The Risk Communicator: March-May 2008 EditionWelcome to the Risk Communicator, SARMA's newsletter for information, trends and issues of concern to security analysis and risk management professionals. This complimentary news service is distributed every other month. Please feel free to share this e-mail with your colleagues and encourage them to sign up to get their own copy here.
If your server is blocking HTML e-mails you can view the current Risk Communicator by pasting the following address into your browser: http://sarma.org/news/archivednews/theriskcommunicatoMarch
|
Letter From The President |  | |
Dear members and friends of SARMA,
Thank you for making this year's conference a great success! The Second National Conference on Security Analysis and Risk Management marked another major milestone in the history of our growing profession. Over its three days approximately 200 participants, including some 50 excellent speakers and 10 exhibitors, came together to learn from each other, discuss their challenges and solutions, and forge a better future for the profession. Nothing could more gratifying to SARMA than the recognition that we are helping the security profession grow in knowledge and prestige, and the collective consciousness that we are a true profession -- worthy of recognition for the important role we play in the national, homeland and economic security of the nation.
For me the conference was yet another tangible indication of the progress SARMA has made in its two years as the profession's only all-volunteer, non-profit, professional trade association. Thanks to you and the SARMA Conference Committee, the security analysis profession has continued its bold steps toward organizing with a common goal and the public good in mind. And there are clear signs it is working.
At the conference we heard the first public pronouncement from the Honorable Joel Bagnal that the White House is preparing a Presidential Directive on Security Risk Analysis. (We will keep SARMA members informed about this important development in future mailings.) We learned of the General Accountability Office's findings on the need for improvements in the use of security risk analysis in homeland security, and heard from Department of Homeland Security speakers about their current and developing methods for analyzing risk in parts of DHS, including FEMA, TSA, HITRAC, Coast Guard and the National Infrastructure Protection Plan Program Management Office. We also heard from the Department of Defense about its methods for protecting critical infrastructures, information systems and our servicemen and -women fighting overseas. We delved into new and evolving analytic methods in academia and the private sector that challenged and expanded our thinking. Finally, those who stayed to the very end (and there were many of them) were treated to a new way of looking at the future of the profession by a few excellent presentations on the SARMA projects designed to address some well known problems: the lack of a common lexicon and the need for a common model to evaluate security analysis methods in an independent and objective manner.
At the conference, SARMA was pleased to play host to Pennsylvania State University's Security and Risk Analysis Club, which sent seven members to be the eyes and ears of the organization at the conference. When improved and standardized security analysis and risk management methods are available, the nation will still need many more security analysts to carry out these future missions than currently exist. In short, the nation needs far more analysts who are trained and certified in standardized methods. I look to organizations like the SRA club at Penn State to produce the next generation of security analysts and risk managers. In that respect, I am pleased to say that this relationship has continued to grow since the conference and is now delving into future collaboration, information sharing and even a few summer internships.
Lastly, many participants considered one of our many excellent plenary speakers, Julian Talbot - from the land "Down Under" - to be a highlight, not only of the conference, but as an example of what is possible in the US. If the government, private sector and professional associations in Australia can come together and create a framework for common standards and training for security risk analysis, why can't we? It is a question SARMA will be exploring more fully in the coming months as I prepare a SARMA delegation to travel to Australia to meet with Mr. Talbot and the leadership of the Risk Management Institution of Australasia.
As I mentioned earlier, SARMA was created just two short years ago to facilitate the collaboration of forward-looking professionals, selflessly focused on the need for working together toward a common public good. We continue to pursue and make progress on that goal. But many more dedicated professionals are needed to make the kind of rapid and collaborative progress that is possible. In that respect, I formally invite you to become involved in improving SARMA and the security analysis profession it represents. Please consider joining us.
I hope you enjoy the newsletter.
Sincerely,
Ed Jopeck |
Return
to the top NewsWhite House Plans to Develop Presidential Directive on Security Risk Management
|  | |
By Avi Klein
The long-awaited effort to develop a common risk management strategy for the federal government is underway, the Deputy Assistant to the President for Homeland Security told the Second Annual SARMA Conference in mid-May. The White House's decision to draft a risk management directive, Joel Bagnal explained in his keynote address, follows a determination in the recently updated homeland security strategy that much of the future success in fighting terrorism will depend on improving the risk analysis profession.
Bagnal's announcement of the joint National Security/Homeland Security Presidential Directive, which was enthusiastically applauded by the conference attendees, marks a significant achievement for the security risk management profession as a whole. According to Bagnal, White House officials expect to work closely with those in the risk management community to draft the document. This effort "shows that the White House understands the need for public-private partnerships to holistically mature the profession, which in turn supports America's national security and homeland security missions," said SARMA President Ed Jopeck.
Topping the White House agenda, Bagnal explained, is the development of a shared risk management framework and common lexicon -- an initiative on which SARMA has already taken the lead with its innovative wiki-based collaborative projects. (See the SARMA Website for more details.) "If we're going to mature this discipline we need a doctrine," Bagnal explained. "We need words on a page that describe in precise terms what it is that we do and why we do it, and then how we do it."
The new initiative marks a turning point in thinking about risk management in the executive branch. An earlier assumption that risk management efforts in the defense, energy and homeland security communities would naturally coalesce around a common framework was flawed, said Bagnal. "We need presidential leadership on this one." Yet it wasn't a failure of leadership that allowed seven years to pass without a risk management directive. Rather, Bagnal said, the immediate urgencies of the post-9/11 environment prevented the serious and contemplative study that such an effort demands. Although the importance of risk management was well understood at the time, there was little time to figure out how to implement it in policy decisions.
Having succeeded since then in preventing another attack on the homeland, Bagnal explained, the time has come to do some of the heavy intellectual lifting. "We're about in a point in time in the maturation of the homeland security environment, the counter-terrorism environment, and the law enforcement environment where we are cresting the hill in a way that we're able to step back for just a moment and take a look at ourselves and really see where we failed to solve in a meaningful way problems in the past seven years," Bagnal said. Of the new risk management directive, he added: "This is not a controversial issue, frankly. We just need to get it done."
Avi Klein, a Washington DC-based freelance writer specializing in defense issues, is a frequent contributor to the Washington Monthly and previously served as senior writer at Homeland Security Daily Wire. He can be reached at avi.klein@mac.com. |
Another Year, Another Successful Conference
|  | |
On 13-15 May 2008, some 200 individuals converged on George Mason University's Arlington, Virginia, campus for SARMA's Second Annual National Conference on Security Analysis and Risk Management. The well-received event, co-sponsored by GMU Law School's Critical Infrastructure Protection (CIP) Program, included participants from as far away as Italy and Australia, and significantly exceeded attendance levels of the first annual conference in May 2007.
In his opening remarks, SARMA President Ed Jopeck noted the high turnout and the caliber of the speakers who had agreed to share their thoughts and expertise with the conference attendees. "We believe," Jopeck said, "that the coordination of this forum for the sharing of information, experience and expertise to be a public service, in furtherance of the goals of educating individual practitioners, improving the profession as a whole, and in doing so, a service that is essential to securing our great nation."
Among the 50 speakers were representatives of federal, state and local government agencies, leading academics in the security analysis and risk management field, and practitioners from the private sector.
An important highlight of the three-day event was the announcement by a senior White House official that a new Presidential Directive will be drafted to create a common government-wide risk management strategy (see related article below for further details).
During the conference plenary sessions, representatives from DOD, DHS, FEMA, GAO and elsewhere focused on larger policy and coordination issues, while leading practitioners, academics and other experts filled out many of the critical details and nuances during a series of 35 technical sessions that ran three-at-a-time in separate breakout rooms.
There were a number of exhibitors in the conference hall, who were clearly pleased with the turnout. Besides SARMA and GMU's CIP Program, exhibitors included the US Department of Homeland Security, the Interagency OPSEC Support Staff (IOSS), SRA International, PricewaterhouseCoopers, Booz Allen Hamilton, the National Defense Industrial Association (NDIA), Applied Research Associates (ARA) and Alion Science and Technology.
In keeping with SARMA's vision of creating a committed and sustainable core of risk management professionals well into the future, the conference played host to seven undergraduate students from Pennsylvania State University's College of Information Sciences and Technology who are Security and Risk Analysis (SRA) majors and members of the SRA Club. Not surprisingly, the wired students steadily blogged and Twittered their way through the conference (click here for an example), at one point remarking that they had learned more in three days of conference sessions than in an entire semester at school.
The conference also coincided with SARMA's annual Board of Directors meeting, including the reelection of several members and the addition of one new member, John Paczkowski, to new two-year terms on the Board (see article below on 2008 SARMA Elections).
Look for more detailed reports on selected conference presentations in coming issues of The Risk Communicator. And for full transcripts of most presentations, plus photos and other conference-related information, please refer to the conference page on SARMA's website.
|
Return
to the top Reports and ReviewsStrengthening the Use of Risk Management Principles in Homeland Security: Summary of a GAO Forum
The US Government Accountability Office (GAO) convened a forum of experts on 25 October 2007 to advance a national dialogue on applying risk management to homeland security. Participants included federal, state, and local officials and risk management experts from the private sector and academia. The forum addressed effective practices, challenges federal agencies face in applying risk management to homeland security, and actions that can strengthen homeland security risk management.
[Get the Report]
|
Defense Intelligence Strategy 2008
Under Secretary of Defense (Intelligence) James R. Clapper recently released the 2008 Department of Defense Strategy for Intelligence. In his forwarding message, Clapper comments that "the challenge to provide the information, insight, and warning that allow our national military and civilian leaders to make better decisions both in Washington and on the fields of battle has never been greater or more urgent. It will require a concerted, collective effort by the Department of Defense intelligence, counterintelligence and security communities (Defense Intelligence Enterprise) to protect our military and intelligence assets against all forms and domains of attack and transform the Defense Intelligence Enterprise into one that is agile, global, and diverse."
[Get the Report]
|
National Counterterrorism Center: 2007 Report on Terrorism
On 30 April 2008, the National Counterterrorism Center (NCTC) released its wrap-up of global terrorism for 2007. It includes the following:
-- A foreword, which provides important context for the contents of this report;
-- A methodology section that explains how the data was compiled and the inherent limitations of the data;
-- NCTC observations related to the statistical material;
-- Statistical charts and graphs;
-- Summaries of high-fatality attacks during 2007; and
-- An academic letter on challenges to cataloging attacks
[Get the Report]
|
US Intelligence Community Information Sharing Strategy
In February 2008 the Office of the Director of National Intelligence (DNI) released its Information Sharing Strategy. This document "outlines a forward-leaning information sharing strategy to enhance our capability to operate as a unified, integrated intelligence enterprise. The information sharing strategy is focused on developing a 'responsibility to provide' culture in which we unlock intelligence data from a fragmented information technology infrastructure spanning multiple intelligence agencies and make it readily discoverable and accessible from the earliest point at which an analyst can add value. This new information sharing model will rely on attribute-based access and tagged data with security built-in to create a trusted environment for collaboration among intelligence professionals to share their expertise and knowledge."
[Get the Report]
|
Return
to the top Officers' Corner2008 SARMA Board of Directors Elections
By Kerry L. Thomas, Executive Vice President
As many members are aware, the 2008 SARMA Board of Directors elections were held during the recent National Conference on Security Analysis and Risk Management. Personally, I was extremely heartened not only by the level of interest in this year's elections, but also by the diverse background and commitment of the candidates who chose to submit their names for consideration. There were a total of five seats open for the 2008-2009 term, and we had a total of nine highly qualified candidates. Four of the candidates were incumbents seeking re-election, while five were new to the process.
At the end of the day, SARMA's membership provided a strong endorsement of the current approach and direction of the organization by re-electing the four incumbent Directors, including: Ed Jopeck, Ken Knox, Irv Pikus and Chel Stromgren. In addition, John Paczkowski, the Director of Emergency Operations for the Port Authority of New York and New Jersey, was elected to the fill the fifth open seat on the Board.
Please join me in congratulating Ed, Ken, Irv, Chel and John on their accomplishment, and each of the candidates for their willingness to serve. I believe 2008 promises to be a watershed moment for the security analysis and risk management profession, and we are fortunate to have the leadership and services of these dedicated and talented professionals. Please also join me in thanking Chris Miller, a departing member of the SARMA Board, without whom the conference, and so many associated efforts, would not have succeeded.
I look forward to working with each of you and my new and returning colleagues on the Board of Directors to make 2008 the best year ever for SARMA and the profession!
|
Return
to the top Conferences and TrainingReturn
to the top MiscellaneousWant to Contribute to the Risk Communicator?
Do you know of an item you would like to see included in the Risk Communicator? Do you have ideas for new and interesting features for future editions? If so, please contact the newsletter staff at newsletter@sarma.org. |
Return
to the top Links of InterestReturn
to the top | |
|
|
|
|
|
|
|
|
|
| Contact
SARMA |
|
SARMA
P.O. Box 710172
Herndon, VA 20171
Phone: (703) 635-7906
Fax: (703) 635-7935
E-mail: info@sarma.org
| |
|
|
Sponsor
Notices
|
|
SARMA thanks the following organizations for their support:
| |
|
|
The Risk Communicator |
The Risk Communicator, newsletter of SARMA, the Security Analysis and Risk Management Association
Send questions and comments to
Editor-in-Chief
newsletter@sarma.org
Copyright 2008.
SARMA All rights reserved.
PRIVACY
POLICY
The views expressed in the Risk Communicator reflect the views of their authors, and do not necessarily reflect the views of SARMA, the US Government, or the employers or clients of the contributors.
|
|
|
