solutions.

1 Comment
by foboni on June 9, 2011  •  Permalink
Posted in Acceptability, CDA, Conflict, corporate, cost-benefit analysis, crisis, decision, demining, education, Environment, ESM, failure, Financial, Hazard, highways, Humanitarian, Information, Insurance, management, methodologies, Mining, mitigative, network, NPV, Operation Risk Awareness and Preparedness, RBDM, reduction, risk, terrorism, Transportation, Uncategorized, warfare, Waste
Tagged , , , , , , , , , , , , , , , , , , , ,

Posted by foboni on June 9, 2011

http://foboni.wordpress.com/2011/06/09/our-clients-beat-the-trends-we-are-proud-to-contribute-to-their-leadership/

Information Warfare Risk and Crisis Management

Information Warfare (IW): a “New” Hazard, Old Syndromes, and the Look of a Risk and Crisis Manager

Due to recent military and commercial conflicts’ paradigm shift, the term Information Warfare (IW) is and will increasingly become the focal point of the Risk and Crisis Management (RM-CM) endeavors of any enterprise, from local companies up to country sized and global organizations.

Read the Full Paper.

1 Comment
by foboni on November 17, 2010  •  Permalink
Posted in Acceptability, Conflict, corporate, crisis, decision, Hazard, Information, management, network, risk, terrorism, Uncategorized, warfare
Tagged , , , , , , , , , ,

Posted by foboni on November 17, 2010

http://foboni.wordpress.com/2010/11/17/information-warfare-risk-and-crisis-management/

A solution to “Tech-Speak”, technical risk words, and obscure definitions in Risk and Crisis Management

When we wrote our Book we also inserted a Glossary.
Please refer to it if you want to make sure about the meaning of any term you will find in this blog and Risk and Crisis Management information sources.

The definitions in the Glossary are “generally accepted”, and compliant with most national/international codes.

1 Comment
by foboni on September 23, 2009  •  Permalink
Posted in crisis, decision, education, Information, management, network, operational, risk, Uncategorized
Tagged , , , , , , , ,

Posted by foboni on September 23, 2009

http://foboni.wordpress.com/2009/09/23/a-solution-to-tech-speak-technical-risk-words-and-obscure-definitions-in-risk-and-crisis-management/

Information Warfare (IW) and your Company Risks

There are two ways to look at Information Warfare (IW) from a Entreprise Risk Management (ERM) point of view: the good one and the bad one.

The good one encompasses good thinking and planning, the bad one goes into premature acquisition of technical solutions, hardware and “magic gear”.

First of all let’s look at the reality of things: does IW exist? Sure it does: there are even schools that teach it, addressing corporate needs; and it has been abundantly used in recent armed conflicts.

Secondly let’s answer a simple question: is IW at the exclusive reach of highly skilled programmers and hackers? Here the reply is again clear: with minimal study and efforts anyone can implement an IW attack and start a campaign against a corporation.

Riskope International was asked by a European army to perform an IW risk assessment on an entire country. More specifically we were asked to evaluate how much money should be invested by an hostile party to obtain a certain damage level to a country, and what the likelihood of reaching that goal would be. We were asked to stay away from hacking or technical procedures, as the military are well equipped in those areas, but rather to examine the information related risks. We found out there is a very fine line between IW and good old propaganda, as defined from WW-I on to nowadays. Obviously information vectors have evolved, and therefore deployment tactics have/should changed.

The results of Riskope International study changed the view of our clients on what objectives can be achieved, what damage can be brought to an organization, and what it takes to get there. During the study an attack on Italian Civil Protection, perpetrated by a non identified group, showed that our conclusions closely matched reality.

Finally, looking at what kind of protection a corporation can develop, it becomes apparent that filtering and properly fusing information in order to trigger timely (immediate) and pertinent response seems to be the way. Recent documented examples in industry have shown how true this statement is.

Riskope International IW missions for corporate clients are geared towards helping clients to detect informational vulnerabilities, finding how easy it is to “fake” or distort information, how “colorful and vivid” the distorted information would be…and finally how that information can be brought to self-amplify and infect the informational environment of the corporation.

Once clear filtering and fusing criteria have been selected, it will be time to start thinking about gearing up…not before that, the penalty being a significant waste of mitigative investments and most likely no protection at all.

Leave a Comment
by foboni on August 17, 2009  •  Permalink
Posted in Conflict, crisis, decisione, Information, management, network, operational, risk, terrorism, Uncategorized, warfare
Tagged , , , , ,

Posted by foboni on August 17, 2009

http://foboni.wordpress.com/2009/08/17/information-warfare-iw-and-your-company-risks/

Presentations on Slideshare

Here are ALL the presentations we have produced to date on Slideshare: | Go to our slideshows

Our slideshows are references in the Blog Postings as needed, but we though you may find it useful to have one link to the whole collection.


Leave a Comment
by foboni on July 29, 2009  •  Permalink
Posted in Acceptability, CDA, corporate, crisis, decision, demining, ESM, Financial, highways, Humanitarian, Information, management, network, NPV, operational, RBDM, risk, road, terrorism, Uncategorized, warfare
Tagged , , , , , , , , , , , , , , , , , , , , , ,

Posted by foboni on July 29, 2009

http://foboni.wordpress.com/2009/07/29/presentations-on-slideshare/

Do You Still Think Crises Are Mere Consultants’ Creatures?

Well, all along our professional life of Risk and Crisis Management consultants and coaches we have been confronted with clients that expressed themselves with statements like: “well, you know, this kind of stuff only happens to others”, generally followed by “we are too small, … too large, too smart, too powerful”, etc.
Relentlessly we have kept our stance: crises are foreseeable, crises can be as costly as a natural disaster or a major accident, the public IS THE JUDGE, and the sentences he delivers cannot be appealed etc.
Examples abound in our courses and our latest book, but the one that follows is exceptional for many aspects.

United Airlines Lose $180 Million due to YouTube Video

We learned about this crisis as everyone else, via the media. The media reporting in the morning news about how social media can seriously damage a brand.

The Story

Take a musician (Mr Dave Carroll, from Canada) going to a concert, who sees the airline ground crews manhandling his instrument (a beloved guitar) to its death (broken neck, fatal wound indeed).
Imagine other passengers witnessing the massacre under the indifferent look of totally uninterested flight crew zombies.
Mix to this an interminable series of communications between the victim and a ice cold airline management who refuses to take any responsibility.
Bad enough? Well, yes, for the victim, for sure; but the airline had no clue how bad things were going to turn for them!

You see, our victim-musician had the interesting idea to make a country tune (titled “United Breaks Guitars” by Dave Carroll ) out of his sad story, and such a nice one, complete with an amusing video, that it became an instant success on Youtube (appx 4million views as we speak).

The Results

United Airlines share price dropping by 10% (i.e. 180MUS$ loss, equivalent to over 50,000 replacement of the defunct guitar. I do not think any Court would have punished so harshly the airline, but this is the power of the public-JUDGE: exemplary punishements and NO APPEAL.

Conclusions

In the era of internet, social media and networks, there is no hiding, there is no mercy for the culprits. And in period of exacerbated sensitivity to poor corporate behavior, like amidst a recession, and in the aftermath of large scandals (Madoff, banks etc.), punishments are going to get tougher and tougher.

There used to be a saying that one happy customer would report to three other people, but an unhappy one would spell his story to seven. Well, welcome to the world where a bad story can be broadcasted or is echoed out to four million within days, and for free!

1 Comment
by foboni on July 28, 2009  •  Permalink
Posted in Conflict, corporate, crisis, decision, Information, management, network, risk, Uncategorized
Tagged , , , , , ,

Posted by foboni on July 28, 2009

http://foboni.wordpress.com/2009/07/28/do-you-still-think-crises-are-mere-consultants-creatures/

Saving Lives by Mitigating Risks along Roads and Highways

Eurosain (European Road Safety Institute) is devoted to saving lives through pertinent application of hazard control/elimination and risk management of existing roads/highways and new road/highways projects.

The Eurosain approach is road-safety-methodology-and-analysis and codes, and applies to developed countries as well as underdeveloped or developing countries which unfortunately bear an increasing and intolerable toll from road and traffic accidents.

Like for many hazards (including deseases and land-mines) children are frequently victims of these accidents: that’s why Eurosain approach is holistic, as it considers all the users of a road/highway, and not only the road itself but all its environment.

By using the appropriate risk management methods Eurosain can help traffic authorities to select the appropriate measures to increase safety and to create a proper balance between awareness/education building programs, and road design/rehabilitation.

The expertise within Eurosain Team can help prioritizing demining tasks in the aftermath of conflicts and to select which road of a network should be allotted top priority in mitigative efforts.

Leave a Comment
by foboni on July 27, 2009  •  Permalink
Posted in Acceptability, Conflict, demining, education, highways, Humanitarian, management, network, risk, road, Uncategorized
Tagged , , , , , , , , , ,

Posted by foboni on July 27, 2009

http://foboni.wordpress.com/2009/07/27/saving-lives-by-mitigating-risks-along-roads-and-highways/

Follow

Get every new post delivered to your Inbox.

Join 1,487 other followers

%d bloggers like this: