The Risk Communicator: August 2007 EditionWelcome to the Risk Communicator, SARMA's newsletter for information, trends and issues of concern to security analysis and risk management professionals. This complimentary news service is distributed every other month. Please feel free to share this e-mail with your colleagues and encourage them to sign up to get their own copy here.
If your server is blocking HTML e-mails you can view the current Risk Communicator through your browser by clicking: here.
|
Letter from the PresidentDear members and friends of SARMA,
I am pleased to have this opportunity to tell you about the rapid progress SARMA has made since our last newsletter in May. At that writing, we had just marked our first anniversary as a professional organization and we were in the final stages of preparation for SARMA's first annual conference on security risk analysis (held May 22-23rd in Washington, D.C.). At the conference, SARMA members voted for the first time in general elections for the Board of Directors who will take SARMA into the future. The new Board of Directors has since taken office and immediately began meeting to make some major decisions about organization, leadership, and projects which I would like to share with you here.
[Read More]
|
Return
to the top SARMA Projects Update: Taking the First Steps| During the recent SARMA Conference, there was consensus among the attendees that, while we cannot currently call ourselves a profession, we must strive towards this goal. As I spoke about then, one of the ways we can do this is to create a common base of knowledge that is documented, generally agreed upon and available to be taught to others. The SARMA Common Knowledge Base (CKB) project is intended to address these issues.
[Read More]
|
Return
to the top An Invitation From the CFIUS/FOCI CommitteeThe SARMA Committee on Foreign Investment in the US/
Foreign Ownership, Control and Influence (CFUIS/FOCI) would like to invite you to attend our next meeting on 12 September to further discuss the lexicon associated with CFIUS/FOCI risk assessments. The SARMA CFIUS/FOCI Committee focuses on addressing the analytical needs of those involved in assessing the risk of foreign ownership, control, and influence of US technology, companies and infrastructure in the nation's efforts to protect the US economic prosperity, homeland and national security. The location and time for the next meeting are: 3434 Washington Blvd. Arlington, VA. 22201 in conference room 1123 beginning at 2PM and adjourning by 3:30. Parking is available in the SRA building garage. For those who can't attend, you can dial in via conference call at 1-888-283-05324, conference code - 5341416982. On behalf of the committee, we look forward to your joining us and contributing to the discussions and issues associated with the application of Risk Analysis as it applies to Technology Transfer and Diversion.
|
Return
to the top Review: GAO Reports that DHS Has Made Progress, but Additional Actions Are Needed to Address Real Property Management and Security ChallengesNancy Renfroe, SARMA's Vice President for Projects, reviews a June 2007 General Accounting Office (GAO) report entitled, "DHS Has Made Progress, but Additional Actions Are Needed to Address Real Property Management and Security Challenges".
"The report addressed the following four questions:
1. What is the profile of DHS's real property portfolio?
2. What challenges, if any, does DHS face in managing its real property portfolio and what actionshas it taken in response to the administration's real property initiative?
3. What challenges do DHS and GSA face in consolidating DHS's headquarters in Washington, DC?
4. What actions has DHS taken to help ensure the physical security of facilities where it is located?
[Read More]
|
Return
to the top White Paper: "Using Risk Management Principles to Effectively Protect Critical Infrastructure and Key Resources: The Road to Operational Resilience"For discussion and comment, SARMA's Executive Vice President, Kerry Thomas, contributes a discussion paper prepared by PricewaterhouseCoopers (PwC) that addresses many of the challenges DHS faces with security risk analysis. Please click on "Read More" to access the document.
[Read More]
|
Return
to the top GAO Report: Critical Infrastructure Protection: Sector Plans and Sector Councils Continue to Evolve| This report discusses (1) the extent to which the sector-specific plans meet NIPP and DHS requirements, (2) the government and sector coordinating council members' views on the value of the plans and DHS's review process, and (3) the key success factors and challenges that sector representatives reported they encountered in establishing and maintaining their councils.
[Read More]
|
Return
to the top National Intelligence Estimate: The Terrorist Threat to the US Homeland| The Director of National Intelligence has released an unclassified version of a recent National Intelligence Estimate on "The Terrorist Threat to the US Homeland." Please click on "Read More" to access the document.
[Read More]
|
Return
to the top News Item: Homeland Security Bill Approved-5-year Deadline Set for Port of Origin Air, Sea Cargo ScreeningWashington -- Congress gave final approval Friday to legislation that requires tighter screening of air and sea cargo, and shifts more federal anti-terrorism grants to high-risk areas such as New York and Washington, delivering on a pledge by Democrats last fall to implement additional recommendations of the commission that investigated the Sept. 11, 2001, attacks.
[Read More]
|
Return
to the top HELP WANTED| SARMA is looking to hire the part-time services of an administrative assistant to support the full range of SARMA activities. This includes the preparation of newsletters and member correspondence, membership list management, conference planning, light editing, etc.. Location of work is primarily at the employee's home, with occasional local travel for meetings and other logistical tasks. Pay is commensurate with experience and negotiable. Please send a resume to Ed Jopeck at ed.jopeck@sarma.org to apply, or contact by phone at 703-349-1600. |
Return
to the top OtherFor discussion and comment, SARMA's Executive Vice President, Kerry Thomas, contributes a discussion paper prepared by PricewaterhouseCoopers (PwC) that addresses many of the challenges DHS faces with security risk analysis.
For the full document please click on "Read More."
[Read More]
|
| The recently foiled plot in the United Kingdom highlighted the reality of homeland security threats. Despite having numerous countermeasures in place and good intelligence, the terrorists still managed to conduct a near successful attack. From RSIS.
[Read More]
|
The Director of National Intelligence recently released the unclassified version of a new National Intelligence Estimate on the Terrorist Threat to the US Homeland. The Key Judgments are below.
Key Judgments
We judge the US Homeland will face a persistent and evolving terrorist threat over the next three years. The main threat comes from Islamic terrorist groups and cells, especially al-Qa'ida, driven by their undiminished intent to attack the Homeland and a continued effort by these terrorist groups to adapt and improve their capabilities.
[Read More]
|
Nancy Renfro, SARMA's Director for Projects, provides below a cogent summary and commentary on a recently released GAO report of interest to our membership.
Begin Text:
In June 2007 the General Accounting Office (GAO) issued a report entitled, "DHS Has Made Progress, but Additional Actions Are Needed to Address Real Property Management and Security Challenges". The report addressed the following four questions:
1. What is the profile of DHS's real property portfolio?
2. What challenges, if any, does DHS face in managing its real property portfolio and what actions has it taken in response to the administration's real property initiative?
3. What challenges do DHS and GSA face in consolidating DHS's headquarters in Washington, DC?
4. What actions has DHS taken to help ensure the physical security of facilities where it is located?
The findings from the fourth question should be of particular interest to SARMA members. According to the report, DHS has taken some actions to improve security on a building by building basis. These actions include installation of access control measures, active bollards, and bullet resistant glazing. In addition, DHS has established a Chief Security Officer position and a Chief Security Officer Council to evaluate security issues. DHS also formed a Facility Security Commodities Council which meets every two months to share information about security issues.
DHS Management Directive 11001 requires DHS components to meet the Interagency Security Committee (ISC) standards. Compliance reporting will begin in 2008. DHS recently developed a compliance checklist which provides a baseline for physical security considerations. DHS components can utilize this checklist to determine facility protection activities they need to undertake.
The report points out, however, that many DHS components have not implemented risk management programs to facilitate protection of component assets. DHS officials indicate it is the responsibility of each component to develop risk management methodologies to support their individual mission requirements. Some components, like the Department of the Interior and the Coast Guard, have developed a risk management and asset ranking methodology. Other components are in the process of developing risk management methodologies to assist in prioritizing asset protection and allocating resources.
Given the wide variety of security requirements across DHS components, the work currently being undertaken by SARMA could be very valuable to DHS. By identifying a generally accepted risk analysis principles (GARAP) SARMA can provide DHS components a metric for evaluating their risk management methodologies. SARMA could also provide independent peer review and provide recommendations for improving specific methodologies.
Another need identified by GAO is the requirement for consistent risk management training across DHS. Initially, SARMA can provide an outline of topics to be included in risk management training. In the future, SARMA can offer training modules and/or materials to support training in the application of the GARAP.
The very fact that DHS, which has a prominent role in facility protection government wide, is struggling with the implementation of risk management methodologies supports the need for SARMA. SARMA can provide the opportunity for security professionals to share information and learn a common language that will facilitate communication across all DHS components, other federal, state and local government agencies and the private sector.
The full GAO report can be found at www.gao.gov/cgi-bin/getrpt?GAO-07-658.
|
Nancy Renfro, SARMA's Director for Projects, provides below a cogent summary and commentary on a recently released GAO report of interest to our membership.
"In June 2007 the General Accounting Office (GAO) issued a report entitled, "DHS Has Made Progress, but Additional Actions Are Needed to Address Real Property Management and Security Challenges". The report addressed the following four questions:
1. What is the profile of DHS's real property portfolio?
2. What challenges, if any, does DHS face in managing its real property portfolio and what actions has it taken in response to the administration's real property initiative?
3. What challenges do DHS and GSA face in consolidating DHS's headquarters in Washington, DC?
4. What actions has DHS taken to help ensure the physical security of facilities where it is located?
The findings from the fourth question should be of particular interest to SARMA members. According to the report, DHS has taken some actions to improve security on a building by building basis. These actions include installation of access control measures, active bollards, and bullet resistant glazing. In addition, DHS has established a Chief Security Officer position and a Chief Security Officer Council to evaluate security issues. DHS also formed a Facility Security Commodities Council which meets every two months to share information about security issues.
DHS Management Directive 11001 requires DHS components to meet the Interagency Security Committee (ISC) standards. Compliance reporting will begin in 2008. DHS recently developed a compliance checklist which provides a baseline for physical security considerations. DHS components can utilize this checklist to determine facility protection activities they need to undertake.
The report points out, however, that many DHS components have not implemented risk management programs to facilitate protection of component assets. DHS officials indicate it is the responsibility of each component to develop risk management methodologies to support their individual mission requirements. Some components, like the Department of the Interior and the Coast Guard, have developed a risk management and asset ranking methodology. Other components are in the process of developing risk management methodologies to assist in prioritizing asset protection and allocating resources.
Given the wide variety of security requirements across DHS components, the work currently being undertaken by SARMA could be very valuable to DHS. By identifying a generally accepted risk analysis principles (GARAP) SARMA can provide DHS components a metric for evaluating their risk management methodologies. SARMA could also provide independent peer review and provide recommendations for improving specific methodologies.
Another need identified by GAO is the requirement for consistent risk management training across DHS. Initially, SARMA can provide an outline of topics to be included in risk management training. In the future, SARMA can offer training modules and/or materials to support training in the application of the GARAP.
The very fact that DHS, which has a prominent role in facility protection government wide, is struggling with the implementation of risk management methodologies supports the need for SARMA. SARMA can provide the opportunity for security professionals to share information and learn a common language that will facilitate communication across all DHS components, other federal, state and local government agencies and the private sector."
The full GAO report can be found at www.gao.gov/cgi-bin/getrpt?GAO-07-658.
|
In June 2007 the General Accounting Office (GAO) issued a report entitled, "DHS Has Made Progress, but Additional Actions Are Needed to Address Real Property Management and Security Challenges". The report addressed the following four questions:
1. What is the profile of DHS's real property portfolio?
2. What challenges, if any, does DHS face in managing its real property portfolio and what actions has it taken in response to the administration's real property initiative?
3. What challenges do DHS and GSA face in consolidating DHS's headquarters in Washington, DC?
4. What actions has DHS taken to help ensure the physical security of facilities where it is located?
The findings from the fourth question should be of particular interest to SARMA members. According to the report, DHS has taken some actions to improve security on a building by building basis. These actions include installation of access control measures, active bollards, and bullet resistant glazing. In addition, DHS has established a Chief Security Officer position and a Chief Security Officer Council to evaluate security issues. DHS also formed a Facility Security Commodities Council which meets every two months to share information about security issues.
DHS Management Directive 11001 requires DHS components to meet the Interagency Security Committee (ISC) standards. Compliance reporting will begin in 2008. DHS recently developed a compliance checklist which provides a baseline for physical security considerations. DHS components can utilize this checklist to determine facility protection activities they need to undertake.
The report points out, however, that many DHS components have not implemented risk management programs to facilitate protection of component assets. DHS officials indicate it is the responsibility of each component to develop risk management methodologies to support their individual mission requirements. Some components, like the Department of the Interior and the Coast Guard, have developed a risk management and asset ranking methodology. Other components are in the process of developing risk management methodologies to assist in prioritizing asset protection and allocating resources.
Given the wide variety of security requirements across DHS components, the work currently being undertaken by SARMA could be very valuable to DHS. By identifying a generally accepted risk analysis principles (GARAP) SARMA can provide DHS components a metric for evaluating their risk management methodologies. SARMA could also provide independent peer review and provide recommendations for improving specific methodologies.
Another need identified by GAO is the requirement for consistent risk management training across DHS. Initially, SARMA can provide an outline of topics to be included in risk management training. In the future, SARMA can offer training modules and/or materials to support training in the application of the GARAP.
The very fact that DHS, which has a prominent role in facility protection government wide, is struggling with the implementation of risk management methodologies supports the need for SARMA. SARMA can provide the opportunity for security professionals to share information and learn a common language that will facilitate communication across all DHS components, other federal, state and local government agencies and the private sector.
The full GAO report can be found at www.gao.gov/cgi-bin/getrpt?GAO-07-658.
[Read More ]
|
Letter from the President
Dear members and friends of SARMA,
As I write this letter I am gratified by the large quantity of news there is to convey to you since our last newsletter in May. At that writing, we had just marked our first anniversary as a professional organization and we were in the final stages of preparation for SARMA's first annual conference on security risk analysis (held May 22-23rd in Washington, D.C.). At the conference, SARMA members voted for the first time in general elections for the Board of Directors who will take SARMA into the future. The new Board of Directors has since been meeting and has made some major decisions about organization, leadership, and projects which I would like to share with you here.
[Read More]
|
New Link
The Director of National Intelligence recently released the unclassified version of a new National Intelligence Estimate on the Terrorist Threat to the US Homeland. The Key Judgments are below.
Key Judgments
We judge the US Homeland will face a persistent and evolving terrorist threat over the next three years. The main threat comes from Islamic terrorist groups and cells, especially al-Qa'ida, driven by their undiminished intent to attack the Homeland and a continued effort by these terrorist groups to adapt and improve their capabilities.
[Read More]
|
New Link
The Director of National Intelligence recently released the unclassified version of a new National Intelligence Estimate on the Terrorist Threat to the US Homeland. The Key Judgments are below.
Key Judgments
We judge the US Homeland will face a persistent and evolving terrorist threat over the next three years. The main threat comes from Islamic terrorist groups and cells, especially al-Qa'ida, driven by their undiminished intent to attack the Homeland and a continued effort by these terrorist groups to adapt and improve their capabilities.
[Read More]
|
New Link
SARMA's Nancy Renfro provides a cogent review and commentary on a recently released GAO report.
In June 2007 the General Accounting Office (GAO) issued a report entitled, "DHS Has Made Progress, but Additional Actions Are Needed to Address Real Property Management and Security Challenges". The report addressed the following four questions:
1. What is the profile of DHS's real property portfolio?
2. What challenges, if any, does DHS face in managing its real property portfolio and what actions has it taken in response to the administration's real property initiative?
3. What challenges do DHS and GSA face in consolidating DHS's headquarters in Washington, DC?
4. What actions has DHS taken to help ensure the physical security of facilities where it is located?
The findings from the fourth question should be of particular interest to SARMA members. According to the report, DHS has taken some actions to improve security on a building by building basis. These actions include installation of access control measures, active bollards, and bullet resistant glazing. In addition, DHS has established a Chief Security Officer position and a Chief Security Officer Council to evaluate security issues. DHS also formed a Facility Security Commodities Council which meets every two months to share information about security issues.
DHS Management Directive 11001 requires DHS components to meet the Interagency Security Committee (ISC) standards. Compliance reporting will begin in 2008. DHS recently developed a compliance checklist which provides a baseline for physical security considerations. DHS components can utilize this checklist to determine facility protection activities they need to undertake.
The report points out, however, that many DHS components have not implemented risk management programs to facilitate protection of component assets. DHS officials indicate it is the responsibility of each component to develop risk management methodologies to support their individual mission requirements. Some components, like the Department of the Interior and the Coast Guard, have developed a risk management and asset ranking methodology. Other components are in the process of developing risk management methodologies to assist in prioritizing asset protection and allocating resources.
Given the wide variety of security requirements across DHS components, the work currently being undertaken by SARMA could be very valuable to DHS. By identifying a generally accepted risk analysis principles (GARAP) SARMA can provide DHS components a metric for evaluating their risk management methodologies. SARMA could also provide independent peer review and provide recommendations for improving specific methodologies.
Another need identified by GAO is the requirement for consistent risk management training across DHS. Initially, SARMA can provide an outline of topics to be included in risk management training. In the future, SARMA can offer training modules and/or materials to support training in the application of the GARAP.
The very fact that DHS, which has a prominent role in facility protection government wide, is struggling with the implementation of risk management methodologies supports the need for SARMA. SARMA can provide the opportunity for security professionals to share information and learn a common language that will facilitate communication across all DHS components, other federal, state and local government agencies and the private sector.
The full GAO report can be found at www.gao.gov/cgi-bin/getrpt?GAO-07-658.
[ ]
|
The SARMA CFUIS/FOCI Committee would like to invite you to attend our next meeting on 12 September to further discuss the Lexicon associated with CFIUS/FOCI Risk Assessments. The CFIUS/FOCI Committee focuses on addressing the analytical needs of those involved in assessing the risk of foreign ownership, control, and influence of US technology, companies and infrastructure in the nation's efforts to protect the US economic prosperity, homeland and national security. The location and time for the next meeting are: 3434 Washington Blvd. Arlington, VA. 22201 in Conference room 1123 from 2PM and adjourning by 3:30. Parking is available in the SRA building garage and for those who can't attend you can dial in via conference call at 1-888-283-05324, conference code = 5341416982. On behalf of the committee, we look forward to your joining us and contributing to the discussions and issues associated with the application of Risk Analysis as it applies to Technology Transfer and Diversion.
|
SARMA Projects Update: Taking the First Steps
During the recent SARMA Conference, there was consensus among the attendees that, while we cannot currently call ourselves a profession, we must strive towards this goal. As I spoke about then, one of the ways we can do this is to create a common base of knowledge that is documented, generally agreed upon and available to be taught to others. The SARMA Common Knowledge Base (CKB) Program is intended to address these issues.
[View Article]
|
Return
to the top | |
|
|
|
|
|
|
|
|
|
| Contact
SARMA |
|
SARMA
P.O. Box 710172
Herndon, VA 20171
Phone: (703) 635-7906
Fax: (703) 635-7935
E-mail: info@sarma.org
| |
|
|
Sponsor
Notices
|
|
SARMA thanks the following organizations for their support:
| |
|
|
The Risk Communicator |
The Risk Communicator, newsletter of SARMA, the Security Analysis and Risk Management Association
Send questions and comments to
Editor-in-Chief
newsletter@sarma.org
Copyright 2008.
SARMA All rights reserved.
PRIVACY
POLICY
The views expressed in the Risk Communicator reflect the views of their authors, and do not necessarily reflect the views of SARMA, the US Government, or the employers or clients of the contributors.
|
|
|
