January 2011
| 
|
Thanks to our Gold-Level Corporate Patron
|
|
Need Your Own Copy of The Risk Communicator?
|
|
Write for Us
|
| Have you seen a story you would
like to see included in The Risk Communicator? Do you have a research project you want to share with your colleagues? If so, please contact
the newsletter staff at newsletter@sarma.org. |
Legal Matters
| Copyright 2011
SARMA
All Rights Reserved
Privacy Policy
The views expressed in The Risk Communicator reflect the views of their authors, and do not neccesarily reflect the views of SARMA, the US Government or the employers or clients of the contributors.
|
|
|
President's Corner
|
| |
Dear Fellow SARMA Members,
Happy New Year to one and all -- I hope this issue of The Risk Communicator finds you warm, dry and looking forward to great things in 2011!
Remember that old saying, "out with the old, in with the new"? It certainly seems appropriate as we enter 2011 to the news that the U.S. Department of Homeland Security (DHS) is scrapping its Homeland Security Advisory System (HSAS) -- those color-coded alerts that seemed to be ever present. The new system, to be phased in over the next three months, is the result of recommendations from a bipartisan task force formed by DHS Secretary Janet Napolitano in mid-2009. The new advisory system will be known as the National Terrorism Advisory System (NTAS). Alerts issued under NTAS will be based on a specific or credible threat, and will include information about the threat, actions being taken by the authorities, and recommendations for steps the public should take. Importantly, each alert will also have a specific end date.
Just as DHS continues to review and enhance its approaches to security risk management, so too does SARMA. Some of the many exciting things we are working on for 2011 include:
- Laying the groundwork for SARMA's 5th Annual Conference. This year's conference will feature the theme: Security Risk 10 Years After 9/11: How Far Have We Come? The conference will be subdivided into approximately half a dozen tracks that explore definable elements of this theme, and SARMA is encouraging its members and others in the security analysis and risk management community to send us their ideas for track subjects, as well as for individual presentations. To submit your ideas, please email the Conference Team at conference@sarma.org. SARMA is also in the final stages of locking down a venue and date for the conference, but it appears likely that this will again be in the fall at a location in Northern Virginia. We will make the date and venue public within the next few weeks.
- Revising and enhancing the SARMA website and SARMApedia. Building on the success of SARMA's LinkedIn Group page, we have launched a comprehensive review of the features offered through our website, with the aim of enhancing its value and utility to the Association, its members, and our guests. Among the planned enhancements are a new online forum that will provide enhanced opportunities for dialogue among SARMA members and non-members alike. Also planned are links with Amazon.com that will improve the ability to find and purchase reputable source material on security analysis and risk management topics, and even publish works of your own. Likewise, a thorough refresh of the SARMApedia is underway, and we are also examining ways to enhance the visibility of the SARMA domain name on the Internet.
- Operationalizing the SARMA Strategic Plan. With the approval late last year of the Association's first Strategic Plan, we are now exploring new ways to empower our Committees to implement the identified goals and objectives. At our January Officers & Committee Chairs meeting, each Committee Chair was asked to develop a business plan for the year with projects that further one or more of the Strategic Plan's goals and objectives. These business plans will be finalized at our quarterly Board meeting in February. To that end, we are also continuing the search for individuals to lead two of these key Committees: Conferences & Events and Membership & Outreach. If you or someone you know would be interested in learning more, please contact the Nominating Committee at nominations@sarma.org.
- Continuing to grow and mature the profession. One of SARMA's foundational principles is seeking to ensure appropriate educational opportunities for those currently in the profession or considering it as career path. To that end, our University Programs Committee has begun an aggressive effort to revitalize the Association's relationships with security risk management programs at Penn State University and elsewhere. In addition, SARMA's Training & Certification Committee is providing subject matter expertise to George Mason University in furtherance of the development of a critical infrastructure protection risk management course for DHS. More to follow on these exciting efforts in the future!
- Enhancing the Association's publication efforts. While The Risk Communicator continues to be a great success as our primary outreach vehicle, we are also looking at ways to expand our publishing efforts. To that end, our Publications Committee is currently laying the groundwork for publishing a conference monograph in association with the 5th Annual Conference, as well as considering how to launch an official SARMA journal.
I hope you will agree that these are exciting times -- but more importantly, that you will also look for ways to become involved in making these efforts even more successful! I also know that I am joined by my colleagues, John Paczkowski (Executive Vice President) and Ken Knox (Secretary), in saying that it is a distinct honor and privilege to have been chosen by the SARMA Board of Directors to serve this great organization for another term.
My best,
Kerry
Kerry L. Thomas
President
|
News
| | |
SARMA is Amazon Business Partner
Need new reading material? Seeking the latest works on homeland security and risk management?
SARMA now provides an online store which highlights books recommended by SARMA members as well as specially-selected categories for "Homeland Security" and "Risk Management" to make it easy to find the latest materials on the market.
As an added benefit, any purchases made from Amazon.com through the website provides a benefit to SARMA as a non-profit association, helping to keep our web site, resources and conferences running.
Visit the store here.
|
Program Update
| | |
DHS Leads the Way on Integrated Risk Management
By Bob Kolasky
In the past year, the U.S. Department of Homeland Security (DHS) has responded to a number of threats and hazards, ranging from the failed attempt by terrorists to ship explosives via cargo planes, to numerous cyber attacks, an assortment of severe weather and the oil spill in the Gulf of Mexico. These episodes illustrate just how broad, complex and full of uncertainty the homeland security mission space can be.
Further complicating this mission space is the distribution of homeland security responsibilities across public and private entities, from federal, state, local, tribal, and territorial governments, to volunteer and private sector organizations. With limited resources, it is often a challenge to prioritize homeland security hazards and identify the best strategies and countermeasures to address them. In spite of these challenges, homeland security policy decisions must be made, capabilities developed, and assets applied. The question therefore is: how can we do a smarter and better job of protecting our homeland with limited resources across this vast and complex mission space?
The risk management community knows that one answer to this question is effective and integrated risk management, which has helped industry and government agencies to effectively assess and address the frequency and impact of potentially negative events. For years, members of the homeland security enterprise have tried to determine the best way to manage risks. As stated in the 2010 Quadrennial Homeland Security Review, "ultimately, homeland security is about effectively managing risks to the nation's security." By using a structured approach for identifying risks, making decisions, and monitoring effects, these homeland security partners are better able to identify resilient strategies that reduce the likelihood of a significant incident occurring, minimize system-wide and societal vulnerabilities, and mitigate the consequences of any events that may occur.
But effective risk management cannot be conducted in stove pipes. This is why Homeland Security Secretary Napolitano signed a DHS Policy for Integrated Risk Management policy in May 2010. Similar to enterprise risk management, Integrated Risk Management (IRM) is a structured approach that enables the distribution and employment of shared risk information and analysis and the synchronization of independent yet complementary risk management strategies to unify efforts across the enterprise. The goal of this policy is for DHS to work with its partners to use IRM as an approach to address the uncertainty inherent in this complex mission space, and help make the tough decisions necessary to keep the nation resilient and secure with limited resources. The policy is based on the premise that partnerships can enable the most effective risk management.
Per the policy, DHS will achieve IRM by:
- Incorporating the DHS Risk Management Process (see below graphic) into the overall mission and management of the Department;
- Using risk information and analysis to make its assumptions more transparent, encourage creative thinking, and provide defensible decisions for the best achievable outcomes;
- Developing methodologies where appropriate to determine the extent to which DHS programs and activities manage and reduce risk to the nation;
- Using a unified approach to managing risks in conjunction with all homeland security enterprise partners.
Promoting the adoption and development of integrated risk management is the DHS Office of Risk Management and Analysis (RMA), located within the DHS National Protection and Programs Directorate (NPPD). Founded in April 2007 and led by Director Tina Gabbrielli, RMA is tasked with leading "the Department's efforts to establish a common framework to address the overall management and analysis of homeland security risk." As the Department lead on risk management, RMA advances the practice of integrated risk management and its application to homeland security by providing tools, training and technical assistance to a variety of partners across the homeland security enterprise.
RMA conducts outreach to state and local governments, fusion centers, law enforcement entities and first responders to ensure they have the risk management tools, resources and information they need to do their jobs better and make our nation more resilient. Since all organizations are different, the guidance and assistance provided by RMA can be modified to meet the specific needs of each entity:
- Federal Analytic Staff: RMA has highly skilled staff representing a range of technical and policy disciplines, including mathematics, operational research, economics, and political science;
- Computation and Modeling Tools: RMA has in house computation and modeling software tools for conducting high-quality, tailored risk and decision analysis;
- Training: RMA is equipped to provide training on a variety of risk management and analysis topics, in addition to providing recommendations on available training resources;
- Risk Data: RMA has compiled a number of risk data sets and can help access other information sources.
Because managing homeland security risks depends on a concerted, unified effort from a diverse set of organizations, DHS has established a Department-level Risk Steering Committee (RSC) that serves as the primary body for risk governance and provides a forum for all DHS Components to discuss and advance integrated risk management. The RSC has published a number of guidance documents to assist partners in conducting defensible, coordinated risk analysis, including the DHS Risk Lexicon (2010) and Risk Management Guidelines. The DHS Risk Lexicon, which contains 123 terms related to the practice of homeland security risk management, improves communications, understanding, and information exchange among homeland security partners.
In addition to providing assistance to partners, RMA also conducts its own risk assessments and develops new analysis methodologies for application to the homeland security mission. A flagship product of RMA is the Risk Assessment Process for Informed Decision-making (RAPID), a quantitative multi-hazard assessment of risk designed to provide information to Department leadership on homeland security risks and the risk reduced by homeland security programs in support of policy and resource allocation decisions.
At its core, RAPID is a probabilistic risk assessment that examines how programs across the Department work together to manage anticipated risks associated with the top-priority DHS strategic goals and objectives, ensuring that future resources allocated to DHS programs are influenced by the programs' risk-reduction values. RAPID currently covers 12 hazard types and more than 30 DHS high-level programs. In 2009, RAPID was launched as a full-scale strategic risk assessment with production quality decision support, and its results were used in the FY 2012-2016 DHS budget planning process.
In addition to RAPID, RMA has developed a number of methodologies to address specific homeland security challenges. Notably, RMA leads the assessment of risk to special events nationwide. Using a multi-hazard methodology that takes into account attendance and specific vulnerabilities of the venue, RMA helps assign relative risk scores to over 8000 special events annually. These risk scores are used by federal law enforcement agencies to determine the allocation of security resources for each event. At a more strategic level, RMA has also developed a methodology for conducting national level risk assessments to provide a comparative assessment of homeland security risks to our national strategic interests.
Collectively, RMA's efforts promote a more integrated approach to risk management for DHS and the broader homeland security enterprise. In a world of ever-evolving threats and limited resources, integrated risk management is a vital tool that can assist homeland security practitioners on how best to allocate those limited resources to best protect our nation. RMA will continue to work to enable the effective management of risk by the homeland security enterprise in order to make the nation safer and more resilient.
Bob Kolasky is Assistant Director, Risk Governance and Support, Department of Homeland Security. This essay was originally published by the Public Entity Risk Institute (www.riskinstitute.org).
|
Key Reports
|
| |
NCHRP: A Guide to Emergency Response Planning at State Transportation Agencies
A new report from the National Cooperative Highway Research Program provides a "program-level review of the all-hazards approach to emergency management" and"guidance on organizational, staffing, and position decisions; decision-making sequences; [and] a full emergency response matrix.
Get the report
Trust for America's Health: Ready or Not 2010
A new report finds an "emergency for emergency health preparedness in the United States" and that "severe budget cuts by federal, state, and local governments are leaving public health departments understaffed and without the basic capabilities required to respond to crises."
Get the report
GAO: Employment Verification
A new report from the Government Accountability Office finds improvement in the administration of the E-Verify program and a reduction in erroneous tentative nonconfirmations but notes that it "remains vulnerable to identity theft and employer fraud."
Get the report
NYPD: Active Shooter: Recommendations and Analysis for Risk Mitigation
A new report examines 281 active shooter events organized by type of facility targeted -- e.g. warehouses,schools and office buildings -- and offers a list of detailed response recommendations.
Get the report
|
Jobs
|
| ABS Consulting: Senior Cyber Security Consultant
ABS Consulting is seeking seeking qualified individuals to provide chemical security analyses of vulnerability assessments and security plans for chemical facilities regulated by the Department of Homeland Security.
View the notice
ABS Consulting: Senior Chemical Security Consultant
ABS Consulting is seeking qualified individuals to provide chemical security analyses of vulnerability assessments and security plans for chemical facilities regulated by the Department of Homeland Security.
View the notice
ABS Consulting: Chemical Facility Security Consultant
ABS Consulting is seeking talented individuals to provide physical security, chemical security, and/or cyber security analyses of vulnerability assessments and security plans for chemical facilities regulated by the Department of Homeland Security.
View the notice
ABS Consulting: Senior Physical Security Consultant
ABS Consulting is seeking qualified individuals to provide physical security analyses of vulnerability assessments and security plans for chemical facilities regulated by the Department of Homeland Security.
View the notice
NMR Consulting: Senior Risk Officer
NMR Consulting is seeking candidates for a position responsible for developing and managing a risk management program in support of a large government contract involving infrastructure upgrades and enhancements at Ft. Meade, Maryland.
View the notice
NMR Consulting: Senior Risk Officer
NMR Consulting is seeking candidates for a position responsible for moving a project from Northern Virginia to the Ft. Meade, Maryland area. The successful applicant may also support efforts on other contracts.
View the notice
SRA: Security Risk Analyst Position
SRA International Inc. is seeking candidates for a security risk analyst position. The successful candidate will use their experience to plan, organize and carry out analytical studies of complex security risk management problems, as well as plan and implement potential technical or programmatic solutions to those problems.
View the notice
Corporate Security Analyst Position in Switzerland
SMR Group, an international executive search firm whose global practice is focused exclusively on professional- and executive-level corporate security positions, is seeking candidates for the position of Corporate Security Analyst, located in Switzerland. The Corporate Security Analyst will be responsible for protecting business operations and associates throughout the organization from external threats by the collection, analysis and dissemination of strategic and tactical threat assessments, and production of both analytical and intelligence products designed to support investigations and protective security operations.
View the notice
Risk Analyst Position With Centra Technology
Arlington, VA-based CENTRA Technology, Inc. is seeking talented professionals to provide technical and national security analysis for the U.S. Government, especially in the area of homeland security risk analysis. Successful candidates will perform security risk analysis; threat, vulnerability, and consequence analysis supporting risk analysis; and security risk management. They also will develop, assess, document, institutionalize, and apply risk management processes and methodologies to inform policy and programmatic decisions.
View the notice
|
|
|
|
|
