Thursday, June 23, 2016

HOW TO "READ" THE ECONOMIST MAGAZINE





My full-time job is that of a security consultant, but I am also a hobbyist student of geopolitics.  My favorite (or is that favourite) publication in this regard is The Economist published weekly.  Unfortunately due to my consulting work along with other personal and professional obligations I often don't have the opportunity to really "read" the magazine from cover-to-cover.  But, rather than place the magazine on my notorious "to be read" stack, I have established a technique I'd like to share on how I can take some quality time to glean the contents of the magazine and at least add quickly to my geopolitical knowledge.
PHASE I:  THE CONTENTS (~ Page 5)
When I receive the magazine the first section I turn to is Contents.  Here I read the different titles of the articles but I'm especially sure to read the side-boxes (see below) since they offer a good sense of the themes covered in this week's issue.
Figure 1 - Read the Boxes
PHASE II:  THE WORLD THIS WEEK (~ Pages 8-10)
This is the most interesting and most effective part of my time with The Economist.  On these three pages, I get to view and digest the weekly cartoon and then get a good flavor of the world's news that I certainly don't obtain from the US television or newspapers.  For instance, in this week's issue, there is news from Nigeria, Kenya, Ethiopia, Bahrain, Indonesia, Bangladesh besides the "normal" news sources of the US political scene, China, Paris and of course the UK.
PHASE III: LEADERS (~ Pages 13-17)
This part of the magazine is my favorite.  Here you can gain a sense of the pros/cons, plusses/minuses of the issues raised by the editors of the magazine.  I especially like the coverage of these editorial comments since they cover most of the world and, again, are not focused on the US.  Yes, there are comments on US politics (e.g., the 2016 election, Orlando, etc.) but the other editorial coverage is in areas that I am not familiar or often exposed.  
PHASE IV:  SKIMMING THE PAGES 
Finally, during my 15 minutes of quality time with the magazine, I'll skim through the different sections usually pausing on some of the editorials, reviewing any graphics/maps, and speeding through the different text boxes.
Of course, if I'm ready to get on a plane or have some added time then I'll be sure to read the magazine in more depth but my focal points will generally begin with my four phases above.
CONCLUSION
If you don't already subscribe to The EconomistI'd highly recommend you do.  You'll find that the view offered is so much more superior than US television and is more portable than my other favorite reads The New York Times or Washington Post.


Monday, May 23, 2016

Earthquake Risk and US Highway Infrastructure

Thanks to our friends at the Federation of American Scientists (FAS) a recent Congressional Research Service report entitled Earthquake Risk and U.S. Highway Infrastructure: Frequently Asked Questions was posted.  This 11-page report is an excellent overview of the current state of natural and man-made (read - "Fracking") earthquake impact on the US highway system.



Two figures in the report are very telling as to the concentration of earthquakes and implications on "Shaking expected for Tall Structures Like Bridges" (below)...


as well as a graphic showing the chance of human-induced and natural earthquakes.  (Look at the concentration around Oklahoma presumably due to Fracking.)


Key Comments in the Report

The report approaches these issues in a FAQ approach...so, here are some quick highlights:

Q:  What Are the Components of Seismic Risk?

A:  Seismic risk to a highway system is determined by three factors:

  • Likelihood of seismic events of varying magnitudes, and related physical events, often referred to as the hazard;
  • Vulnerability of highway structures to damage from such events; and
  • Potential consequences of that vulnerability (e.g., lives lost, economic disruption, etc.)
Q: How Vulnerable Is the U.S. Highway System?

A:  "No national database exists on the seismic design and retrofit status of highway system components; thus, a perspective on vulnerability at the national level is unavailable.  However, many states with large seismic hazards have compiled data on the vulnerability of highway components within their borders..."

Q:  How Vulnerable are Highway Bridges?

A: Basically many of the most vulnerable older bridges -- particularly in the West Coast States -- have been retrofitted to improve seismic resilience; however, many older bridges (around 13,000) in the New Madrid seismic zone (AR, IL, IN, KY, MO, MS, TN) have not been retrofitted.

Q: How Costly is Retrofitting Highway Infrastructure?

A:  Because no national data exist on the status of retrofitting existing highway bridges or other infrastructure (e.g.,tunnels, highway systems), no national estimates exist.  


Conclusion

If you are involved in transportation policy or a student of infrastructure, this is a useful starting point to give you a sense of the daunting task of improving the resilience of highway structures against earthquakes.


Thursday, May 19, 2016

"The Business of Hacking" -- Recommended Reading for CEOs, Boards of Directors, Governance Leadership

What is your view of the "hacking community?"  Is it one of masked computer operators working in a darkened room or that of a white-coated laboratory technician?  Well, your views of the hackers working on new products and "services" to steal your information may be substantially changed after your read the most recent document from Hewlett Packard Enterprise entitled The Business of Hacking:  Business Innovation Meets the Business of Hacking.

http://www8.hp.com/us/en/software-solutions/hacking-report/index.html?jumpid=va_gpnq3t2xdw  
This document is an easy and compelling read for Chief Executive Officers, Chief Information Officers, Boards of Directors, Risk Analysts and cyber security students.  The article does an excellent job giving a straight-forward discussion regarding the "reality" of the cybercrime community and their "business models."

The HP whitepaper does a nice job clearly identifying "who" the "Bad Guys" are with a simple chart (shown below):


This is extremely helpful to those trying to understand cybercrime and cyber "hacking" because it shows there are different types of hackers with different motivations and capabilities.

The article almost reads like a Gartner report with a "Magic Quadrant" depiction of where the attackers are working relative to Payout and Effort/Risk to their "business."  The quadrant analysis is shown below:


Although the report doesn't go into details on how organized cyber crime is used by Nation-States, analysis has shown that some countries may be using organized cyber crime to do their cyber attacks thus giving the Nation-State the ability to offer "plausible deniability."

Finally, this report will reinforce to the CEO's, et al that the cyber crime business is just that...a business...where the hackers want to maximize profit and minimize risk...where the hackers need to do research and development and they need to have a finance minister to run their economic shop.

On a parenthetical note, in 2006 I wrote Chapter 1A, "Cybercrime's Impact on Information Security,"  in Cybercrime & Security edited by Pauline C. Reich.  In my article I discussed cybercrime as a business -- albeit nefarious - but with a CEO, COO, HR manager, VP of R&D, CFO, etc. and that their motives are focused on "....profit maximization and risk management..."

Key Take-Aways

This white paper from HP is a great educational piece to get to your Board of Directors, CEO, COO, CFO, CIO and cyber security students who need to realize that one way to hamper cyber crime is to alter the criminal's business operations .... raise their expenses and increase their risk.

###







Thursday, April 14, 2016

WEBINAR: Climate-Resilient Infrastructure -- 28 April 2016

Greetings!

I've been rather swamped with a major project for the past few months so my Blog has been pretty quiet.  Anyway, I want to pass along this one Webinar my fellow infrastructure colleagues may be interested.

WEBINAR:  NEW APPROACHES TO CLIMATE-RESILIENT INFRASTRUCTURE

LINK:  http://uweoconnect.extn.washington.edu/public_mipm/ 

WHEN:  THURSDAY, APRIL 28, 2016, 11:00 AM TO NOON PACIFIC DAYLIGHT TIME (GMT-7)

This FREE webinar will feature a panel of experts on infrastructure planning and climate change discussing new approaches to planning climate-resilient infrastructure.  The topics to be covered include:

  • How climate change affects infrastructure
  • How planners can respond to climate change by planning integrated and resilient infrastructure
  • Principles for re-thinking how we invest in infrastructure
  • How US Federal Agencies are adapting this approach to their grants and disaster relief programs, including information on the Federal Emergency Management Agency (FEMA) National Resilience Challenge and the US Housing and Urban Development (HUD) Disaster Resilience Competition
Hosts:
Ms. Jill Sterrett, FAICP, Affiliate Instructor,  Department of Urban Design and Planning, University of Washington, Seattle, WA  USA

Mr. Rhys Roth, Faculty and Director of the Center for Sustainable Infrastructure, Evergreen State College, Olympia, WA USA

Mr. Steve Moddemeyer, Principal, CollinsWoerman Architects, Seattle, WA USA

Thursday, February 11, 2016

A View of the World's Infrastructure -- PBS Video "Humanity from Space"

I have been a student of global infrastructure for many years and even completed my Masters in Infrastructure Planning and Management from the University of Washington, Seattle, USA this past year.  This week I happened to view an absolutely fascinating video on the US Public Broadcasting System (PBS) called Humanity from Space.

http://www.pbs.org/program/humanity-from-space/ 
This video offers a terrific view of global infrastructure expansion and development from the early days of mankind up to the future views of expanded renewable energy, communications networks, highways, transportation, etc.

From the PBS page, here is a broader description of the video:



You can view the entire video at:  http://www.pbs.org/video/2365530573/

You may also be able to locate it on other alternative options such as Roku, Netflix, Amazon Prime.

Anyway, take time to view this phenomenal film....the graphics are thought provoking and the music is from one of my favorite composers, Thomas Bergersen/Two Steps from Hell.

Cheers!

###


Monday, February 8, 2016

ONE OF FEW IN THE WORLD – MASTERS IN INFRASTRUCTURE PLANNING AND MANAGEMENT


As I began writing this blog post the World Economic Forum (WEF) annual meeting in Davos, Switzerland is in progress.  In conjunction with this major meeting the WEF also produces its Global Risks Report.  One section of the report – shown below – is entitled “Global Risks of Highest Concern for Doing Business.”





As you look at this list, the eighth most important risk of concern is “Failure of Critical Infrastructure.” 

Wow, that is very disconcerting and it is important that critical infrastructure issues be addressed to help mitigate and alleviate these risks.  But even as you think about it, global infrastructure is strained even with issues #1 through #7 (and #9, of course).

But how?

Masters of Infrastructure Planning and Management


In August 2015 I successfully completed the Master’s Degree in Infrastructure Planning and Management at the University of Washington, Seattle, Washington USA.  This program – entirely online, so you can take classes literally around the globe in various time zones – provided fantastic exposure to me as an infrastructure security professional on ways to manage and protect vital infrastructure systems from natural and man made threats.  The program curriculum is included below.



Figure 2 http://www.infrastructure-management.uw.edu/overview/courses/

And as you can observe, the courses train the students on such fundamental topics as risk management, geographic information systems (GIS), and strategic planning.  The core courses include “soup to nuts” reviews of different infrastructure sectors such as energy, water, food, transportation, emergency management and public health.

At the end of the two-year program I believe you can be an adept contributor to critical infrastructure planning and management at the local, regional, national or international level.

By the way, the instructors are also accomplished, practical professionals in their areas.  For instance the infrastructure finance professor studied under Nobel Laureates at the University of California.  The instructors teaching the energy courses work for the regional utility in Seattle, and the public health professor is a physician with almost 40 year’s experience in international public health management.

Overall, the instructors “…really know their stuff…” from a practical, hand-on perspective and after a quarter with each one of them you have not only learned the details of the sector but you also know where to look for more information – a key value to me as a critical infrastructure protection professional.

Graduates and their Stories


Some of my fellow classmates have done very well with their MIPM credentials.  One grad continued in the Business Continuity/Planning space for a major health insurance provider and is now the Global Emergency Preparedness manager for a major, US West Coast university.  Another classmate continues as a Lieutenant Colonel in the Army with expanded awareness of global infrastructure issues.  A third classmate is in a local city public utility doing planning work.

How Can I Get More Information?  Where Do I Sign Up?

If you want more details I’d first suggest you visit the University of Washington Master in Infrastructure Planning and Management web page.

Be sure to review the Admissions requirements and the Costs/Financial Aid page.  Overall, you’ll see that the entrance requirements are certainly those of a Top Tier University but within reason for the working professional.  Some of my classmates had their tuition covered by the GI Bill and my company reimbursed me for my courses.

Of note, each cohort starts at the end of September each year and the Application Deadline is June 1st.

Unique Training – Unique Opportunity


As the faculty and students can attest, this is one of the very few programs in the world offering Masters-level training on infrastructure planning and management.  And, it is ONLINE so you don’t need to attend classes and – as a working professional – I can tell you that class assignments can be completed even if you are on the road multiple time zones away from Seattle.

So, here are the key Links…..and remember, the Application Deadline is June 1st.

·         PROGRAM OVERVIEW: http://www.infrastructure-management.uw.edu/

·         CURRICULUM:                  http://www.infrastructure-management.uw.edu/overview/courses/

·         FACULTY:                            http://www.infrastructure-management.uw.edu/overview/faculty/

·         ADMISSIONS:                    http://www.infrastructure-management.uw.edu/admissions/

·         FINANCES:                          http://www.infrastructure-management.uw.edu/costs/

·         ONLINE LEARNING:         http://www.infrastructure-management.uw.edu/overview/onlinelearning/

###

Tuesday, February 2, 2016

Plan of Attack: Studying for the ASIS Physical Security Professional (PSP) Certification Test

I recently sat for the ASIS Physical Security Professional (PSP) certification exam.  The test is about 125 questions and you are allotted about three hours to complete the test at a testing facility (e.g., Prometrics).

This Blog is intended to offer a Plan of Attack on how to study for the exam; however, according to the rules of engagement, I am not permitted to offer example/actual questions, answers, etc.  Instead, this Blog is really a "How To" prepare for the test using a process I developed after searching the Internet and reviewing any ASIS resources that could offer ideas.

Be sure you take a look at the ASIS Board Certification Handbook as you prepare for this journey.

STEP 1: ASSEMBLE ALL RESOURCES


Collect/assemble all your resources to study for the test.  The first set of resources is listed on the ASIS site here.

These documents include:

* One book not listed but is HIGHLY RECOMMENDED is the ASIS book, Protection of Assets - Physical Security.  Yes, the PSP Reference does contain some repetitive information from the actual POA -- and you need the PSP Reference due to the chapter on high rise security -- the actual POA is and imperative read as you prepare for the test.

STEP 2: OUTLINE THE ASIS GUIDELINES


This first step will help you to gain a broad view of where your studying will take you.  By simply reading the Guidelines and outlining the various sections -- even just handwriting down the different sections/subsections in order -- you'll get a chance to see the flow of the organization of what is included in Physical Security.

In my case I did my outline in Microsoft PowerPoint with the slides highlighting the key concepts for each section/subsection.  (NOTE:  These outline PPT decks will be useful for review).

From these Guidelines I'd suggest you memorize the Business Continuity process flow first shown on page 10 of the ASIS Business Continuity Guideline and shown below:

BCP Process flow

STEP 3: START READING, OUTLINING, REVIEWING


This is now where the real work starts.  But, with the background you already have with the above outlining efforts and your own professional experience, this will be time-consuming but not daunting.

There is no right/wrong way to proceed but I essentially did the following steps on my reading:

NOTE:  
If you have little or no practical field experience in the Physical Security space, take time to read and outline Introduction to Security,  This is the first thing you'll need to do to get a solid foundation for your studying.  Otherwise, if you have considerable physical and cyber security experience you can "jump into the pool" and start with the reading/studying list below:

Page 4, Design and Evaluation of Physical Protection Systems

  • Fourth:  Read and study Implementing Physical Protection Systems: A Practical Guide,  Be sure you understand the six phases of PPS life cycle planning and what goes into each one of the phases.  Overall this is a very helpful book in your future life as a security project manager and the words of wisdom offered by David Peterson are very helpful.
  • Fifth:  Read and study Effective Physical Security,  Each chapter offers a wealth of information on various technical topics you've already learned in the POA above and in Mary Lynn Garcia's work.  This book is also great for quick reference when you need a few more details when studying on such topics as locks, lighting, etc.
  • Sixth:  Read the remaining references in any order.  

STEP 4:  START STUDYING, MEMORIZING, LEARNING, REINFORCING


Now comes the truly hard work.  Each of us have our own way of learning, but below I'll offer my own approach.

Each one of the books above I outlined the chapters using PowerPoint -- the same way I outlined the Guidelines.

Some people prefer to use Flash Cards; however, a wonderful and FREE system you can use is an online application called Quizlet.  Be sure to set up a FREE account and then conduct a search for any Quizes prepared for the PSP.  I located about four and also built a few myself -- which is great! 

 

You can use Quizlet to display Flashcards, develop tests (multiple choice, fill in the blank, match) and even play games using "Scatter" and "Gravity."  

Quizlet really helped me with Flashcard preparation (yes, you can print them) and took the boredom out of the review process.

WHAT ABOUT OTHER PSP TEST PREPARATION OPPORTUNITIES?


Be sure to check the ASIS website and your own local chapter to see if they are offering any PSP study groups.  Unfortunately, I was not able to participate in any.

GENERAL GUIDELINES


Here are some general guidelines to consider when preparing for the test:

1) Don't CRAM and expect to pass the test.  There is too much information.

2) Draw every diagram you see at least once.
3) Prepare a plan (like the above) and build upon what you are learning.  For instance, when reading a specific topic in the Protection of Assets - Physical Security -- e.g., Lighting -- then also read the section on Lighting in the Effective Physical Security, to complement and augment what you just learned.

4) Know your terms but also know the contents of the practical discussions in Garcia's and Fennelly's books -- as well as both POA references.

5) Get a good night's rest the night before the exam.  Review your outlines the day of the test and go for it!

GOOD LUCK!!