25 April 2009

Human Factors: Early-Warning System...

Predictive Intelligence And Analytics From 1SecureAudit Provides Transnational Organizations With A Preemptive Human Factors Early-Warning System

According to Managing Director and Chief Risk Officer of 1SecureAudit, Peter L. Higgins, the complexity of today's extended global enterprises requires a new governance lens to view hidden insider risks and to guide management executives to achieving a defensible standard of care.

"Our newest consulting practice accelerates the time line in identifying employee insider risks and potential threats associated with international client transactions," said Higgins. "Ms. Marcia Branco is launching our new client offering with more than a decade of experience identifying the complex connections between human behavior and corporate operational risk responsibility."

Advocating a "People First" approach, Ms. Branco, vice president, practice director of the Predictive Intelligence and Analytics practice, believes corporate personnel; partners and suppliers represent a tremendous asset and simultaneously a significant legal liability to a business. "People are the primary focal point to better understanding and resolving systemic risk problems within the walls of the enterprise and beyond to the extended supply-chain," said Branco.

The Association of Certified Fraud Examiners affirms "U.S. organizations lose an estimated seven percent of annual revenues to fraud," and insider negligence is the highest cause of data breaches, reports the Ponemon Institute & PGP Corporation. The complexity and quantity of insider threats is growing at the same time as businesses are facing shrinking budgets and mounting pressures to maintain and grow profits with fewer resources. "How successful has your company been at identifying and swiftly addressing issues, conflicts and preventing malfeasance? Whether originating internally from an employee or contractor or at your extended border of partners, suppliers and clients, predictive intelligence is essential?" asks Higgins.

1SecureAudit provides critical assessments, internal investigations, strategy execution and program development. These proactive governance and advisory services generate positive change to business culture, operations and bottom line.

"Our distinctive 'People First' approach examines your organization's human capital assets to gain unique insights on corporate culture, company issues and the workforce's attitude about management and business initiatives. We convert these human factor data into predictive intelligence to preemptively determine how to best shape current and new corporate strategies. Our clients are able to take advantage of short-lived opportunities, attract and retain employees, partners and customers, demonstrate a more defensible standard of care and promote a trustworthy corporate reputation," stated Branco. "Does your organization consistently adhere to and enforce corporate policies, ethical standards and procedures that value your employees and respond to shareholder advocates?"

Working with 1SecureAudit to integrate predictive intelligence in any business strategy and practices is a sound investment that directly contributes to corporate management's, Board of Directors', and shareholders' peace of mind. For more information, visit 1SecureAudit.com or e-mail RDU (at) 1SecureAudit.com.

07 April 2009

Economic Impact: Proving the Truth...

The Madoff investigations into so called "feeder firms" are now gaining momentum. The question on who are the victims and where fraud is suspected continues it's due course. The process of client referrals is not a crime and allegations that correlate this with fraudulent behavior is a flawed mindset. The current basis in the Merkin case has more to do with non-disclosure of where clients money was actually invested:

Andrew Cuomo, the New York attorney general, yesterday filed civil fraud charges against the hedge fund manager Ezra Merkin, alleging he secretly channeled more than $2.4bn to Bernard Madoff's Ponzi scheme in exchange for lucrative fees.

The move is the second regulatory action in two weeks against one of the big so-called "feeder" funds that sent billions of dollars to Mr Madoff, who pleaded guilty to one of history's biggest investment frauds.

Mr Cuomo accused Mr Merkin, a leading figure in the New York charity community and former chairman of financing company GMAC, of steering money from charities, universities and non-profit organisations to Mr Madoff without their permission and reaping about $470m in fees for his three funds.

"Merkin duped individual investors, non-profits and charities into believing he was responsibly managing their investments, when in actuality he was dumping them into history's largest Ponzi scheme,'' Mr Cuomo claimed yesterday.

Operational Risk professionals in these hedge funds and other alternative investment firms are getting prepared. These organizations will continue to be under the regulatory spotlight for years to come. Fraud and the fear of fraud will make their potential clients even more diligent in their understanding of where their funds are being invested. The federal watchdogs, oversight mechanisms and civil law suits will require firms to have their risk management "Act" together.

When it comes time to prove the truth, whether innocent or guilty, it will come down to information. The likelihood that this information is housed in a database, e-mail system or off-site disaster recovery repository is almost certain. Digital information that is part of any inquiry for civil or criminal action is subject to the "Rules of Evidence" and the "Federal Rules of Civil Procedure." This is where most of the alternative investment firms have their greatest exposure and vulnerability today. Call it the "Readiness Factor".

In a groundbreaking case from the past year, Qualcomm Inc. v. Broadcom Corp., No. 05CV1958, 2008 WL 638108 (S.D. Calif. March 5, 2008), the court found the plaintiffs to have committed "monumental and intentional" discovery violations for failing to produce thousands of documents requested in discovery. The court cited the "impressive education and extensive experience" of Qualcomm's attorneys to justify significant sanctions for failure to produce relevant e-mails, including reporting to the State Bar of California.

The "Readiness Factor" goes far beyond the process or procedures for preserving evidence. It starts with the creation of information inside the organization. How is it classified, where is it stored and who has access to it? These are fundamental Information Technology and Records Management 101 questions that any prudent organization has already answered. Where most firms find themselves with their backs up against the "legal wall" has to do with relevance, authenticity, and admissibility of information.

The "Alternative Investment" industry is quickly learning that their own IT professionals are going to end up on the witness stand and in early depositions. They are going to be hearing questions such as:

  • What policies or procedures do you manage in your department/organization?
  • What training do you have on the collection and preservation of "Electronically Stored Information"?
  • Explain your responsibility or supervision of access controls, folder management, indexing, purging controls and metadata?
  • Describe the procedures your firm utilizes to identify the places, people (custodians) and quality of the data that has been preserved for this case?

The list continues and the IT professionals better be ready. Adversarial counsel will be digging deep to get after the key components of authenticity and spoilation issues. The unfavorable outcomes from a lack of readiness can produce an "Economic Factor" that far exceeds the cost of just finding and producing the information for e-Discovery.

The economic impact of proving the truth in any case can be significant. If you were a savvy and smart prosecuter, the cases that would filter to the top for scrutiny may very well be those firms that display the most "IT Immaturity." Getting some wins under your belt with some relevant case law could determine how fast future cases are settled far in advance of ever getting to trial.

For those "Alternative Investment" firms that are behind the 8 Ball, here is a good place to start your own discovery of the total cost of proving the truth. The E-Discovery Road Map.

01 April 2009

4GW: Irregular Warfare in the Homeland...

Why is the US House Armed Services Subcommittee holding a hearing soon that is entitled: "Terrorism, Unconventional Threats and Capability on Terrorism and the New Age of Irregular Warfare: Challenges and Opportunities"?

Here is one good reason:

Baitullah Mehsud, the leader of the Pakistani Taliban recently claimed responsibility for the deadly attack that took place at a police academy on Monday in Lahore, Pakistan. But that’s not all. According to Mehsud, the next attack is going to be much closer to home. In a phone interview with the Associated Press, Mehsud indicated that his terrorist organization was planning a devastating attack on Washington D.C. that would “amaze” the world. Heritage analyst James Phillips told Fox News:

It should be taken seriously because [Mehsud] has ordered the deaths of many Pakistanis and Afghans and has a close alliance with Al Qaeda. It’s not too much of a stretch to think he might be involved in an attack on the U.S. if he’s able to get his followers inside the United States. He’s a militant extremist whose threats cannot be ignored.

Though most Americans associate terrorist attacks with bombings, armed ground assaults can just as deadly and disruptive. The most dramatic recent example was the Terrorist attacks that took place in Mumbai, India last November, killing almost 200 people.

Ground assaults are not just a terrorist tactic that might happen over there. Over here, it has been less than two years since six terrorists were thwarted in their attempt to assault Fort Dix in New Jersey.

The 4GW (Fourth Generation Warfare) strategy is well over five years old. We are glad to see that one of the best on this topic will be at the Armed Services hearing on Capitol Hill. Let's hope John Robb gets an opportunity to outline the following:

Many of the methods used in 4GW aren't new and have robust historical precedent. However, there are important differences in how it is applied today. These include:

  • Global -- modern technologies and economic integration enable global operations.
  • Pervasive -- the decline of nation-state warfare has forced all open conflict into the 4GW mold.
  • Granularity -- extremely small viable groups and variety of reasons for conflict.
  • Vulnerability -- open societies and economies.
  • Technology -- new technologies have dramatically increased the productivity of small groups of 4GW warriors.
  • Media -- global media saturation makes possible an incredible level of manipulation.
  • Networked -- new organizational types made possible by improvements in technology are much better at learning, surviving, and acting.
Corporations, Government Agencies and owners of strategic critical infrastructures owned by the private sector are continuing their vigilance in light of the 4GW emergence. More than ever the need for effective OSINT (Open Source Intelligence) gathering at the street level is imperative. Yet all the Humint and sensor based collection of data will not change the myopia of insight unless there is a rapid adoption of the new mantra: "Responsibility to Provide."

The "Responsibility to Provide" statement is rapidly replacing the old and ineffective rule of "Need to Know". Our adversaries realize that our "Need to Know" mentality is one of our greatest vulnerabilities and they will continue to exploit this weakness. Washington, DC is has just emerged from a period of coordination, cooperation and unprecedented effectiveness across legal, political and jurisdictional boundaries. The fact is that the 44th Presidential Inauguration bound together thousands of people across the country to keep our Nations Capital safe and secure in January. This mission was accomplished and the result has been ever so felt by those who were in the middle of the operational command centers, such as WRTAC, the Washington Regional Threat and Analysis Center.

WRTAC provides DC Metro partner agencies and local jurisdictions with a watch command, plus an Open Source Daily Brief of current news articles relating to terrorism, homeland security, critical incident response and public safety. The key factor here is "Relevance" on the ground level to your own community and the local assets needed to raise situational awareness.

If Baitullah Mehsud is telling the truth, then it is not so much a matter of "what" 4GW tactics will be utilized, it is a matter of "when."