The document provides a risk assessment for McBride Financial Services' proposed new office location in Sioux Falls, South Dakota. It identifies physical security risks, such as the ground-level location and proximity to check cashing stores and bars. It also notes risks of terrorism, disasters, and political protests given the location near government buildings and political organizations. The assessment rates risks in categories like robbery, vandalism, and hazardous materials releases to help McBride mitigate issues at the new site.
This risk assessment document identifies hazards, associated risk levels, and control measures for an outdoor film shoot. It lists hazards such as congested areas impeding filming, paint entering eyes/mouths, tripping in long grass, floating in water, crossing roads, limited visibility in animal masks, open flames near fabrics, and slipping at lake edges. Control measures to reduce risks include clear filming areas, eye washing stations, protective footwear, lifeguards, road safety, removing masks as needed, stable candles away from fabrics, and slip-resistant shoes near water.
Elements of security risk assessment and risk managementhealthpoint
The document discusses the requirements for conducting a security risk analysis (SRA) under HIPAA. It outlines the key elements that must be included in an SRA, such as identifying potential threats and vulnerabilities, assessing security measures, determining the likelihood and impact of risks, and documenting findings. Sample templates are provided for documenting asset inventories and creating a risk management plan to address identified risks. The SRA process is presented as foundational for establishing an overall risk management program and culture of compliance at a healthcare organization.
EHR meaningful use security risk assessment sample documentdata brackets
Under the HIPAA Privacy and Security Rule, business associates are required to perform active risk prevention and safeguarding of patient information that are very important to patient privacy. The HITECH act allows only minimum necessary to be disclosed when handling protected health information (PHI).
This security risk assessment exercise has been performed to support the requirements of the Department of Health and Human Services (HHS), Office for the Civil Rights (OCR) and other applicable state data privacy laws and regulations. Upon completion of this risk assessment, a detail risk management plan need to be developed based on the gaps identified from the risk analysis. The gaps identified and recommendations provided are based on the input provided by the staff, budget, scope and other practical considerations
Presentations that briefly covers HIPAA and concentrates of the Risk Assessment portion which is a requirement for overall compliance and meaningful use.
The document is a HIPAA GAP assessment report for ABC Company conducted by FishNet Security. It summarizes the objectives of assessing ABC Company's compliance with HIPAA privacy and security rules. The assessment found variances between ABC Company's environment and controls and the standards required by HIPAA. The report provides high-level findings and recommendations to help ABC Company achieve compliance as a covered entity. Detailed technical findings are included in an appendix.
This document provides a template for conducting a risk assessment for a photography shoot. It lists potential hazards to consider, including rain making the floor wet and causing slips, cameras falling on feet, electrocution from placing glasses of water near equipment, tripping over wires, and epilepsy attacks from close-up shots. For each hazard, it evaluates who may be harmed, what property may be damaged, existing risk controls, and the risk assessment level based on likelihood and consequences of the hazard. Further actions are recommended based on the risk level.
Risk assessment on information securityAngelo Sala
The document discusses performing a risk assessment on information security. The goals are to identify risk factors in sensitive IT processes, organizational structure, human resources, and the environment. Risks are then classified and assigned information values related to data integrity, confidentiality, and availability. The document outlines estimating the probability and potential damages of bad events, and determining risk levels. It recommends establishing mitigation actions to reduce risk levels.
This risk assessment document identifies hazards, associated risk levels, and control measures for an outdoor film shoot. It lists hazards such as congested areas impeding filming, paint entering eyes/mouths, tripping in long grass, floating in water, crossing roads, limited visibility in animal masks, open flames near fabrics, and slipping at lake edges. Control measures to reduce risks include clear filming areas, eye washing stations, protective footwear, lifeguards, road safety, removing masks as needed, stable candles away from fabrics, and slip-resistant shoes near water.
Elements of security risk assessment and risk managementhealthpoint
The document discusses the requirements for conducting a security risk analysis (SRA) under HIPAA. It outlines the key elements that must be included in an SRA, such as identifying potential threats and vulnerabilities, assessing security measures, determining the likelihood and impact of risks, and documenting findings. Sample templates are provided for documenting asset inventories and creating a risk management plan to address identified risks. The SRA process is presented as foundational for establishing an overall risk management program and culture of compliance at a healthcare organization.
EHR meaningful use security risk assessment sample documentdata brackets
Under the HIPAA Privacy and Security Rule, business associates are required to perform active risk prevention and safeguarding of patient information that are very important to patient privacy. The HITECH act allows only minimum necessary to be disclosed when handling protected health information (PHI).
This security risk assessment exercise has been performed to support the requirements of the Department of Health and Human Services (HHS), Office for the Civil Rights (OCR) and other applicable state data privacy laws and regulations. Upon completion of this risk assessment, a detail risk management plan need to be developed based on the gaps identified from the risk analysis. The gaps identified and recommendations provided are based on the input provided by the staff, budget, scope and other practical considerations
Presentations that briefly covers HIPAA and concentrates of the Risk Assessment portion which is a requirement for overall compliance and meaningful use.
The document is a HIPAA GAP assessment report for ABC Company conducted by FishNet Security. It summarizes the objectives of assessing ABC Company's compliance with HIPAA privacy and security rules. The assessment found variances between ABC Company's environment and controls and the standards required by HIPAA. The report provides high-level findings and recommendations to help ABC Company achieve compliance as a covered entity. Detailed technical findings are included in an appendix.
This document provides a template for conducting a risk assessment for a photography shoot. It lists potential hazards to consider, including rain making the floor wet and causing slips, cameras falling on feet, electrocution from placing glasses of water near equipment, tripping over wires, and epilepsy attacks from close-up shots. For each hazard, it evaluates who may be harmed, what property may be damaged, existing risk controls, and the risk assessment level based on likelihood and consequences of the hazard. Further actions are recommended based on the risk level.
Risk assessment on information securityAngelo Sala
The document discusses performing a risk assessment on information security. The goals are to identify risk factors in sensitive IT processes, organizational structure, human resources, and the environment. Risks are then classified and assigned information values related to data integrity, confidentiality, and availability. The document outlines estimating the probability and potential damages of bad events, and determining risk levels. It recommends establishing mitigation actions to reduce risk levels.
Meaningful Use and Security Risk AnalysisEvan Francen
Presentation delivered by FRSecure president, Evan Francen to the 100+ Iowa CPSI User Group attendees on October 18th, 2011.
Meaningful Use Core Requirement "Security Risk Analysis"
Example security risk assessment tool july 2010WarrenGreen
This document contains a security threat and risk assessment of various external and internal risks. It evaluates the likelihood and potential consequences of threats such as theft, fraud, hacking, sabotage, and data breaches. It rates the risks on a scale from low to extreme. For high risk threats, it recommends actions such as specifying management responsibilities, utilizing additional physical and human resources, and gaining senior management attention. The assessment tool is meant to help manage security risks and refers to several risk management standards.
This document provides a hazard and risk assessment for pipeline construction activities. It identifies 18 activities including excavation, material handling, welding, and civil works. Hazards include electric shock, falling objects, trench collapse, and health issues. The risk level before controls is identified as medium to high. Control measures include using PPE, experienced supervision, barricades, and safe work procedures. With controls, the risk level is reduced to low.
Workers were lifting an LED wall screen using an electric winch when the clamp failed to properly fasten to the LED, causing it to fall from a height of around four meters. No injuries occurred but damage is still being assessed. The incident was caused by a lack of supervision ensuring the hooks were properly tightened before lifting. Corrective actions include ensuring workers check hooks are tight and no one stands under a lifted load.
This daily toolbox meeting form documents a safety review for construction work. It includes:
- A job description and details like permits required.
- A risk assessment of the tasks and confirmation all workers understand the hazards.
- A discussion of emergency response and equipment checks.
- Signatures from workers confirming they understand the risks and are fit for duty.
- Space to note any incidents, stop works, or areas for improvement during the work.
An incident reporting form is used to document any workplace accidents, injuries, incidents, close calls, or illnesses. The completed form should be returned to the Operations Supervisor or Management. The form collects details of the injured person if applicable, the person completing the report, event details including location and witnesses, and a description of the sequence of events. For lost time injuries or those requiring first aid, additional details are collected including the type of injury sustained, cause of the injury or incident, and whether medical treatment was necessary.
This document provides an agenda and overview for conducting a comprehensive physical security risk assessment. It includes definitions of physical security, outlines roles and responsibilities, and provides sample tools and checklists to guide the assessment. When to conduct an assessment, why it's important, and how to develop a risk appetite and project plan are also covered. The goal is to identify vulnerabilities and risks in order to create an effective corrective action plan to improve security.
Master plan for Solid Waste Management in Mumbai, IndiaPratima Pandey
This presentation gives the Master Plan for Solid Waste Management in India. Starting from an overview of the current Solid Waste Management in Mumbai, the financial capital of India, it goes on to details of the Plan. It is backed by robust sustainability assessment. It attempts to guide policy makers, professionals and volunteers in the field, of the possibilities in terms of implementable solutions towards realizing the Vision 2023, as envisaged in the presentation.
The document discusses developing and implementing an effective construction safety program, including assigning responsibilities, identifying hazards, providing training, documenting safety rules, setting performance goals, and reviewing incidents to continually improve safety. It also covers establishing emergency response procedures and evaluating contractor safety plans and ongoing project safety.
This document covers different types of safety in hospitals, including fire safety, electrical safety, life safety and environmental safety, and personal safety. It discusses fire safety plans and protocols, maintaining safe equipment and avoiding electrical hazards, handling hazardous materials, ensuring a safe building environment, and promoting personal and property security. The overall message is that maintaining safety in hospitals is a shared responsibility.
The document discusses security systems and services in hospitals. It outlines the need for security to protect patients, staff, equipment and property. It recommends a mixed security approach using both security personnel and electronic systems. A hospital security committee is proposed to oversee the security deployment and make policies to ensure safety for all within the hospital.
The document discusses supply chain risk management and minimizing risk exposure. It outlines various risks in the supply chain from external factors like the environment and demand as well as internal factors like processes and governance. It emphasizes the need for a risk framework that includes strategy, execution, and continuous improvement. Key aspects of risk management include risk planning, managing suppliers and inventory, and having the right competencies and performance metrics.
This document provides a business plan for a Dosa restaurant. It outlines objectives to keep food costs below 35% of revenue and expand marketing. The plan details the restaurant's mission to provide excellent food and service. It will feature indoor and outdoor seating with a unique Indian design. The menu will focus on dosas and other South Indian cuisine. The plan analyzes the target market and identifies competitors. It proposes strategies for marketing, sales, management, hiring staff, and financial projections.
The document discusses cyber threats including cybercrime, cyber espionage, cyber warfare, and activism. It provides background on the speaker, EJ Hilbert, including his experience working for Kroll, the FBI, and MySpace. It then discusses how a simple email click by a low-level employee could compromise an entire network. The different types of cyber threats are described, focusing on threats aimed at financial gain like Zeus and SpyEye botnets, long-term espionage efforts, attacks targeting infrastructure like Stuxnet, and hacks intended to embarrass companies. The presentation closes by asking attendees to consider what data they hold, who has access to it, and how they would protect valuable data if it was assigned a
Clear Security Systems on Bandit BarriersPhoenix_ONE
The document discusses architectural security barriers for banks. It begins by providing robbery statistics and discusses common robbery deterrent practices. It then addresses concerns about barriers, finding they are not linked to increased hostage situations and are preferred by most customers and employees. Barriers are shown to significantly reduce robbery rates and losses cost-effectively based on FBI and other statistics. The document concludes by outlining best practices for introducing barriers and considerations for barrier design.
Financial Empowerment Network and VR Tech Marketing Group offer Identity Theft Protection through LifeLock. Identity Theft is the fastest growing crime in the US. Protect your Identity with LifeLock.
Cybersecurity A Community Approach - 20151109Frank Backes
This document proposes that Colorado Springs becomes the "Cybersecurity Capital of the World" due to existing cybersecurity organizations and expertise in the region. It identifies several military and academic institutions in Colorado Springs related to cybersecurity and divides the cybersecurity market into five submarkets - consumer/small business, business/enterprise, industrial, military/intelligence, and ethical offensive cyber. The document argues that understanding these submarkets is important for suppliers to tailor their strategies and that Colorado Springs is well-positioned to bring together resources across sectors to strengthen its position in the cybersecurity field.
Introduction to Emergency PreparednessJerry Becker
The document provides an overview of emergency preparedness and management. It discusses the four phases of emergency management: protection, preparedness, response, and recovery. It also outlines the roles and responsibilities of an emergency management director, including developing emergency plans, coordinating training, activating emergency operations centers during disasters, and facilitating disaster declaration processes. Additionally, it covers common threats like floods, weather events, and cyberattacks, and emphasizes the importance of business continuity planning and being prepared for active shooter situations.
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...Shawn Tuma
Slides from a panel discussion for the International Association of Defense Counsel (IADC) in Dallas, Texas on the subject of "Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cybercrime, and Cyber Insurance Coverage"
Note that only Shawn Tuma's slides are included, not those of the other speakers on the panel.
Todd Davis provides his name and social identity number and discusses identity theft prevention services offered by LifeLock. LifeLock uses proactive methods to prevent identity theft by placing fraud alerts and monitoring credit reports. They guarantee to resolve any misuse of a customer's identity for up to $1 million if their system fails to prevent theft while the customer is subscribed. LifeLock has grown rapidly as a provider of individual identity theft protection with a $1 million service guarantee in the case of theft.
This document provides an overview and agenda for the "Facility Management Law School" conference on February 21-22, 2011 in Dallas, TX. The conference, presented by the International Association of Venue Managers and the Academy for Venue Safety & Security, aims to educate facility managers about legal issues they may face, such as torts, contracts, risk management, and litigation. Specific topics will include duty of care, reasonable foreseeability of risks, warnings and liability waivers, risk assessment, deposition procedures, and a mock deposition exercise. The goal is to help managers understand and mitigate legal risks at venues dealing with issues like alcohol/drugs, fires, crowds, aggression, and accidents.
Meaningful Use and Security Risk AnalysisEvan Francen
Presentation delivered by FRSecure president, Evan Francen to the 100+ Iowa CPSI User Group attendees on October 18th, 2011.
Meaningful Use Core Requirement "Security Risk Analysis"
Example security risk assessment tool july 2010WarrenGreen
This document contains a security threat and risk assessment of various external and internal risks. It evaluates the likelihood and potential consequences of threats such as theft, fraud, hacking, sabotage, and data breaches. It rates the risks on a scale from low to extreme. For high risk threats, it recommends actions such as specifying management responsibilities, utilizing additional physical and human resources, and gaining senior management attention. The assessment tool is meant to help manage security risks and refers to several risk management standards.
This document provides a hazard and risk assessment for pipeline construction activities. It identifies 18 activities including excavation, material handling, welding, and civil works. Hazards include electric shock, falling objects, trench collapse, and health issues. The risk level before controls is identified as medium to high. Control measures include using PPE, experienced supervision, barricades, and safe work procedures. With controls, the risk level is reduced to low.
Workers were lifting an LED wall screen using an electric winch when the clamp failed to properly fasten to the LED, causing it to fall from a height of around four meters. No injuries occurred but damage is still being assessed. The incident was caused by a lack of supervision ensuring the hooks were properly tightened before lifting. Corrective actions include ensuring workers check hooks are tight and no one stands under a lifted load.
This daily toolbox meeting form documents a safety review for construction work. It includes:
- A job description and details like permits required.
- A risk assessment of the tasks and confirmation all workers understand the hazards.
- A discussion of emergency response and equipment checks.
- Signatures from workers confirming they understand the risks and are fit for duty.
- Space to note any incidents, stop works, or areas for improvement during the work.
An incident reporting form is used to document any workplace accidents, injuries, incidents, close calls, or illnesses. The completed form should be returned to the Operations Supervisor or Management. The form collects details of the injured person if applicable, the person completing the report, event details including location and witnesses, and a description of the sequence of events. For lost time injuries or those requiring first aid, additional details are collected including the type of injury sustained, cause of the injury or incident, and whether medical treatment was necessary.
This document provides an agenda and overview for conducting a comprehensive physical security risk assessment. It includes definitions of physical security, outlines roles and responsibilities, and provides sample tools and checklists to guide the assessment. When to conduct an assessment, why it's important, and how to develop a risk appetite and project plan are also covered. The goal is to identify vulnerabilities and risks in order to create an effective corrective action plan to improve security.
Master plan for Solid Waste Management in Mumbai, IndiaPratima Pandey
This presentation gives the Master Plan for Solid Waste Management in India. Starting from an overview of the current Solid Waste Management in Mumbai, the financial capital of India, it goes on to details of the Plan. It is backed by robust sustainability assessment. It attempts to guide policy makers, professionals and volunteers in the field, of the possibilities in terms of implementable solutions towards realizing the Vision 2023, as envisaged in the presentation.
The document discusses developing and implementing an effective construction safety program, including assigning responsibilities, identifying hazards, providing training, documenting safety rules, setting performance goals, and reviewing incidents to continually improve safety. It also covers establishing emergency response procedures and evaluating contractor safety plans and ongoing project safety.
This document covers different types of safety in hospitals, including fire safety, electrical safety, life safety and environmental safety, and personal safety. It discusses fire safety plans and protocols, maintaining safe equipment and avoiding electrical hazards, handling hazardous materials, ensuring a safe building environment, and promoting personal and property security. The overall message is that maintaining safety in hospitals is a shared responsibility.
The document discusses security systems and services in hospitals. It outlines the need for security to protect patients, staff, equipment and property. It recommends a mixed security approach using both security personnel and electronic systems. A hospital security committee is proposed to oversee the security deployment and make policies to ensure safety for all within the hospital.
The document discusses supply chain risk management and minimizing risk exposure. It outlines various risks in the supply chain from external factors like the environment and demand as well as internal factors like processes and governance. It emphasizes the need for a risk framework that includes strategy, execution, and continuous improvement. Key aspects of risk management include risk planning, managing suppliers and inventory, and having the right competencies and performance metrics.
This document provides a business plan for a Dosa restaurant. It outlines objectives to keep food costs below 35% of revenue and expand marketing. The plan details the restaurant's mission to provide excellent food and service. It will feature indoor and outdoor seating with a unique Indian design. The menu will focus on dosas and other South Indian cuisine. The plan analyzes the target market and identifies competitors. It proposes strategies for marketing, sales, management, hiring staff, and financial projections.
The document discusses cyber threats including cybercrime, cyber espionage, cyber warfare, and activism. It provides background on the speaker, EJ Hilbert, including his experience working for Kroll, the FBI, and MySpace. It then discusses how a simple email click by a low-level employee could compromise an entire network. The different types of cyber threats are described, focusing on threats aimed at financial gain like Zeus and SpyEye botnets, long-term espionage efforts, attacks targeting infrastructure like Stuxnet, and hacks intended to embarrass companies. The presentation closes by asking attendees to consider what data they hold, who has access to it, and how they would protect valuable data if it was assigned a
Clear Security Systems on Bandit BarriersPhoenix_ONE
The document discusses architectural security barriers for banks. It begins by providing robbery statistics and discusses common robbery deterrent practices. It then addresses concerns about barriers, finding they are not linked to increased hostage situations and are preferred by most customers and employees. Barriers are shown to significantly reduce robbery rates and losses cost-effectively based on FBI and other statistics. The document concludes by outlining best practices for introducing barriers and considerations for barrier design.
Financial Empowerment Network and VR Tech Marketing Group offer Identity Theft Protection through LifeLock. Identity Theft is the fastest growing crime in the US. Protect your Identity with LifeLock.
Cybersecurity A Community Approach - 20151109Frank Backes
This document proposes that Colorado Springs becomes the "Cybersecurity Capital of the World" due to existing cybersecurity organizations and expertise in the region. It identifies several military and academic institutions in Colorado Springs related to cybersecurity and divides the cybersecurity market into five submarkets - consumer/small business, business/enterprise, industrial, military/intelligence, and ethical offensive cyber. The document argues that understanding these submarkets is important for suppliers to tailor their strategies and that Colorado Springs is well-positioned to bring together resources across sectors to strengthen its position in the cybersecurity field.
Introduction to Emergency PreparednessJerry Becker
The document provides an overview of emergency preparedness and management. It discusses the four phases of emergency management: protection, preparedness, response, and recovery. It also outlines the roles and responsibilities of an emergency management director, including developing emergency plans, coordinating training, activating emergency operations centers during disasters, and facilitating disaster declaration processes. Additionally, it covers common threats like floods, weather events, and cyberattacks, and emphasizes the importance of business continuity planning and being prepared for active shooter situations.
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...Shawn Tuma
Slides from a panel discussion for the International Association of Defense Counsel (IADC) in Dallas, Texas on the subject of "Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cybercrime, and Cyber Insurance Coverage"
Note that only Shawn Tuma's slides are included, not those of the other speakers on the panel.
Todd Davis provides his name and social identity number and discusses identity theft prevention services offered by LifeLock. LifeLock uses proactive methods to prevent identity theft by placing fraud alerts and monitoring credit reports. They guarantee to resolve any misuse of a customer's identity for up to $1 million if their system fails to prevent theft while the customer is subscribed. LifeLock has grown rapidly as a provider of individual identity theft protection with a $1 million service guarantee in the case of theft.
This document provides an overview and agenda for the "Facility Management Law School" conference on February 21-22, 2011 in Dallas, TX. The conference, presented by the International Association of Venue Managers and the Academy for Venue Safety & Security, aims to educate facility managers about legal issues they may face, such as torts, contracts, risk management, and litigation. Specific topics will include duty of care, reasonable foreseeability of risks, warnings and liability waivers, risk assessment, deposition procedures, and a mock deposition exercise. The goal is to help managers understand and mitigate legal risks at venues dealing with issues like alcohol/drugs, fires, crowds, aggression, and accidents.
ISM Forward Scan_Risky Realities of CounterfeitingAdriana Sanford
One of the biggest challenges companies face with counterfeit products is getting senior management to devote resources to address the issue before profits and brands are damaged. Counterfeiting affects global supply chains and can impact thousands of parts or millions in revenue while damaging a company's reputation. A lack of knowledge about foreign markets should not contribute to counterfeiting, but some companies underestimate the effects of turning a blind eye to counterfeiting overseas or see it as a cost of doing business. Counterfeiting is a serious global problem that threatens consumer safety, national security, and corporate profits across many industries.
A summarized version of the 60 page Rule broken down by Kirk J. Nahra, a partner with Wiley Rein & Fielding LLP in Washington, D.C. He specializes in privacy and information security litigation and counseling for companies facing compliance obligations in these areas. He is the Chair of the firm’s Privacy Practice. He serves on the Board of Directors of the International Association of Privacy Professionals, and edits IAPP’s monthly newsletter, Privacy Officers Advisor. He is a Certified Information Privacy Professional, and is the Chair of the ABA Health Law Section’s Interest Group on eHealth, Privacy & Security.
Casues of Cybercrime and Preventive Measures.pptxJzendoCulbertson
Introduction to Cybercrime:
Cybercriminals use the internet and computer technology to hack user’s personal computers, smartphone data, personal details from social media, business secrets, national secrets etc. Criminals who perform these illegal activities through the internet are called – Hackers One of the best ways to stop these criminals and protect sensitive information is by making use of inscrutable security that uses a unified system of software and hardware to authenticate any information that is accessed over the Internet. Let’s find out more about cybercrimes.
Conclusion: Today hackers are spread across the world in large quantities. Many government and private agencies like FBI, CIA, state police are working to detect these hackers, but we also have some duty to protect ourselves and our private data from online frauds. Apart from this, people who are illiterate should be given information about debit cards, credit cards, the internet, and computer. We know it is a bit difficult to catch these hackers because they sit in one country and hack the computer from another country, so the best way to avoid these things is that we have to be careful and alert and all IDs and Passwords on the Internet should always be unique and strong. Finally, I would like to say that if you use the internet properly and use the secure websites, then it will be difficult for hackers to hack your data.
Threat Finance – How financial institutions and governments can choke off fin...emermell
This document summarizes a panel discussion on threat finance and how financial institutions and governments can prevent the financing of national security threats. The panelists were Jim Bischoff from US Special Operations Command, George Prokop from PwC, Don Semesky from Financial Operations Consultants, and Bill Ward from UnionBank. The panel discussed how threat actors like terrorist organizations use legitimate financial systems to raise, move and store funds. They provided examples of how this occurs through various licit and illicit means. The panel also discussed how financing allows threat actors to operate and achieve their objectives. The discussion concluded with recommendations for financial institutions to identify weak links in their anti-money laundering systems and the importance of public-private partnerships
This document discusses identity theft and promotes LifeLock's identity theft protection services. It states that identity theft has reached epidemic proportions in the US, affecting one in six Americans and costing $50 billion per year. LifeLock aims to prevent identity theft by placing fraud alerts, reducing junk mail, detecting new accounts, and resolving any misuse of a customer's identity through a $1 million service guarantee. It claims LifeLock subscribers cut their risk of identity theft in half compared to average Americans. The document promotes LifeLock's proactive approach and $1 million guarantee to reassure customers.
Part of the Rosetta series of communications studies, this article uses real-world case studies of fraud to look at how organizations have managed issues and crises.The article provides tools to help organizations more effectively manage these sorts of situations.
Over the last several years, financial institutions have spent billions of dollars and resources securing a perimeter defense system consisting of intrusion detection, intrusion prevention, firewalls, user authentication, and other layers of security all built to secure their financial systems. Due to the exponential increase in internal and external information security incidents, these investments are necessary to protect an institution’s reputation and revenue. In addition, the federal government is using regulatory means to ensure the banks
take responsibility for potential losses.
Of equal or even greater threat, however, are the social aspects of the Internet that cannot
be controlled. For example, financial institutions need to be aware of the reputational risk that is inherent on the Internet. Each institution needs to do more than reactively protect its data; it must also proactively safeguard its reputation online, where references to its corporate name alone can number in the millions. An institution must also guard against infringements against its logo, its trademarks or other graphic representations. This risk, outside the firewall, is the other side of the coin.
This document appears to be a presentation on active defense against cyber attacks. It discusses emerging cyber attacks, current defenses, and how to build an active defense. It covers assessing internal systems and external threats, calculating an appropriate response based on the threat and legal considerations, and taking action such as tracing attacks, mapping vulnerabilities, and defending systems. Examples provided include taking down botnets through techniques like sinkholing and reverse engineering attacks from groups like Nitol. The conclusion discusses how the economic incentives for attacks necessitate active defense within legal terms to shift the risk-reward calculation for attackers.
This document discusses various technology exposures and their incompatibility with traditional general liability (GL) insurance policies. It summarizes risks from blast faxes/spam emails/text messages, data security breaches and identity theft, internet/web utilization, radio frequency identification, and nanotechnology. Lawsuits over unsolicited communications have resulted in multimillion dollar verdicts. Data breaches at large companies have led to notifications, fines, and litigation costing tens of millions. Emerging technologies like RFID and nanomaterials present new liability uncertainties due to limited understanding of health impacts.
2. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 2
McBride Financial Security Risk Assessment
The McBride Financial Services company is planning to place their new office in the
Sioux Falls, South Dakota market. Information for the preparation of a Risk Assessment has
been gathered from a recent interview of Hugh McBride by Abram LaBelle of Smith Systems
Consulting. Smith Systems Consulting will be integrating the information systems network and
supporting the technology over the long term.
McBride seeks to invest some $200,000 on website development, aimed at the ability to
gather prospective client applications over the web, and follow-up with a small staff of loan
officers and administrative staff in the local market area where the client is located.
Our survey of the proposed 41st Street & Minnesota Avenue location in Sioux Falls,
South Dakota has yielded a number of risks for McBride Financial Services to be aware of and
potentially mitigate if possible or consider contingency plans in response if the risk occurs.
Our survey has classified risks by four major categories: Physical Security; Risk of
Terrorism, Natural, and Manmade Disasters; Economic; and Technical Risks.
Physical Security
McBride Financial Services seeks to use 800 to 1000 square foot ground-level, single
story offices in mixed-use retail or strip-style professional office locations. There are several
concerns for a company that possesses financial records for their clients in these types of
locations(McBride Financial Services, 2011).
First, ground-level offices with windows should be given particular consideration to the
placement of furniture, the direction facing of computer screens, and the need for secured file
storage of paperwork. Computer screens that are left on at night, visible from exterior office
3. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 3
windows can easily be read with the naked eye or with binoculars from outside of the building.
Personal information on a database record, left on the screen, could be transcribed by a passerby
with no other physical access to the building. Likewise, file cabinets or desks placed near the
windows could also be the source of the same personal information disclosure if documents are
left in view.
Second, ground level offices are inherently more attractive to thieves. Financial
companies with high grade copiers, large computer flat screens, employee-owned iPods and
iPads left on desks, and business laptops are a very tempting target for an opportunistic thief.
While the ground-level offices are more convenient for clients, if customer visits are infrequent
or not necessary, consider a second or higher story location or budget for a very thorough
physical security system.
Third, near the proposed location, the general area and neighborhood is a mixture of
mostly run-down retail strip malls with some gentrification that has been slowly taking shape.
There is a pronounced population of check-cashing stores, bars, and liquor stores in the
immediate area, as many as thirty within a 2 mile radius, known to have large amounts of cash
on hand and are magnets for robbery and burglary activity. Locations with a high concentration
of these types of businesses in the vicinity indicates a neighborhood in decline, and where the
residents have little financial resources to spend (Khalfani-Cox, 2011) (Google, 2011).
Locations in the immediate vicinity of less than 0.5 miles are listed below and their
distance to the proposed intersection location(Google, 2011):
Wells Fargo 100 yards Medium risk – bank robbery
Cash Depot 100 yards High risk – robbery
4. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 4
Home Federal Bank 0.2 miles Medium risk – bank robbery
Check Into Cash 0.2 miles High risk – robbery
Good Sprits Wine & Liquor 100 yards High risk – random crime
Taylor’s Pantry & Liquor 100 yards High risk – random crime
Poppadox Pub 0.3 miles Medium risk – random crime
Crow Bar & Casino 0.3 miles Medium risk – random crime
Risk of Terrorism, Natural and Manmade Disasters
Our survey of the risk of toxic chemicals in the area indicated this was a very low overall
risk. The neighborhood is on the boundary of large areas of residential single family homes and
light commercial, office, retail, and small mixed-use commercial buildings. There were no
industrial properties found within a comfortable distance from the location.
A nearby printing press, Sisson Printing at 3400 South Minnesota Avenue, approximately
four blocks from the subject location, represents a risk of hazardous chemicals release.
Commercial printing presses generate solid waste including empty containers, used film packs,
outdated chemicals that are disposed of, damaged plates, bad printing & spoilage and large
amounts of scrap paper. Wastewater from printing operations can contain lubricating oils, waste
ink, cleanup solvents, photographic chemicals, acids, alkalis, and plate coatings, as well metals
such as silver, iron, chromium, copper and barium. Air emissions include volatile organic
compounds, alcohols, boiled inks, and wetting agents as well as nitrous dioxide and sulfur
dioxide. The culmination of toxic ink and bleaches used by modern printing presses can have
adverse effects on the surrounding environment (Illinois State University, 2011).
5. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 5
There is a single source of transportation and transit risk of a chemical or hazardous spill
of some kind, the I-229 freeway, serving as the through-city business loop for the I-29
North/South Interstate is located approximately 0.25 miles south of the proposed office location
and carries truck & trailer traffic throughout the day, including petroleum, agricultural
chemicals, and ethanol products.
Sioux Falls, South Dakota has a very large population of government agencies and
buildings at the city, state, and federal levels, most within 2.5 miles of the proposed office
location. Several are located less than 1.5 miles from the office and may represent a low risk of
foreign or domestic terrorism(Google, 2011):
Veterans of Foreign Wars (Fraternal 0.2 miles Very low risk
Organization)
Sioux Falls Fire Training Center (first 0.3 miles Very low risk
responder training)
US Social Security Administration 1.3 miles Low risk
Minnehaha Juvenile Training Center 1.0 miles Low risk
US Air Force Health Professional Recruiting 1.1 miles Low risk
US Housing & Urban Development 1.3 miles Low risk
US Military Entrance Processing Station 1.5 miles Medium risk
(MEPS)
The State of South Dakota has an active and sometimes violent history of political
opposition demonstrations. South Dakota is a very conservative state, and has only a single
6. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 6
abortion clinic, and is located at Planned Parenthood, 6511 West 41st Street, Sioux Falls, South
Dakota – approximately 3.7 miles (albeit on the same street) as the proposed office location.
There are no doctors in South Dakota willing to perform abortions for fear of retribution on their
families and/or careers, so a doctor flies into Sioux Falls once per day from Minneapolis to meet
with patients and perform the procedures. State law prohibits the use of insurance or healthcare
benefits or subsidies for any type of abortion under any circumstances, so it is largely a cash-
only service. The office is located across the street from Roosevelt High School in an unmarked
building, facing away from the street and with a private fenced parking lot. The building is
secured and locked, and patients must request entry from a door-button & speaker – only patients
with an appointment are admitted. The waiting area has a bulletproof glass reception area, and
Kevlar-reinforced walls due to fear of attacks by protestors that picket seven days per week in
front of the location (Nieves, 2005).
Two similarly ultra-conservative groups are located 0.7 miles from the proposed office
location and frequently picket, clash with, and publish anti-abortion rhetoric in media outlets.
The Alpha Center, and the Take Charge of Your Life Organization.
SoDAK A.N.S.W.E.R. Coalition is an ultra left-wing political organization, openly
socialist/communist and supportive of ideals most Americans would find offensive, such as Pro-
Palestinian / Anti-Israeli protests, Israeli & US flag burning, and openly supports the overthrow
of the US government and Constitution. Their office location is located 0.2 miles from the
proposed McBride Financial Services location. A recent media article written by the group
included their protest of the first execution of capital punishment in South Dakota in sixty years:
“The death penalty is promoted by ruling class supporters as a so-called deterrent to
crime, but in reality it is a way for the capitalist class to kill working-class people, especially
7. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 7
African Americans.” The person executed happened to be a white male that admitted guilt and
waived his rights to appeals. (SoDAK A.N.S.W.E.R Coalition, 2011).
Due to the extreme nature of their rhetoric and occasionally violent comments and
protests, it is conceivable that they may choose to make stronger political statements in the
future, resulting in harm to others.
Economic Risks
Presently, eight real estate companies remain within a 1.5 mile radius of the office
location. Of those, only two, RE/MAX and Century 21 Advantage, have more than 2 agents in
their office. Several years ago, as many as thirty companies were in the same market
area(Google, 2011). Many locations listed as real estate offices have vacated and are now
occupied by different companies in different industries.
Year over year housing price trends by neighborhood in Sioux Falls continue to show
steep declines from the previous year, with only one section of the city showing a modest gain.
The median selling price of a house in Sioux Falls is $149,900, or about half of what the average
seller’s asking list price is at $297,171, indicating that buyers and sellers have very different
expectations for executing a sales contract (Trulia, 2011). Housing inventory numbers represent
approximately a six-month supply of homes on the market, with numbers greater than adequate
for ninety-days indicating a “Declining Market” condition, with year over year average sales
prices down by as much as 8.7% from the same month in 2010 (Trulia, 2011), with middle and
affluent neighborhoods the hardest-hit. With the home mortgage system in disrepair, high
unemployment levels, and the national banking system still cautious with regard to the real estate
market, it may be some time before the economic indicators for the Sioux Falls real estate market
recover (Trulia, 2011) (Johnson, July).
8. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 8
Technical Risks
The company seeks to fully outsource their information technology services with a
budget of $500.00 per month (McBride Financial Services, 2011) despite the very large initial
capital outlay of $200,000 for a fully automated mortgage application website and electronic
decision-engine. The company lacks any technically-minded leadership internally (McBride
Financial Services, 2011) and the very low monthly support budget seems very low in that
consideration, while being the primary source of business and revenue for the company.
We question whether the $500.00 per month budget figure is sufficient to manage
enhancements and upgrades to the enterprise-class ecommerce website, secure the company
databases from external intrusion, maintain desktop end-user systems, and properly secure and
monitor for intrusion attempts to the client financial records systems while seeking to
interconnect eight offices with shared data and resources(McBride Financial Services, 2011).
Mitigation Recommendations
Physical Risks
Industry best-practices for office management that the banking industry uses can be of
significant value. To protect client information, keep window coverings closed or use blinds to
obscure visibility into the office and arrange workstations so as to avoid visibility of the
computer screens from outside through and adjacent window. Utilize idle-timeout settings on
computers to blank a screen that may potentially contain sensitive client personal financial
information after five minutes of no activity. Institute company policies that require personal
financial documents to be stored in locked filing cabinets when not in use and at the close of
business every day.
9. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 9
Employees are also vulnerable to random acts of crime, and annual security awareness
training should be conducted. This can include topics and requirements such as information
security mentioned above, as well as personal security and being aware of their surroundings.
A monitored business-grade security system should be installed, and automatically
activated after hours. Consider the use of perimeter-only security system features as an added
measure of security for employees that may be working after normal business hours.
For physical security, and all other threats, the first line of defense should be a thorough
data backup system that is regularly monitored and tested. Company information security
policies should prohibit the storage of personal information or client financial data on local PCs,
hard drives, flash drives, or removable disk media that is vulnerable to theft. If required for
business purposes, strong disk or tape encryption should be used.
Risk of Terrorism, Natural, and Manmade Disasters
These risks are primarily a threat to the human resource of the business. Mitigation
strategies include regular daily data backup and general employee security awareness. The
business can be alerted to a growing threat condition resulting from future socio-political factors
by taking an active or passive interest in local news and politics, and being aware of any growing
or scheduled protests in the immediate area and taking any precautions that may be warranted if
needed.
Economic Risks
The current real estate market crisis is a nationwide, systemic condition and there is little
or nothing that an individual company can do to correct this macroeconomic trend. Mitigation
measures to consider are: keeping recurring costs as low as possible after opening the office
until economic conditions have shown improvement for several quarters. Avoid long-term office
10. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 10
or equipment lease agreements that would hamper defensive business decisions later if
warranted.
Technical Risks
Consider having one or more company managers attend some web development and
information technology support seminars intended for business leaders. A better understanding
of technical and ecommerce support objectives and strategies can assist in matching business
strategy and requirements to available resources.
Regularly revisit monthly business plans and capital budgets to ensure available
resources are properly prioritized for stable business operation.
Avoid single-sourced exclusivity clauses in technical support contracts. In the event that
a quality-of-service, responsiveness, or other problems are exhibited by the support provider,
there should not be any contractual damages incurred by the cancellation of the agreement and
selection of a new provider. Longer term, as cash flows stabilize and can support the overhead,
consider adding a technical manager to oversee support agreements and future website
maintenance, enhancement, and refreshment.
Conclusions
The proposed new location for McBride Financial should prove adequate and able to
meet the company’s needs. Several risks do exist however, with the most threatening of those
potentially being the company’s own business plan, and external industry economic factors
beyond the limiting control of mitigation planning.
The opening of a new location can be quite an experience for any company. McBride
Financial has successfully identified a wide array of potential risks that range from high to low
with various impacts to their daily operations. Although it is impossible to plan for every event,
11. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 11
McBride Financial has gone through great lengths to mitigate every foreseen risk that could
potentially occur. Through risk analysis and management, they have provided themselves a solid
foundation on which they can continue to grow and succeed.
12. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 12
References
Google. (2011, 07 16). Google Maps. Retrieved 07 16, 2011, from Google Maps Sioux Falls,
South Dakota: http://maps.google.com
Illinois State University. (2011, July 17). Illinois State University. Retrieved July 17, 2011, from
Illinois State University:
http://www.istc.illinois.edu/info/library_docs/manuals/printing/p2pract.htm
Johnson, S. (July, 17 2011). Licesned Broker-Officer, California Department of Real Estate
#01400015. (S. Johnson, Interviewer)
Khalfani-Cox, L. (2011, May 12). Payday Lenders Fuel Crime, Drive Down Residential
Property Values. Retrieved July 31, 2011, from AOL Original, WalletPop Personal
Finance: http://www.walletpop.com/2011/05/12/payday-lenders-fuel-crime-drive-down-
property-values/
McBride Financial Services. (2011, 07 17). McBride Financial Services Intranet. Retrieved 07
17, 2011, from McBride Financial Services Intranet:
https://ecampus.phoenix.edu/secure/aapd/cist/vop/Business/McBride/Intranet
Nieves, E. (2005, December 27). Planned Parenthood in South Dakota. Retrieved 07 15, 2011,
from Washington Post: http://www.washingtonpost.com/wp-
dyn/content/article/2005/12/26/ar2005122600747.html
SoDAK A.N.S.W.E.R Coalition. (2011, 07 15). SoDAK A.N.S.W.E.R Coalition. Retrieved 07 15,
2011, from SoDAK A.N.S.W.E.R Coalition: http://www.sodakanswers.org/events10.htm
Swann, J. (2004). Protecting Your Physical Bank. Community Banker, 7-10.
13. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 13
Trulia. (2011, July 29). Sioux Falls Real Estate Overview. Retrieved July 31, 2011, from Trulia:
http://www.trulia.com/real_estate/Sioux_Falls-South_Dakota/