Dyman & Associates Projects
217 views | +0 today
Follow
Dyman & Associates Projects
Dyman & Associates Risk Management Projects is a Risk Management firm whose main office is based in Boston, MA. We operate in the following fields: Cyber Security, Project Management, Emergency Management, Technology Governance, and Physical Security. Our company is a minority-owned enterprise with both MBE & DBE certifications http://dymanassociatesprojects.com/.
Curated by Valerio Anema
Your new post is loading...
Your new post is loading...
Scooped by Valerio Anema
Scoop.it!

Dyman & Associates Risk Management Projects: Dyman Associates Risk Management: eBay In Security Storm With Dangerous Flaw Wide Open

Valerio Anema's insight:

Auction site eBay has found itself in the midst of another security storm after apparently choosing to leave a security hole wide open – in the interests of user functionality – as customer details were being stolen. 

It is the latest in a trio of serious cybersecurity problems at the company this year, following adatabase breach in May, and the theft of details from its StubHub ticket site customers two months later. 

eBay allows highly visual JavaScript and Flash content to be included in its listings, which is a somewhat unsurprising step – however, the company reportedly knew for months that a number of hackers were manipulating this code for malicious content, and left the ability to add the code largely as it is, in the interests of offering sellers attractive auction listings. 

Cyber criminals have been using the technology to introduce cross-site scripting (XSS) – in which customers are led to a fake, eBay-mimicking site to enter their payment details. At least 100 exploited listings have been identified by the BBC, which reports that the problems continue even though eBay may have been aware of them since February. 

‘Not An Okay Situation’ 

Security experts have lambasted eBay’s handling of the problems. Chris Oakley, principal security consultant at testing firm Nettitude, says he would expect “all organizations, particularly those with vast quantities of customer data to protect” to have the required, standard cross site scripting defenses in place. 

“This hat-trick of security incidents will surely do the company no favors in terms of restoring and maintaining consumer confidence,” adds Paul Ayers, European VP at data security vendor Vormetric, and Mikko Hypponen, chief research officer at security firm F-Secure, describes the situation as “not okay”. Independent expert Graham Cluley told The Drum website that eBay was not in “proper control” of the situation, which he described as “embarrassing”. 

Solving The XSS Problem 

Experts have proposed a number of solutions for eBay, including simply removing the harmful code or listings, or providing its own Javascript editor in which sellers’ code can be more easily managed and controlled. 

Dr Adrian Davis, EMEA managing director at security organization (ISC)2, tellsForbes that XSS is a well known threat, adding that “we can’t afford to tolerate relatively simple security issues like this, especially for a company as massive as eBay”. 

Sites with the issue “need to update their current code to remove the vulnerability”, he says. “Functionality for the user would not be impaired, providing the code running in the browser and application is written properly.” 

He warns that developers need to be much better trained to write secure code and not focus solely on usability, with “fully qualified and certified individuals, such as those holding (ISC)2’s CISSP or CSSLP” qualifications being involved “throughout the entire process”. 

“This is an issue that must rise above the purely technical considerations and go onto the agendas of management and business leaders that are driving the development projects. Only then would we see investment in curbing incidents like these.” 

Act Much More Quickly 

Randy Gross, chief information officer at industry association CompTIA, says that it is “always difficult” for organizations to strike the right balance between security and convenience. But he adds: “With financial transactions, especially given recent high profile attacks, the pendulum needs to swing hard back toward security and give consumers the confidence their information is secure.” 

Fayaz Khaki, an associate director of information security at IDC, adds in aForbes email interview that it is always difficult for large and complex sites, such as eBay, to be completely XSS free. “However, once an XSS vulnerability has been identified the organization must act quickly to remove the vulnerability”, even if it means removing a listing. 

Active content such as Javascript, he says, should only be used where completely necessary, and regular monitoring and vulnerability assessments ought to be carried out to minimize risk. 

“XSS vulnerabilities have existed for a number of years and really companies such as eBay, that came into existence solely as an internet organization, should be on top of these types of vulnerabilities and should have the capability to identify and mitigate these vulnerabilities very quickly.” 

eBay said in a statement that cross site scripting risks exist across the internet, and that it has “hundreds” of engineers and security experts who collaborate with researchers to make its own site both usable and safe. 

It added: “We have no current plans to remove active content from eBay. However, we will continue to review all site features and content in the context of the benefit they bring our customers, as well as overall site security.” 

Criminals behind cross site scripting and phishing activity adapt their code and tactics “to try to stay ahead of the most sophisticated security systems”, it said. “Cross site scripting is not allowed on eBay and we have a range of security features designed to detect and then remove listings containing malicious code.”


Article Source:
http://www.forbes.com/sites/leoking/2014/09/23/ebay-in-security-storm-with-dangerous-flaw-wide-open

 

Read More:
http://dymanassociatesprojects.com

http://dymanassociatesprojects.tumblr.com

http://dymanassociates.blogspot.nl


more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman Associates Risk Management review: Manufacturers Should Upgrade Practice

Dyman Associates Risk Management review: Manufacturers Should Upgrade Practice | Dyman & Associates Projects | Scoop.it
A new report from Deloitte and the Manufacturers Alliance for Productivity and Innovation recommends that manufacturers convert their risk management practices to "an ongoing conversation rather than a periodic presentation."
Valerio Anema's insight:

Study: Manufacturers Should Upgrade Risk Management Practices: http://www.mbtmag.com/news/2015/03/study-manufacturers-should-upgrade-risk-management-practices

A new report from Deloitte and the Manufacturers Alliance for Productivity and Innovation recommends that manufacturers convert their risk management practices to "an ongoing conversation rather than a periodic presentation."

 

The study, titled "Understanding Risk Assessment (https://twitter.com/dymanassociates ) Practices at Manufacturing Companies," said the evolution of technology within the manufacturing sector presents vulnerabilities as well as opportunities, and that new threats can strike with unprecedented speed.

 

The report argued companies should improve their use of technology in risk management, consider increasing the frequency of assessments and embed those practices within all levels of company operations.

 

"In short, risk assessment and management techniques (http://dymanassociatesprojects.com/mobile_risk.html) should advance at a rate equal to or greater than the underlying business," the report said.

 

Companies surveyed by Deloitte and MAPI identified cyber security as the biggest IT risk three years from now, with product design and development innovation as the top business risk over that span. The report said companies should utilize cyber security controls, but that they should also increase their insight into potential threats and how to appropriately respond to them.

 

They study also noted that 93 percent of companies indicated oversight of their risk management rested with the full board or an audit committee, and suggested that "given the rising complexity facing most manufacturing organizations (http://dymanassociates.blogspot.nl/) ... it may be time to give risk management a clear subcommittee."

 

The involvement of a committee, meanwhile, could result in such panels becoming increasingly involved in day-to-day operations. The report called for a "proper executive champion" for that role, potentially including the creation of a chief risk officer.

 

Improved risk management and audit practices, meanwhile, could also help create a more resilient supply chain, as well as improve employee recruitment and retention amid ongoing concerns about a manufacturing skills gap.

 

Although improving risk management practices wouldn't dramatically alter a company’s bottom line, the report said the potential benefit to competitive advantages and shareholder confidence "will naturally make its way into earnings."

 

"Organizations should establish a risk assessment program that fits into its unique culture and risks," said MAPI deputy general counsel Les Miller. "Since change is constant and can occur suddenly, ongoing efforts to enhance the sophistication and variety of risk assessment techniques are needed."

 

The study conducted an online poll of 68 members of MAPI's Internal Audit and Risk Management Councils in June of 2014. The respondents ranged from less than $1 billion in annual revenue to more than $25 billion; the majority ranged between $1 billion and $10 billion.

more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman & Associates Risk Management Projects: New Chip can Turn Smartphone into 3D Scanner

Valerio Anema's insight:

With 3D printers all but widely-known now, it only remains to have an accurate and portable 3D scanner to practically produce anything on-the-go. The current 3D scanners are all bulky and very expensive but we may soon have that functionality installed in our smartphones.

 

A team of CalTech researchers led by Ali Hajimiri has designed a small camera chip that can enable a smartphone to do an accurate 3D scan of an object.

 

The tiny silicon chip called nanophotonic coherent imager (NCI) only measures one millimeter square and can conveniently be placed within smartphones. It uses a type of Light Detection and Ranging (LIDAR) technology in capturing an item's width, depth and height. Basically, a laser is shined on the object so the light waves that bounce off of it can serve as guide for the imager when capturing the measurement data.

 

The technology used on the chip is further explained by Caltech:

 

"Such high-res images and data provided by the NCI are made possible because of an optical concept known as 'coherence'. If two light waves are coherent, the waves have the same frequency, and the peaks and troughs of light waves are exactly aligned with one another. In the NCI, the object is illuminated with this coherent light. The light that is reflected off of the object is then picked up by on-chip detectors, called grating couplers, that serve as 'pixels', as the light detected from each coupler represents one pixel on the 3-D image."

 

According to Dyman & Associates Risk Management Projects ( http://dymanassociatesprojects.com ), LIDAR technology is commonly used in self-driving cars, robots and precision missile systems due to its effectiveness in identifying locations and objects. Although the concept of LIDAR is not that new, their idea of having "an array of tiny LIDARs on our coherent imager can simultaneously image different parts of an object without the need for any mechanical movement" is a novel one.

 

Basically, every pixel on the sensor can separately assess the intensity, frequency and phase of the reflected waves, thereby creating a piece of 3D information. The combination of all those pieces of 3D data from all the pixels results in the full 3D scan.

 

Caltech's concept allows for the development of a tiny and relatively cheap scanner without sacrificing the accuracy. Dyman & Associates Risk Management Projects reported that the new chip can create scans that closely resemble the original within microns.

 

At present, the prototype Caltech has made only has 16 pixels on it, just enough to scan small objects such as coins, but they are reportedly working on scaling it up to thousands of pixels.

 

Visit our website's blog for more related articles: http://dymanassociatesprojects.com/blog

more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman Associates Risk Management Review: 3 Ways to Make Your Outlook.com Account Safer

Dyman Associates Risk Management Review: 3 Ways to Make Your Outlook.com Account Safer | Dyman & Associates Projects | Scoop.it

http://nakedsecurity.sophos.com/2014/10/28/3-ways-to-make-your-outlook-com-account-safer/

 

Following on from our detailed guide to securing your webmail, here's a quick breakdown of how to make the most important fixes for users of Microsoft's Outlook.com (formerly known as Hotmail and, for a while, Windows Live Hotmail).

 

Controls affecting Outlook.com security are mainly found in one central place, which can be accessed by clicking your username (this will probably be your name), shown in the top right of any live.com page when you're logged in, and selecting "Account settings".

 

1. Protect your password

 

Your first step should be to make sure your password is well chosen and not shared.

 

If you need to set a new one, visit the "Security & privacy" section of the Account settings page.

 

You'll then have to verify your account with a security code, which you can do by email or text.

 

At the top you'll see when your password was last changed, with an option to change it below.

 

Just below that, in the section labelled "Security info helps to keep your account secure", you'll find any backup email addresses or phone numbers you've given to Microsoft to help verify your identity if you get locked out of your account.

 

Make sure these are a good way of getting in touch with you, and are not easily accessible by people you don't trust.

 

These contact points will also be used to send alerts if Microsoft spots any suspicious activity - you can choose whether or not to receive alerts by phone and whether to have them sent to multiple email addresses, but the primary alternate email must always get alerts.

 

2. Set up two-step verification

 

On the same screen you can also set up two-step verification.

 

Scroll down to the next section of the "Security & privacy" page.

 

When you follow the link to set it up, Microsoft recommends using a smartphone app, which will vary depending on what kind of device you use.

 

Windows Phone users can get Microsoft's own authenticator app, Android users can use the Microsoft Account app, and those with iOS devices will need Google's multi-purpose Authenticator.

 

Each has its own process for setting up, but most will simply require you to scan a QR code displayed on-screen. Once set up, you should be able to use the code generated by the app any time you want to log in to your account.

 

If you choose not to use an app, or don't have a smartphone, you can have codes sent by SMS to the number you provide, or by email to one of your alternative accounts, but Microsoft will continue encouraging you to opt for the app approach, at least until you tell it to stop.

 

When you log in with a 2SV code, there will be an option to trust the device you're using and not ask for any more codes, so in future you'll only need your normal password.

 

Only check the box if you're on a machine you use regularly and know to be kept well-secured.

 

As part of setting up 2SV, you'll be given an emergency backup code. This is used if you ever lose access to the apps, phone numbers and email addresses provided for 2SV codes.

 

Outlook.com recommends you print it and keep it somewhere very safe, but if you find it easier to keep it in a file on your (well secured) computer, make sure it's very well encrypted.

 

In the "Recovery codes" section you can choose to renew the emergency backup code if you no longer have it.

 

3. Check your settings

 

You should consider checking the "Security & privacy" page occasionally, to make sure the backup and 2SV contact details are up to date - check that any old devices you no longer have are removed from the "Security info" or "App passwords" sections.

 

There's no way to monitor which devices have been marked as trusted for 2SV purposes, but at the bottom of the "Security & password" page you can at least remove trust from all machines, cutting off anyone who may have obtained unauthorised access.

 

There's a whole section of the "Security & Privacy" area dedicated to "Recent activity".

 

This is the place to go if you suspect someone's been intruding on your account. You can view a detailed list of logins, attempts, 2SV challenges and significant settings changes, and for each one there is further information on the device type and browser or app used, the IP address and location.

 

There's even a little Bing map pinpointing where the IP address appears to come from, but this may not be very accurate, particularly for things like POP access from a mobile mail client.

 

In case you're worried about any particular event, the details area for each one provides a large button marked "This wasn't me". Clicking this will lead to a review of your security settings, including resetting your password to make sure strangers are kept out.

 

Finally, the "Related accounts" section, under "Security & Privacy" lets you view and manage any accounts you have linked to your Outlook.com account, and also any other apps and services which may have been granted access.

 

You should make sure any entries in here are expected and necessary.

 

Once you're done with making your Outlook.com account safer, make sure you are following our general advice in our guide to securing your webmail.

 

For more details about Dyman Associates Risk Management Review visit:

http://dymanassociatesprojects.com/mobile_sec.html

https://twitter.com/dymanassociates

http://dymanassociatesprojects.tumblr.com/

 

 

more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman Associates Risk Management review: Experts Identify Easy Way to Improve Smartphone Security

Dyman Associates Risk Management review: Experts Identify Easy Way to Improve Smartphone Security | Dyman & Associates Projects | Scoop.it

NSF's mission is to advance the progress of science, a mission accomplished by funding proposals for research and education made by scientists, engineers, and educators from across the country.

Valerio Anema's insight:

Assigning risk scores to apps may slow down unwarranted access to personal information

 

October 28, 2014

 

What information is beaming from your mobile phone over various computer networks this very second without you being aware of it?

 

Experts say your contact lists, email messages, surfed webpages, browsing histories, usage patterns, online purchase records and even password protected accounts may all be sharing data with intrusive and sometimes malicious

applications, and you may have given permission.

 

"Smartphones and tablets used by today's consumers include many kinds of sensitive information," says Ninghui Li, a professor of Computer Science at Purdue University in Indiana.

 

The apps downloaded to them can potentially track a user's locations, monitor his or her phone calls and even monitor the messages a user sends and receives--including authentication messages used by online banking and other sites, he says, explaining why unsecured digital data are such a big issue.

 

Li, along with Robert Proctor and Luo Si, also professors at Purdue, lead a National Science Foundation (NSF)-funded project "User-Centric Risk Communication and Control on Mobile Devices," that investigates computer security. The work pays special attention to user control of security features in mobile systems( http://dymanassociatesprojects.com/mobile_sec.html ).

 

Li, Proctor and Si believe they may have a simple solution for users, who unknowingly allow voluntary access to their personal data.

 

Most users pay little attention

 

"Although strong security measures( http://dymanassociatesprojects.tumblr.com/ ) are in place for most mobile systems," they write in a recent report inthe journal IEEE Transactions on Dependable and Secure Computing, "the area where these systems often fail is the reliance on the user to make decisions that impact the security of a device."

 

Most users pay little attention, say the researchers, to unwanted access to their personal information. Instead, they have become habituated to ignore security warnings and tend to consent to all app permissions.

 

"If users do not understand the warnings or their consequences, they will not consider them," says Proctor, a Distinguished Professor of psychological sciences at Purdue.

 

"If users do not associate violations of the warnings with bad consequences of their actions, they will likely ignore them," adds Jing Chen, a psychology Ph.D. student who works on the project.

 

In addition, there are other influences that contribute to users ignoring security warnings. In the case of Android app permissions, of which there are more than 200, many do not make sense to the average user or at best require time and considerable mental effort to comprehend.

 

"Permissions are not the only factor in users' decisions," says Si, an associate professor of Computer Science at Purdue, who also led research on a paper with Li that analyzed app reviews.

 

"Users also look at average ratings, number of downloads and user comments," Si says. "In our studies, we found that there exist correlations between the quality of an app and the average rating from users, as well as the ratio of negative comments about security and privacy( http://dymanassociates.blogspot.nl/ )."

 

"This is a classic example of the links between humans and technology," says Heng Xu, program director in the Secure and Trustworthy Cyberspace program in NSF's Social, Behavioral and Economic Sciences Directorate. "The Android smartphones studied by this group of scientists reveals the great need to understand human perception as it relates to their own privacy and security."

 

"The complexity of modern access control mechanisms in smartphones can confuse even security experts," says Jeremy Epstein, lead program director for the Secure and Trustworthy Cyberspace program in NSF's Directorate for Computer and Information Science and Engineering, which funded the research.

 

"Safeguards and protection mechanisms that protect privacy and personal security must be usable by all smartphone users, to avoid the syndrome of just clicking 'yes' to get the job done. The SaTC program encourages research like Dr. Li's and colleagues that helps address security usability challenges."

 

Numbers speak to the amount of unsecured personal data - http://www.nsf.gov/discoveries/disc_summ.jsp?cntn_id=133144&org=NSF&from=news

 

more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman Associates Risk Management Crucial To The Mining Industry’s Growth

Dyman Associates Risk Management Crucial To The Mining Industry’s Growth | Dyman & Associates Projects | Scoop.it

The mining industry has been urged to analyse and understand the risk trend in the sector as a way of mitigating loss of property and revenue.

Valerio Anema's insight:

Managing Director of Marsh Botswana, Fritzgerald Dube, said the mining industry is faced with exposures that need to be identified, measured and controlled economically in order for the mine’s operations to flourish.  Speaking at a mining seminar hosted by Marsh Botswana last week, Dube explained that while the environment in which they operate in is always changing and presenting new threats, they are able to understand risk trends and develop effective programmes. Although a lot of mines have fully fledged risk management departments, Dube noted that mining is a dynamic and ever evolving specialty and that new risk that were not previously anticipated would always evolve.

 

“As such, risk managers need to be forever considering and devising risk management plans for those risks which they have never been exposed to before,” he advised. Dube added that risk managers need to recognise that they play a critical role in ensuring stability of operations and sustained production in whatever environment that they operate in.

 

He underscored the importance of risk management, stating that it is a critical function in all mines. He urged top management to commit to instilling a risk management culture throughout the entire organisation.

 

“Risk management should not be a ‘nice to have’ but rather a ‘must have’ that carries the full weight and support of senior management,” he stressed.

 

However, Dube regretted that the impact of uncertain events on mine productivity is not limited to loss of property and revenue alone, but possible death as well. An earlier report that was issued by a leading reinsurance advisor, Willis Group Holdings, warned mining companies not to be tempted to cut back on their risk management spending as they try to deal with rising costs, falling commodity prices and decreased productivity levels.

 

The report titled, Mining Risk Review 2011, identified the main challenges mining companies are facing. They further stated that the bulk of cost cutting had come from reductions in head office spend, exploration and business development.

 

Weblink:
http://www.mmegi.bw/index.php?aid=46201

 

Go to website
http://dymanassociatesprojects.com/

 

Click Here:
http://www.scribd.com/dyman_associates_projects

 

 

 

more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman Associates Risk Management: Is Your Money Safe?

Dyman Associates Risk Management: Is Your Money Safe? | Dyman & Associates Projects | Scoop.it

Investors risk loosing more money then they think because of hidden risks in their investment management portfolio including lack of understanding about operational risk. This article gives suggestions about how investors can improve their due-diligence to better protect their money.

Valerio Anema's insight:

Is Your Money Safe? Risk Management Blindspots That Cost Investors Dearly

 

Both retail and institutional investors who have survived one or more economic recessions have learned that they cannot select their money managers solely on a demonstrated stream of at or above benchmark returns and that they need to include the underlying risk of their investment portfolio in the formula that calculates expected future value. However, the risk denominator in portfolio management analytics may be underestimated or misestimated because of the following three industry problems:

 

1. The traditional view of risk is disaggregated

 

The traditional view segregates risk into market, credit and operational. In most organizations, both public corporations that issue equity and debt to investors and privately-held asset managers that oversee investors’ money, the various aspects of risk are managed separately. For example, in some typical organizational structures, the Investment Officer is responsible for market risk; the Treasury Officer or CFO for credit risk and the COO for operational risk. Each analyzes and synthesizes risk separately and reports his findings to the Board or Management Committee, leaving them baffled to make sense of the holistic picture. However, risk is not additive or linear and often hot spots in one area may cause undetected issues in other areas.

 

Market, credit and operational risk were interrelated in one of the most notorious examples of risk mismanagement — AIG’s failure to meet its liquidity obligations which led to $170 billion government bailout. AIG was heavily involved in writing CDS with its exposure at the height reportedly reaching $440 billion (market risk), which exceeded what the company could pay in claims when the MBS it insured defaulted leading to a liquidity crunch (credit risk). Additionally, there were signs of inherent operational risks: AIGFP was a minimally regulated and separate hedge fund that leveraged the credit rating of the holding company to place big bets with little reserves. Each one of these issues separately did not pause “crash the car” risk, but in aggregate the market, credit and operational risk factors of AIG could have been lethal to the company and the economy( http://dymanassociatesprojects.com/ ) safe for the subsequent government bailout.

 

2. Regulators are approaching the industry reactively

 

Significant regulatory tightening ensued after the 2008 mortgage crisis. According to some critics, regulators may potentially be looking at risk far more reactively by focusing on the problems that have already manifested than proactively identifying new risks that could cause the next business failure. For example, the Financial Stability Oversight Council (FSOC) so far designated three US financial institutions as Systemically Important Financial Institutions (SIFIs) – GE , Prudential and AIG and imposed on them increased capital requirements. However, the FSOC does not consider large asset managers to be SIFIs.

 

There is some merit to the logic that asset managers do not require as strong of a balance sheet since they do not own the assets they manage and pass through the downside risk to their investors. Yet, it could be argued that the asset managers’ aggregate risk and that their investment processes and technology infrastructure pause systemic risk. For example, over a trillion dollars of passive investments including the iShares brand are managed on Blackrock ’s technology platform Aladdin. It is not hard to foresee the dramatic impact of a major failure of Blackrock’s platform on the US and global economy.

 

3. Operational risks is not adequately represented

 

To manage market risk( http://dymanassociates.blogspot.nl/ ) better, most investors are well aware of basic portfolio hygiene principles including the value of diversification, the importance of looking at volatility driven asset correlation, rebalancing, the criticality of subtracting leverage when assessing quality alpha, the value of protecting for inflation through IL bonds or inflation-hedging assets such as real estate. I would argue that operational risk is as big if not a bigger driver of financial loss as market risk. According to Phillipa Girling, a leading expert on operational risk and author: “operational risk in the headlines in the past few years” is hard to ignore: Notorious examples include “egregious fraud (Madoff, Stanford), breathtaking unauthorized trading (Société Générale and UBS), shameless insider trading (Raj Rajaratnam, Nomura, SAC Capital), stunning technological failings (Knight Capital, Nasdaq Facebook IPO, anonymous cyber‐attacks), and heartbreaking external events (hurricanes, tsunamis, earthquakes, terrorist attacks).” (Operational Risk Successful Framework). Inadequately managed operational risk costs investors, corporations and tax payers billions of dollars:

 

Madoff’s pyramid reportedly cost investors $18 billion and the 2008 government bailout cost taxpayers $700 billion. (New York Times Archives)

 

If the impact of operational risk is undoubtedly large, why do otherwise savvy investors often disaggregate or even completely miss operational risk from the overall expected value analytics of their portfolio and inadvertently accept more risk than they are comfortable with? Part of the problem stems from a lack of a well established methodology to clearly quantify operational risk and integrate it into portfolio management.

 

Imagine creating a unified industry-sponsored score for operational risk similar to a credit score or Moody’s bond ratings, which takes into consideration the fundamental elements of operational risks – people, process, technology, and external events, and quantifies them. That score would then be clearly available for investors along with the returns and market risk of the portfolio leading to a far more accurate valuation. Significant progress toward accountability and transparency could be made if operational risk were to be demystified.

 

How can investors make safer investments?

 

What could investors do in an environment of confusing regulatory requirements and limited transparency around operational risk? For starters, Investors can raise their awareness and employ alternatives to address the information asymmetry in the following ways:

 

1. Select asset managers that demonstrate commitment to operational risk management

 

Certainly some asset managers understand and are willing to invest in operational excellence and risk management( http://dymanassociatesprojects.tumblr.com/ ). For example, in the 2014 Review of the Asset Management Industry, the Boston Consulting Group provides an overview of the shadow model where an asset manager can use two counterparties to manage their middle and back office. At Bridgewater Associates, I co-led the implementation of such a model where the firm aimed to create greater transparency, switchability and stay ahead of the regulatory bodies by outsourcing its back and middle office to both BNY Mellon and Northern Trust. FundFire published an article, Bridgewater Divides Industry with Latest Deal, describing the benefits and open questions about the model. It is still early to say whether the industry will embrace this model more broadly. Similarly to gain an operational excellence edge, Citadel and Tudor invested in a custom-built straight-through processing systems that integrate the trading platforms with the post-trade processes creating greater transparency and reliability. Both are aiming to commercialize their technologies and make these available to smaller money managers who may not be able to afford a large in-house technology development team.

 

More About the Article: http://www.forbes.com/sites/katinastefanova/2014/09/18/is-your-money-safe-risk-management-blindspots-that-cost-investors-dearly/

more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman Associates Risk Management Review on the Best Password Managers for PCs, Macs, and Mobile Devices

Dyman Associates Risk Management Review on the Best Password Managers for PCs, Macs, and Mobile Devices | Dyman & Associates Projects | Scoop.it

"6 local and cloud-based password managers make passwords stronger and online life easier for Windows, Mac, iOS, Android, BlackBerry, and Windows Phone users."


Thanks to high-profile computer security scares such as the Heartbleed vulnerability and the Target data breach, and to the allegations leveled at the government and cloud providers by Edward Snowden, more of us Internet users are wising up about the security of our information. One of the smarter moves we can make to protect ourselves is to use a password manager. It's one of the easiest too.


A password manager won't shield you against Heartbleed or the NSA, but it's an excellent first step in securing your identity, helping you increase the strength of the passwords that protect your online accounts because it will remember those passwords for you. A password manager will even randomly generate strong passwords, without requiring you to memorize or write down these random strings of characters. These strong passwords help shield against traditional password attacks such as dictionary, rainbow tables, or brute-force attacks.


Many password managers allow you to automatically populate your password vault by capturing your Web log-ins using a browser plug-in and allowing you to store these credentials. Other options for populating your password database include importing an Excel spreadsheet or manually entering your log-in information. Further, using these stored credentials is typically automated using a browser plug-in, which recognizes the website's username and password fields, then populates these fields with the appropriate log-in information.


Although several browsers offer similar functionality out of the box, many password managers offer several benefits over the built-in browser functionality -- including encryption, cross-platform and cross-browser synchronization, mobile device support, secure sharing of credentials, and support for multifactor authentication. In some cases, usernames and passwords must be copied from the password manager into the browser, reducing the ease-of-use but increasing the level of security by requiring entry of the master password before accessing stored log-in information.


Some password managers store your credentials locally, others rely on cloud services for storage and synchronization, and still others take a hybrid approach. Some of the options using local storage (such as KeePass and 1Password) still support synchronization through Dropbox or other storage services. Deciding which password manager is best for you will come down to features and ease-of-use, as well as to whether you're comfortable storing your passwords on the Internet.

 

Visit Dyman Associates Risk Management @ http://dymanassociatesprojects.com/

 

Read for more related articles @ http://dymanassociates.blogspot.com

 

Or follow us @ https://twitter.com/dymanassociates

 

more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman Associates Risk Management: 10 lessons learned from major retailers' cyber breaches

Dyman Associates Risk Management: 10 lessons learned from major retailers' cyber breaches | Dyman & Associates Projects | Scoop.it
Insurers wrote layers of major retailers at minimum premiums that now look thin, to say the least. What are the takeaways here for all involved?
Valerio Anema's insight:

There has been extensive adverse publicity surrounding what has become the largest data breach in the retail industry, affecting Target and two other U.S. retailers. In November-December 2013, cyber thieves executed a well-planned intrusion into Target’s computer network and the point-of-sale terminals at its 1,800 stores around the holiday season and successfully obtained not only 40 million customers’ credit and debit card information, but also non-card customer personal data for as many as 70 million customers. In addition, 1.1 million payment cards from Neiman Marcus and 3 million cards used at Michaels were reportedly exposed.

 

The respected Ponemon Institute announced this June it believes that hackers have exposed the personal information of 110 million Americans—roughly half of the nation’s adults—in the last 12 months alone, and this number reflects the impact of major retailer breaches and others in different governmental or business sectors, but does not include hacks revealed in July-August 2014.

 

Get More Info:

http://dymanassociatesprojects.com/

http://dymanassociatesprojects.tumblr.com/

more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman Associates Risk Management Study: Mobile Health Apps Need Risk Assessment, Framework

Dyman Associates Risk Management Study: Mobile Health Apps Need Risk Assessment, Framework | Dyman & Associates Projects | Scoop.it
Researchers at Warwick Medical School in the United Kingdom find that a mobile health application risk assessment model and a framework for supporting clinical use is needed to ensure patient safety and physician reputation. They outline risks associated with mobile health apps and variables that affect such risk factors. FierceHealthIT, Journal of Medical internet Research.
Valerio Anema's insight:

Mobile health applications need a risk assessment model and a framework for supporting clinical use to ensure patient safety and professional reputation, according to a study published in the Journal of Medical Internet Research,  FierceHealthIT reports.

 

Study Details

 

For the study, researchers at Warwick Medical School in the United Kingdom analyzed the current regulatory oversight of mobile apps and identified several different kinds of risks associated with medical apps and ways to address those risks (Mottl, FierceHealthIT, 9/20).

 

The researchers defined a mobile medical app as "any software application created for or used on a mobile device for medical or other health-related purposes."

 

Study Findings

 

The researchers noted that there is not currently a clinically relevant risk assessment framework for mobile health apps, meaning health care professionals, patients and mobile app developers face difficulty in assessing the risks posed by specific apps.

 

They identified several risks associated with using mobile health apps, including:

Hindering professional reputation;Causing possible patient privacy breaches;Resulting in low-quality; andProviding Poor medical advice.

 

The authors also outlined some of the most common variables that can affect those risk factors, including:

Apps that contain inaccurate or out-of-date information;Inappropriate use by patients; andInadequate user education (Lewis et al., Journal of Medical Internet Research, 9/15/14).

 

Of those, the researchers warned that a lack of education poses the biggest threat to patient safety and recommended that health care professionals begin learning about the apps' risks before prescribing their use to patients.

 

Overall, the study's authors called for a formal risk assessment framework for mobile health apps to help reduce the "residual risk" by identifying and implementing various safety measures in the future development, procurement and regulation of mobile apps. They argued that medical apps will flourish in the health care industry after a process has been created to ensure their quality and safety can be "reliably assessed and managed" (FierceHealthIT, 9/20).

 

 

source: http://www.ihealthbeat.org/articles/2014/9/23/study-mobile-health-apps-need-risk-assessment-framework

 

see more; 

 

http://dymanassociatesprojects.com/

http://dymanassociatesprojects.tumblr.com/

https://www.facebook.com/dyamanassociatesproject

more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman Associates Risk Management på Periodiske Sikkerhedsvurderinger

Dyman Associates Risk Management på Periodiske Sikkerhedsvurderinger | Dyman & Associates Projects | Scoop.it
Wondering how and when you should get an information security assessment? Read the IT security tips in our resource section as you draw up a plan.
Valerio Anema's insight:

Du ville ikke ønsker at flyve på et fly, der ikke har haft sin regelmæssige sikkerhed inspektion. Eller tage en tur uden at kontrollere din olie og dæk inflation. Eller gå glip af en årlig tur til lægen – ville du? På samme måde, med jævne mellemrum vurdere din IT-sikkerhed er en vigtig del af din organisations forebyggende vedligeholdelsesplan.

 

Sikkerhed er for det meste en usynlig attribut. Vi har tendens til at sætte det op og derefter glemme alt om det. Men hver af os har vores blinde pletter, får os til at gå glip af ting. Vores infrastruktur ændrer sig over tid, muligvis åbnes for nye sårbarheder. Og nye metoder til angreb er opfundet dagligt, så hvad var sikker i går ikke kan være sikker i dag.

 

Ligesom alle biler kommer med en liste over planlagte vedligeholdelse elementer, bør din IT-organisation har en liste af sikkerhedsfunktioner til revision med regelmæssige mellemrum. Du kan gøre mange af dem selv, men der er ingen erstatning for at have en uafhængig ekspert lejlighedsvis kontrollere for din blinde pletter.

 

Få mere Informaion:

http://dymanassociatesprojects.com/

http://dymanassociatesprojects.tumblr.com/

more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman Associates Risk Management Approach and Plan

Dyman Associates Risk Management – As a management process, risk management is used to identify and avoid the potential cost, schedule, and performance/technical risks to a system, take a proactive and structured approach to manage negative outcomes, respond to them if they occur, and identify potential opportunities that may be hidden in the situation [4]. The risk management approach and plan operationalize these management goals.

 

Because no two projects are exactly alike, the risk management approach and plan should be tailored to the scope and complexity of individual projects. Other considerations include the roles, responsibilities, and size of the project team, the risk management processes required or recommended by the government organization, and the risk management tools available to the project.

 

Risk occurs across the spectrum of government and its various enterprises, systems-of-systems, and individual systems. At the system level, the risk focus typically centers on development. Risk exists in operations, requirements, design, development, integration, testing, training, fielding, etc. (see the SE Life-Cycle Building Blocks section of this Guide). For systems-of-systems, the dependency risks rise to the top. Working consistency across the system-of-systems, synchronizing capability development and fielding, considering whether to interface, interoperate, or integrate, and the risks associated with these paths all come to the forefront in the system-of-systems environment. At the enterprise level, governance and complexity risks become more prominent. Governance risk of different guidance across the enterprise for the benefit of the enterprise will trickle down into the system-of-systems and individual systems, resulting in potentially unanticipated demands and perhaps suboptimal solutions at the low level that may be beneficial at the enterprise level. Dealing with the unknowns increases and the risks associated with these——techniques in the Guide's section on Enterprise Engineering, such as loose couplings, federated architectures, and portfolio management——can help the MITRE SE alleviate these risks.

 

Risk Management in System-Level Programs

 

System-level risk management is predominantly the responsibility of the team working to provide capabilities for a particular development effort. Within a system-level risk area, the primary responsibility falls to the system program manager and SE for working risk management, and the developers and integrators for helping identify and create approaches to reduce risk. In addition, a key responsibility is with the user community's decision maker onwhen to accept residual risk after it and its consequences have been identified. The articles in the Risk Management topic area provide guidance for identifying risk (Risk Identification), mitigating risks at the system level with options like control, transfer, and watch (Risk Mitigation Planning, Implementation, and Progress Monitoring), and a program risk assessment scale and matrix (Risk Impact Assessment and Prioritization). These guidelines, together with MITRE SEs using tools such as those identified in the Risk Management Tools article, will help the program team deal with risk management and provide realism to the development and implementation of capabilities for the users.

 

Risk Management in System-of-Systems Programs

 

Today, the body of literature on engineering risk management is largely aimed at addressing traditional engineering system projects—those systems designed and engineered against a set of well-defined user requirements, specifications, and technical standards. In contrast, little exists on how risk management principles apply to a system whose functionality and performance is governed by the interaction of a set of highly interconnected, yet independent, cooperating systems. Such systems may be referred to as systems-of-systems.

 

A system-of-systems can be thought of as a set or arrangement of systems that are related or interconnected to provide a given capability that, otherwise, would not be possible. The loss of any part of the supporting systems degrades or, in some cases, eliminates the performance or capabilities of the whole.

 

What makes risk management in the engineering of systems-of-systems more challenging than managing risk in a traditional system engineering project? The basic risk management process steps are the same. The challenge comes from implementing and managing the process steps across a large-scale, complex, system-of-systems—one whose subordinate systems, managers, and stakeholders may be geographically dispersed, organizationally distributed, and may not have fully intersecting user needs.

 

How does the delivery of capability over time affect how risks are managed in a system-of-systems? The difficulty is in aligning or mapping identified risks to capabilities planned to be delivered within a specified build by a specified time. Here, it is critically important that risk impact assessments are made as a function of which capabilities are affected, when these effects occur, and their impacts on users and stakeholders.

 

Lack of clearly defined system boundaries, management lines of responsibility, and accountability further challenge the management of risk in the engineering of systems-of-systems. User and stakeholder acceptance of risk management, and their participation in the process, is essential for success.

 

Given the above, a program needs to establish an environment where the reporting of risks and their potential consequences is encouraged and rewarded. Without this, there will be an incomplete picture of risk. Risks that threaten the successful engineering of a system-of-systems may become evident only when it is too late to effectively manage or mitigate them.

 

Frequently a system-of-systems is planned and engineered to deliver capabilities through a series of evolutionary builds. Risks can originate from different sources and threaten the system-of-systems at different times during their evolution. These risks and their sources should be mapped to the capabilities they potentially affect, according to their planned delivery date. Assessments should be made of each risk's potential impacts to planned capabilities, and whether they have collateral effects on dependent capabilities or technologies.

 

In most cases, the overall system-of-systems risk is not just a linear "roll-up" of its subordinate system-level risks. Rather, it is a combination of specific lower level individual system risks that, when put together, have the potential to adversely impact the system-of-systems in ways that do not equate to a simple roll-up of the system-level risks. The result is that some risks will be important to the individual systems and be managed at that level, while others will warrant the attention of system-of-systems engineering and management.

 

Read full Article:
http://www.mitre.org/publications/systems-engineering-guide/acquisition-systems-engineering/risk-management/risk-management-approach-and-plan

 

Read more here:
http://dymanassociatesprojects.com
http://www.linkedin.com/groups/Dyman-Associates-Projects-7415482

 

more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman Associates Risk Management - Preparing A Risk Management Plan And Business Impact Analysis

Dyman Associates Risk Management - Preparing A Risk Management Plan And Business Impact Analysis | Dyman & Associates Projects | Scoop.it

The process of identifying risks, assessing risks and developing strategies to manage risks is known as risk management. A risk management plan and a business impact analysis are important parts of your business continuity plan. By understanding potential risks to your business and finding ways to minimise their impacts, you will help your business recover quickly if an incident occurs.

 

Types of risk vary from business to business, but preparing a risk management plan involves a common process. Your risk management plan should detail your strategy for dealing with risks specific to your business.

 

It's important to allocate some time, budget and resources for preparing a risk management plan and a business impact analysis. This will help you meet your legal obligations for providing a safe workplace and can reduce the likelihood of an incident negatively impacting on your business.

 

This guide outlines the steps involved in preparing a risk management plan and a business impact analysis for your business.

 

Read more news: http://dymanassociatesprojects.com/

 

Visit Us: 

 

http://www.scribd.com/dyman_associates_projects

 

https://twitter.com/dymanassociates

more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman & Associates Risk Management Projects| US government grants $3 million to fight future cyberattacks

Algorithmic vulnerabilities, or the emerging hacking threat, can do a lot of damage on computer systems. It is considered as more complex, more challenging to detect and more effective at damaging different nation’s computer systems.

Additionally, it is extremely hard to detect with the existing security technology according to the Dyman & Associates Risk Management Projects (http://dymanassociatesprojects.com/).

These attacks can only be achieved by hackers hired by nation states which have resources essential to mount them, but perhaps not for very long.

Computer scientists at the University of Utah and University of California, Irvine are given $3 million by the U.S. Department of Defense to produce software that will detect or fight future cyberattacks.

The University of Utah team will be composed of 10 faculty members, postdoctoral and graduate students. Of the $3 million grant, which is over four years, $2 million will go to the Utah team and $1 million to the Irvine team.

The project is funded by the Defense Advanced Research Projects Agency (DARPA) in a new program called STAC, or Space/Time Analysis for Cybersecurity.

The team is tasked with creating an analyzer that can fight so-called algorithmic attacks that target the set of rules or calculations that a computer must follow to solve a problem.

The analyzer needs to perform a mathematical simulation to predict what’s going to happen in case there is an attack and it must conduct an examination of computer programs to detect algorithmic vulnerabilities or “hot spots” in the code. It is more like a spellcheck but for cybersecurity.

University of Utah’s associate professor of computer science and a co-leader on the team, Matt Might said that the military is looking ahead at what’s coming in regards of cybersecurity and it seems like they’re going to be algorithmic attacks. He also stated that the current state of computer security (http://dymanassociatesprojects.com/blog/) is a lot like doors unlocked into the house so there’s no point getting a ladder and scaling up to an unlocked window on the roof.

"But once all the doors get locked on the ground level, attackers are going to start buying ladders. That's what this next generation of vulnerabilities is all about."

Hackers will make use of programmers’ mistakes while creating their programs on the software. For instance, the software will get a programming input crafted by a hacker and use it without automatically validating it first which can result in a vulnerability giving the hacker access to the computer or causing it to leak information.

Algorithmic attacks are very different since they don’t need to find such conventional vulnerabilities. For instance, they can secretly track how much energy a computer is utilizing and use that information to gather sensitive data that the computer is processing, or they can secretly track how an algorithm is running within a computer. These attacks can also drive central processing unit (CPU) to overwork, or they can disable a computer by forcing it to use too much memory.

Suresh Venkatasubramanian, who is also a co-leader from the team, states that these algorithmic attacks are very devious because they could exploit weaknesses in how resources like space and time are utilized in the algorithm.

Algorithmic attacks are really complex, costly, and use the most amount of time, so most hackers these days are not using this kind of attacks however, they take the easier route of exploiting current vulnerabilities.

more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman Associates Risk Management Review : The Unfolding Role of Risk Managers -- New Demands, New Talent

Dyman Associates Risk Management Review : The Unfolding Role of Risk Managers -- New Demands, New Talent | Dyman & Associates Projects | Scoop.it

Melissa Sexton, CFA is the head of Product and Investment Risk for Morgan Stanley MS +1.21% Wealth Management. Prior to this, she spent nearly a decade serving as Chief Risk Officer at two different hedge funds in New York. Most of Melissa’s 25 years of experience has been in a variety of risk management( http://dymanassociatesprojects.com/mobile_risk.html ) roles, though she has also traded derivatives and worked in operations, and has continuously worked on projects which integrate risk management with information technology. Ms. Sexton is a member of PRMIA New York’s steering committee, received a BA in Mathematics and Economics from Boston University, and was awarded her CFA charter in 2001.

 

Christopher Skroupa: You started your career in risk management in the 1990s, a decade notable for rapid changes in information technology combined with extraordinary growth and development of financial products. How have these changes affected the risk management function over your career?

 

Melissa Sexton: The changes have been significant and continue to be. When I started in the field, the most sophisticated financial instrument was an exchange-traded option – a standardized product with fully transparent pricing and contract terms. Software for standardized products can be commoditized and developed fairly quickly, but products with multiple triggers and non-standard underlyings meant that technology and risk models needed to be flexible and much more complex. And risk managers needed to be knowledgeable not only about valuation models and the nuances of different financial markets, but needed to have more of an enterprise view of risk. The risk function in the early nineties was largely focused on managing market and credit risks, but the massive growth of over-the-counter (OTC) derivatives, also known as off-exchange trading, led to increased counterparty, operational and liquidity risks. It also led to a need for enhanced Know your Customer (KYC) controls, which support a business in verifying the identity of its clients, to manage reputational risk.

 

Skroupa: Can you compare and contrast your previous role of chief risk officer at a hedge fund with your current role managing investment and product risk at a large, complex organization like Morgan Stanley Wealth Management?

 

Sexton: In many ways, the roles are quite similar because most risk management positions require a blend of quantitative and financial expertise, technology and communication skills. It will always be essential that risk managers are able to influence behavior. But the biggest difference I experienced while working at hedge funds was the emphasis on stress testing and liquidity risk management – both fund liquidity and asset liquidity. This is because of the higher leverage employed in most hedge fund strategies and the prevalent use during the financial crisis of gate provisions, which limited the amounts clients could withdraw from funds. I worked closely with clients during this hectic period which gave me insights into their unique needs and circumstances.

 

At Morgan Stanley Wealth Management (MSWM), we are also focused on individual client needs and circumstances, but the size and scale of this business differs materially. With more than 16,000 financial advisors and approximately $2 trillion in client assets, we need to focus on clients and their accounts, but also financial advisors, financial markets and the multitude of investment products and solutions we offer. Continue reading:  http://www.forbes.com/sites/christopherskroupa/2015/03/16/the-unfolding-role-of-risk-managers-new-demands-new-talent/

 

For more reviews from Dyman Associates Risk Management, visit:

https://twitter.com/dymanassociates

https://www.linkedin.com/groups/Dyman-Associates-Risk-Management-Projects-7415482

more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman & Associates Risk Management Projects: Google Lease Navy Base for 60 Yrs

Dyman & Associates Risk Management Projects: Google Lease Navy Base for 60 Yrs | Dyman & Associates Projects | Scoop.it

Google has secured the lease of a NASA airbase in San Francisco for 60 years, possibly to house their upcoming space-exploration vehicles and robotics research.

 

The agency's press release at Dyman & Associates Risk Management Projects indicated that the lease, which will cost the tech giant $ 1.16 billion, is for " research, development, assembly and testing in the areas of space exploration, aviation, rover/robotics and other emerging technologies".

NASA Administrator Chris Bolden said, "As NASA expands its presence in space, we are making strides to reduce our footprint here on Earth." He added that the agency wants "to invest taxpayer resources in scientific discovery, technology development and space exploration – not in maintaining infrastructure no longer needed."

 

According to the report, a real-estate offshoot of Google called Planetary Ventures will be managing the Moffett airbase and will take over the $200 million improvement to the site, which includes educational facilities to let the public "explore the site's legacy".

 

The 1,000 acres of airfield in the southern part of SF Bay include two runways, a golf course, office space, NASA's Ames research center and three hangars, one of which is the iconic Hangar One. It's expected that the agency will save around $6 million worth of operation and maintenance expenses per year because of the lease.

 

Hangar One is one of the biggest freestanding edifice which covers 8 acres and was constructed in the 1930s for US naval airships. In 1966, it was recognized as a US Naval Historical Monument but has recently been placed as an endangered historic place according to a Dyman & Associates Risk Management Projects' press release.

 

“GSA was proud to support NASA in delivering the best value to taxpayers while restoring this historic facility and enhancing the surrounding community," said Dan Tangherlini of the US General Services Administration.

 

The Moffett lease shouldn't really come as a surprise as it's practically just next to Googleplex HQ. In fact, it's already servicing private jets owned by the company's executives such as Sergey Brin, Larry Page and Eric Schmidt.

 

Both Brin and Page, the firm's co-founders, are evidently interested in space exploration and aviation as shown by their X Lab's Project Loon and Project Moonshot. Their company has also acquired satellite and robotics firms recently such as Meka Robotics and Redwood Robotics.

 

NASA and Google have also previously teamed up in 2005 when the latter made office at the agency's research facility and launch a new lab.

 

Visit Dyman & Associates Risk Management Projects @ http://dymanassociatesprojects.com/ and read for more related topics @ http://dymanassociatesprojects.com/blog/

more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman Associates Risk Management Review: Office 365 Getting Mobile Device Management, Security Boosts

Microsoft on Tuesday unveiled several upcoming Office 365 improvements, including mobile device management (MDM) and data loss protection (DLP) controls.
Valerio Anema's insight:

Microsoft on Tuesday unveiled several upcoming Office 365 improvements, including mobile device management (MDM) and data loss protection (DLP) controls.

 

The announcements were made during the Day 1 keynote of the Microsoft TechEd Europe conference, taking place this week in Barcelona. Julia White, general manager of Microsoft Office, took the stage to demonstrate the ability to connect the cloud-based Azure Active Directory (AD) service with an on-premises Active Directory in "six clicks" during a setup process. With Azure AD in place, IT pros can have their security and auditing functions in one place, she said.

 

White also described the ability to edit policies for MDM. The policies get embedded into managed apps, such as Office for iPad apps, she said, and the capability will be "natively built into Windows 10." For instance, IT pros can set copy and paste restrictions on managed apps to protect company data.

 

White also talked about the coming DLP capabilities. With DLP, IT pros have access to Office 365 console reports, which show the rules that can be set up. They also show if users are trying to override the rules. If they are, IT pros can modify the policies to add additional restrictions, if wanted. For instance, restrictions can be set regarding the disclosure of credit card information. Alerts can be set up, as well. End users will get policy tips, so they will become aware of the policy restrictions set by IT.

 

These Office 365 capabilities are being rolling out at various times, but the target date seems to be the first quarter of next year.

 

Data Loss Prevention

Microsoft already has some DLP capabilities in its OneDrive for Business and SharePoint Online services, including an e-discovery capability. However, the capability to add policy restrictions that can block and restrict access to content will be rolled out in these apps "in the coming months," according to a Microsoft blog post on DLP.

 

The first app to get the new DLP controls will be Excel, followed by Word and PowerPoint. DLP will work "natively" in Office applications, Microsoft is promising, and the protection scheme will work at the file level, as well as for e-mail, document libraries or OneDrive for Business folders.

 

IT pros will have access to built-in DLP templates to add rules. They can review incident reports showing attempted policy overrides. Additional policy controls for Office 365, such as information rights management, will arrive in the first quarter of 2015.

 

File Classifications

Microsoft also plans to extend its file classification infrastructure capability of the Windows File Server to Exchange Online, OneDrive for Business and SharePoint Online, starting in the first quarter of 2015. Office documents can be classified using this scheme and policies can be set to avoid information disclosure.

 

OneDrive for Business and SharePoint Online also have "advanced encryption at rest," which is a capability that Microsoft calls "per-file encryption." Per-file encryption creates a key for every file stored. It also creates a new key for any variants of those files.

 

More related content:

http://dymanassociatesprojects.com/mobile_sec.html

https://twitter.com/dymanassociates

http://dymanassociatesprojects.tumblr.com/

more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman Associates Risk Management Crucial To The Mining Industry’s Growth

Dyman Associates Risk Management Crucial To The Mining Industry’s Growth | Dyman & Associates Projects | Scoop.it
The mining industry has been urged to analyse and understand the risk trend in the sector as a way of mitigating loss of property and revenue.
Valerio Anema's insight:

Managing Director of Marsh Botswana, Fritzgerald Dube, said the mining industry is faced with exposures that need to be identified, measured and controlled economically in order for the mine’s operations to flourish.  Speaking at a mining seminar hosted by Marsh Botswana last week, Dube explained that while the environment in which they operate in is always changing and presenting new threats, they are able to understand risk trends and develop effective programmes. Although a lot of mines have fully fledged risk management departments, Dube noted that mining is a dynamic and ever evolving specialty and that new risk that were not previously anticipated would always evolve.

 

“As such, risk managers need to be forever considering and devising risk management plans for those risks which they have never been exposed to before,” he advised. Dube added that risk managers need to recognise that they play a critical role in ensuring stability of operations and sustained production in whatever environment that they operate in.

 

He underscored the importance of risk management, stating that it is a critical function in all mines. He urged top management to commit to instilling a risk management culture throughout the entire organisation.

 

“Risk management should not be a ‘nice to have’ but rather a ‘must have’ that carries the full weight and support of senior management,” he stressed.

 

However, Dube regretted that the impact of uncertain events on mine productivity is not limited to loss of property and revenue alone, but possible death as well. An earlier report that was issued by a leading reinsurance advisor, Willis Group Holdings, warned mining companies not to be tempted to cut back on their risk management spending as they try to deal with rising costs, falling commodity prices and decreased productivity levels.

 

The report titled, Mining Risk Review 2011, identified the main challenges mining companies are facing. They further stated that the bulk of cost cutting had come from reductions in head office spend, exploration and business development.

 

On the same topic, Botswana Confederation of Commerce and Manpower (BOCCIM) CEO Maria Machailo-Ellis acknowledged that the mining industry had been experiencing fatal accidents around the country. She however noted that they had moved ahead with efforts to prevent recurrence.

 

Marsh Botswana was established in 1984 and is a subsidiary of Marsh & McLennan Companies, a world leader in delivering risk and insurance services and solutions. Marsh currently provides insurance brokerage and risk advisory services to over 70 percent mines across the globe.

 

 

Weblink:
http://www.mmegi.bw/index.php?aid=46201

 

Go to website
http://dymanassociatesprojects.com/

 

Click Here:
http://www.scribd.com/dyman_associates_projects

 

more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman Associates Risk Management-Reserve Bank Warns Rising House Prices and Investors Could Hurt Economy

Dyman Associates Risk Management-Reserve Bank Warns Rising House Prices and Investors Could Hurt Economy | Dyman & Associates Projects | Scoop.it

The Reserve Bank has warned that soaring housing prices and rapidly growing investor activity could pose risks to the economy.

 

The RBA said low interest rates, rising house prices and competition among lenders had translated into a strong pick-up in lending to property investors, particularly in Sydney and Melbourne, creating an imbalance.

 

Households had become increasingly willing to take on risk and debt this year, the RBA said.

 

It attributed the pick-up in household credit growth to being almost entirely driven by investor housing credit, which was growing at its fastest pace since 2007.

 

“The composition of housing and mortgage markets is becoming unbalanced,” the RBA said in its biannual financial stability review on Wednesday.

 

It has begun talks with the Australian Prudential Regulation Authority (Apra) about how to reinforce sound lending practices for property purchases.

 

Risks to financial institutions would increase if high rates of lending growth persisted or increased.

 

“The apparent increase in the use of interest-only loans by both owner-occupiers and investors might also be consistent with increasingly speculative motives behind current housing demand,” the RBA said.

 

“At this stage the main risk from this strong investor activity appears to be that the extra demand may exacerbate the housing price cycle and increase the potential for prices to fall later.”

 

That could pose risks to the economy if people reacted to declines in their wealth and loan repayment difficulties by cutting back on their spending.

 

Households that could be most affected were not necessarily the ones taking out loans, it added.

 

There was also the risk that the increased demand would lead to too much construction and an eventual oversupply of housing, but this was more likely to affect specific local markets, particularly Melbourne.

 

The RBA said the rise in investor activity had probably priced some potential first-home buyers out of the market.

 

The willingness of some households to take on more debt, combined with slower wage growth, meant the debt-to-income ratio had picked up a little in the past six months.

 

“While this ratio is still within its range of the past eight years at around 150%, it is historically high and hence any further increases in household indebtedness would be taking place from an already high base,” it said.

 

The RBA warned banks to be cautious about their lending practices.

 

“It is important for macroeconomic and financial stability that banks set their risk appetite and lending standards at least in line with current best practice, and take into account system-wide risks in property markets in their lending decisions,” it said.

 

In the past year Apra had increased the intensity of supervision around housing market risks facing banks.

 

It is also working on new guidance for sound risk management practices in mortgage lending.

 

“The characteristics and risk profile of households investment property exposures warrant close examination given the recent strength of investor demand for housing,” the RBA said.

 

Visit Us: 

http://dymanassociatesprojects.com/

 

https://twitter.com/dymanassociates

 

http://www.scribd.com/dyman_associates_projects

 

more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman Associates Risk Management: The Basics of WHS Risk Management

Prior to the modernisation of industry, managers were understandably primarily concerned with performance and cost.

Workplace safety (WHS) unfortunately was often only considered when it affected any goals associated with performance and cost. With the passage of time and gradually increasing awareness of worker rights, employee health, safety and well-being has of course also gained additional attention.

There are various reasons for managing WHS risk. Typically they are summarised into one of four main groups:

- Ethical and moral: accident prevention is undertaken to prevent injury to personnel purely as the result of humane considerations.
- Legal: legislation places a number of duties on various persons and failure to carry out these duties can result in fines and, in extreme cases, imprisonment.
- Financial: the costs of an injury are made up by two parts the direct cost (cost associated with medical treatment, and damage) and the indirect cost (time spent on investigations, lost production retraining).
- General business considerations: these could be considered as financial, but given the difficulty in quantifying them, they are best kept separate. They generally relate to the organisation’s corporate image and reputation. Poor health and safety systems and outcomes affect many stake holders including employees, customers, insurance companies, as well as investors and financiers.

WHS risk management (http://sourceable.net/the-basics-of-whs-risk-management/) is concerned with providing a structured systematic approach to decision making with respect to WHS issues. The strength of applying a systematic risk management approach to WHS issues is that it combines technical, consultative and managerial approaches into processes that support informed, consistent and defensible decision-making.

The WHS Risk Management Process can be introduced at any time, but good practice dictates the process should be commenced at the earliest possible time. Whether designing a piece of plant or a whole facility, the risk management (http://dymanassociatesprojects.com) process of hazard identification, risk assessment, control, and review should be incorporated at the design / planning stage.

WHS Risk Management includes the process concerned with identifying, analysing and responding to WHS risk. The primary objective is to eliminate or minimise the consequences of adverse effects (injury, illness or property damage) on employees or the workplace. This consists of the following major steps also known as the Risk Management Process Model:

- Establish the context: establish the strategic, organisational and risk management context in which the rest of the process will follow.
- Identify risks: identify what, why and how thinks can arise that will be the basis for further analysis.
- Assess risks: determine the existing controls and analyses in terms of consequences and likelihood in the context of those controls. Typically, the analysis should take into account a number of potential consequences and how likely those consequences are to occur.
- Evaluate risks: compare the levels of risk against a pre-established criteria. This allows risks to be ranked so to identify management priorities.
- Treat risk: allow for the development of specific management plans to control the risk by way of elimination or minimisation strategies.
- Monitoring and review.
- Communication and Consultation.

By implementing systematic WHS Risk Management activities, organisations are able to better understand operations and their associated hazards as well as afford greater flexibility with regard to the methods used to control risks and the costs of implementing those controls.

With the increased ability to respond effectively to organisational changes, both internal and external to the organisation, WHS risk management may lead to a myriad of direct benefits including:

- Reducing injury and illness to employees and the community
- Saving money and adding value by more effective allocation of resources
- Improving the quality of information available for making decisions
- Improving the understanding of WHS risks throughout the organization
- Complying with WHS legislation and the ability to better to demonstrate this
- Improving the organization’s image and reputation
- Improving accountability and transparency of decision-making

Possible broader and longer term benefits of an effective OHS risk management program are:

- Effective strategic planning as a result of increased knowledge and understanding of key risk exposures
- Lower workers’ compensation costs because undesirable OHS outcomes are foreseen and addressed
- Improved audit processes
- Better outcomes in terms of the effectiveness, efficiency, and appropriateness of OHS programs, i.e. programs targeting key risk areas
- Improved communication, both within the organization and between the organization and its external stakeholders

WHS Risk Management is a foundation of an organisation and it touches all facets of an organisation’s activities. For this reason, careful planning is required in the development and implantation of a WHS Risk Management program.

Successful WHS risk management requires a sensible and straight forward approach. The purpose of implementation should not only be seen as a compliance requirement but also as a key business tool in adding value to the organisation objectives.

WHS Risk Management should include regular reviews of all WHS aspects of an organisation’s activities. The effectiveness of the WHS Risk Management Process should be monitored and documented in order to ensure that the risk management strategies continue to be relevant to the organisation’s activities that affect WHS.

more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman Associates Risk Management: Fundamentals of cloud security

Dyman Associates Risk Management: Fundamentals of cloud security | Dyman & Associates Projects | Scoop.it

For many companies, security is still the greatest barrier to implementing cloud initiatives. But it doesn't have to be.

Valerio Anema's insight:

For many companies, security is still the greatest barrier to implementing cloud initiatives. But it doesn't have to be.

 

Organisational pressure to reduce costs and optimise operations has led many enterprises to investigate cloud computing as a viable alternative to create dynamic, rapidly provisioned resources powering application and storage platforms. Despite potential savings in infrastructure costs and improved business flexibility, security is still the greatest barrier to implementing cloud initiatives for many companies. Information security professionals(

http://dymanassociatesprojects.com/

 ) need to review a staggering array of security considerations when evaluating the risks of cloud computing.

 

With such a broad scope, how can an organisation adequately assess all relevant risks to ensure that their cloud operations are secure? While traditional security challenges such as loss of data, physical damage to infrastructure, and compliance risk are well known, the manifestation of such threats in a cloud environment can be remarkably different. New technologies, combined with the blurring of boundaries between software-defined and hardware infrastructure in the datacentre, require a different approach.

 

One of the first steps towards securing enterprise cloud is to review and update existing IT polices to clearly define guidelines to which all cloud-based operations must adhere. Such policies implement formal controls designed to protect data, infrastructure, and clients from attack, and enable regulatory compliance. Government bodies such as NIST, the US Department of Commerce, and the Australian Government Department of Finance and Deregulation (PDF) have produced cloud computing security documents that outline comprehensive policies for their departments, which can be a useful starting point for implementing a corporate policy.

 

It is important to recognise that cloud security policies should provide protection regardless of delivery model. Whether building private, public, or hybrid cloud environments within the enterprise, cloud security is the joint responsibility of your organisation and any cloud service providers you engage with. When conducting due diligence on third-party cloud service providers, carefully review the published security policies of the vendor and ensure that they align with your own corporate policies.

 

A fundamental security concept employed in many cloud installations is known as the defence-in-depth strategy. This involves using layers of security technologies and business practices(

http://dymanassociatesprojects.tumblr.com/

 ) to protect data and infrastructure against threats in multiple ways. In the event of a security failure at one level, this approach provides a certain level of redundancy and containment to create a durable security net or grid. Security is more effective when layered at each level of the cloud stack.

 

When implementing a cloud defence-in-depth strategy, there are several security layers that may be considered. The first and most widely known protection mechanism is data encryption. With appropriate encryption mechanisms, data stored in the cloud can be protected even if access is gained by malicious or unauthorised personnel. A second layer of defence is context-based access control, a type of security policy that filters access to cloud data or resources based on a combination of identity, location, and time. Yet another popular security layer in cloud-based systems is application auditing. This process logs all user activity within an enterprise application and helps information security personnel detect unusual patterns of activity that might indicate a security breach. Finally, it is critical to ensure that all appropriate security policies are enforced as data is transferred between applications or across systems within a cloud environment.

 

Unfortunately, there is no one-size-fits-all solution for cloud security that can protect all of your IT assets. Nor is it wise to adopt a closed-perimeter approach. Organisations can no longer rely on firewalls as a single point of control, and security practices(

http://dymanassociates.blogspot.nl/

 ) must expand beyond the datacentre to include key control points for endpoints accessing the cloud and edge systems. When incorporating third-party public and hybrid cloud solutions in your enterprise IT strategy, you cannot assume that the security policies of these service providers meet the standards and levels of compliance required. Make sure you spell out and can verify what you require and what is delivered. Read More - 

http://www.zdnet.com/fundamentals-of-cloud-security-7000033710/

more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman Associates Risk Management : So You Think You Have a Point of Sale Terminal Problem?

If your company has a Point of Sale (POS) terminal anywhere in its infrastructure, you are no doubt aware from the active media coverage that malware attacks have been plaguing POS...
Valerio Anema's insight:

If your company has a Point of Sale (POS) terminal anywhere in its infrastructure, you are no doubt aware from the active media coverage that malware attacks have been plaguing POS systems across the country.

 

Just within the past week, the New York Times has reported that:

- Companies are often slow to disclose breaches, often because of the time involved in immediately-required investigations;
- Congress is beginning to make inquiries of data breach victim companies; and


- Even those companies who have conducted cybersecurity risk assessments still get attacked, often during the course of implementing new solutions to mitigate potential problems and protect their customers’ payment cards or other personal information.


- Former employees can be a source of information to the media about your efforts to investigate and secure your POS systems.

No Quick Fix

 

Even the best intentions, most competent efforts and unlimited budgets cannot fix a problem such as this overnight. These fixes take time, and have become an unavoidable symptom of having POS terminals.

 

What should your company do?

 

(1) Launch a cybersecurity risk assessment, if you have not yet done so.

 

(2) Protect your risk calculations by engaging outside counsel and qualified cybersecurity experts to provide legal risk advice protected by the attorney-client privilege. Keep C-suite executives and Boards of Directors informed.

 

The outside counsel, together with experts, should:

 

- educate and advise directors and executives on legal and business risks associated with your company’s particular threats and vulnerabilities;


- engage a qualified, experienced external cybersecurity team to review technical infrastructure and identify vulnerabilities stratified and prioritized by risk, likelihood of being exploited, and costs and time involved in remedying each one;


- review operational procedures across a multi-disciplinary team in your company, which are often overlooked and can have the greatest impact on the overall health of your risk profile;


- help identify the most sensitive categories of information in your organization and develop data governance procedures tailored to your organization to add yet another layer of protection for your most sensitive assets;


- regularly remind your team members, including from your third-party vendors engaged by counsel, about privilege and confidentiality obligations.

 

(3) Treat cybersecurity risk assessments and remediation efforts as an iterative process. Constantly review your multi-disciplinary team’s recommendations as they change week by week or day by day. Re-evaluate the spend allocated based on updated information about your risk landscape as the investigation and assessment progresses.

 

(4) Stay informed about updated regulatory requirements and case law on cybersecurity and privacy. Ensure stakeholders understand these updates and charge them with implementing appropriate changes in their domains.

 

(5) Recognize that there is no such thing as perfect security, but that there is a tipping point over which your company will move outside the category of high-risk operations and into a safe zone.

 

(6) Allocate the necessary resources to get the job done – and done well. If your company goes an extra mile in building security policies, procedures and technology that are better than industry standard, you can use your low risk profile as a market differentiator. In addition to reducing litigation and reputational risks, validated strong security will increase customer confidence and loyalty.

 

(7) Review your insurance policies for adequate coverage to address interim risks. While reputational risk cannot be insured against, insurance can be very valuable in the event of a breach.

 

In the retail industry in particular, the widespread compromises in Point of Sale Terminals resulting in staggering amounts of payment card theft is a hallmark of 2014. A decrease in brand reputation alone is too high a cost to ignore. If your company is – very understandably – not equipped to tackle the daunting task of finding and prioritizing vulnerabilities and choosing the best cybersecurity governance and technical plans, find someone who is.

 

Content source:
http://www.jdsupra.com/legalnews/so-you-think-you-have-a-point-of-sale-te-80610/

 

Read more realted articles:
http://www.linkedin.com/groups/Dyman-Associates-Projects-7415482

http://dymanassociatesprojects.tumblr.com/

 

More at http://dymanassociatesprojects.com/

more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman Associates Risk Management: A Mobility Checkup

Dyman Associates Risk Management: A Mobility Checkup | Dyman & Associates Projects | Scoop.it

Notes from the Healthcare Innovation Challenge

Valerio Anema's insight:

I recently attended the Healthcare Innovation Challenge where I met some customers and took a look at various healthcare IT challenges and innovations. I came away with a couple of strong impressions about the role of mobility in healthcare, in addition to some best practices for healthcare companies to follow.

 

First, it was exciting to see how integrated mobility is with the core mission of many of the companies, and how important it has become for healthcare workers to be untethered from a PC or workstation. For example, a medical scanning and data collection company can now run its scanners from a remote location using tablets, which has increased safety by enabling technicians to review data in real-time without being in the same room as the diagnostic equipment. Tablets have also increased efficiency and productivity by enabling fewer technicians to monitor multiple scanners, and the touch user interface—swiping and pinching to analyze the scans, for example—is far preferable to traditional mouse clicks.

 

Another company provides brain exercises—in the form of role-playing games—for patients who have experienced brain trauma. The games are played exclusively on tablets, offering more flexibility for patients and providing a familiar, effective and fun user interface that encourages usage.

 

Many companies at the event made it clear that they still face major challenges to mobility. HIPAA and other privacy regulations require every mobile strategy involving patient data to meet stringent requirements. Is patient data stored on a device? How is it secured? Can non-authorized users access private information? Can the compliance of the device be validated?

 

In developing a security strategy for their mobile devices, healthcare companies struggle with choosing among various options, including a secure workspace and virtualization. Virtualization stores no information on the device, while a secure workspace stores data on the device in a protected container, which IT can wipe (though not a user’s personal information) if necessary. Fortunately, organizations aren’t limited to one path—many use both solutions for users with different risk profiles.

Another difficulty for many healthcare providers is that tech-savvy workers, especially doctors and nurses, are driving the demand for mobility, putting significant pressure on IT to move more rapidly than they otherwise would

 

So how can healthcare companies overcome these challenges? Consider these simple best practices:

 

Map out all your different use cases—including what users want—and study the available technologies. Then choose the mix of solutions that satisfies your needs.


Don’t consider just today’s use cases. Anticipate future innovations. For example, some devices already have built­-in heart-rate monitors. Other biometric capabilities coming to devices include identifying fingerprints, faces, voices and irises. To keep progressing on your mobility journey, track the technologies in development and plan for how to integrate them into your workflows.


Don’t fall into the trap of feeling that you can’t deal with the explosion of new capabilities. By focusing on users and workflows, you can look at every new capability as an opportunity to improve productivity, drive down costs and improve the ways healthcare is delivered.

 

Content Source:
http://www.cio.com/article/2687195/healthcare-it/a-mobility-checkup.html

 

Read more:
https://twitter.com/dymanassociates
http://www.scribd.com/dyman_associates_projects
http://dymanassociatesprojects.com/

more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman Associates Risk Management: what is Risk Management

A comprehensive overview of Risk Management covers definition, goals, strategies & solutions.

Valerio Anema's insight:

The Importance of Risk Management to Business Success

Risk management is an important part of planning for businesses. The process of risk management is designed to reduce or eliminate the risk of certain kinds of events happening or having an impact on the business.

 

Definition of Risk Management

 

Risk management is a process for identifying, assessing, and prioritizing risks of different kinds. Once the risks are identified, the risk manager will create a plan to minimize or eliminate the impact of negative events. A variety of strategies is available, depending on the type of risk and the type of business. There are a number of risk management standards, including those developed by the Project Management Institute, the International Organization for Standardization (ISO), the National Institute of Science and Technology, and actuarial societies.

 

Types of Risk

 

There are many different types of risk that risk management plans can mitigate. Common risks include things like accidents in the workplace or fires, tornadoes, earthquakes, and other natural disasters. It can also include legal risks like fraud, theft, and sexual harassment lawsuits. Risks can also relate to business practices, uncertainty in financial markets, failures in projects, credit risks, or the security and storage of data and records.

 

Goals of Risk Management

 

The idea behind using risk management practices is to protect businesses from being vulnerable. Many business risk management plans may focus on keeping the company viable and reducing financial risks. However, risk management is also designed to protect the employees, customers, and general public from negative events like fires or acts of terrorism that may affect them. Risk management practices are also about preserving the physical facilities, data, records, and physical assets a company owns or uses.

 

Process for Identifying and Managing Risk

 

While a variety of different strategies can mitigate or eliminate risk, the process for identifying and managing the risk is fairly standard and consists of five basic steps. First, threats or risks are identified. Second, the vulnerability of key assets like information to the identified threats is assessed. Next, the risk manager must determine the expected consequences of specific threats to assets. The last two steps in the process are to figure out ways to reduce risks and then prioritize the risk management procedures based on their importance.

 

Strategies for Managing Risk

 

There are as many different types of strategies for managing risk as there are types of risks. These break down into four main categories. Risk can be managed by accepting the consequences of a risk and budgeting for it. Another strategy is to transfer the risk to another party by insuring against a particular, like fire or a slip-and-fall accident. Closing down a particular high-risk area of a business can avoid risk. Finally, the manager can reduce the risk's negative effects, for instance, by installing sprinklers for fires or instituting a back-up plan for data.

 

Having a risk management plan is an important part of maintaining a successful and responsible company. Every company should have one. It will help to protect people as well as physical and financial assets.

 

Source:
http://www.whatisriskmanagement.net

 

More related:
http://dymanassociatesprojects.com
https://www.facebook.com/dyamanassociatesproject

 

more...
No comment yet.
Scooped by Valerio Anema
Scoop.it!

Dyman Associates Risk Management on How to Develop a Risk Management Plan

Dyman Associates Risk Management on How to Develop a Risk Management Plan | Dyman & Associates Projects | Scoop.it

Developing an effective Risk Management Plan can help keep small issues from developing into emergencies. Different types of Risk Management Plans can deal with calculating the probability of an event, and how that event might impact you,...

Valerio Anema's insight:

Developing an effective Risk Management Plan can help keep small issues from developing into emergencies. Different types of Risk Management Plans can deal with calculating the probability of an event, and how that event might impact you, what the risks are with certain ventures and how to mitigate the problems associated with those risks. Having a plan may help you deal with adverse situations when they arise and, hopefully, head them off before they arise.

 

Additional hints:

http://dymanassociatesprojects.com/

http://www.scoop.it/t/dyman-associates-projects/

 

more...
No comment yet.