The move to Enterprise Security Risk Management, or ESRM, is a significant journey for organizations looking to reap the benefits of a risk-based, business focused approach to securing assets across the enterprise.
As I begin another year in the security industry, I’m hopeful that during 2017 we see our profession focus on Enterprise Risk Management, and that we begin the journey to identifying ourselves more closely as enterprise risk professionals.
The recent attacks on the Domain Name Service (DNS) hosted by Dynamic Network Services Inc. (Dyn) demonstrates a principle of risk management that we sometimes neglect to factor during our internal risk assessments — the impacts we may face from business partners or technology providers that cannot service our needs.
We recently relocated to the West Coast for work, to enjoy the lifestyle living by the ocean brings, and focus on new challenges for my employer.
I gave a presentation to a number of graduate students at a recent conference, and was struck by how energetic and engaging the students were.
As an organization matures its risk management program, opportunities arise to identify controls that satisfy a number of similarly themed risks.
As we look back on 2015 and reflect on recent media headlines, we can appreciate the level of uncertainty that is affecting our society, along with the unpredictability of the threats we are facing, from weather hazards to terrorist attacks.
Value creation is at the heart of everything we do, whether we’re self-employed or working for a private company or public agency. Corporate objectives, as a general rule, seek to continuously improve that value creation potential.
The unfortunate deaths of spectators at the Pemberton Music Festival in British Columbia and the Veld Festival in Toronto in recent months have raised serious concerns about the effectiveness of current security measures.
In a recent Ontario case, the Court saw a video of an accused setting on fire his neighbour’s (i.e. the victim’s) truck.
The Internet and social media are hugely popular. Every day, hundreds of millions of digital images and videos are uploaded to, and downloaded from, various social networking websites (Facebook, MySpace, LinkedIn), information communities (YouTube, Pinterest, Google+), blogs/microblogs (Twitter, Tumblr), and photo sharing/management sites (Flickr, Instagram).
A few issues ago, I wrote about the R. v. Manley case in which a police search of Manley’s cell phone, after his arrest for a series of break-ins, was deemed lawful.
In April 2013, the world was shocked by terrorist bombings near the finish line of the Boston Marathon. Hundreds of video images were recorded by security (surveillance) cameras, television news cameras, and cell phone cameras. These images showed not only the explosions and resulting damage, but also the two brothers who allegedly planted the bombs. Video images of the suspects, travelling to and from the scenes of the two bombings, were widely shown and helped identify them.
Ever wish that your car was equipped with a video camera to record the licence plate of the car that cut you off, or did some other equally unsafe manoeuvre? Thanks to modern technology, you can now mount a camera on your car’s dashboard and record whatever is on the road.
Forensic investigators now have a new tool to use to document crime, accident, and fire scenes — the 3D laser scanner.
The new amendments of the Digital Privacy Act (DPA) will require businesses to disclose cyber-attacks to the Office of the Privacy Commissioner, or face the prospect of hefty fines. Organizations need to take decisive action to secure their networks and gain full network visibility before the legislation comes into effect.
Big data has been described as the “new currency” for business, and with the number of threats to data security growing, protecting that data has become a top concern.
It is human nature to sometimes take for granted the services we expect to be there when needed.We turn on the tap and clean water begins to flow. We flick a switch and a dark room is instantly illuminated. We complain about the cost of fuel and traffic congestion yet still our vehicles traverse the roadways of our cities and we give little to no thought to the complex grid of traffic signals, cameras and rail crossings that contribute to making our journey safe.
Continuous Visual Observation (CVO) programs vary significantly from healthcare organization to healthcare organization.CVO, also called “Patient Watch,” “1:1” or “Constant Observation” in many organizations, is often viewed as a low-paid, onboarding/entry-level position.
As emergency management consultants and trainers, we quickly learn there is nothing more important than working effectively with our clients and stakeholders to ensure a cohesive approach to disaster preparation and management.
When considering OPSEC it is wise to heed Confucius’s warning that “fine words and an insinuating appearance are seldom associated with true virtue.”
Cloud technology has made possible opportunities that can be truly transformative for businesses.
Let’s continue our quest to understand organizational security management, resilience and our own models for decision making.
After the first Persian Gulf war ended and the no fly zone was in effect, the U.S. Air Force was tasked with controlling the skies over Iraq.
Critical Infrastructure as defined by Public Safety Canada “refers to processes, systems, facilities, technologies, networks, assets and services essential to the health, safety, security or economic well-being of Canadians and the effective functioning of government.”
In last issue’s column we looked at the general challenges facing municipal security management planning ranging from domain specific standards to an agreed upon methodology.
As the level of government closest to citizens, the municipal sector is unique.
Heather Mac Donald once wrote a book titled “Are Cops Racist?” Just looking at that title shows it’s an unfair question. Just about any answer can be a correct one. Her latest book is “The War On Cops — How The New Attack on Law and Order Makes Everyone Less Safe.” The title is more reasoned, but still seems to leave nuance out.
There’s a saying, “A lie travels around the globe while the truth is putting on its shoes,” that many attribute to Mark Twain.
As our world and our businesses grow more complex, our writing must reflect this and help make them more understandable.
I recently attended the Association of Certified Fraud Examiners Annual Conference in San Diego. Besides some terrific presentations and networking events, there was a bookstore. I’m a sucker for bookstores and I picked up enough books that I had to pay duty when I came back. One of those books was Social Engineering: The Art of Human Hacking, by Christopher Hadnagy. This is a worthwhile book for anyone in the security management and operations field, including investigations. And while it’s heavily IT-flavoured, it’s not just for the IT folks — in fact, it’s likely more valuable to non-IT personnel.
There’s a new book for security personnel and right in the Preface, it’s described as “a helpful practical tool that references Canadian best practices and laws”¦” And it is.
Most Popular Stories
CANSEC Global Defence and Security Trade ShowWed May 31, 2017
Security Canada OttawaWed May 31, 2017
Security Summit CanadaWed Jun 14, 2017 @ 8:00AM -
Security Canada West 2017Wed Jun 21, 2017
13th Annual IAHSS Ontario Chapter Golf ChallengeMon Jul 17, 2017