Catherine Bahn discusses how Facebook and Google began to prepare for compliance with the European Union’s General Data Protection Regulation, which began to be enforced in May 2018. The purpose of this new legislation is to “harmonize data privacy laws across Europe”, however, the implications are likely to reach beyond the geopolitical borders of Europe and change the direction of corporate transparency. Facebook and Google have the opportunity to be leaders in building dynamic corporate transparency and considering new economic models with the vast amount of customer data they have and will continue to gather.
Read MoreResearch Notes — 2018
The State Department's Leadership Vacuum
Elizabeth Crooks discusses the implications of President Donald Trump and Secretary of State Rex Tillerson's key goals of reducing the size of the State Department. The resulting organizational and operational changes have both created a leadership vacuum and greatly increased the risks associated with potential process and control failures.
Read MoreThe Internet of Things: A Dark Precursor
Kyle McNulty explores the growing risks associated with the spreading web of internet-enabled devices across consumers’ lives. The explosive proliferation of Internet-connected devices has resulted from rapid progress in technology and expanding demand for internet-connected capabilities from consumers. However, this technological advancement and consumer behavior has also created a significant vulnerability
Read MoreOperational Risk Challenges to the U.S. Election Infrastructure
Jeff Leonard discusses the risks to the most recently identified critical infrastructure sector, election infrastructure (the facilities, technologies, people, processes, political parties, and legal frameworks required to conduct elections). This paper examines the risks, and identifies a system design, the technologies, and an operational architecture that would mitigates the risks to which modern election processes are currently exposed.
Read MoreInformation Security in the Rise of E-Commerce
Miranda Lin discusses the rising risks associated with the popularity and frequency of online shopping (also referred to as e-commerce) rises across the globe, companies selling products and services online are also gathering, storing, and processing an increasingly massive collection of financial and personal information on their customers. In order to ward off hackers attempting to access this sensitive data, effective management of information security is increasingly important to prevent cyber-attacks.
Read MoreRisks of Fake News to the American Democracy
Lukas Guericke discusses the toxic spread of “fake news” into the landscape of legitimate news organizations, and the rising tide of associated risks to government, news organizations, and ultimately each individual citizen. “Fake News” is not simply an inconvenience or insult, it is a threat to the access of U.S. citizens to accurate information, and the fundamental protections a free and independent press provides to a democratic society.
Read MoreThe Black Swan by the Festival
Emily Ye discusses the operational risks revealed by the outlier event of the Las Vegas shooting in October 2017 where 58 people were killed and more than 500 people were injured. Black swan events - an extreme outlier that is almost impossible to prepare for – such as this shooting reveal their unique risks typically only after the event has happened. The Las Vegas shooting has resulted in discussions on event, public-space, and hotel security, this paper identifies some possible recommendations in order to address these risks.
Read MorePrivacy in the Age of Big Data
Zhuo Shan discusses discusses the various elements surrounding the topic of privacy, particularly in relation to the ever-expanding field of “big data. The content includes a high-level examination of various techniques used to collect users’ data and the associated risks for enterprises and individuals, as well as at the applicable government regulations and laws. The discussion concludes with a presentation of possible risk mitigation recommendations.
Read MoreLife-Critical Applications and Serverless Computing: Developer Usability vs. Public Risk in AWS Lambda
Kate Schenot discusses the risk arising from the emerging intersection of public safety, emergency response technology, the Internet of Things, and computerless servers such as Amazon Web Services' Lambda.
Read MoreThe Airline Industry’s Internet of Things Risks
Kyle Simpson discusses the Internet of Things (IoT) and the airline industry's unusually slow implementation of IoT applications. In defense of this caution, the paper outlines some potential areas of innovation leveraging the IoT for the airline industry, while highlighting the corresponding risks.
Read MoreUnderstanding the SEC’s Inadequate Internal Controls
Miranda Lin discusses recent risk-related incidents at the U.S. Securities and Exchange Commission (SEC), and the apparent lack of adequate internal controls enforced within the organization. The author identifies some of the possible improvements to be made to the SEC’s internal controls environment regarding their people, process, and systems.
Read MoreEffective Global Incident Response
Bruno Langevin discusses some of the critical elements of our increasingly global corporate community, and the additional complexities of incident management across global geographies and cultures. In response to these complexities, the author identifies how companies can better prepare for and manage risk programs at the international level, which require additional awareness and adjustments in order to be successful.
Read More