Synergy Associates

Welcome to SCQAA Webinar- Unconventional Risks! Presented by Eli Dabich

Welcome to SCQAA Webinar- Unconventional Risks! Presented by Eli Dabich

August 18, 2010August 18, 2010

SCQAA-SF (www.scqaa.net) chapter sponsors sharing of information to promote and encourage quality improvement in information technology practices and principles through networking, training and professional development. 

Networking: We meet once in every other month in San Fernando Valley.

Check us out on LinkedIn (SCQAA-SF) Contact Sujit at sujit58@gmail.com or call 818-878-

0834

SCQAA-SF (www.scqaa.net) chapter sponsors sharing of information to promote and encourage quality improvement in information technology practices and principles through networking, training and professional development. 

Networking: We meet once in every other month in San Fernando Valley.

Check us out on LinkedIn (SCQAA-SF) Contact Sujit at sujit58@gmail.com or call 818-878-

0834

About SCQAA-SF- A Not-for Profit Organization

About SCQAA-SF- A Not-for Profit Organization

04/10/232

Presenter: Steve Bender, President of The Quality Connection, Former Senior Examiner for New York State's Excelsior Award and veteran in Quality Assurance

Topic: “Addressing the Top Ten Testing Challenges” Venue: Bank of America Bldg 2 at: 

29851 Agoura Rd.Agoura Hills, CA 91302

Presenter: Steve Bender, President of The Quality Connection, Former Senior Examiner for New York State's Excelsior Award and veteran in Quality Assurance

Topic: “Addressing the Top Ten Testing Challenges” Venue: Bank of America Bldg 2 at: 

29851 Agoura Rd.Agoura Hills, CA 91302

Future Events- 23rd September 2010

Future Events- 23rd September 2010

04/10/233

Membership Benefits:Membership Benefits:

Excellent speaker presentations on advancements in technology and methodology

Networking opportunities PDU, CSTE and CSQA credits Regular meetings are free for members and

include dinner

Excellent speaker presentations on advancements in technology and methodology

Networking opportunities PDU, CSTE and CSQA credits Regular meetings are free for members and

include dinner

04/10/234

Membership PolicyMembership Policy

Recently revised our membership dues policy to better accommodate member needs and current economic conditions.

Annual membership is $50, or $35 for those who are in between jobs.

Please check your renewal with Cheryl Leoni- cherlleoni@aol.com .

If you have recently joined or renewed, please check before renewing again

Recently revised our membership dues policy to better accommodate member needs and current economic conditions.

Annual membership is $50, or $35 for those who are in between jobs.

Please check your renewal with Cheryl Leoni- cherlleoni@aol.com .

If you have recently joined or renewed, please check before renewing again

04/10/235

Synergy Associates6

Unconventional Risks!

Unconventional Risks!

7

Synergy AssociatesSynergy Associates Synergy Associates was formed in 1995 as a partnership of former senior

executives with extensive expertise and success in developing and implementing risk reduction and innovative organizational development programs.

Our Business Continuity practice helps clients develop plans to mitigate potential risks whether human beings, nature, or technology are the cause of a business disruption. We are unique in having hands-on business recovery experience after earthquakes and hurricanes. Business Continuity/Resiliency engagements have included: GAP Analysis, development of enterprise-wide plans, employee awareness, recovery team training, testing and maintenance

Our leadership and human resources practices include individual business and leadership coaching, organizational development, culture initiatives, team and leadership development, talent and performance management systems.

Clients include: start-ups, public and privately owned, and members of the Fortune 500. The industries we serve include: financial services, Internet, medical, entertainment, retail, agriculture, utilities, legal, manufacturing and many others.

We pride ourselves on helping clients reduce risk while preparing for future

growth.

Synergy Associates was formed in 1995 as a partnership of former senior executives with extensive expertise and success in developing and implementing risk reduction and innovative organizational development programs.

Our Business Continuity practice helps clients develop plans to mitigate potential risks whether human beings, nature, or technology are the cause of a business disruption. We are unique in having hands-on business recovery experience after earthquakes and hurricanes. Business Continuity/Resiliency engagements have included: GAP Analysis, development of enterprise-wide plans, employee awareness, recovery team training, testing and maintenance

Our leadership and human resources practices include individual business and leadership coaching, organizational development, culture initiatives, team and leadership development, talent and performance management systems.

Clients include: start-ups, public and privately owned, and members of the Fortune 500. The industries we serve include: financial services, Internet, medical, entertainment, retail, agriculture, utilities, legal, manufacturing and many others.

We pride ourselves on helping clients reduce risk while preparing for future

growth.

8

Purpose of PresentationPurpose of Presentation

Background of risks

What are these risks

How to identify the risks

How to prepare for the risks

How do these threats fit in with Risk Management and Business Continuity

Question and Answers

Background of risks

What are these risks

How to identify the risks

How to prepare for the risks

How do these threats fit in with Risk Management and Business Continuity

Question and Answers

9

Purpose of PresentationPurpose of PresentationWorld largely uneducated for

unconventional risks

“Only thing we have to fear is fear itself” – FDR, 1937

Knowledge about risks will result in less panic and casualties if an attack occurs

Protect your organization and employees

Plan for risks through organizational Risk and Vulnerability assessment and Business Continuity Planning

World largely uneducated for unconventional risks

“Only thing we have to fear is fear itself” – FDR, 1937

Knowledge about risks will result in less panic and casualties if an attack occurs

Protect your organization and employees

Plan for risks through organizational Risk and Vulnerability assessment and Business Continuity Planning

10

Plan ComplacencyPlan Complacency

“In his suit, Papantonio asserts that filings BP made from 2000 to 2009 with the Interior Dept.’s Minerals Management Service misrepresented the company’s preparations for a potential deepwater disaster and dishonestly minimized risks. One BP document, an “Initial Exploration Plan” submitted to MMS in February 2009, claimed that the company had “the capability to respond, to the maximum extent practicable, to a worst-case discharge or a substantial threat of a discharge,” the suit states.”

“In his suit, Papantonio asserts that filings BP made from 2000 to 2009 with the Interior Dept.’s Minerals Management Service misrepresented the company’s preparations for a potential deepwater disaster and dishonestly minimized risks. One BP document, an “Initial Exploration Plan” submitted to MMS in February 2009, claimed that the company had “the capability to respond, to the maximum extent practicable, to a worst-case discharge or a substantial threat of a discharge,” the suit states.”

11

Background of ThreatsBackground of ThreatsRecent National Intelligence Estimate report

“Terrorist threats to U. S. Homeland”

In 2007 prior Head of National Intelligence said al

Qaeda is determined to attack the USA with

either nuclear, biological or chemical weapons.

al Qaeda is determined to launch a “mass

casualty spectacular event” on U. S. soil.

2008 SAGA survey indicates nuclear terrorism is

America’s top fear – 74%

2008 report that U.S. Military is not prepared for

catastrophic attack

Recent National Intelligence Estimate report

“Terrorist threats to U. S. Homeland”

In 2007 prior Head of National Intelligence said al

Qaeda is determined to attack the USA with

either nuclear, biological or chemical weapons.

al Qaeda is determined to launch a “mass

casualty spectacular event” on U. S. soil.

2008 SAGA survey indicates nuclear terrorism is

America’s top fear – 74%

2008 report that U.S. Military is not prepared for

catastrophic attack

12

Background of ThreatsBackground of Threats

Domestic terrorism threat is increasingRicin in Las Vegas Hotel

Room: 2008Radiological Threat in NYC:

2007DC Metro Shut Down: 20007

According to IAEA 15 known instances of illegal trafficking of enriched uranium or plutonium between 1993 and 2006 – 10 not recovered

Domestic terrorism threat is increasingRicin in Las Vegas Hotel

Room: 2008Radiological Threat in NYC:

2007DC Metro Shut Down: 20007

According to IAEA 15 known instances of illegal trafficking of enriched uranium or plutonium between 1993 and 2006 – 10 not recovered

Chemical Weapons WWI

13

Background of ThreatsBackground of ThreatsGovernment/Non Government Interventions

Extended Terrorism Reinsurance Backup

Consolidation of Federal Agency Bio-

surveillance Data Base

2007 law calling for voluntary

certification programs for corporate

readiness

ERM Risk Rating for non-financial

companies

Government/Non Government Interventions

Extended Terrorism Reinsurance Backup

Consolidation of Federal Agency Bio-

surveillance Data Base

2007 law calling for voluntary

certification programs for corporate

readiness

ERM Risk Rating for non-financial

companies

14

Nuclear BombsNuclear BombsThreatInitiated by conventional explosives

Need to achieve critical mass

Uncontrolled chain reaction occurs

Symptoms

Intense heat, light, shock wave

Radiation – alpha, beta and gamma

Emergency Preparation/Response

Bunker/safe room/physical shield

Location and distance from target is key

Cover nose, mouth and eyes

ThreatInitiated by conventional explosivesNeed to achieve critical mass

Uncontrolled chain reaction occurs

Symptoms

Intense heat, light, shock wave

Radiation – alpha, beta and gamma

Emergency Preparation/Response

Bunker/safe room/physical shield

Location and distance from target is key

Cover nose, mouth and eyes

15

Dirty Bombs (RDDs) - RadiologicalDirty Bombs (RDDs) - Radiological

Threat

Not a nuclear bomb – “weapon of mass

disruption”

Explosive wrapped in radioactive material,

therefore, radiation material dispersed over

immediate area

Type of radiation – alpha, beta and gamma

Over 21,000 organizations in U. S. licensed

to use radioactive material

Threat

Not a nuclear bomb – “weapon of mass

disruption”

Explosive wrapped in radioactive material,

therefore, radiation material dispersed over

immediate area

Type of radiation – alpha, beta and gamma

Over 21,000 organizations in U. S. licensed

to use radioactive material

16

Dirty Bombs (RDDs) - RadiologicalDirty Bombs (RDDs) - Radiological

SymptomsExplosion – panicSome radioactivity

Emergency Preparation/ResponseTurn off __________?Use mask to cover nose and mouth,

don’t touch material, use glovesMove upwind, go inside, bag

clothes and shower

SymptomsExplosion – panicSome radioactivity

Emergency Preparation/ResponseTurn off __________?Use mask to cover nose and mouth,

don’t touch material, use glovesMove upwind, go inside, bag

clothes and shower

17

Chemical ThreatsChemical ThreatsKey Definitions

Not true gases but aerosolized solids or liquids

Volatility – ability to evaporate

Persistence – ability to stay

Six Types of Chemical Threats

Blister – Mustard gas

Nerve – Sarin

Choking – Chlorine, Phosgene

Blood – Hydrogen cyanide

Incapacitating/Behavior altering – QNB

Riot Control – Tear Gas

Key Definitions

Not true gases but aerosolized solids or liquids

Volatility – ability to evaporate

Persistence – ability to stay

Six Types of Chemical Threats

Blister – Mustard gas

Nerve – Sarin

Choking – Chlorine, Phosgene

Blood – Hydrogen cyanide

Incapacitating/Behavior altering – QNB

Riot Control – Tear Gas

18

Chemical ThreatsChemical Threats

PreparationSpecial clothing needed, upwindProtect skin, mask

SymptomsDead animals/birdsLack of insect lifePhysical symptomsUnexplained odorsGeographical illness

PreparationSpecial clothing needed, upwindProtect skin, mask

SymptomsDead animals/birdsLack of insect lifePhysical symptomsUnexplained odorsGeographical illness

19

Biological Threat AgentsBiological Threat AgentsThreat

Easy to acquire, synthesize and use

No reliable and immediate detection system exist

Covert application

Flu/Spanish Flu in 1918, 50 million died

Type-Bacterial/Viral

Anthrax

Plague

Cholera

Smallpox

Ricin

Threat

Easy to acquire, synthesize and use

No reliable and immediate detection system exist

Covert application

Flu/Spanish Flu in 1918, 50 million died

Type-Bacterial/Viral

Anthrax

Plague

Cholera

Smallpox

Ricin

Dissemination of biowarfare Dissemination of biowarfare agentsagents

20

Biological Threat AgentsBiological Threat Agents

Preparation/Response

Mask

Upwind, cover skin

Turn off HVAC

Seal windows and doors

Shower thoroughly

Vaccinate

Symptoms

Dead animals/birds/fish

Lack of insect life

Physical Symptoms

Low lying clouds

Unexplained odors

Patterns of mass casualties, geographical

Preparation/Response

Mask

Upwind, cover skin

Turn off HVAC

Seal windows and doors

Shower thoroughly

Vaccinate

Symptoms

Dead animals/birds/fish

Lack of insect life

Physical Symptoms

Low lying clouds

Unexplained odors

Patterns of mass casualties, geographical

21

GLOBAL WARMINGGLOBAL WARMING

More CO2 in air makes oceans more acidic

4 meter rise in oceans in 300 years Worse draughts versus worse floods Water availability Food growth Cut GDP by 5 – 20% Greater risk than terrorism Health issues Insurance implications

More CO2 in air makes oceans more acidic

4 meter rise in oceans in 300 years Worse draughts versus worse floods Water availability Food growth Cut GDP by 5 – 20% Greater risk than terrorism Health issues Insurance implications

22

CLOUD COMPUTINGCLOUD COMPUTING

Treasury shut down 4 sites

Gartner Research says 60% of virtual

servers less secure

Who owns them and what security

Lack of visibility and controls

Theft of data and identity theft

Treasury shut down 4 sites

Gartner Research says 60% of virtual

servers less secure

Who owns them and what security

Lack of visibility and controls

Theft of data and identity theft

23

CYBER WAR/SECURITYCYBER WAR/SECURITY Unintended consequences of shutting down

Saudi Arabia site – 300 servers impacted Guidelines remain elusive 75,000 computer systems at 2,500 companies

have been hacked by Eastern Europe How can we be at cyber war if we don’t know

what it is Social media opens new doors to cyber

attacks 1/3 of government agencies have experienced

cyber attacks Encrypt data and educate staff

Unintended consequences of shutting down Saudi Arabia site – 300 servers impacted

Guidelines remain elusive 75,000 computer systems at 2,500 companies

have been hacked by Eastern Europe How can we be at cyber war if we don’t know

what it is Social media opens new doors to cyber

attacks 1/3 of government agencies have experienced

cyber attacks Encrypt data and educate staff

24

DRONESDRONES 40 countries have capability

Two thirds of world side investment – non US

Insurgents tapped into UAV video - $30 software

Farmers already use drones for crop dusting

Civilian built a version of military drones for

$1,000

Hardware from China and software from India

40 countries have capability

Two thirds of world side investment – non US

Insurgents tapped into UAV video - $30 software

Farmers already use drones for crop dusting

Civilian built a version of military drones for

$1,000

Hardware from China and software from India

25

GANGSGANGS

Approximately 24,500 gangs in U.S. with over

1,000,000 members

Low income, learning disabilities, emotional

disorders, school failure

Growing problem and could impact employees

Approximately 24,500 gangs in U.S. with over

1,000,000 members

Low income, learning disabilities, emotional

disorders, school failure

Growing problem and could impact employees

26

Strategies to Survive a Mass Casualty Threat

Strategies to Survive a Mass Casualty Threat

Perform a risk and vulnerability assessment At a minimum, develop a Business Continuity

Plan and Disaster Recovery Plan

Plan for the worst, easy to scale recovery for lesser disaster

Train for reality Communicate plans in simple terms Educate, Educate, Educate!

Perform a risk and vulnerability assessment At a minimum, develop a Business Continuity

Plan and Disaster Recovery Plan

Plan for the worst, easy to scale recovery for lesser disaster

Train for reality Communicate plans in simple terms Educate, Educate, Educate!

27

Risk and Vulnerability AssessmentRisk and Vulnerability Assessment

QuantitativeBIA Financial

Operational

Prioritization

Downtime estimate

Resource requirement

Regulators

Insurance

Qualitative

Loss of:

Competitive advantage

Public support

Employees

QuantitativeBIA Financial

Operational

Prioritization

Downtime estimate

Resource requirement

Regulators

Insurance

Qualitative

Loss of:

Competitive advantage

Public support

Employees

28

Business Continuity Plan Should Include at a Minimum

Business Continuity Plan Should Include at a MinimumScenarios and alert levels

Provisions for employees and their families’ safety

Identify Key Business Processes with ranking

Recovery Time Objectives – rank of Key Business Processes by RTO

Alternative work sites – who goes where and what processes go

Emergency Communication Plans for different scenarios

Scenarios and alert levels

Provisions for employees and their families’ safety

Identify Key Business Processes with ranking

Recovery Time Objectives – rank of Key Business Processes by RTO

Alternative work sites – who goes where and what processes go

Emergency Communication Plans for different scenarios

29

Next StepsNext StepsRisk and Vulnerability assessment

Review your organization’s Business Continuity Plan, capabilities versus recovery requirements

Identify gaps in requirements versus capability

Update plans

Train employees

Test plans

Risk and Vulnerability assessment

Review your organization’s Business Continuity Plan, capabilities versus recovery requirements

Identify gaps in requirements versus capability

Update plans

Train employees

Test plans

30

Contact Information Contact Information

East: Eli Dabich, Jr.Edabich@gmail.comOffice: 410 643 5563Cell: 410 725 9238

West:Jeanette T SmithSynergyjts2@gmail.com818 261 6658

East: Eli Dabich, Jr.Edabich@gmail.comOffice: 410 643 5563Cell: 410 725 9238

West:Jeanette T SmithSynergyjts2@gmail.com818 261 6658

QuickTime™ and a decompressor

are needed to see this p icture.