By:
On:
In: *Connecting the Dots Blog*, Information Security

  One of the first things security professionals recommend when you install new programs, systems or hardware is that you change the default password immediately.  And, if a system has been breached or is vulnerable to a potential breach, most security professionals recommend your Users change their passwords as a precaution. Now, what if the password was hard-coded into the system and could not be changed without throwing all systems into chaos and disrupting or halting operations? And what if the default password for your software had been shared in online forums since 2008? That would never happen, right…? Unfortunately this is exactly what hasRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Information Privacy, Information Security, Regulatory Compliance

  Last week financial executives received some valuable advice on ways to significantly reduce costs associated with an expensive non-budgeted item – cybercrime. Greg Schaffer heads up DHS’s Office of Cybersecurity and Communications and his comments on cybercrime included: “Cybercrime is not a problem that is growing, or coming, or off in the future.  This is a problem right now.” Mr. Schaffer also cited some statistics from reports and surveys: A single cyber breach costs companies an average of $6.75 million  27 countries have claimed to have experienced financial losses related to cybercrime In 2009, 30 million examples of new malicious software were released  Read More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Human Resources, Incident Reporting, Information Privacy, Risk Management

  A recent follow up article in Federal Computer Week (FCW) highlighted the porn scandal at the Securities Exchange Commission (SEC) and suggested this was a dramatic wake-up call for any government agency who doubted the need for and importance of an airtight security policy. Good for Teri Robinson… who wrote the article!! However…the steps Teri laid out that an agency should take to build and enforce a security policy are missing a couple of critical steps based on lessons learned and legal defensibility.  Teri suggested the following steps: Review existing policy Social media guidelines should be included and should be specific Assign responsibility becauseRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Campus Safety, Incident Reporting, Regulatory Compliance, Risk Management

  If you did not read Part 1…you may want to do so before reading Part 2. During my EduComm presentation,  I identified numerous school related incidents and lessons learned and multiple new ways to improve campus safety, reduce costs, protect reputations and save lives. Then after reviewing multiple lessons learned I asked the group another question: What does each of these well-documented incidents have in common? Columbine Virginia Tech Fort Hood University of Alabama-Huntsville   According to expert reviews and reports, each of these incidents could have been prevented. Let me repeat….each of these incidents could have been prevented.  Each of these incidents couldRead More →

By:
On:
In: *Connecting the Dots Blog*, Emergency Management, Human Resources, Incident Reporting, Risk Management, School Safety

  Just recently, I had the honor of presenting at the EduComm 2010 conference in Las Vegas. The title of my presentation was ‘Connecting the Dots to Improve Campus Safety’ and was selected as a featured presentation. Presenting at conferences is definitely one of my favorite things to do. I get to share ideas, successes and lessons learned with other people who are coming from many different locations and I have the unique opportunity to ask questions and learn what challenges other people face. During my presentation I asked the following questions:   How many of your organizations have a Crisis Management Plan? (Everyone raisedRead More →

By:
On:
In: *Connecting the Dots Blog*, Campus Safety, Emergency Management

  Just recently, I had the honor of presenting at the EduComm 2010 conference in Las Vegas. The title of my presentation was ‘Connecting the Dots to Improve Campus Safety’ and was selected as a featured presentation. Presenting at conferences is definitely one of my favorite things to do. I get to share ideas, successes and lessons learned with other people who are coming from many different locations and I have the unique opportunity to ask questions and learn what challenges other people face. During my presentation I asked the following questions:   How many of your organizations have a Crisis Management Plan? (Everyone raisedRead More →

By:
On:
In: *Connecting the Dots Blog*, Emergency Management, Incident Reporting, Risk Management

  I recently came across a blog in Emergency Management Magazine discussing the need to use multiple forms of emergency notifications.  Lessons learned and recent studies reveal that the public won’t likely take action unless they receive their directions from at least two trusted sources.  A study on evacuations during the San Diego wildfires found that residents generally wouldn’t leave their homes until they had received confirmation from a second source (like the news or a personal contact). Thankfully, in today’s networked environment, people have information coming at them from all sides (friends, media, online news, social networking sites, etc.) and will most likely beRead More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources, Incident Reporting, Workplace Violence

  Did you see the article in the USA Today last week regarding TSA keeping a database of pushy flyers? The pushy fliers program was launched in 2007 to help prevent the nation’s 50,000 airport screeners from being attacked or threatened.  TSA officials voiced concern about passengers disrespecting screeners so they began issuing new uniforms with police style badges pinned to shirts.  According to the article, the database has records from about 240 incidents and most are screeners in conflict with other screeners and 30 incidents involve passengers or airport workers attacking or threatening screeners. Based on my experiences leaving a New York area airportRead More →

By:
On:
In: *Connecting the Dots Blog*, Emergency Management, Incident Reporting, Risk Management, School Safety, Workplace Violence

  A recent report from the University of Maryland’s National Consortium for the Study of Terrorism and Responses to Terrorism (START) has revealed that since 1995, a much higher percentage (33%) of terrorist attacks in the United States were conducted by unaffiliated individuals, rather than by organized groups. From the Oklahoma City bombing to more recent attacks like Virginia Tech, Fort Hood, and the University of Alabama, another commonality has also been revealed; in 80% of the incidents, red flags and warning signs exist, but are often not identified. There are many reasons red flags go unreported.  Victims or bystanders may fear retaliation or theyRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Human Resources, Risk Management

  I attended the national ACUTA conference last week and one of the speakers mentioned Philip Quigley’s quote regarding ‘farmers and building tractors’.  If you are not familiar with his quote, see below: Philip J. Quigley, former CEO of Pacific Telesis said, “If we were to go back in time 100 years and ask a farmer what he’d like if he could have anything, he’d probably tell us he wanted a horse that was twice as strong and ate half as many oats. He would not tell us he wanted a tractor. Technology changes things so fast that many people aren’t sure what the bestRead More →