Upload
sujit-ghosh
View
217
Download
0
Embed Size (px)
DESCRIPTION
www.scqaa.net hosted a webinar on August 18, 2010 and Eli Dabich, Co-founder of Synergy Associated spoke at the event
Citation preview
Synergy Associates
Welcome to SCQAA Webinar- Unconventional Risks! Presented by Eli Dabich
Welcome to SCQAA Webinar- Unconventional Risks! Presented by Eli Dabich
August 18, 2010August 18, 2010
SCQAA-SF (www.scqaa.net) chapter sponsors sharing of information to promote and encourage quality improvement in information technology practices and principles through networking, training and professional development.
Networking: We meet once in every other month in San Fernando Valley.
Check us out on LinkedIn (SCQAA-SF) Contact Sujit at [email protected] or call 818-878-
0834
SCQAA-SF (www.scqaa.net) chapter sponsors sharing of information to promote and encourage quality improvement in information technology practices and principles through networking, training and professional development.
Networking: We meet once in every other month in San Fernando Valley.
Check us out on LinkedIn (SCQAA-SF) Contact Sujit at [email protected] or call 818-878-
0834
About SCQAA-SF- A Not-for Profit Organization
About SCQAA-SF- A Not-for Profit Organization
04/10/232
Presenter: Steve Bender, President of The Quality Connection, Former Senior Examiner for New York State's Excelsior Award and veteran in Quality Assurance
Topic: “Addressing the Top Ten Testing Challenges” Venue: Bank of America Bldg 2 at:
29851 Agoura Rd.Agoura Hills, CA 91302
Presenter: Steve Bender, President of The Quality Connection, Former Senior Examiner for New York State's Excelsior Award and veteran in Quality Assurance
Topic: “Addressing the Top Ten Testing Challenges” Venue: Bank of America Bldg 2 at:
29851 Agoura Rd.Agoura Hills, CA 91302
Future Events- 23rd September 2010
Future Events- 23rd September 2010
04/10/233
Membership Benefits:Membership Benefits:
Excellent speaker presentations on advancements in technology and methodology
Networking opportunities PDU, CSTE and CSQA credits Regular meetings are free for members and
include dinner
Excellent speaker presentations on advancements in technology and methodology
Networking opportunities PDU, CSTE and CSQA credits Regular meetings are free for members and
include dinner
04/10/234
Membership PolicyMembership Policy
Recently revised our membership dues policy to better accommodate member needs and current economic conditions.
Annual membership is $50, or $35 for those who are in between jobs.
Please check your renewal with Cheryl Leoni- [email protected] .
If you have recently joined or renewed, please check before renewing again
Recently revised our membership dues policy to better accommodate member needs and current economic conditions.
Annual membership is $50, or $35 for those who are in between jobs.
Please check your renewal with Cheryl Leoni- [email protected] .
If you have recently joined or renewed, please check before renewing again
04/10/235
Synergy Associates6
Unconventional Risks!
Unconventional Risks!
7
Synergy AssociatesSynergy Associates Synergy Associates was formed in 1995 as a partnership of former senior
executives with extensive expertise and success in developing and implementing risk reduction and innovative organizational development programs.
Our Business Continuity practice helps clients develop plans to mitigate potential risks whether human beings, nature, or technology are the cause of a business disruption. We are unique in having hands-on business recovery experience after earthquakes and hurricanes. Business Continuity/Resiliency engagements have included: GAP Analysis, development of enterprise-wide plans, employee awareness, recovery team training, testing and maintenance
Our leadership and human resources practices include individual business and leadership coaching, organizational development, culture initiatives, team and leadership development, talent and performance management systems.
Clients include: start-ups, public and privately owned, and members of the Fortune 500. The industries we serve include: financial services, Internet, medical, entertainment, retail, agriculture, utilities, legal, manufacturing and many others.
We pride ourselves on helping clients reduce risk while preparing for future
growth.
Synergy Associates was formed in 1995 as a partnership of former senior executives with extensive expertise and success in developing and implementing risk reduction and innovative organizational development programs.
Our Business Continuity practice helps clients develop plans to mitigate potential risks whether human beings, nature, or technology are the cause of a business disruption. We are unique in having hands-on business recovery experience after earthquakes and hurricanes. Business Continuity/Resiliency engagements have included: GAP Analysis, development of enterprise-wide plans, employee awareness, recovery team training, testing and maintenance
Our leadership and human resources practices include individual business and leadership coaching, organizational development, culture initiatives, team and leadership development, talent and performance management systems.
Clients include: start-ups, public and privately owned, and members of the Fortune 500. The industries we serve include: financial services, Internet, medical, entertainment, retail, agriculture, utilities, legal, manufacturing and many others.
We pride ourselves on helping clients reduce risk while preparing for future
growth.
8
Purpose of PresentationPurpose of Presentation
Background of risks
What are these risks
How to identify the risks
How to prepare for the risks
How do these threats fit in with Risk Management and Business Continuity
Question and Answers
Background of risks
What are these risks
How to identify the risks
How to prepare for the risks
How do these threats fit in with Risk Management and Business Continuity
Question and Answers
9
Purpose of PresentationPurpose of PresentationWorld largely uneducated for
unconventional risks
“Only thing we have to fear is fear itself” – FDR, 1937
Knowledge about risks will result in less panic and casualties if an attack occurs
Protect your organization and employees
Plan for risks through organizational Risk and Vulnerability assessment and Business Continuity Planning
World largely uneducated for unconventional risks
“Only thing we have to fear is fear itself” – FDR, 1937
Knowledge about risks will result in less panic and casualties if an attack occurs
Protect your organization and employees
Plan for risks through organizational Risk and Vulnerability assessment and Business Continuity Planning
10
Plan ComplacencyPlan Complacency
“In his suit, Papantonio asserts that filings BP made from 2000 to 2009 with the Interior Dept.’s Minerals Management Service misrepresented the company’s preparations for a potential deepwater disaster and dishonestly minimized risks. One BP document, an “Initial Exploration Plan” submitted to MMS in February 2009, claimed that the company had “the capability to respond, to the maximum extent practicable, to a worst-case discharge or a substantial threat of a discharge,” the suit states.”
“In his suit, Papantonio asserts that filings BP made from 2000 to 2009 with the Interior Dept.’s Minerals Management Service misrepresented the company’s preparations for a potential deepwater disaster and dishonestly minimized risks. One BP document, an “Initial Exploration Plan” submitted to MMS in February 2009, claimed that the company had “the capability to respond, to the maximum extent practicable, to a worst-case discharge or a substantial threat of a discharge,” the suit states.”
11
Background of ThreatsBackground of ThreatsRecent National Intelligence Estimate report
“Terrorist threats to U. S. Homeland”
In 2007 prior Head of National Intelligence said al
Qaeda is determined to attack the USA with
either nuclear, biological or chemical weapons.
al Qaeda is determined to launch a “mass
casualty spectacular event” on U. S. soil.
2008 SAGA survey indicates nuclear terrorism is
America’s top fear – 74%
2008 report that U.S. Military is not prepared for
catastrophic attack
Recent National Intelligence Estimate report
“Terrorist threats to U. S. Homeland”
In 2007 prior Head of National Intelligence said al
Qaeda is determined to attack the USA with
either nuclear, biological or chemical weapons.
al Qaeda is determined to launch a “mass
casualty spectacular event” on U. S. soil.
2008 SAGA survey indicates nuclear terrorism is
America’s top fear – 74%
2008 report that U.S. Military is not prepared for
catastrophic attack
12
Background of ThreatsBackground of Threats
Domestic terrorism threat is increasingRicin in Las Vegas Hotel
Room: 2008Radiological Threat in NYC:
2007DC Metro Shut Down: 20007
According to IAEA 15 known instances of illegal trafficking of enriched uranium or plutonium between 1993 and 2006 – 10 not recovered
Domestic terrorism threat is increasingRicin in Las Vegas Hotel
Room: 2008Radiological Threat in NYC:
2007DC Metro Shut Down: 20007
According to IAEA 15 known instances of illegal trafficking of enriched uranium or plutonium between 1993 and 2006 – 10 not recovered
Chemical Weapons WWI
13
Background of ThreatsBackground of ThreatsGovernment/Non Government Interventions
Extended Terrorism Reinsurance Backup
Consolidation of Federal Agency Bio-
surveillance Data Base
2007 law calling for voluntary
certification programs for corporate
readiness
ERM Risk Rating for non-financial
companies
Government/Non Government Interventions
Extended Terrorism Reinsurance Backup
Consolidation of Federal Agency Bio-
surveillance Data Base
2007 law calling for voluntary
certification programs for corporate
readiness
ERM Risk Rating for non-financial
companies
14
Nuclear BombsNuclear BombsThreatInitiated by conventional explosives
Need to achieve critical mass
Uncontrolled chain reaction occurs
Symptoms
Intense heat, light, shock wave
Radiation – alpha, beta and gamma
Emergency Preparation/Response
Bunker/safe room/physical shield
Location and distance from target is key
Cover nose, mouth and eyes
ThreatInitiated by conventional explosivesNeed to achieve critical mass
Uncontrolled chain reaction occurs
Symptoms
Intense heat, light, shock wave
Radiation – alpha, beta and gamma
Emergency Preparation/Response
Bunker/safe room/physical shield
Location and distance from target is key
Cover nose, mouth and eyes
15
Dirty Bombs (RDDs) - RadiologicalDirty Bombs (RDDs) - Radiological
Threat
Not a nuclear bomb – “weapon of mass
disruption”
Explosive wrapped in radioactive material,
therefore, radiation material dispersed over
immediate area
Type of radiation – alpha, beta and gamma
Over 21,000 organizations in U. S. licensed
to use radioactive material
Threat
Not a nuclear bomb – “weapon of mass
disruption”
Explosive wrapped in radioactive material,
therefore, radiation material dispersed over
immediate area
Type of radiation – alpha, beta and gamma
Over 21,000 organizations in U. S. licensed
to use radioactive material
16
Dirty Bombs (RDDs) - RadiologicalDirty Bombs (RDDs) - Radiological
SymptomsExplosion – panicSome radioactivity
Emergency Preparation/ResponseTurn off __________?Use mask to cover nose and mouth,
don’t touch material, use glovesMove upwind, go inside, bag
clothes and shower
SymptomsExplosion – panicSome radioactivity
Emergency Preparation/ResponseTurn off __________?Use mask to cover nose and mouth,
don’t touch material, use glovesMove upwind, go inside, bag
clothes and shower
17
Chemical ThreatsChemical ThreatsKey Definitions
Not true gases but aerosolized solids or liquids
Volatility – ability to evaporate
Persistence – ability to stay
Six Types of Chemical Threats
Blister – Mustard gas
Nerve – Sarin
Choking – Chlorine, Phosgene
Blood – Hydrogen cyanide
Incapacitating/Behavior altering – QNB
Riot Control – Tear Gas
Key Definitions
Not true gases but aerosolized solids or liquids
Volatility – ability to evaporate
Persistence – ability to stay
Six Types of Chemical Threats
Blister – Mustard gas
Nerve – Sarin
Choking – Chlorine, Phosgene
Blood – Hydrogen cyanide
Incapacitating/Behavior altering – QNB
Riot Control – Tear Gas
18
Chemical ThreatsChemical Threats
PreparationSpecial clothing needed, upwindProtect skin, mask
SymptomsDead animals/birdsLack of insect lifePhysical symptomsUnexplained odorsGeographical illness
PreparationSpecial clothing needed, upwindProtect skin, mask
SymptomsDead animals/birdsLack of insect lifePhysical symptomsUnexplained odorsGeographical illness
19
Biological Threat AgentsBiological Threat AgentsThreat
Easy to acquire, synthesize and use
No reliable and immediate detection system exist
Covert application
Flu/Spanish Flu in 1918, 50 million died
Type-Bacterial/Viral
Anthrax
Plague
Cholera
Smallpox
Ricin
Threat
Easy to acquire, synthesize and use
No reliable and immediate detection system exist
Covert application
Flu/Spanish Flu in 1918, 50 million died
Type-Bacterial/Viral
Anthrax
Plague
Cholera
Smallpox
Ricin
Dissemination of biowarfare Dissemination of biowarfare agentsagents
20
Biological Threat AgentsBiological Threat Agents
Preparation/Response
Mask
Upwind, cover skin
Turn off HVAC
Seal windows and doors
Shower thoroughly
Vaccinate
Symptoms
Dead animals/birds/fish
Lack of insect life
Physical Symptoms
Low lying clouds
Unexplained odors
Patterns of mass casualties, geographical
Preparation/Response
Mask
Upwind, cover skin
Turn off HVAC
Seal windows and doors
Shower thoroughly
Vaccinate
Symptoms
Dead animals/birds/fish
Lack of insect life
Physical Symptoms
Low lying clouds
Unexplained odors
Patterns of mass casualties, geographical
21
GLOBAL WARMINGGLOBAL WARMING
More CO2 in air makes oceans more acidic
4 meter rise in oceans in 300 years Worse draughts versus worse floods Water availability Food growth Cut GDP by 5 – 20% Greater risk than terrorism Health issues Insurance implications
More CO2 in air makes oceans more acidic
4 meter rise in oceans in 300 years Worse draughts versus worse floods Water availability Food growth Cut GDP by 5 – 20% Greater risk than terrorism Health issues Insurance implications
22
CLOUD COMPUTINGCLOUD COMPUTING
Treasury shut down 4 sites
Gartner Research says 60% of virtual
servers less secure
Who owns them and what security
Lack of visibility and controls
Theft of data and identity theft
Treasury shut down 4 sites
Gartner Research says 60% of virtual
servers less secure
Who owns them and what security
Lack of visibility and controls
Theft of data and identity theft
23
CYBER WAR/SECURITYCYBER WAR/SECURITY Unintended consequences of shutting down
Saudi Arabia site – 300 servers impacted Guidelines remain elusive 75,000 computer systems at 2,500 companies
have been hacked by Eastern Europe How can we be at cyber war if we don’t know
what it is Social media opens new doors to cyber
attacks 1/3 of government agencies have experienced
cyber attacks Encrypt data and educate staff
Unintended consequences of shutting down Saudi Arabia site – 300 servers impacted
Guidelines remain elusive 75,000 computer systems at 2,500 companies
have been hacked by Eastern Europe How can we be at cyber war if we don’t know
what it is Social media opens new doors to cyber
attacks 1/3 of government agencies have experienced
cyber attacks Encrypt data and educate staff
24
DRONESDRONES 40 countries have capability
Two thirds of world side investment – non US
Insurgents tapped into UAV video - $30 software
Farmers already use drones for crop dusting
Civilian built a version of military drones for
$1,000
Hardware from China and software from India
40 countries have capability
Two thirds of world side investment – non US
Insurgents tapped into UAV video - $30 software
Farmers already use drones for crop dusting
Civilian built a version of military drones for
$1,000
Hardware from China and software from India
25
GANGSGANGS
Approximately 24,500 gangs in U.S. with over
1,000,000 members
Low income, learning disabilities, emotional
disorders, school failure
Growing problem and could impact employees
Approximately 24,500 gangs in U.S. with over
1,000,000 members
Low income, learning disabilities, emotional
disorders, school failure
Growing problem and could impact employees
26
Strategies to Survive a Mass Casualty Threat
Strategies to Survive a Mass Casualty Threat
Perform a risk and vulnerability assessment At a minimum, develop a Business Continuity
Plan and Disaster Recovery Plan
Plan for the worst, easy to scale recovery for lesser disaster
Train for reality Communicate plans in simple terms Educate, Educate, Educate!
Perform a risk and vulnerability assessment At a minimum, develop a Business Continuity
Plan and Disaster Recovery Plan
Plan for the worst, easy to scale recovery for lesser disaster
Train for reality Communicate plans in simple terms Educate, Educate, Educate!
27
Risk and Vulnerability AssessmentRisk and Vulnerability Assessment
QuantitativeBIA Financial
Operational
Prioritization
Downtime estimate
Resource requirement
Regulators
Insurance
Qualitative
Loss of:
Competitive advantage
Public support
Employees
QuantitativeBIA Financial
Operational
Prioritization
Downtime estimate
Resource requirement
Regulators
Insurance
Qualitative
Loss of:
Competitive advantage
Public support
Employees
28
Business Continuity Plan Should Include at a Minimum
Business Continuity Plan Should Include at a MinimumScenarios and alert levels
Provisions for employees and their families’ safety
Identify Key Business Processes with ranking
Recovery Time Objectives – rank of Key Business Processes by RTO
Alternative work sites – who goes where and what processes go
Emergency Communication Plans for different scenarios
Scenarios and alert levels
Provisions for employees and their families’ safety
Identify Key Business Processes with ranking
Recovery Time Objectives – rank of Key Business Processes by RTO
Alternative work sites – who goes where and what processes go
Emergency Communication Plans for different scenarios
29
Next StepsNext StepsRisk and Vulnerability assessment
Review your organization’s Business Continuity Plan, capabilities versus recovery requirements
Identify gaps in requirements versus capability
Update plans
Train employees
Test plans
Risk and Vulnerability assessment
Review your organization’s Business Continuity Plan, capabilities versus recovery requirements
Identify gaps in requirements versus capability
Update plans
Train employees
Test plans
30
Contact Information Contact Information
East: Eli Dabich, [email protected]: 410 643 5563Cell: 410 725 9238
West:Jeanette T [email protected] 261 6658
East: Eli Dabich, [email protected]: 410 643 5563Cell: 410 725 9238
West:Jeanette T [email protected] 261 6658
QuickTime™ and a decompressor
are needed to see this p icture.