+81 3 6269 3146
Level 20 Marunouchi Trust Tower - Main 1-8-3 Marunouchi Chiyoda-ku, Tokyo 100-0005 Japan
Dyman & Associates Risk Management Projects is a Risk Management firm whose main office is based in Boston, MA. We operate in the following fields: Cyber Security, Project Management, Emergency Management, Technology Governance, and Physical Security. Our company is a minority-owned enterprise with both MBE & DBE certifications .
Study: Manufacturers Should Upgrade Risk Management Practices: http://www.mbtmag.com/news/2015/03/study-manufacturers-should-upgrade-risk-management-practices
A new report from Deloitte and the Manufacturers Alliance for Productivity and Innovation recommends that manufacturers convert their risk management practices to "an ongoing conversation rather than a periodic presentation."
The study, titled "Understanding Risk Assessment (https://twitter.com/dymanassociates ) Practices at Manufacturing Companies," said the evolution of technology within the manufacturing sector presents vulnerabilities as well as opportunities, and that new threats can strike with unprecedented speed.
The report argued companies should improve their use of technology in risk management, consider increasing the frequency of assessments and embed those practices within all levels of company operations.
"In short, risk assessment and management techniques (http://dymanassociatesprojects.com/mobile_risk.html) should advance at a rate equal to or greater than the underlying business," the report said.
Companies surveyed by Deloitte and MAPI identified cyber security as the biggest IT risk three years from now, with product design and development innovation as the top business risk over that span. The report said companies should utilize cyber security controls, but that they should also increase their insight into potential threats and how to appropriately respond to them.
They study also noted that 93 percent of companies indicated oversight of their risk management rested with the full board or an audit committee, and suggested that "given the rising complexity facing most manufacturing organizations (http://dymanassociates.blogspot.nl/) ... it may be time to give risk management a clear subcommittee."
The involvement of a committee, meanwhile, could result in such panels becoming increasingly involved in day-to-day operations. The report called for a "proper executive champion" for that role, potentially including the creation of a chief risk officer.
Improved risk management and audit practices, meanwhile, could also help create a more resilient supply chain, as well as improve employee recruitment and retention amid ongoing concerns about a manufacturing skills gap.
Although improving risk management practices wouldn't dramatically alter a company’s bottom line, the report said the potential benefit to competitive advantages and shareholder confidence "will naturally make its way into earnings."
"Organizations should establish a risk assessment program that fits into its unique culture and risks," said MAPI deputy general counsel Les Miller. "Since change is constant and can occur suddenly, ongoing efforts to enhance the sophistication and variety of risk assessment techniques are needed."
The study conducted an online poll of 68 members of MAPI's Internal Audit and Risk Management Councils in June of 2014. The respondents ranged from less than $1 billion in annual revenue to more than $25 billion; the majority ranged between $1 billion and $10 billion.
With 3D printers all but widely-known now, it only remains to have an accurate and portable 3D scanner to practically produce anything on-the-go. The current 3D scanners are all bulky and very expensive but we may soon have that functionality installed in our smartphones.
A team of CalTech researchers led by Ali Hajimiri has designed a small camera chip that can enable a smartphone to do an accurate 3D scan of an object.
The tiny silicon chip called nanophotonic coherent imager (NCI) only measures one millimeter square and can conveniently be placed within smartphones. It uses a type of Light Detection and Ranging (LIDAR) technology in capturing an item's width, depth and height. Basically, a laser is shined on the object so the light waves that bounce off of it can serve as guide for the imager when capturing the measurement data.
The technology used on the chip is further explained by Caltech:
"Such high-res images and data provided by the NCI are made possible because of an optical concept known as 'coherence'. If two light waves are coherent, the waves have the same frequency, and the peaks and troughs of light waves are exactly aligned with one another. In the NCI, the object is illuminated with this coherent light. The light that is reflected off of the object is then picked up by on-chip detectors, called grating couplers, that serve as 'pixels', as the light detected from each coupler represents one pixel on the 3-D image."
According to Dyman & Associates Risk Management Projects (http://dymanassociatesprojects.com), LIDAR technology is commonly used in self-driving cars, robots and precision missile systems due to its effectiveness in identifying locations and objects. Although the concept of LIDAR is not that new, their idea of having "an array of tiny LIDARs on our coherent imager can simultaneously image different parts of an object without the need for any mechanical movement" is a novel one.
Basically, every pixel on the sensor can separately assess the intensity, frequency and phase of the reflected waves, thereby creating a piece of 3D information. The combination of all those pieces of 3D data from all the pixels results in the full 3D scan.
Caltech's concept allows for the development of a tiny and relatively cheap scanner without sacrificing the accuracy. Dyman & Associates Risk Management Projects reported that the new chip can create scans that closely resemble the original within microns.
At present, the prototype Caltech has made only has 16 pixels on it, just enough to scan small objects such as coins, but they are reportedly working on scaling it up to thousands of pixels.
Visit our website's blog for more related articles: http://dymanassociatesprojects.com/blog
Another treat for sci-fi fans: a highly secure smartphone that 'self-destructs' is now being offered by BlackBerry and Boeing after 2 years of painstakingly developing the tech.
Well, it's not something that literally destroys itself or anything flashy like that -- it's more in the lines of scrubbing all data from the phone even when traces of tampering are detected. Does not sound too cool after all but you can be sure it does the work just fine.
Apparently, the phone dubbed as "Boeing Black" is capable of deleting all data it contains once it detects tampering or any attempt at disassembly. According to an expert from Dyman & Associates Risk Management Projects( http://dymanassociatesprojects.com/ ), "...any attempt to break open the casing of the device would trigger functions that would delete the data and software contained within the device and make the device inoperable."
The Boeing-BlackBerry collaboration which was announced last week is a pretty good partnership considering the mobile company's leading role when it comes to security and privacy features.
The announcement came from BlackBerry's CEO John Chen. He said, "We're pleased to announce that Boeing is collaborating with BlackBerry to provide a secure mobile solution(see: http://dymanassociatesprojects.com/blog/ ) for Android devices utilizing our BES12 (BlackBerry Enterprise Service 12) platform."
Aside from the so-called "self-destruct" feature, there are other useful features added on Boeing Black like biometric scanners and encryption programs for a more secure line that prevents eavesdropping. Also, it has dual SIM capability, presumably to accommodate easier switching between commercial and government networks. It can even connect to satellites via a modular expansion port.
According to an update from Dyman & Associates Risk Management Projects, it is going to use BES12, a security platform usually dedicated for businesses. It is also reported to run on Android OS with encrypted storage and data transmission. This is definitely welcome news for governments as it makes it easier to keep tabs on their staff's communication lines.
As of yet, it is not known when the said phone will be available though Boeing has reportedly started providing some to prospective customers. And knowing that Boeing has been a long-time space, weapons and jet provider to the government, it's obviously offering it first to staff of the Department of Homeland Security or Pentagon.
Though BlackBerry and Boeing apparently built the phone mainly for government use, it's not far fetch to think that they could bring the same tech to the public. Why should you care? Well, it's quite obvious that smartphone security is a big issue so its users are always on the lookout for options to secure their data. And a phone that can self-destruct sounds just about right.
Following on from our detailed guide to securing your webmail, here's a quick breakdown of how to make the most important fixes for users of Microsoft's Outlook.com (formerly known as Hotmail and, for a while, Windows Live Hotmail).
Controls affecting Outlook.com security are mainly found in one central place, which can be accessed by clicking your username (this will probably be your name), shown in the top right of any live.com page when you're logged in, and selecting "Account settings".
1. Protect your password
Your first step should be to make sure your password is well chosen and not shared.
If you need to set a new one, visit the "Security & privacy" section of the Account settings page.
You'll then have to verify your account with a security code, which you can do by email or text.
At the top you'll see when your password was last changed, with an option to change it below.
Just below that, in the section labelled "Security info helps to keep your account secure", you'll find any backup email addresses or phone numbers you've given to Microsoft to help verify your identity if you get locked out of your account.
Make sure these are a good way of getting in touch with you, and are not easily accessible by people you don't trust.
These contact points will also be used to send alerts if Microsoft spots any suspicious activity - you can choose whether or not to receive alerts by phone and whether to have them sent to multiple email addresses, but the primary alternate email must always get alerts.
2. Set up two-step verification
On the same screen you can also set up two-step verification.
Scroll down to the next section of the "Security & privacy" page.
When you follow the link to set it up, Microsoft recommends using a smartphone app, which will vary depending on what kind of device you use.
Windows Phone users can get Microsoft's own authenticator app, Android users can use the Microsoft Account app, and those with iOS devices will need Google's multi-purpose Authenticator.
Each has its own process for setting up, but most will simply require you to scan a QR code displayed on-screen. Once set up, you should be able to use the code generated by the app any time you want to log in to your account.
If you choose not to use an app, or don't have a smartphone, you can have codes sent by SMS to the number you provide, or by email to one of your alternative accounts, but Microsoft will continue encouraging you to opt for the app approach, at least until you tell it to stop.
When you log in with a 2SV code, there will be an option to trust the device you're using and not ask for any more codes, so in future you'll only need your normal password.
Only check the box if you're on a machine you use regularly and know to be kept well-secured.
As part of setting up 2SV, you'll be given an emergency backup code. This is used if you ever lose access to the apps, phone numbers and email addresses provided for 2SV codes.
Outlook.com recommends you print it and keep it somewhere very safe, but if you find it easier to keep it in a file on your (well secured) computer, make sure it's very well encrypted.
In the "Recovery codes" section you can choose to renew the emergency backup code if you no longer have it.
3. Check your settings
You should consider checking the "Security & privacy" page occasionally, to make sure the backup and 2SV contact details are up to date - check that any old devices you no longer have are removed from the "Security info" or "App passwords" sections.
There's no way to monitor which devices have been marked as trusted for 2SV purposes, but at the bottom of the "Security & password" page you can at least remove trust from all machines, cutting off anyone who may have obtained unauthorised access.
There's a whole section of the "Security & Privacy" area dedicated to "Recent activity".
This is the place to go if you suspect someone's been intruding on your account. You can view a detailed list of logins, attempts, 2SV challenges and significant settings changes, and for each one there is further information on the device type and browser or app used, the IP address and location.
There's even a little Bing map pinpointing where the IP address appears to come from, but this may not be very accurate, particularly for things like POP access from a mobile mail client.
In case you're worried about any particular event, the details area for each one provides a large button marked "This wasn't me". Clicking this will lead to a review of your security settings, including resetting your password to make sure strangers are kept out.
Finally, the "Related accounts" section, under "Security & Privacy" lets you view and manage any accounts you have linked to your Outlook.com account, and also any other apps and services which may have been granted access.
You should make sure any entries in here are expected and necessary.
Once you're done with making your Outlook.com account safer, make sure you are following our general advice in our guide to securing your webmail.
For more details about Dyman Associates Risk Management Review visit:
Microsoft on Tuesday unveiled several upcoming Office 365 improvements, including mobile device management (MDM) and data loss protection (DLP) controls.
The announcements were made during the Day 1 keynote of the Microsoft TechEd Europe conference, taking place this week in Barcelona. Julia White, general manager of Microsoft Office, took the stage to demonstrate the ability to connect the cloud-based Azure Active Directory (AD) service with an on-premises Active Directory in "six clicks" during a setup process. With Azure AD in place, IT pros can have their security and auditing functions in one place, she said.
White also described the ability to edit policies for MDM. The policies get embedded into managed apps, such as Office for iPad apps, she said, and the capability will be "natively built into Windows 10." For instance, IT pros can set copy and paste restrictions on managed apps to protect company data.
White also talked about the coming DLP capabilities. With DLP, IT pros have access to Office 365 console reports, which show the rules that can be set up. They also show if users are trying to override the rules. If they are, IT pros can modify the policies to add additional restrictions, if wanted. For instance, restrictions can be set regarding the disclosure of credit card information. Alerts can be set up, as well. End users will get policy tips, so they will become aware of the policy restrictions set by IT.
These Office 365 capabilities are being rolling out at various times, but the target date seems to be the first quarter of next year.
Data Loss Prevention
Microsoft already has some DLP capabilities in its OneDrive for Business and SharePoint Online services, including an e-discovery capability. However, the capability to add policy restrictions that can block and restrict access to content will be rolled out in these apps "in the coming months," according to a Microsoft blog post on DLP.
The first app to get the new DLP controls will be Excel, followed by Word and PowerPoint. DLP will work "natively" in Office applications, Microsoft is promising, and the protection scheme will work at the file level, as well as for e-mail, document libraries or OneDrive for Business folders.
IT pros will have access to built-in DLP templates to add rules. They can review incident reports showing attempted policy overrides. Additional policy controls for Office 365, such as information rights management, will arrive in the first quarter of 2015.
Microsoft also plans to extend its file classification infrastructure capability of the Windows File Server to Exchange Online, OneDrive for Business and SharePoint Online, starting in the first quarter of 2015. Office documents can be classified using this scheme and policies can be set to avoid information disclosure.
OneDrive for Business and SharePoint Online also have "advanced encryption at rest," which is a capability that Microsoft calls "per-file encryption." Per-file encryption creates a key for every file stored. It also creates a new key for any variants of those files.
More related content:
Managing Director of Marsh Botswana, Fritzgerald Dube, said the mining industry is faced with exposures that need to be identified, measured and controlled economically in order for the mine’s operations to flourish. Speaking at a mining seminar hosted by Marsh Botswana last week, Dube explained that while the environment in which they operate in is always changing and presenting new threats, they are able to understand risk trends and develop effective programmes. Although a lot of mines have fully fledged risk management departments, Dube noted that mining is a dynamic and ever evolving specialty and that new risk that were not previously anticipated would always evolve.
“As such, risk managers need to be forever considering and devising risk management plans for those risks which they have never been exposed to before,” he advised. Dube added that risk managers need to recognise that they play a critical role in ensuring stability of operations and sustained production in whatever environment that they operate in.
He underscored the importance of risk management, stating that it is a critical function in all mines. He urged top management to commit to instilling a risk management culture throughout the entire organisation.
“Risk management should not be a ‘nice to have’ but rather a ‘must have’ that carries the full weight and support of senior management,” he stressed.
However, Dube regretted that the impact of uncertain events on mine productivity is not limited to loss of property and revenue alone, but possible death as well. An earlier report that was issued by a leading reinsurance advisor, Willis Group Holdings, warned mining companies not to be tempted to cut back on their risk management spending as they try to deal with rising costs, falling commodity prices and decreased productivity levels.
The report titled, Mining Risk Review 2011, identified the main challenges mining companies are facing. They further stated that the bulk of cost cutting had come from reductions in head office spend, exploration and business development.
On the same topic, Botswana Confederation of Commerce and Manpower (BOCCIM) CEO Maria Machailo-Ellis acknowledged that the mining industry had been experiencing fatal accidents around the country. She however noted that they had moved ahead with efforts to prevent recurrence.
Marsh Botswana was established in 1984 and is a subsidiary of Marsh & McLennan Companies, a world leader in delivering risk and insurance services and solutions. Marsh currently provides insurance brokerage and risk advisory services to over 70 percent mines across the globe.
Go to website
Melissa Sexton, CFA is the head of Product and Investment Risk for Morgan Stanley MS +1.21% Wealth Management. Prior to this, she spent nearly a decade serving as Chief Risk Officer at two different hedge funds in New York. Most of Melissa’s 25 years of experience has been in a variety of risk management( http://dymanassociatesprojects.com/mobile_risk.html ) roles, though she has also traded derivatives and worked in operations, and has continuously worked on projects which integrate risk management with information technology. Ms. Sexton is a member of PRMIA New York’s steering committee, received a BA in Mathematics and Economics from Boston University, and was awarded her CFA charter in 2001.
Christopher Skroupa: You started your career in risk management in the 1990s, a decade notable for rapid changes in information technology combined with extraordinary growth and development of financial products. How have these changes affected the risk management function over your career?
Melissa Sexton: The changes have been significant and continue to be. When I started in the field, the most sophisticated financial instrument was an exchange-traded option – a standardized product with fully transparent pricing and contract terms. Software for standardized products can be commoditized and developed fairly quickly, but products with multiple triggers and non-standard underlyings meant that technology and risk models needed to be flexible and much more complex. And risk managers needed to be knowledgeable not only about valuation models and the nuances of different financial markets, but needed to have more of an enterprise view of risk. The risk function in the early nineties was largely focused on managing market and credit risks, but the massive growth of over-the-counter (OTC) derivatives, also known as off-exchange trading, led to increased counterparty, operational and liquidity risks. It also led to a need for enhanced Know your Customer (KYC) controls, which support a business in verifying the identity of its clients, to manage reputational risk.
Skroupa: Can you compare and contrast your previous role of chief risk officer at a hedge fund with your current role managing investment and product risk at a large, complex organization like Morgan Stanley Wealth Management?
Sexton: In many ways, the roles are quite similar because most risk management positions require a blend of quantitative and financial expertise, technology and communication skills. It will always be essential that risk managers are able to influence behavior. But the biggest difference I experienced while working at hedge funds was the emphasis on stress testing and liquidity risk management – both fund liquidity and asset liquidity. This is because of the higher leverage employed in most hedge fund strategies and the prevalent use during the financial crisis of gate provisions, which limited the amounts clients could withdraw from funds. I worked closely with clients during this hectic period which gave me insights into their unique needs and circumstances.
At Morgan Stanley Wealth Management (MSWM), we are also focused on individual client needs and circumstances, but the size and scale of this business differs materially. With more than 16,000 financial advisors and approximately $2 trillion in client assets, we need to focus on clients and their accounts, but also financial advisors, financial markets and the multitude of investment products and solutions we offer. Continue reading: http://www.forbes.com/sites/christopherskroupa/2015/03/16/the-unfolding-role-of-risk-managers-new-demands-new-talent/
For more reviews from Dyman Associates Risk Management, visit:
We've all heard of this before: a hacker releasing a certain number of passwords and usernames, presumably just for the lulz. But this time, we're talking about 10 million records posted by no less than a security specialist himself.
Security expert Mark Burnett has published 10 million sets of usernames and passwords online in an effort to equip the security sector with more information, while also getting himself potentially tagged as a criminal.
He clarified that his release of the username-password list is solely for white-hat purposes -- to aid research in making login authentications more effective and fraud-proof. Burnett insisted that he does not intend to help facilitate any illegal activity or defraud people by his actions.
"I could have released this data anonymously like everyone else does but why should I have to? I clearly have no criminal intent here. It is beyond all reason that any researcher, student, or journalist have to be afraid of law enforcement agencies that are supposed to be protecting us instead of trying to find ways to use the laws against us," he said in his post.
Leaking a massive amount of user data into the wild certainly does not sound like great help for most people but for security professionals, it's an important tool for research. For instance, how else would they know that online users are generally bad at choosing passwords?
In his post, he shared that he would often get requests for his password data from researchers but he would just decline them before. But since he also know its importance, he decided to publish a clean data set for the public.
"A carefully-selected set of data provides great insight into user behavior and is valuable for furthering password security. So I built a data set of ten million usernames and passwords that I am releasing to the public domain."
To be fair, Dyman & Associates Risk Management Projects confirms that analyzing a username-password set seems to be more helpful for the security researchers.
According to him, it was by no means an easy decision but he eventually posted it after weighing down a number of factors. And though Burnett said he believes most of the data are already expired and unused, the domain part of the logins and any keyword that could link it to a certain site were still removed to make it difficult for those with criminal intent.
Besides, Dyman & Associates Risk Management Projects experts agreed with him in saying that if a hacker would need such a list in order to attack someone, he's not going to be much of a threat.
Burnett has previously helped in collecting the recent list of worst passwords to alarm people into adopting better practices when it comes to their login credentials.
Lastly, he imparted the following warning for complacent users: "Be aware that if your password is not on this list that means nothing. This is a random sampling of thousands of dumps consisting of upwards to a billion passwords."
Google has secured the lease of a NASA airbase in San Francisco for 60 years, possibly to house their upcoming space-exploration vehicles and robotics research.
The agency's press release at Dyman & Associates Risk Management Projects indicated that the lease, which will cost the tech giant $ 1.16 billion, is for " research, development, assembly and testing in the areas of space exploration, aviation, rover/robotics and other emerging technologies".
NASA Administrator Chris Bolden said, "As NASA expands its presence in space, we are making strides to reduce our footprint here on Earth." He added that the agency wants "to invest taxpayer resources in scientific discovery, technology development and space exploration – not in maintaining infrastructure no longer needed."
According to the report, a real-estate offshoot of Google called Planetary Ventures will be managing the Moffett airbase and will take over the $200 million improvement to the site, which includes educational facilities to let the public "explore the site's legacy".
The 1,000 acres of airfield in the southern part of SF Bay include two runways, a golf course, office space, NASA's Ames research center and three hangars, one of which is the iconic Hangar One. It's expected that the agency will save around $6 million worth of operation and maintenance expenses per year because of the lease.
Hangar One is one of the biggest freestanding edifice which covers 8 acres and was constructed in the 1930s for US naval airships. In 1966, it was recognized as a US Naval Historical Monument but has recently been placed as an endangered historic place according to a Dyman & Associates Risk Management Projects' press release.
“GSA was proud to support NASA in delivering the best value to taxpayers while restoring this historic facility and enhancing the surrounding community," said Dan Tangherlini of the US General Services Administration.
The Moffett lease shouldn't really come as a surprise as it's practically just next to Googleplex HQ. In fact, it's already servicing private jets owned by the company's executives such as Sergey Brin, Larry Page and Eric Schmidt.
Both Brin and Page, the firm's co-founders, are evidently interested in space exploration and aviation as shown by their X Lab's Project Loon and Project Moonshot. Their company has also acquired satellite and robotics firms recently such as Meka Robotics and Redwood Robotics.
NASA and Google have also previously teamed up in 2005 when the latter made office at the agency's research facility and launch a new lab.
Visit Dyman & Associates Risk Management Projects @ http://dymanassociatesprojects.com/ and read for more related topics @ http://dymanassociatesprojects.com/blog/
Assigning risk scores to apps may slow down unwarranted access to personal information
October 28, 2014
What information is beaming from your mobile phone over various computer networks this very second without you being aware of it?
Experts say your contact lists, email messages, surfed webpages, browsing histories, usage patterns, online purchase records and even password protected accounts may all be sharing data with intrusive and sometimes malicious applications, and you may have given permission.
"Smartphones and tablets used by today's consumers include many kinds of sensitive information," says Ninghui Li, a professor of Computer Science at Purdue University in Indiana.
The apps downloaded to them can potentially track a user's locations, monitor his or her phone calls and even monitor the messages a user sends and receives--including authentication messages used by online banking and other sites, he says, explaining why unsecured digital data are such a big issue.
Li, along with Robert Proctor and Luo Si, also professors at Purdue, lead a National Science Foundation (NSF)-funded project "User-Centric Risk Communication and Control on Mobile Devices," that investigates computer security. The work pays special attention to user control of security features in mobile systems( http://dymanassociatesprojects.com/mobile_sec.html ).
Li, Proctor and Si believe they may have a simple solution for users, who unknowingly allow voluntary access to their personal data.
Most users pay little attention
"Although strong security measures( http://dymanassociatesprojects.tumblr.com/ ) are in place for most mobile systems," they write in a recent report inthe journal IEEE Transactions on Dependable and Secure Computing, "the area where these systems often fail is the reliance on the user to make decisions that impact the security of a device."
Most users pay little attention, say the researchers, to unwanted access to their personal information. Instead, they have become habituated to ignore security warnings and tend to consent to all app permissions.
"If users do not understand the warnings or their consequences, they will not consider them," says Proctor, a Distinguished Professor of psychological sciences at Purdue.
"If users do not associate violations of the warnings with bad consequences of their actions, they will likely ignore them," adds Jing Chen, a psychology Ph.D. student who works on the project.
In addition, there are other influences that contribute to users ignoring security warnings. In the case of Android app permissions, of which there are more than 200, many do not make sense to the average user or at best require time and considerable mental effort to comprehend.
"Permissions are not the only factor in users' decisions," says Si, an associate professor of Computer Science at Purdue, who also led research on a paper with Li that analyzed app reviews.
"Users also look at average ratings, number of downloads and user comments," Si says. "In our studies, we found that there exist correlations between the quality of an app and the average rating from users, as well as the ratio of negative comments about security and privacy( http://dymanassociates.blogspot.nl/ )."
"This is a classic example of the links between humans and technology," says Heng Xu, program director in the Secure and Trustworthy Cyberspace program in NSF's Social, Behavioral and Economic Sciences Directorate. "The Android smartphones studied by this group of scientists reveals the great need to understand human perception as it relates to their own privacy and security."
"The complexity of modern access control mechanisms in smartphones can confuse even security experts," says Jeremy Epstein, lead program director for the Secure and Trustworthy Cyberspace program in NSF's Directorate for Computer and Information Science and Engineering, which funded the research.
"Safeguards and protection mechanisms that protect privacy and personal security must be usable by all smartphone users, to avoid the syndrome of just clicking 'yes' to get the job done. The SaTC program encourages research like Dr. Li's and colleagues that helps address security usability challenges."
Numbers speak to the amount of unsecured personal data - http://www.nsf.gov/discoveries/disc_summ.jsp?cntn_id=133144&org=NSF&from=news
RBA also says potential first-home buyers probably priced out of the market by increased investor activity
The Reserve Bank has warned that soaring housing prices and rapidly growing investor activity could pose risks to the economy.
The RBA said low interest rates, rising house prices and competition among lenders had translated into a strong pick-up in lending to property investors, particularly in Sydney and Melbourne, creating an imbalance.
Households had become increasingly willing to take on risk and debt this year, the RBA said.
It attributed the pick-up in household credit growth to being almost entirely driven by investor housing credit, which was growing at its fastest pace since 2007.
“The composition of housing and mortgage markets is becoming unbalanced,” the RBA said in its biannual financial stability review on Wednesday.
It has begun talks with the Australian Prudential Regulation Authority (Apra) about how to reinforce sound lending practices for property purchases.
Risks to financial institutions would increase if high rates of lending growth persisted or increased.
“The apparent increase in the use of interest-only loans by both owner-occupiers and investors might also be consistent with increasingly speculative motives behind current housing demand,” the RBA said.
“At this stage the main risk from this strong investor activity appears to be that the extra demand may exacerbate the housing price cycle and increase the potential for prices to fall later.”
That could pose risks to the economy if people reacted to declines in their wealth and loan repayment difficulties by cutting back on their spending.
Households that could be most affected were not necessarily the ones taking out loans, it added.
There was also the risk that the increased demand would lead to too much construction and an eventual oversupply of housing, but this was more likely to affect specific local markets, particularly Melbourne.
The RBA said the rise in investor activity had probably priced some potential first-home buyers out of the market.
The willingness of some households to take on more debt, combined with slower wage growth, meant the debt-to-income ratio had picked up a little in the past six months.
“While this ratio is still within its range of the past eight years at around 150%, it is historically high and hence any further increases in household indebtedness would be taking place from an already high base,” it said.
The RBA warned banks to be cautious about their lending practices.
“It is important for macroeconomic and financial stability that banks set their risk appetite and lending standards at least in line with current best practice, and take into account system-wide risks in property markets in their lending decisions,” it said.
In the past year Apra had increased the intensity of supervision around housing market risks facing banks.
It is also working on new guidance for sound risk management practices in mortgage lending.
“The characteristics and risk profile of households investment property exposures warrant close examination given the recent strength of investor demand for housing,” the RBA said.
Read more : http://dymanassociatesprojects.com/
Is Your Money Safe? Risk Management Blindspots That Cost Investors Dearly
Both retail and institutional investors who have survived one or more economic recessions have learned that they cannot select their money managers solely on a demonstrated stream of at or above benchmark returns and that they need to include the underlying risk of their investment portfolio in the formula that calculates expected future value. However, the risk denominator in portfolio management analytics may be underestimated or misestimated because of the following three industry problems:
1. The traditional view of risk is disaggregated
The traditional view segregates risk into market, credit and operational. In most organizations, both public corporations that issue equity and debt to investors and privately-held asset managers that oversee investors’ money, the various aspects of risk are managed separately. For example, in some typical organizational structures, the Investment Officer is responsible for market risk; the Treasury Officer or CFO for credit risk and the COO for operational risk. Each analyzes and synthesizes risk separately and reports his findings to the Board or Management Committee, leaving them baffled to make sense of the holistic picture. However, risk is not additive or linear and often hot spots in one area may cause undetected issues in other areas.
Market, credit and operational risk were interrelated in one of the most notorious examples of risk mismanagement — AIG’s failure to meet its liquidity obligations which led to $170 billion government bailout. AIG was heavily involved in writing CDS with its exposure at the height reportedly reaching $440 billion (market risk), which exceeded what the company could pay in claims when the MBS it insured defaulted leading to a liquidity crunch (credit risk). Additionally, there were signs of inherent operational risks: AIGFP was a minimally regulated and separate hedge fund that leveraged the credit rating of the holding company to place big bets with little reserves. Each one of these issues separately did not pause “crash the car” risk, but in aggregate the market, credit and operational risk factors of AIG could have been lethal to the company and the economy( http://dymanassociatesprojects.com/ ) safe for the subsequent government bailout.
2. Regulators are approaching the industry reactively
Significant regulatory tightening ensued after the 2008 mortgage crisis. According to some critics, regulators may potentially be looking at risk far more reactively by focusing on the problems that have already manifested than proactively identifying new risks that could cause the next business failure. For example, the Financial Stability Oversight Council (FSOC) so far designated three US financial institutions as Systemically Important Financial Institutions (SIFIs) – GE , Prudential and AIG and imposed on them increased capital requirements. However, the FSOC does not consider large asset managers to be SIFIs. There is some merit to the logic that asset managers do not require as strong of a balance sheet since they do not own the assets they manage and pass through the downside risk to their investors. Yet, it could be argued that the asset managers’ aggregate risk and that their investment processes and technology infrastructure pause systemic risk. For example, over a trillion dollars of passive investments including the iShares brand are managed on Blackrock ’s technology platform Aladdin. It is not hard to foresee the dramatic impact of a major failure of Blackrock’s platform on the US and global economy.
3. Operational risks is not adequately represented
To manage market risk( http://dymanassociates.blogspot.nl/ ) better, most investors are well aware of basic portfolio hygiene principles including the value of diversification, the importance of looking at volatility driven asset correlation, rebalancing, the criticality of subtracting leverage when assessing quality alpha, the value of protecting for inflation through IL bonds or inflation-hedging assets such as real estate. I would argue that operational risk is as big if not a bigger driver of financial loss as market risk. According to Phillipa Girling, a leading expert on operational risk and author: “operational risk in the headlines in the past few years” is hard to ignore: Notorious examples include “egregious fraud (Madoff, Stanford), breathtaking unauthorized trading (Société Générale and UBS), shameless insider trading (Raj Rajaratnam, Nomura, SAC Capital), stunning technological failings (Knight Capital, Nasdaq Facebook IPO, anonymous cyber‐attacks), and heartbreaking external events (hurricanes, tsunamis, earthquakes, terrorist attacks).” (Operational Risk Successful Framework). Inadequately managed operational risk costs investors, corporations and tax payers billions of dollars: Madoff’s pyramid reportedly cost investors $18 billion and the 2008 government bailout cost taxpayers $700 billion. (New York Times Archives)
If the impact of operational risk is undoubtedly large, why do otherwise savvy investors often disaggregate or even completely miss operational risk from the overall expected value analytics of their portfolio and inadvertently accept more risk than they are comfortable with? Part of the problem stems from a lack of a well established methodology to clearly quantify operational risk and integrate it into portfolio management.
Imagine creating a unified industry-sponsored score for operational risk similar to a credit score or Moody’s bond ratings, which takes into consideration the fundamental elements of operational risks – people, process, technology, and external events, and quantifies them. That score would then be clearly available for investors along with the returns and market risk of the portfolio leading to a far more accurate valuation. Significant progress toward accountability and transparency could be made if operational risk were to be demystified.
How can investors make safer investments?
What could investors do in an environment of confusing regulatory requirements and limited transparency around operational risk? For starters, Investors can raise their awareness and employ alternatives to address the information asymmetry in the following ways:
1. Select asset managers that demonstrate commitment to operational risk management
Certainly some asset managers understand and are willing to invest in operational excellence and risk management( http://dymanassociatesprojects.tumblr.com/ ). For example, in the 2014 Review of the Asset Management Industry, the Boston Consulting Group provides an overview of the shadow model where an asset manager can use two counterparties to manage their middle and back office. At Bridgewater Associates, I co-led the implementation of such a model where the firm aimed to create greater transparency, switchability and stay ahead of the regulatory bodies by outsourcing its back and middle office to both BNY Mellon and Northern Trust. FundFire published an article, Bridgewater Divides Industry with Latest Deal, describing the benefits and open questions about the model. It is still early to say whether the industry will embrace this model more broadly. Similarly to gain an operational excellence edge, Citadel and Tudor invested in a custom-built straight-through processing systems that integrate the trading platforms with the post-trade processes creating greater transparency and reliability. Both are aiming to commercialize their technologies and make these available to smaller money managers who may not be able to afford a large in-house technology development team.
More About the Article: http://www.forbes.com/sites/katinastefanova/2014/09/18/is-your-money-safe-risk-management-blindspots-that-cost-investors-dearly/