31 December 2010

Denial: Resolution for a New Year...

On the eve of the New Year, 2011 approaches with new perspectives and new found learning on the risks before us. Operational Risk is about managing "All Hazards" and "All Crimes" whether you are working within the ranks of the largest global 500 organization, or managing self as J. Q. Citizen. OPS Risk is just not about a government or corporate perspective any longer and is becoming more personal for many professionals in their daily lives. Managing their families, their households and the risks associated with spouses, parents, siblings and even those who you don't even know. But they know you.

In Dr. Jessica Stern's latest book "Denial: A Memoir of Terror" you will find that her story is very much about your own personal operational risk management. It will transport you into thoughts about all of the ways that people can learn about you and your personal life through good old fashioned surveillance or today on Facebook or Twitter. Yet this isn't about this new age phenomenon of digital stalkers or voyeurs. This story is about "Denial" and the risk of denial in the context of observation or your own behavior and the others who surround you.

"Denial is almost irresistibly seductive, not only for victims who seek to forget the traumatic event but also for those who observe the pain of others and find it easier to ignore or "forget." In the long run, denial corrodes integrity--both of individuals and of society. We impose a terrible cost on the psychically wounded by colluding in their denial."
In this skillfully wrought, powerful study, a terrorism expert, national security adviser (The Ultimate Terrorists), and lecturer at Harvard, returns to a definitive episode of terror in her own early life and traces its grim, damaging ramifications. Having grown up in Concord, Mass., in 1973, Stern, then 15, and her sister, a year younger, were forcibly raped at gunpoint by an unknown intruder; when the police reopened the case in 2006, Stern was compelled to confront the devastating experience. The police initially tied the case to a local serial rapist, who served 18 years in prison before hanging himself. Stern's painful journey takes her back to the traumatic aftershocks of the rape, when she began to affect a stern, hard veneer not unlike the stiff-upper-lip approach to survival her own German-born Jewish father had assumed after his childhood years living through Nazi persecution. Covering up her deep-seated sense of shame with entrenched silence, Stern had a classic post-traumatic stress disorder—which she was only able to recognize after her own work interviewing terrorists. Stern's work is a strong, clear-eyed, elucidating study of the profound reverberations of trauma.

Dr. Stern brought to light in her process of interviewing people, that "Denial" can be a true "Operational Risk" in itself. How many times have you observed someone's behavior and thought to yourself, that doesn't feel right. How many times have you said to yourself, this behavior is not good for my own well-being? This self-talk is something that all of us need to pay more attention to, as we embark on this New Year and the next decade of the 21st century.

What behavior have you witnessed lately that you are in denial about? Make a New Year's eve wish, pledge or resolution that this has to end. What ever the behavior that has occurred or will soon occur, the risks are too great to remain in denial. The trauma that exists in your mind or the potential impact that a future trauma may have, can be managed from a risk management point of view. What is the likelihood and the impact to you, your organization or your friends and family?

As we all watch the ball drop tonight at 12:00 midnight in the USA in Times Square New York City, reflect on the 2010 risks that you took by continuing to be in denial. Think about all of those people you encounter everyday at work, in the local grocery store and even in your own neighborhood. Open your eyes and your mind to the behaviors that just don't seem right. Manage your risk exposure when it comes to the people you associate with and the people who are watching you, without your knowledge.

The contributor(s) to this Operational Risk Management blog wish you a Happy and Prosperous New Year!

03 December 2010

Remote Digital Forensics: OPSEC Continuous Monitoring...

What do Operational Risk Management, continuous monitoring and "Remote Digital Forensics" Intelligence have in common? The digital age is challenging the global enterprise and the speed and depth of new found transnational threats requires bold outside-of-the-box thinking. Strategic decisions to prevent incidents of data leakage, theft of trade secrets or corporate espionage are on the minds of CEO’s and the Office of the General Counsel.

An organizations ability to proactively deter, detect and defend it’s vital corporate assets requires a focused lens to view the vast digital complexities and simultaneously gain deeper insights. Effective risk management in Global 500 companies encompasses the collection, analysis and action on relevant information. Is the relevant information stored on a mobile laptop, network attached desktop or mobile PDA? Could there be a copy of the document on the server in the form of an e-mail attachment? The objective seems obvious. Think a few steps ahead in order to mitigate the quantity and size of potential loss events where and when they will happen.

In order to achieve a “Game Changing” strategy to stay one step ahead of today’s digitally equipped adversary demands an adaptive process, tools and very smart people. Timely and accurate intelligence-led investigations have historically proven to save many organizations from catastrophic impact to their reputation. That is precisely why Digital Forensics Intelligence (DFI) has been gaining tremendous momentum with the Chief Risk Officer, Chief Security Officer, Chief Information Officer and the General Counsel. One example, is the ability for an organization to add forensic intelligence to almost any investigation, to provide additional dimensions of insight and to ascertain whether an employee is a true insider threat or just in non-compliance with your latest “Acceptable Use Policy.”

Corporate Digital Forensics Intelligence provides the corporate first responders with the potential evidence required by analysts, investigators and decision makers to make more informed decisions. The ability to more effectively determine a prudent course of action, can mean the difference between detecting a simple Internet policy violation or the beginning of a prolonged investigation with a corporate espionage nexus. The legal process in your state or country and the preservation of evidence, chain of custody and even early case assessment are now a converging area of concern with the office of the General Counsel and outside retained law firms.

“Achieving A Defensible Standard of Care” in your organization requires a digital risk governance framework that will withstand the tests of local law enforcement and judicial systems, inspector generals and global federal investigations. Remote and SPEKTOR Digital Forensics Triage has been gaining momentum with corporate enterprise, law enforcement and military investigators for years.

The reason is that certain kinds of investigations can't wait for days, weeks or a month to gain insight and evidence on the digital data stored on a suspects laptop, desktop or PDA. With the legal corporate policy in place or search warrants the fast Digital Forensics Triage process allows First Responders to quickly examine and determine what digital assets need to be seized and those that do not have any major "Red Flags". This keeps the corporate Digital Forensics Lab or RCFL from being overburdened with devices that hold no relevancy to a particular case and therefore minimizes the mountain of unexamined digital evidence.

The use of both Digital Forensic Triage and Real-Time Network Forensics solutions directly addresses the compliance requirements in the US Government for "Continuous Monitoring."

How can organizations address advanced persistent cyber threats?

To address the advanced persistent cyber threat requires a multi‐pronged effort by organizations. First, it requires a major change in strategic thinking to understand that this class of threat cannot always be kept outside of the defensive perimeter of an organization. Rather, this is a threat that in all likelihood, has achieved a foothold within the organization. This situation requires that organizations employ methods to constrain such threats in order to ensure the resiliency of organizational missions and business processes. Second, it requires the development and deployment of security controls that are intended to address the new tactics, techniques and procedures (TTPs) employed by adversaries (e.g., supply chain attacks, attacks by insiders, attacks targeting critical personnel). NIST Special Publication 800‐53, Revision 3, includes many new security controls and enhancements (most not selected in any of the control baselines) that are specifically intended to address some of these TTPs. Finally, to enable cyber preparedness against the advanced persistent cyber threat, organizations must enhance risk management and information security governance in several areas.

These include, but are not limited to: (i) development of an organizational risk management and information security strategy; (ii) integration of information security requirements into the organization’s core missions and business processes, enterprise architecture, and system development life cycle processes; (iii) allocation of management, operational, and technical security controls to organizational information systems and environments of operation based on an enterprise security architecture; (iv) implementation of a robust continuous monitoring program to understand the ongoing security state of organizational information systems; and (v) development of a strategy and capability for the organization to operate while under attack, conducting critical missions and operations, if necessary, in a degraded or limited mode.

Operational Risk Management calls for a robust and smart Information Governance Framework whether you are a Global Enterprise or a National Government. As the international WikiLeaks aftermath unfolds it will finally unveil the facts about "How" this incident could have happened. What is certain today is that the answer does not lie with new technology or tools. Human Factors and social engineering will always have the upper hand.