I am thankful that I have always had an inquisitive mind and kept a broad number of interests.  If not, I would have lost the opportunity to take a large number of courses in Business and Organizational Behaviour, Liberal Arts, and the interdisciplinary Technology, Society, Environment Studies (TSES) cluster, at Carleton University.[1]   Many group and individual projects later, and from personal practical experiences applying and revising some of what I learned, I confidently say: there is an “I” in team.

Efficient Project Management:

Everyone on the project, needs to be able to say to themselves “I go!”, and willingly so, as a statement to self of sincere commitment.  This is why efficient project management starts quite some time before the actual project, in order to bring everyone together on this level.  Each letter in that statement to self represents a stage of the process in getting on the team and staying on the team.  The “I” stands for Indoctrination; the “G” stands for Getting to landmarks; and the “O” stands for Optimizing outcomes.  These typologies have their own sub-typologies, and can also be described as: Inspirational leadership options; Good workflow organization; and Optimizing and re-engineering, generally.

To qualify common misconceptions, “I go” is, of course, not written as “ego”; although, the two are closely related because the Latin language question “quiz” meaning “who” or “whom” is answered by “ego”, meaning “I” or “me”.  So it is, that “Ego”, and “I go”, can be and mean the same thing, but only for so long as the “ego” is not ……. over-inflated!

Indoctrination (Inspirational Leadership options).

Indoctrination in this context is nothing insidious.  It just means buying-in to the program or project.  There are a total of 5 (“five”) options, as described and arranged in a “FOCUS” sub-typology, and they can also overlap to a greater or lesser extent.

F-unctions or tasks, denotes a critical or needed skill or ability, and so the bearer of same will be diligently and persistently recruited to join the project or program.

O-pportunity, denotes the ability of the person or persons with something to offer, to see that the project or program could well be their opportunity to shine, and therefore gain a following, spread their names, and build referral or repeat opportunities.  In this case, those potential participants with something to offer will be the ones working hardest to get on the team, as they are, in effect, inspired to lead themselves onto the team.

C-hallenge or crisis, denotes a situation where a challenge has been put out to the general community to address a problem, or the crisis is clear.  In this case, F, O, and other elements of this sub-typology may all come into play, because the situation most perfectly demonstrates the classic Latin “quiz?”, in a call for volunteers or options or suggestions, as defined and described above.

U-tility, denotes that situation where the necessity for the project is clear to all, or to a specific group or community with the requisite knowledge and understanding.  The need for that utility may have come about as a result of a crisis or challenge, or some other confluence of circumstances; and, again, F, O, C, and other elements of this sub-typology may all come into play, in some way.

S-pirit, denotes a spirit of nationalism and patriotism, ethnic or civic responsibility, or loyalty to the employer, that either draws one to volunteer for the group project, or, if already a member, inspires a very high level of dedicated performance.  This single element can be key and a rallying-cry to draw people in, or inspire their best.

Getting to Landmarks (Good Workflow Organization).

Other than “Analytics”, which I will describe in greater detail, below, the project manager must ensure that workflow is properly organized, and the tasks and sub-tasks well-assigned.  There should be deadlines and landmarks to gauge progress and the time taken to complete certain stages of the project.  The specific techniques and technologies used to achieve this will vary by project, industry, and individual project manager, but the general approach lies in a “MUTUAL”; sub-typology, as a way to remind all participants of the mutual benefit in their joint and indivisible success on a group program or project.

M-eeting, first with the initiators of, or critical stakeholders in, the project, is always a necessity – whether in-person or by electronic or virtual means.  In this first meeting or series of meetings, will be discussed the total picture and scope of the project, timelines applicable and resources available, and the tasks and sub-tasks required on the project.  Additional meetings with these initiators and stakeholders, and with the potential and actual project participants, will continue to be held, as the work commences and continues to its completion.

U-pgrades, will be made to the concept or the task as needed.  In line with the “Responsiveness”, that I will explain below, the project manager should not shy-away from asking for additional details, additional or alternative resources including but not limited to personnel, or additional time on a sub-task or main task, if and as needed.

T-asking-out of leadership roles, group members, reporting lines, and job functions by group, should be done in a clear and consistent manner and well-communicated.  Any and all changes should be timely communicated not just to those members of the group or team immediately impacted, but to all other members on the project who may need to know.  It is, of course, always preferable to avoid inundating team members with a steady stream of “noise”, which is information that is not immediately applicable or useful to them in their specific work.  For this reason, a notice board or bulletin-board system, where project updates are indexed by category and posted for all, would likely be the best, most efficient, and most convenient way to get this done.

U-nderstanding all deadlines, reporting lines, protocols and procedures in-depth and with clear and unequivocal certainty, is essential for the project manager and all managerial and supervisory staff.  If they are unclear on these, then their guidance of their subordinates will, likewise, be neither clear nor consistent, and mismatches and miscommunications may very soon ensue, and mount to the point of faults and failures.  Management must meet on a regular basis to ensure that everyone is on the same page, and has a consistent understanding of what needs to be consistently understood.  If and where there is disagreement or uncertainty or inconsistency that cannot be settled with the documents and specifications on hand or otherwise be reconciled, and which therefore needs ultimate clarification from higher up, then the project manager should take the lead and seek-out clarification on the issue from the initiators and stakeholders.

A-cknowledging and adapting to bottlenecks, is also a critical management function.  Issues and bumps on the delivery road will arise, to which management must take leadership in addressing, to ensure they are addressed in a way that is in accordance with best practices, specifications on the project, and applicable law.  An inconsistent approach to the same issue by different teams or task-groups, can lead to problems and arguments when notes are compared or personnel shared across the teams.

L-essons learned, is just that – learning from the experience, and any challenges or mistakes that arose in relation to it.  There should be a means for gathering and monitoring a central database of issues, problems and bottlenecks on the project, as well as the suggested or tried and tested means to address them, that is accessible to management across the project at an appropriate level for consultation, information input, discussion and debate, and urgent alerts.  The project manager for his or her own benefit, and for the benefit of the initiators or critical stakeholders, should be able to review progress and performance on the project throughout its lifespan, and re-design outdated or inefficient protocols and procedures, techniques and technologies, as the need arises.

Optimizing Outcomes (Optimizing and Re-engineering, generally).

The output of the various participants and the final results attained, cannot be or remain at their best if care is not taken along the way to engage in active management.  You cannot just start people off, point them in the general direction of your goals, and leave them to muddle their way through, somehow.  Good management is active management that knows when and how far to get into the micro-details; but on a sparing basis.  If the people you selected cannot manage the details, then you made an initial error in their selection that may or may not be too late to change.  If you build problems or poor performance into the formula from the outset, then you will be plagued by problems and poor performance throughout.  Starting correctly is always preferable to the project manager taking-on more work in quietly and shamefully opting to fix the problems of others and re-do their shoddy work in-house, time and again, and so not having time to do the main job of managing.  The wiser option would be to get a competent replacement.  Being, and spreading the need to be and to work, “SMART”, is the sub-typology, here.

S-haring, denotes a sharing and spreading of best practices, feedback, and available resources that are or may be useful to the task.  Of course, in a complex project or one with Law Enforcement and National Security (LENS) ramifications, information and specific elements of the project may be compartmentalized or have sharing and other restrictions imposed, in which case those requirements will take precedence and tend to make the need to get the right people emplaced on the first attempt, even more critical.

M-utual respect, denotes the need for all participants to have the requisite level of maturity and professionalism to be able to get along and focus on the project.  There should be a preference for low tones of address, low tempers throughout, and a high level of tolerance for slow learners to the extent that the project can tolerate them, unexpected delays, and bottlenecks.  Blazing tempers lead to distractions, and hotheads tend to be avoided, marginalized, and not get that level of support and information and cooperation that they need to get the job done right the first time, and then every time.

A-nalytics, denotes the proper use of scenarios and modeling, and ongoing reporting and quality controls, that lets everyone know what is right, what is wrong, and how to get it fixed.  There will inevitably be changes in the materials or the work, or the scope of the work.  In addition proper interviewing techniques and background checks will tend to weed-out the unsuitable or under-qualified or ill-adjusted, and quality controls in product and material inputs, will avoid many a failure and mismatch.

R-esponsiveness, denotes acting and reacting with alacrity to the above; whether something is uncovered by the analytics, or if either or both of sharing and mutual respect need some work in terms of a situation or a participant.  The project manager must always and quickly respond to needs, queries, and challenges as and when they arise; failing which, members of the team may resort to self-help or use their “initiative” in an unstructured and uncoordinated, and potentially counterproductive way in relation to a mission-critical requirement, system, or subsystem.  Sometimes, a discrete failure leads to a cascading failure in multiple systems or areas, and the project can be set back or cancelled in its entirety, if the cost or time for recovery or restart cannot be justified in terms of budgets, human and material resources, or the exigent situation.

T-eamwork, denotes an obvious and much touted, but often woefully neglected essential element.

(i) There must be unity of command, in a set chain of authority, including alternates per shift and per function, in times of unavailability, and for emergencies, also.

(ii) There must be unity of effort, and coordination amongst sub-disciplines, sub-units, and back office functions.  An overall board or coordinating group is inevitable for any larger project or program put together without a designed-in defect or obsolescence.

(iii) There must also be unity of outcome, in that all discrete element team-members must want the same tactical end-results; all members of management must be oriented-on the same optimal operational outcomes; and every person on the project must be strictly focused on the same mutually-beneficial, strategic goal of its overall success.

Summary:

Quiz?

Author:

Ekundayo George is a Lawyer and Strategic Consultant.  He is a published author in Environmental Law and Policy; licensed to practice law in multiple states of the United States of America, as well as Ontario, Canada; and has over a decade of solid legal experience in business law and counseling, diverse litigation, and regulatory practice.

Hyperlinks to external sites are provided as a courtesy and convenience, only, and no warranty is made or responsibility assumed for their content, accuracy, or availability.

This article does not constitute legal advice or create any lawyer-client relationship.


[1] The Technology, Society Environment Studies (TSES) cluster at Carleton University in Ottawa, Canada, is a collection of multidisciplinary and multi-focal courses addressing the highly complex interplay and increasing diversity of challenges and opportunities brought and wrought by these three elements; with a focus on addressing them by tailoring education to our projected future needs http://www2.carleton.ca/tse/

*This article has also been re-printed under “Best Practices”, on the site of The Project Management Hut, as available at:  http://www.pmhut.com/efficient-project-management-there-is-an-i-in-team

Advertisements


The Federal Housing Finance Authority (FHFA), of the United States of America, filed suit on September 2, 2011, against some 17 multinational financial institutions that “do” or “did” business in that jurisdiction, and that were also involved in the sale, solicitation, or purchase of residential “private-label mortgage-backed securities” (The PLS Suit).[1]  The number of defendants may well be revised, upwards, before a resolution is made.  The FHFA stated reasons are its duty to act as Conservator for Fannie Mae (The Federal National Mortgage Association or “FNMA”) and Freddie Mac (The Federal Home Loan Mortgage Corporation or “FHLMC”), which together lost over $30 Billion due to the recent and severe problems with residential mortgages that have devastated the U.S. housing market,[2]and that many would say are directly responsible for the current economic malaise, numerous bankruptcies, the United States’ debt and deficit crises of confidence[3], and the ongoing epidemic of joblessness across America.[4]

Many Americans and non-Americans, alike, had been wondering when the U.S. government would take some firmer and more widespread enforcement action, beyond hearings, stimulus, and some targeted prosecutions, to get to the bottom of the problems and find and sanction those ultimately responsible.  However, these same financial institutions were not just sitting and waiting for the hammer to drop, as they were, reportedly, already well into serious negotiations with Attorneys General in multiple states, to deal with the problem, before it dealt with them.[5]

Banking and Securities regulation in the United States of America is governed by a complicated mix of state and federal legislation, and there is no double jeopardy (the bar against being tried twice for the same offence), if and when the same offence is called a different thing and has different elements of proof.  A similar, multi-state negotiation effort to find a comprehensive settlement for their potential civil and criminal liabilities – specifically under Medicare and Medicaid legislation, was made by the tobacco industry, (as U.S. criminal law is also a state by state affair, as well as a federal affair whenever a breach of Federal Criminal Law is involved), and with quite some success;[6] although there were several shortcomings, problems remain, and the model is not 100% transferable to the situation of all aggrieved parties in the mortgage industry meltdown.[7]

Summary.
It remains to be seen how and to what extent these financial institutions will succeed in their efforts to reach a negotiated solution; especially when many governments across America, and around the world, are suffering from deficits, lost jobs and tax revenues, and slow to no growth, and would eagerly jump to utilize a winning formula to dig into business sector pockets that have become and remain, significantly deeper than their own.

In the meantime, a lingering recession and lack of jobs means people will have to become and remain creative in keeping their skills relevant, finding paid local work, or migrating to those still remunerative industries and locations that are becoming ever harder to find. [8]


Author:
Ekundayo George is a Lawyer and Strategic Consultant.  He is a published author in Environmental Law and Policy; licensed to practice law in multiple states of the United States of America, as well as Ontario, Canada; and has over a decade of solid legal experience in business law and counseling, diverse litigation, and regulatory practice.

Hyperlinks to external sites are provided as a courtesy and convenience, only, and no warranty is made or responsibility assumed for their content, accuracy, or availability.

This article does not constitute legal advice or create any lawyer-client relationship.


[1] http://www.fhfa.gov/webfiles/22599/PLSLitigation_final_090211.pdf (FHFA Press Release of Friday, September 2, 2011).

[2] As a result of that crippling loss, both FNMA and FHLMC were taken over by the U.S. Federal Government and put into Conservatorship (protection) on September 7, 2008.

[3] http://www.guardian.co.uk/business/2011/jul/29/us-debt-crisis-questions-and-answers

(Backgrounder on the U.S.deficit crisis of confidence).

[4] http://www.cnbc.com/id/44370439  For the very first time since World War II, the United States economy created a net of “zero” jobs in an entire month.  This puts the month of August, 2011, into the record books; albeit for the wrong reasons.  Officially, 14 million people remain without jobs in America (both Americans and non-Americans, alike), at an unemployment rate of 9.1%.

[5] http://www.bbc.co.uk/news/business-14771936 (U.S. Federal Government to sue 17 financial institutions).

[6] http://finance.yahoo.com/news/Bank-Mortgage-Solution-Rooted-tsmf-3759939003.html?x=0 (Subprime mortgage industry parallels with the Tobacco industry settlement).

[7] Id.

[8] http://abcnews.go.com/Business/wireStory?id=13340293&singlePage=true (Europeans seek new lives in old colonies).

The Province of Alberta has enacted a pretty tough distracted driving law, in its Bill 16 of 2010 – Traffic Safety (Distracted Driving) Amendment Act, 2010.  It became effective on Thursday, September 1, 2011 – just in time for the Labor Day holiday, long weekend.

http://alfaradio.ca/Bill_16/2010ch23_unpr.pdf

The law is pretty harsh, and it specifically prohibits the transmission of electronic mail, electronic data, and text messages, while operating a vehicle; along with making calls, of course.  This shows that the law “can” sometimes, keep up with the speed of society and Social Media.

There are, however, use exceptions for emergencies and emergency personnel.

Additional restrictions and definitions will come in regulations, but for now, a special target is firmly in place on: reading or viewing printed materials; writing, printing or sketching; and engaging in personal grooming or hygiene.

For now, comments are mixed.

http://ca.news.yahoo.com/blogs/dailybrew/alberta-enacts-toughest-distracted-driving-law-north-america-164416727.html

Whether we see a Constitutional challenge for overbreadth under Section 1 (reasonable limits on rights) or Section 14 (equal protection and benefit of the law) under the Canadian Charter of Rights and Freedoms, remains to be seen.

Let’s wait for those Regulations!

This article does not constitute legal advice or create a Lawyer-Client relationship.


			

Introduction.

Hurricane Irene of late August, 2011, has come and gone, devastating the Eastern seaboard of the United States of America– especially Vermont and the Carolinas, and also causing damage in Quebec and the Canadian Maritime Provinces (Eastern Canada).[1]  As Hurricane Irene came at the start of hurricane season and shortly after the 5.8 magnitude earthquake of Tuesday, August 23, 2011, centered some 40 miles to the Northwest of the City of Richmond, in the State of Virginia,[2] this is as good a time as any to discuss and promote a more comprehensive approach to our collective Cybersecurity.  I will cover the specific topic of portable data security in another post.

In addition, 2011 has witnessed successful Cyber-hacks on notable businesses, national governments, and government agencies and departments that were thought to be tech-savvy, very well protected, and up to date in their Cybersecurity practices.[3]  However, we should distinguish the “hacktivists”[4] from the “covert snoops”[5] and from the “news-related snoops”;[6] even though they may all look and sound and feel the same, to the hacked.  In essence, we must all realize and always remember that “Destabilizing Data Disaster” (D3) can actually touch anyone, anytime, and as a result of almost any cause or event.  Fortunately, destabilizing need not mean or equal debilitating, if adequate, reasoned, directed planning and preparation have been done; as do BIRDS for the BEES.

BEES & BIRDS.

BEES:

Destabilizing Data Disaster (D3), can be caused by 3 (“three”) main event groupings and 5 (“five”) specific elements, under a “BEES” typology.  These are: (i) Breach Entries; (ii) Environmental, or Economic, or Exported Strictures; and (iii) Engineering Social.

(i) Breach Entries, are intentional intrusions that may or may not be targeted at data retrieval.  The breach factor, refers to the intentional circumvention or disabling of security protocols and barriers to entry.  Examples include denial of service, defacing after gaining administrator privileges, and physical removal, alteration, or destruction of critical hardware, software, or information.  This category also covers the actions of disgruntled employees or contractors; the actions of whom exceed their authority, occur outside the law, or appear to be lawful and legitimate but are done with malicious intent.

(ii)(a) Environmental Stricture, is defined as a compromised functionality due to an environmental event, be it flooding (such as with a swollen river), loss of power due to some weather-related incident (such as with a snowstorm that takes-down power lines), or extreme heat that compromises a power substation or transformer to the point of failure, where there is no backup power, or there is insufficient backup power, on hand.

(ii)(b) Economic Stricture, is defined as a compromised functionality due to an economic event, whether or not foreseeable, such as a bank foreclosure on one’s own premises and assets for non-payment of debt; a dispute with a critical vendor that has a delayed or immediate operational impact; being the subject of a legal injunction; or, being the target of any government action of a regulatory or enforcement nature, including but not limited to investigation or nationalization, with a delayed or immediate data operational impact.

(ii)(c) Exported Stricture, is defined as the impact suffered by the subject entity, when any or all of the other 4 (“four”) other BEES options here listed, befall a critical vendor, a critical customer, or a group of vendors or customers to the point of criticality, such that the stricture cascades in data impact and is exported one or more times along the chain.

(iii) Engineering Social, is defined as the tools and technologies that lure people into sharing or divulging critical access information, or otherwise personal or confidential information that can lead to access or identity theft, phishing, or data mining in the hands of a knowledgeable recipient with malicious intent.  The result can be a loss of secret, confidential, or otherwise proprietary information, which will certainly cause great embarrassment; which may bring legal action from aggrieved parties; and, which may ultimately need to be reported and publicly disclosed across multiple jurisdictions in accordance with then applicable data retention and protection laws.[7]

BIRDS.

As the BEES can occur and swarm in combination, the means to guard against them must be similarly flexible and comprehensive.  From my consultations with and work for corporations and executives in various jurisdictions, I have been able to use a variety of privacy impact assessments of events, reactions, advances in technique and technology, and adaptations, to devise a “BIRDS” Cybersecurity typology for dealing with the BEES.  Individual client circumstances will, however, vary, as the steps must be specifically tailored with additional, custom inputs.  In addition, a comprehensive Cybersecurity policy must be well-structured, well entrenched, well managed, and actively monitored with comprehensive follow-up, in order to have optimum results.  This general scheme, below, though, should get the appropriate Cybersecurity professionals, employees, and managers with budgetary authority, all on the right train of thought, and at the same time.

The 5 (“five”) below points must be taken and comprehensively assessed and addressed in the order that best fits the entity, in light of its then current position, its future plans, and other custom metrics and analyses beyond the scope of this basic introduction.  Presented here simply in the order that gives them their name, these points, are:

Point 1: “Backup and hardening”, mean it is vital to ensure that any data farm always has an adequate system for emergency power and management, and offsite data backup.  Remote operation and re-boot, as well as using cloud technologies, may be considered.

Point 2: “Imperatives of full compliance with law”, should be paramount for the entity concerned.  There may be legal and regulatory requirements specific to the industry (such as data retention and protection laws), there may be industry or professional standards or best practices that have the force of law (such as with self-regulatory professional and licensing bodies), or, there may be specific requirements related to investigations or legal proceedings (such as for search warrants and document production in Discovery), or in relation to specific corporate events (as with due diligence on a merger or acquisition).

Point 3: “Rights of verification and correction”, for the data gathered, data held, and data that must or may be disclosed, should be specifically assigned and well-known across the entity.  To the extent prescribed by law in the applicable jurisdiction, the persons on whom and on behalf of whom the data is held, may also have a right to verify and correct.

Point 4: “Data integrity”, as a mandate, makes it similarly vital to follow industry best practices to the extent that they exist, and ensure that all employees know them and are trained to stay up to date (which may give some protection against legal claims, and perhaps, a reduction in premiums from insurers).[8]  This point also involves having, using, and maintaining reliable systems and protocols for input management regarding the data, intrusion prevention and detection, incident management, and then following-up to push through the requisite improvements in policies and procedures from lessons learned.

Point 5: “Site and System access protocols”, should, likewise be paramount for the entity.  Passwords, became pass keys, then combinations and security tokens,[9] and now, the field is being populated by an ever-expanding array of biometric applications.  Here, again, it is important to know the local law of the applicable jurisdiction.  In Canada, for example, certain occupations and procedures can mandate a Certified Criminal Record Check.[10]  In all cases, it remains vitally important for an entity to control who has access to the data system and from where.  Staggered edit authorities and segregated levels of both physical area access and system and subsystem access, are and will ever remain, highly advisable.

Summary.

The writing is on the wall, and everyone, as data consumer, handler, and producer, should take personal data security and the collective Cybersecurity, very seriously; especially as we see that top corporations and governments with access to significant technical talent and financing, have been and continue to be, hacked on an alarmingly frequent basis.  The above, however, are some steps and “BIRDS” that any entity may take in hand, alone, or a group of entities or industry may take in hand together, as a “flock”, in order to guard against “Destabilizing Data Disaster” (D3), and to hold off and discourage those troubling swarms of “BEES” gathering, ominously, on the horizon – at least for a time.

Author:

Ekundayo George is a Lawyer and Strategic Consultant.  He is a published author in Environmental Law and Policy; licensed to practice law in multiple states of the United States of America, as well as Ontario, Canada; and has over a decade of solid legal experience in business law and counseling, diverse litigation, and regulatory practice.

Hyperlinks to external sites are provided as a courtesy and convenience, only, and no warranty is made or responsibility assumed for their content, accuracy, or availability.

This article does not constitute legal advice or create any lawyer-client relationship.


[3]http://www.bbc.co.uk/news/technology-13686141 (“A Brief History of Hacking”).

[4] Id.

[5]http://www.upi.com/Top_News/World-News/2011/02/17/Canadian-government-computers-hacked/UPI-21551297945502/ (Government of Canada suffers major hack attack); http://www.bbc.co.uk/news/technology-13626104 (Top United States Government employees and private sector company executives suffer email hacks).

[6]http://www.bbc.co.uk/news/uk-14685622 (Public figures in theUnited Kingdom suffer from the intentional hacking of their voicemails).

[7] Many jurisdictions operate under highly complex webs of privacy and data retention laws and regulations covering such areas as: banking information, health information, law enforcement and national security, employment-related information, tax information, electoral rolls, and so forth.  It is important to know the laws of the jurisdiction or jurisdictions within which one operates, or more frequently nowadays – “is deemed to be operating”.  You should always consult competent local legal counsel for specific guidance that is pertinent to your situation, and the facts.

[8] Numerous industries in North America, Canada, and Europe, have specific industry groups – and lobbyists – that enable the meeting of stakeholders and governments on a regular basis to formulate best practices, establish limits on liability, and otherwise shape applicable legislation and regulations in a way that protects the consumer, provides a degree of legal certainty, and enables the industry to thrive by ensuring direct participants that a given level of risk-taking will not be unduly thwarted, and ensuing investors that their investments will be both protected and rewarded.

One example of a health and safety standard is the concept of ALARA (“As Low As Reasonably Achievable”), which received a detailed analysis at the United States Supreme Court, in the case of Silkwood v. Kerr-McGee, 464 U.S. 238 (1984), in reference to workplace radiation exposure in the nuclear energy field.  The concept has since been adopted across other industries using radioisotopes, such as the medical field (See, for example the Health Canada Guidelines on using diagnostic ultrasound): http://www.hc-sc.gc.ca/ewh-semt/pubs/radiation/01hecs-secs255/rec-eng.php

The concept is also used, as modified, in the field of health and safety in the United Kingdom, where it is termed “As Low as Reasonably Practicable” (ALARP) http://www.hse.gov.uk/risk/theory/alarp.htm, or “So Far as Is Reasonably Practicable” (SFAIRP).  The two are often used interchangeably http://www.hse.gov.uk/risk/theory/alarpglance.htm

Similarly, in a Report published on June 8, 2011, the Internet Policy Task Force of the United States Department of Commerce proposed best practices for the Internet, that, if followed, would reduce an entity’s Cybersecurity insurance premiums due.  That report is available at: http://www.nist.gov/itl/upload/Cybersecurity_GreenPaper_FinalVersion.pdf

Additional background on the thinking behind this initiative, can be found here http://www.darkreading.com/cloud-security/167901092/security/security-management/230500089/commerce-department-proposes-voluntary-security-best-practices-for-businesses.html

[9] Of note, is the embarrassing fact that a purveyor of security tokens used to protect banking and corporate network access, was recently hacked http://www.bbc.co.uk/news/technology-12784491 (“Hackers tackle secure ID tokens”).

[10]http://www.rcmp-grc.gc.ca/cr-cj/fing-empr2-eng.htm (Background information on the Certified Criminal Record Check procedure, from the Royal Canadian Mounted Police (RCMP)).

%d bloggers like this: