Tackling product liability in sports equipment: Discover how prioritizing safety, compliance, and innovation can prevent injuries and ensure a safer experience for all athletes!
👀 One week of news in a single glance. Read the Automotive Supply Chain Risk Digest
#automotive #automotiveindustry #autoindustry #Dana #electricvehicle #GAC #Geely #Huayou #Lamborghini #LG #LGChem #Lucid #manufacturing #MercedesBenz #MEMA #Musashi #MycoWorks #Northvolt #RollingPlus #SKecoplant #Suprajit #supplychain #supplychainmanagement #riskmanagement #TES #Tesla #Toyota #ToyodaGosei #EV
Industry braces for higher prices, limited supply amid UAW strike
What constitutes a good risk taxonomy?
A risk taxonomy is the hierarchical categorization of risk types.
A common approach to structure a taxonomy is to adopt a tree structure, whereby risks higher in the hierarchy are resolved into more granular manifestations further down.
In this blog post we discuss some important characteristics of risk taxonomies, using the classification of fire hazards (also known as fire classes) as a working example.
We are collaborating with the Secretary of Risks of Ecuador on preventive mapping of areas possibly affected by the El Niño phenomenon.
Support this work by contributing to the tasks we've created in the Tasking Manager:
Five Reasons Why the World Needs a Standardized Ethereum Staking Rate - An ether (ETH) staking benchmark could attract institutional investors into the Ethereum ... - https://www.coindesk.com/business/2023/09/27/five-reasons-why-the-world-needs-a-standardized-ethereum-staking-rate/?utm_medium=referral&utm_source=rss&utm_campaign=headlines #cryptolong&short #riskmanagement #valuations #benchmark #ethereum #themerge #finance #opinion #staking #ether #yield #etps
Choosing risk owners shouldn't always just fall to the most technically competent person. It could, in fact, be better managed and understood when given to the person most impacted.
Jamie wrote a quick guide on choosing the most appropriate risk owners in your strategy.
Overall, the establishment of a risk management committee is an essential component of an organization's risk management strategy, providing a systematic and methodical approach to identifying and managing potential risks.
Read more 👉 https://safeathlete.org/risk-management/
Great article by Shweta Sharma of CSO Magazine on the low #cybersecurity budgets allocated to the #CISO role. This will continue until the rest of the #CSuite stops thinking of #infosec as just a technology function instead of as #riskmanagement, a #salesenabler, or a market differentiator.
Personalized Nutrition Plans: Diet plans designed to meet the specific nutritional needs of an individual, particularly important for child athletes to fuel their bodies for sport performance and recovery.
🧗♀️ Why has the UAW strike put auto suppliers between a financial rock and a hard place?
READ: Automotive Supply Chain Risk Digest #345
#automotiveindustry #automotive #supplychain #supplychainmanagement #riskmanagement #strike #uawstrike #Dana #Ford #GM #Hota #JSW #KUKA #LG #Marelli #Mobis #Stellantis #Tesla #UAW #Unifor #USSteelCorp #VW #ZF
Preventing concussions, ensuring the use of appropriate safety equipment, implementing injury prevention techniques, and having rehabilitation strategies in place are all important components of a comprehensive risk management plan for youth sports 👉 https://safeathlete.org/youth-sports-risk-management-tips/
Educating coaches, parents, and athletes about the signs of abuse, reporting procedures, and the importance of creating a safe and supportive environment for children in sports: https://safeathlete.org/child-abuse-in-youth-sports/
In this article, we discuss managing stop loss orders during market volatility. We explore a range of strategies and approaches that can help traders navigate these challenging conditions, enabling them to enhance their risk management techniques and optimise their trading outcomes. #forexeducation #forexguides #riskmanagement
In times of rapid and unexpected change, there are unexpected opportunities and possibilities, if you can see the upside of risk instead of the potential downside.
"Breaking the Silos: Seeing Problems as Opportunities" is happening on 25 October 2023 as of 18:00 CEST in Ghent.
Leon Vliegen will bring his keynote “The Upside of Risk – the unknown and the unpredictable”, followed by two cases.
More info and sign up at https://breakingthesilos.be/event/seeing-problems-as-opportunities/
Ultimately, the significance of product liability in sports equipment cannot be overstated, as it serves to protect athletes and consumers from harm and holds manufacturers accountable for the safety and quality of their products. https://safeathlete.org/product-liability-faulty-sports-equipment/
#Python #AI #deeplearning #DataScience #wildfire #classification #riskmanagement #environment
2023 is one of the worst years for forest fires. We have implemented the fast TensorFlow CNN algorithm in Python tested on public-domain fire images.
Tailored training and nutrition plans can help child athletes reach their full potential while minimizing the risk of injury.
Automotive pro? Equip yourself with the tools to steer clear of the supply chain chaos stirred by the UAW strike.
Dive into actionable insights from Elm Analytics' leaders on today's Automotive Leadership Podcast.
→ Listen: http://go.elmanalytics.com/ALP
→ Read: http://go.elmanalytics.com/344M
#UAW #strike #UAWStrike #UAWStrike2023 #supplychain #automotive #automotiveindustry #riskmanagement #supplychainmanagement #autoindustry
Risk management in youth sports organizations is crucial as it helps to identify potential hazards, assess the level of risk, and implement measures to prevent or mitigate potential harm.
Secrets don't stay secrets for long! A new ITBrew article highlights how LMG Security #pentest manager @tompohl's recent #zeroday discovery shines a light on the need for stronger #devsecops & bug disclosure policies. Without public disclosure (and sometimes even with it), companies are slow to fix #cybersecurity vulnerabilities that put us all at risk. Read the article: https://www.itbrew.com/stories/2023/09/11/terrible-secrets-are-often-just-a-peek-at-a-binary-away
#CISO #riskmanagement #security #DFIR #infosec
From Europe's GDPR to customers noticing changes in the terms and conditions, in the age of AI, Data Privacy is getting renewed attention. Yet, companies often don't exercise the needed care when developing their AI Strategies. Why management and Boards should be more careful, and what corporate risk should be considered when integrating AI Strategies into corporate risk management? You can find out in my latest Blog entry.
The plight of the Security Awareness Manager:
"I think the boss's decision is wrong, but the boss thinks my opinion is irrelevant"
We hear something like the above quote almost every week when speaking to security awareness managers.
It's because the authority structure in which the "security awareness" function must exist is challenging in many organizations.
Those who decide that the organization needs a security awareness program often have some pre-conceived ideas about what should be in them.
But many times, they also have no idea. It's just a checkbox that somebody needs to fill.
When it's done for compliance reasons, it's common for managers and executives forget that standards are there to provide a baseline for managing risks... the bare minimum.
So, when the responsibility for preparing a security awareness program plan is delegated, there isn't usually much useful guidance from, or collaboration with, senior management.
But those who are given this responsibility quickly learn that there are a lot of unexpected questions, variables, paradoxes, and dilemmas that arise when you are mixing technology and people.
Security Awareness Managers need to make sure that their insights are heard at the top.
The money spent on a compliance exercise can often produce a much higher ROI when you plan to implement the program in an intelligent way.
This means leveraging knowledge about the organization's unique attributes to tailor the program appropriately, with the right tools, KPIs and activities.
Otherwise, the compliance exercise will not only produce little to no return on what is spent, it will provide a false sense of security, and may even erode the corporate culture.
So, try to create a meaningful plan for your organization, and find a way to make sure your executives understand the opportunities for turning a cost center into an investment that improves proficiency of staff.
"When the very foundation of modern human societies and the complex and fragile, globalized network within which they co-exist are threatened, the normal approach to #RiskManagement is not appropriate given current model deficiencies, the largely unquantifiable nature of #climate damages, and the deep uncertainties."
Instead: “What is the plausible worst-case scenario and what do we have to do to avoid it?”
⚡️ Update: Tragic incident in Kandahar as a wall collapses in a residential house, resulting in 3 fatalities and 4 injuries. The cause appears to be deterioration of the house wall. Authorities cite heavy rains, earthquakes, and deteriorating infrastructure as critical factors in such incidents across the country. #Kandahar #BuildingCollapse #RiskManagement https://www.riskmap.com/incidents/1863341/articles/185008957/?utm_source=dlvr.it&utm_medium=mastodon
Smaller Companies Must Embrace Risk Management
Why consumer drones represent a special cybersecurity risk
Over 225 security professionals have signed up for today's bi-weekly Cyber Security Awareness Forum.
Think of these sessions as: "The Best Part of Your Security Week"
Attendees love the casual atmosphere, the panel format and the variety of perspectives from CISOs and security awareness managers.
Why not join us today at 1pm EDT, to hear what other security professionals have to say about employee-related risks "beyond phishing links"?
They may not be quite like Glen A. Larson depicted them in the 80’s TV series “Knight Rider”, but autonomous vehicles are here.
We had the chance to work with an autonomous vehicle developer to help them overcome the challenges of assessing cyber risks in this emerging field and Jamie talks all about what we learned in this process.
Interesting paper on CVSS Scoring Inconsistencies: https://www.cs1.tf.fau.de/research/human-factors-in-security-and-privacy-group/consistency-of-cvss
The results are not surprising. Vulnerability scoring schemes like CVSS essentially split one highly subjective measure into several smaller, but equally subjective, measures and then combine the result into one score.
It may look like the resulting severity assessment is the result of a well-defined calculation, but the output is still heavily influenced by the technical frame of reference of the person doing the scoring.
This is one of my favorite quotes from the book "The Failure of Risk Management" which neatly captures, unfortunately, what it sometimes feels as if many orgs do.
> Imagine a patient complains of an earache and a doctor, unable to solve the problem, begins to saw off the patient’s foot. “At least I am doing something,” the doctor says in defense.
⚡️ Police shooting at Jeffersonville apartment complex leaves Richard Glass, 65, dead. Initial welfare check request escalated to shots fired from Glass' apartment. Investigation ongoing by Indiana State Police. #PoliceShooting #Jeffersonville #RiskManagement https://www.riskmap.com/incidents/1882153/articles/187891782/?utm_source=dlvr.it&utm_medium=mastodon
▪️ Activities: daily implementation
& #management of ongoing #EU funded projects, #budgeting, financial reporting and control, tracking and monitoring,
#riskmanagement #datamanagement internal & external #communication meeting facilitation.
Curve Crisis Shows Pitfalls of Decentralized Risk Management - Top DeFi lenders allowed a crypto CEO to take a risky bet, raising key questions about ho... - https://www.coindesk.com/tech/2023/08/23/curve-crisis-shows-pitfalls-of-decentralized-risk-management/?utm_medium=referral&utm_source=rss&utm_campaign=headlines #riskmanagement #news_analysis #technology #analysis #lending #aave #risk
Investing in Your Company’s Physical Risk Resilience
Learn what really takes up security awareness managers' time in their jobs.
Join us for today's Live Cyber Security Awareness Forum panel session on:
"A day in the life of a security awareness manager (tasks and challenges)"
We have live audience Q&A with an industry expert panel, to share insights and lessons learned about managing security awareness programs.
Very sobering writeup on the reputation and culture of #OceanGate leading up to the #Titan failure this year. It's really a shame they were able to operate and attract customers despite years of very public alarm from so many experienced deep sea professionals.
⚡️ Tragic rollover incident claims a life in Gimli. Rising grocery costs lead to increased efforts in price matching and coupon usage. Former nurse receives life sentence for murdering babies. Over 30,000 evacuees flee BC wildfires, facing uncertain futures. Evacuation order lifted for some properties in Kelowna. #RiskManagement https://www.riskmap.com/incidents/1886022/articles/188399035/?utm_source=dlvr.it&utm_medium=mastodon
"Unexpected Bitcoin price drop sparks new interest into the impact of market volatility on professional traders."
Full article: https://news.satoshis.tech/2023/08/18/bitcoin-price-crash-surprises-traders-900m-liquidations
#Bitcoin #Bitfinex #Cryptocurrency #FuturesData #HedgedPositions #MarginTrading #MarketCrash #MarketFluctuations #OKX #ProfessionalTraders #QuantitativeTradingSoftware #RetailTraders #RiskManagement #Trading #Volatility #Whales
Debates over the efficacy of #SOC2 #compliance aside, I don't like this trend of 3rd party vendors and contractors not even trying to do well on their audits. They know that in many cases, #security and #riskmanagement don't have the authority they like to think they do. The vendors know that if the various business units want to use the 3rd parties, they will.
The audit reports are like those "required" homework assignments that didn't actually affect your grade.
Free #cybersecurity planning guidance for 2024! Today’s #ITsecurity threats are evolving rapidly, and it’s time to update your cybersecurity plan for next year. We’re offering complimentary, no-pressure planning sessions to share threat trends for 2024, discuss how these trends could impact your #security, talk through your current #security & offer advice on closing any gaps. Contact us to book a session! https://www.lmgsecurity.com/contact-us/
#CISO #CEO #riskmanagement #cyberaware
Research Opportunity - Advancing The Operational Capacity Of Postfire Debris-Flow Hazard Assessments Through Better Understanding Of Debris-Flow Processes – A Mendenhall Research Fellowship Program Opportunity, Golden CO
https://www.usgs.gov/centers/mendenhall-research-fellowship-program/22-25-advancing-operational-capacity-postfire-debris <-- details of Fellowship opportunity
https://www.usgs.gov/centers/mendenhall-research-fellowship-program <-- details of the Mendenhall Research Fellowship Program
#engineeringgeology #research #researchopportunity #researchopportunities #MendenhallResearchFellowship #USGS #postfire #massmovement #debrisflow #geology #risk #hazard #wildfire #bushfire #firedamage #fire #impacts #fireriskassessment #geologichazard #fluvial #water #fluvialgeomorphology #climate #extremeweather #climatechange #soil #hazardassessent #riskassessment #riskmanagement #riskanalytics
Spot Bitcoin ETF Applications Face More Delays - The U.S. Securities and Exchange Commission (SEC) on Friday asked for additional p... - https://news.bitcoin.com/spot-bitcoin-etf-applications-face-more-delays/ #financialregulation #exchangetradedfund #cryptocurrency #riskmanagement #spotbitcoinetf #digitalassets #ericbalchunas #publicopinion #transparency #blockchain #compliance #innovation #investment #regulation #securities #technology #investors #portfolio #economy #finance #trading
I have a curse. I call it a curse because while sometimes it might feel like a super power, it often gets me in trouble, or makes it harder for me to "deliver on target".
I see the big picture. I can't help but noticing for example, that this tactical thing we are doing, in a silo, right here, that is defining a standard, measuring against that standard, and then reporting on it, and then trying to drive change from that measurement.. is the same thing I see happening in a lot of places.
Board or C level in a company says we must do X. Down at the layer where security works alongside engineering to do that, we are doing a one off defining a standard, measuring against it, and then giving that information to engineering so they can make changes to meet it. Execution, Execution, Execution. Go Faster. GSD.
My curse is to suggest, in the middle of the meeting about the specific instance, that we should probably have a standard way of defining X, measuring X, and then engineering making changes to meet the standard.
Like, we're going to be doing this a lot.
Also suggesting that our standard should be derived from a Risk the business understands that they define a Policy to mitigate, that prescribes Controls we articulate through Control Objectives that are used to create the Standard we measure on.
I'm thinking about the fact that we need to be doing this constantly, across multiple areas, multiple products, multiple tech stacks, constantly.... and that doesnt land in the tactical discussion we are having around this one specific area for this one OKR this one team / people are worried about missing.
I come off as being disconnected from solving the immediate issues. All I can see is an image in my mind of all these people in small rooms discussing the same things, solving the same problems and struggling the same ways.
So in the end, my ability to see up and over and across things strategically is a curse because everyone else is focused on "actually solving problems, not just talking about them at a high level, Zate". And perhaps they are correct, they are GSD.
I'm not even sure anymore if my way of viewing things is useful. Hence I see it as a curse. I sort of wish I was someone who could just focus on the immediate area, the immediate problem, an immediate solution.
And just deliver.
US Fed steps up oversight of banks' involvement with crypto firms - The limitations set out in the Federal Reserve’s new Program prov... - https://cointelegraph.com/news/us-fed-increases-bank-oversight-on-crypto #novelactivitiessupervisionprogram #federalreserveboard #registeredbanks #centralbanking #riskmanagement
Dall’IT Security all’Enterprise #RiskManagement: soluzioni per la gestione del rischio aziendale https://www.cybersecurity360.it/soluzioni-aziendali/dallit-security-allenterprise-risk-management/
Check out CISA's new guide on preventing #webapp access control abuse! Web apps are a top #cyberattack vector, so we recommend regular web app #pentesting. Read more advice in our recent blog: https://www.lmgsecurity.com/web-app-pentesting-a-7-step-checklist-for-uncovering-hidden-vulnerabilities/ & the CISA guide: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-208a
Earlier this month, we´ve been at the Summer School Disaster Risk Reduction 2023, a one-week course on disaster #RiskManagement & prevention hosted at the UAS Trier Environment Campus by @DKKV.
👉Read more about our field trips and workshops on #geodata for #DRR: https://heigit.org/heigit-at-summer-school-disaster-risk-reduction-2023/
#riskmanagement with Feynmann. Comparing Nasa Mgmt with a child and engineers with his mother: when a child runs on a road with car traffic and says to his mother : "nothing happens for many times. Let me play there". Mother replies that it is too dangerous but the child doesnt listen. Then it is not an accident. @AkaSci
CNN, Feynman and the Challenger disaster https://www.youtube.com/watch?v=4kpDg7MjHps
>June 1986 Interview of Richard Feynman (Footage from https://www.youtube.com/watch?v=2TtGySL2WLw ) Starts at 2:15
🔒 Is your organization at risk of #ShadowIT? Learn about unknown assets, unmanaged devices/services, and the threats they pose. Discover effective mitigations to secure your IT infrastructure and protect sensitive data.
📖 A helpful guide written by the UK's National Cyber Security Centre in their effort to make the UK the safest place to live and work online.
Shadow IT, also known as grey IT, refers to unidentified assets used within an organization for business purposes, not accounted for by asset management and not aligned with corporate IT processes or policy. It poses risks like data theft and malware propagation.
Types of Shadow IT include unmanaged devices (personal devices, unauthorized servers) and unmanaged services (shadow cloud services, unapproved tools).
Threats of Shadow IT involve data theft, ransomware, and network infections due to inadequate security measures.
- Avoid unnecessary IT lockdowns.
- Address user requests promptly.
- Provide controlled access to non-standard services.
- Encourage a cybersecurity culture.
Addressing User Needs:
- Offer guidance on secure messaging and video conferencing.
- Provide secure cloud service deployment guidance.
- Prepare for increased remote work.
- Use X.509 certification for resource access.
- Deploy network scanners to detect unmanaged devices/services.
- Use Cloud Access Security Brokers (CASBs) to monitor cloud usage.
- Implement Secure Access Service Edge (SASE) solutions.
- Use Unified Endpoint Management (UEM) for device security.
Shadow IT presents significant risks, and addressing them requires a proactive approach with organizational, user-focused, and technical solutions. A strong cybersecurity culture is vital for reducing shadow IT prevalence and enhancing overall IT security and risk management.
🔗 Learn more: [Shadow IT Guide](https://www.ncsc.gov.uk/guidance/shadow-it)
Today I want to talk about getting lightheaded and possibly actually fainting/losing consciousness in rope because it's a thing that happens far more often than I think is discussed and I think a lot of riggers and bottoms aren't aware of the factors that contribute to risk of fainting. If you do suspension bondage, you should be aware of this risk. If you bottom for suspensions, you should be prepared to communicate about your physical state while under extreme duress. Both riggers and bottoms should have a plan for how to handle emergency descents should such a situation arise.
Personally, I've gone fully unconscious in rope once and very nearly did so at least 3 other times that I can think of. I've also witnessed several other instances of other people fainting in rope during both play and rope classes. All of these incidents involved suspensions.
So, why do people get lightheaded and possibly even lose consciousness in rope bondage? It's due to something called Vasovagal Syncope which is a part of your autonomic nervous system (the system that controls blood flow, respiration, etc.). Suspension bondage in particular puts a number of stressors on your body that impact your nervous system and your bodies' ability to pump blood to your limbs and organs, and if those stressors become too intense, your body basically does a reboot. And it can be pretty scary (not to mention dangerous) to pass out while you are hanging from a few pieces rope.
There are several factors that I'm aware of that make it more likely to faint in rope which are:
1. Being hot (not sexy hot, temperature hot you perv) - high ambient temperatures and high humidity make your nervous system much more sensitive to other stressors. I've also seen folks vomit while tied up because they got too hot (and/or chugged water while hot) and nausea is another way that the autonomic nervous system indicates there is an problem
2. Being tied in an upright position where the legs are suspended below the heart - vertical suspensions are deceivingly stressful for the body and having the legs suspended below your heart makes pumping blood to your extremities more difficult. I'm not saying don't do vertical positions, I'm saying be aware that they carry more risk factors that increase the chances of a Vasovagal Syncope issue, and if you are going to do them, try to ensure that you have a quick and easy exit plan. I have a friend who was tying with someone while pregnant and did a vertical partial suspension. Neither she nor the rigger had any idea that they were doing a higher risk tie, thinking that a partial suspension in a sort of standing position would be pretty safe. But my friend got dizzy and had to be cut out of the rope because they did not plan an easy exit.
3. Intense pain - of course rope is known for being painful to a degree, but sudden, sharp pain or sustaining painful positions for long periods can activate an autonomic response of fainting.
4. Low blood sugar - if you haven't eaten or have low blood sugar before doing rope, that can cause lightheadedness and risk of fainting
What are the warning signs of Vasovagal Syncope?
You may start to feel a little nauseous and/or dizzy at first. You may feel like you started sweating a lot all of the sudden, like cold sweats when you have a fever, then the dizziness may start to increase rapidly and you may hear a buzzing in your ears, experience blurred vision, or the sensation of the room closing in on you. If you get to that point, you probably only have seconds before your vision will go dark and you will lose consciousness.
If I feel even the slightest bit dizzy or nauseous in rope, I like to let my rigger know immediately so they can be on alert and checking in with me more frequently, and also so they can mentally prepare for a quick exit if need be. I don't have a problem every time I experience dizziness or nausea, but when the Syncope sets in, it does so very quickly so it's best to be prepared.
The one time I actually lost consciousness in rope, we were doing a Hashira suspension which is a vertical suspension tied to a vertical pole (see image 1). We were tying outside and it got a bit warmer than we anticipated. The way Hashira's are done is that each component builds on the next and there is no quick or easy way out. So we basically had ALL the risk factors and no easy way out. And no one else was there to spot or assist with an emergency descent. Oops.
Anyway, I started to feel dizzy and told Secondfloor (my long term romantic partner and rigger) and he immediately started untying me. I had a foot on the ground pretty quickly which is usually enough to stop the issue, but that time it wasn't. I was continuing to progress through all the warning signs I mentioned above and I knew time was running out so I managed to get the words out, "I'm not going to make it" and then I was out. I came to maybe a moment later, sitting on the ground, in Secondfloor's arms, with him continuing to untie the rest of the rope. He had managed to get my limp ass body out of the suspension and on the ground. I was fine, but very shaken up because it's scary to pass out in rope and scary to wake up in a different position than I remembered being in.
The first time I ALMOST fainted, I was tying with a rigger that I def would not recommend. I was in a vertical-ish position (see image 2), feet below heart. I started to get dizzy and tried to push past it because I was new and had a hard time finding people to tie with and I didn't want to seem like I was weak or a shitty bottom. But it didn't go away and just got worse so I had to say something. He started untying me and it felt so excruciatingly slow waiting for him to get me down to the ground. I didn't go out but I was so close, I was at the blurred vision, room closing in stage so I probably only had seconds left when he finally got me down. I don't recall him doing any checkins with me afterwards that evening or anything at all to make me feel like I wasn't a garbage bottom for not being able to handle the tie. He didn't check in on me afterwards either. Please don't be that guy.
Another time I almost fainted, I was tied in a Daruma position (see image 3) which is a VERY intense tie where you are like almost folded in on yourself. I wasn't hot (it was actually quite cold) and my legs were above my heart, but the position was vertical-ish and quite painful + taxing and I guess the position was just too stressful on my body. Anyway we had a good friend there who was shooting photos, so when the dizziness came on, I said I needed to come out NOW and she immediately stopped shooting and helped support my body while we got both my legs down.
In the classes where I've witnessed bottoms fainting, it's always been in pretty advanced level transition classes, but I don't recall any of the bottoms giving any notice that something was wrong, so they may not have known what was happening before it was too late (or maybe they were like me the first time and didn't want to disappoint their rigger). In each instance, the bottoms were assisted down by other people in the classes, sometime with multiple people lifting them so that a carabiner could be unhooked and they could be brought down to the floor before they were untied. Why not cut the rope? That creates a whole other set of safety issues. I'm sure there are times when cutting the rope is the best choice, but usually it's safer to untie or get help lowering the bottom manually than to cut. But mostly the main thing to do if someone is lightheaded is to get them on solid ground and in a recumbent or seated position ASAP. Then once they are stable, get them hydrated and maybe something to eat to make sure blood sugar is good.
Feel free to ask me any questions you have on this topic or add your experiences in the comments.
#ropeBondage #ropeEducation #vasovagalSyncope #ropeSafety #bondage #bdsm #riskManagement #shibari @email@example.com
Excerpt from my latest Cyentia Institute blog post, “Patching, Fast and Slow”:
There are many ways one could measure how quickly vulnerabilities are patched. Most go with a simple average, but such point statistics are a poor representation of what’s really happening with remediation timeframes. Our favored method for this is survival analysis. I won’t get into the methodology here other than to say it tracks the “death” (remediation) of vulnerabilities over time to produce a curve that looks like the ones below comparing remediation speed among sectors.
The lesson? Get remediation strategy advice from your investment firm rather than your insurer, perhaps? We could ask a bunch of other questions about why certain organizations or industries struggle more than others to address vulnerabilities…but this isn’t that post. But I do suspect the “system” guiding the patching strategies of these organizations makes a big difference in the shape of their remediation curves.
You may have caught the title of this post being a reference to Daniel Kahneman’s book “Thinking, Fast and Slow.” That was partly because it’s catchy and fits the topic. But I also think there’s a parallel to be drawn from one of the main points of that book. Kahneman describes two basic types of thinking that drive human decision-making:
System 1: Fast, automatic, frequent, emotional, stereotypic, unconscious
System 2: Slow, effortful, infrequent, logical, calculating, conscious
Maybe you see where I’m headed here. I’m not saying we can boil all patching down to just two different approaches. But my experience and research support the notion that there are two broad systems at play. Many assets lend themselves to automated, fast deployment of patches without much additional preparation or evaluation (e.g., newer versions of Windows and OSX). Those fall under System 1 patching.
Other assets require manual intervention, testing, risk evaluation, or additional effort to deploy. That fits the System 2 definition well. The more your organization has to engage in System 2 rather than System 1 patching, the slower and shallower those remediation timelines will appear. Like normal decisions, we can’t do everything via System 1…some assets need that extra System 2 treatment. But problems (and/or delays) arise when there’s a mismatch between the system used and the decision (remediation) scenario.
My takeaway for vulnerability management programs? Use System 1 patching as much as possible and System 2 patching only where necessary.
See all the analysis leading up to this conclusion in the full post: https://www.cyentia.com/patching-fast-and-slow/
#patchmanagement #vulnerabilitymanagement #vulnerabilityassessment #vulnerabilities #exposuremanagement #riskmanagement #cyberriskmanagement #remediation #cve #appsec #appsecurity #secops #securityoperations #cybersecurity #infosec #infosecurity
Great thread on engineering practices and how to manage for safety.
This post especially is worth reading and re-reading. Mastering technical complexity is one thing (exciting!), making the system robust in use is another (tedious!). We need more effort on the tedious side.
So true in many other fields, such as the design of complex financial instruments. Building those extra layers of "what if it fails?" is the hard bit.
New blog post "Turbo Boost: How to perpetuate security problems." https://blog.cr.yp.to/20230609-turboboost.html with special guest appearances from Shark, Fluffy, and Turbo Boost Max Ultra Hyper Performance Extreme. #overclocking #performancehype #power #timing #hertzbleed #riskmanagement #environment
Are there any good - preferably SaaS - solutions for #RiskManagement? I have seen BMC's in the past, but it was very heavy weight.
🔥 Hot off the press! Co-authored blog with esteemed colleague Sambit Misra on #IBM SecurityIntelligence.com about SaaS Security Posture Management: "Is Your Critical SaaS Data Secure?"¨
Over the last 20 years, the Washington Speakers Bureau has brought me into many events as a keynote speaker. As one of the pre-eminent bureaus in the world, it's always a thrill to work with them on various projects.; I value my relationship with them so much! (They're one of about 40 bureaus that book me, though this is one of my favorite relationships)
With that, they have just published a custom blog post I wrote for them on the future of AI and all things legal.
You want to give it a read. You know that everyone is talking about the upside of AI. But what about a hard analysis of the downside risk? That's where I go in this long analysis. Read it and share it!
And think about what it means for your company, association, and conference event. And then - reach out to the folks at WSB to learn how you can bring me in for a realistic talk on the perils and opportunities of what is unfolding.
Also, they just signed Alex Rodrigues, and so between him and a few others, I'm in wonderful company. Pinch me moments every day!)
"Bei der Digitalisierung ist Alles so schön einfach."
Ach ja, konnte ja keiner Wissen, das Kriminelle Autos klauen möchten. 🤔
Aber dafür warten wir ja in der Welt der #Globalisierung ein halbes Jahr auf Ersatzteile für 3 Jahre alte Autos, bzw. Mercedes stellt Ersatzteilversorgung für 10 Jahre alte Autos ein. ...
Es ist eine sooo degenerierte Welt mit einem sooo degeneriertem kapitalistischen System, das da gerade an die Wand fährt. ...
"Der Markt regelt das." #DerMarktRegeltDas
Why so? ML/AI models have no idea when they are operating out of their depth. They're going to give you SOME answer, no matter what you've asked.
If you want good #RiskManagement in AI, you need to draw boundaries around models so they can't run wild.
And it sounds like the creators of the popular voice assistants have done just that. Invalid questions don't make it all the way to the models.
Beautiful details in this Koran, c. 1405, being condition assessed for imaging.
@ Lambeth Palace Library [MS 1210]
[#CyberInsurance] I have been finding the rapid evolution of cyber insurance to be fascinating. As the type of org that only deals with managing risk, it has been quite telling as to the state of affairs in the #cybersecurity landscape.
Now, the White House said it will assess how the federal government could intervene to prevent catastrophic cyberattacks from overwhelming insurers. The new national cybersecurity strategy says the Biden administration will explore creating a backstop that would be structured before major hacks (per WSJ].
This, according to a Google Cloud head of business risk and insurance, leaves companies in general—exposed to risk that they have no other way to mitigate or transfer. | https://www.wsj.com/articles/u-s-government-to-explore-cyber-insurance-backstop-ddc94c11 | #cyberinsurance #cybersecurity #riskmanagement #risktransfer
It occurred to me that many, if not most #Mastodon instances are run by one person who maintains the server infrastructure (not just an admin Mastodon account). That leaves large chunks of the fediverse with a Bus Factor of 1, meaning if that one owner was suddenly hit by a bus and died, there would be no one left to maintain an instance.
Ideally, an instance should have at least two trusted people in geographically separate areas who can maintain the server infrastructure.
Please boostthis post and tag your instance admin in a reply to see how they are mitigating this risk.
[#CyberInsurance] Getting coverage is only getting harder over time, and costs are climbing as well. This continues to happen as insurers are leery of how long-term risks will play out, including yearslong #databreach lawsuits.
Most major cyber insurers are willing to write insurance for their largest customers up to around $15 million, says a cyber expert at insurer AXA. But for big companies where #cyberattacks and collateral damage can end up costing much more, a patchwork of several policies will be required. https://www.wsj.com/articles/cyber-insurers-unlikely-to-offer-higher-coverage-limits-despite-better-conditions-25059df4 | #cybersecurity #risktransfer #riskmanagement
Microsoft is announcing several new features in the public preview of Insider Risk Management that can help you better uncover hidden Insider risks and shorten the time to action:
Specifically, these are:
🎯Extend intelligent detections to non-Microsoft environments
🎯Enrich obfuscation detection in sequences
🎯Improve investigation experience with a new visual chart and alert filter
🎯Reduce noise of insider risk alerts
Always amusing when someone attempts to get around regulatory controls through wording interpretation 🤔
The grid is under attack
A record number of attacks on electrical grids plunged thousands of Americans into darkness last year, as authorities worry neo-Nazis are targeting critical infrastructure
https://www.businessinsider.com/electrical-power-grid-attack-us-infrastructure-terrorism-2023-1 #cybersecurity #powergrid #criticalinfrastructure #riskmanagement #neonazis
Bermuda Monetary Authority (Authority or BMA) clarifies the accounting treatment for digital assets stored or maintained by Digital Asset Businesses on behalf of their customers, January 27, 2023
Coastal Risk Screening Tool - An interactive map showing areas threatened by sea level rise and coastal flooding. Combining the most advanced global model of coastal elevations with the latest projections for future flood levels.
#CoastalFlooding #Flooding #ClimateCrisis #FloodLevels #Infrastructure #Insurance #RiskManagement https://coastal.climatecentral.org/
The anti-ESG rhetoric is intensifying, but if you've been following me long enough, you'll know that:
1. #ESGInvesting is tied to value, not values.
2. You can't ban the consideration of risks from the markets.
Conservatives are talking about banning values-based choices through Impact Investing, Thematic Investing, Sustainability Investing, etc. Blanketly doing that firm by firm is a short-sighted strategy with financial implications for citizens, as we've seen in Texas already.
Jill Fisch is right, though. "Such a coordinated political attack on the finance industry may be without precedent."
If nothing else, Financial Services firms need to be doing two things:
🏷️ Ensuring financial product information is clear regarding its intentions, especially around investible products. It is well past time to capitalize on both #ESG and #Sustainability (not the same thing) by providing transparency and clarity.
📈 Pulling the data for hearings where they can show how conservative states benefit from this risk management already. I don't believe we'll see evidence that ESG is a growth wonderland, but there should be enough solid evidence that it is a fiduciary consideration. After all, ESG is material.
#Investing #Government #RiskManagement #Markets
BTW: This is the English version of this thread/article: https://waldvogel.family/@marcel/109510489152264618
So habe es weder #RiskManagement noch korrekte Buchführung gegeben, Bankkonten wurden beliebig vermischt und sogar absichtlich verschleiert, laut 28-seitigem #SEC #Complaint, der seit gestern vorliegt. Die Grenzen der Firmen scheinen personell, organisatorisch und finanziell fliessend gewesen zu sein. https://www.sec.gov/news/press-release/2022-219
“For one thing, that is an abuse of terminology: Black swans are supposed to be rare and extreme, and if you are talking about “numerous black swans” then you have made errors both of language and of risk management.” I really love this line from Matt Levine’s Money Stuff newsletter (which you have to register for unfortunately) https://www.bloomberg.com/opinion/articles/2022-12-12/ftx-had-some-luna-trouble #risk #riskmanagement #language
I am a proud 50-ish #Transgender woman.
I am the proud #parent of one college-aged young woman.
Happy to connect with a diverse community!
Love and peace to all!
My #introduction. Hi!
#Melbourne based, working on being less chronically online. Embarking on a bunch of nerdy mid-life crisis projects (cheaper than a sportscar)
Fun: The random assortment of nerdy and non-nerdy stuff I'd be interested in chatting about:
#Warhammer / #Warhammer40k
#3Dmodelling / #3Dprinting