3 response totatling 750 word total

(Response 1 Need 250 word response and 1 cited reference)

All types of criminal activity occur in cyberspace, including theft of intellectual property, theft of sensitive data including personally identifiable information and financial information, child pornography, stalking and hate speech. In a traditional venue of crime, criminal activity usually has an identified perpetrator and victim. Depending on the severity level of the crime that was committed, a victim could report the crime to the local authorities and pursue through the justice system.

Cybercrime is not as straightforward as traditional criminal activity. The nature of cybercrime, unlike a traditional crime such as assault or breaking and entering, is not typically considered violent crime. The other issue with prosecuting cybercrime is that traditional jurisdictions typically follow a geographic map, which does not exist in cyberspace (Yar, 2006). To fill the void of policing the Internet, other self-formed organizations are stepping in to assist. For example, the Ant-Defamation League and Southern Poverty Law Center work to expose hate speech online, and then takes action such as contacting the Internet Service Provider (ISP) that is hosting the hate speech content in order to pressure them to take it down (Yar, 2006). Other non-profit groups, such as the Association of Sites Advocating Child Protection (ASACP), work to eliminate the exploitation of children online by providing an international tipline, work with the online adult film industry to remove online child sexual abuse, and educate parents on how to prevent children from accessing inappropriate content (About ASACP, 2019).

In addition to organized groups and associations, the Information Technology industry is producing products and services that individuals can use to better protect themselves from cybercrime and to keep their privacy while online, including virtual private network (VPN) solutions to protect traffic in transit while online, anti-virus and malware protection, and education and training on how to stay safe online.

Unfortunately, many of the technologies that individuals use to protect themselves online can also be used by cybercriminals to hide their criminal activity online. Encryption protects by scrambling it into different characters which makes it unusable, then “locking” it with a key. Legislators have tried unsuccessfully over the years to mandate that encryption keys are kept with law enforcement or some other agency that can unlock encrypted data. While those attempts have been unsuccessful, law enforcement has figured out other ways to break encryption. In 2016, the FBI needed to get access to the San Bernardino shooter’s iPhone for evidence but were not able to crack the iPhone’s encryption system. Apple refused to work with the FBI to create a backdoor to the iPhone, so the FBI then paid a third party to break into the iPhone (Statt, 2017).

There is always a balancing act between security and liberty, and between all demands and needs of all constituents. Electronic surveillance can be used to protect individuals from harm, or it can be used to take away someone’s right to privacy. Encryption or virtual private networks, as mentioned above, can be used by individuals to protect their privacy, or for cybercriminals to hide their activity. The Internet itself and technology can be used to help or harm, depending on the intention.

References

About ASACP. (2019). Retrieved from Association of Sites Advocating Child Protection: https://www.asacp.org

Statt, N. (2017, Oct 1). FBI won’t have to reveal details on iPhone hacking tool used in San Bernardino case. Retrieved from The Verge: https://www.theverge.com/2017/10/1/16393074/apple-…

Yar, M. (2006). Cybercrime and Society. London: Sage Publications.

(Response 2 Need 250 word response and 1 cited reference)

Compare and contrast the risk assessment process described by Oatman with that use in your current organization.

With the ever-changing threat landscape and the hardening of critical infrastructures within the US, corporate executives have found themselves more vulnerable to a wide variety of threats. Because of this vulnerability, risk assessments have become commonplace in corporate America. The risk assessment process is a critical exercise to effectively safeguard critical assets, whether they be people or property.

In this week’s, Oatman (2006) advises “the risk assessment enables security professionals to establish protection protocols measures appropriate to the threat..” This serves as a great reminder that the risk assessment process ensures that adequate mitigation measures are tailored to the specific protectee, and highly dependent upon protectee’s exposure to threats.

The risk assessment is the tool to identify that threat exposure. According to Oatman (2006), noted several risk assessment methodologies established by various organization. For example, Oatman referenced the DHS report titled Vulnerability Assessment Methodologies report that defined risk in terms of the following equation: Risk = Consequences x Likelihood. Moreover, Oatman detailed ASIS International’s General Risk Assessment Guidelines which includes several steps to coherently process a risk assessment model in terms of:

1. Identifying the assets at risk
2. Identifying loss events and vulnerabilities
3. Determine probability ratios and frequency of loss events
4. Determine the impact of loss events
5. Identify ways to mitigate risk
6. Examine the practicality of implementing mitigation efforts

Oatman went on to describe the implementation of risk assessments by Executive Protection professionals in order to obtain a threat landscape for a given corporate executive. Efforts like conducting interview of key staff, examining current threat information, crime stats, site visits to both the executive offices, off-site work locations, residences, vacation homes, the review of current security measures within the organization and more, which are all used to assist the EP professional “to determine whether an executive needs protection and how best to provide it” (Oatman, 2006).

Within my current organization, we perform risk assessments during three routine law enforcement activities: search warrants, firearms training, and long-distance vehicular travel. In short, we conduct risk assessments on ourselves, during very particular law enforcement activities that may pose risk to our safety. Much of which Oatman outlined in this week’s reading assignment was relevant to the efforts our organization employs while dealing with potential risk events.

The identification of risks when performing search warrants is critical. The search warrants we conduct are typically on corporations or corporate leaders. The risk assessment itself involves identifying possible risks or threats that law enforcement personnel may encounter during the execution of the warrant. In order to adequately identify potential risks, we and our support staff conduct in-depth intelligence collection on the targets of the warrant. We specifically look for prior criminal records, gun ownership, the criminal environment of the location to be served, and more. The results of the risk assessment may result in implementing mitigation measures to include the number of search teams, weapons used by law enforcement personnel, local law enforcement support, etc. Because not all search warrants are alike, the risk assessment enables those charged with its execution to customize an adequate operational plan while reducing the risks associated with the activity.

With respect to firearms training, risk assessments are a mandatory procedure prior to performing the training. The risk assessment usually entails identifying whether conditions, the experience level of those participating in the training, and the possible presence of civilians I the event we perform the training at local firing ranges, which is thankfully rare. Our organization also required a risk assessment be completed when we drive over 500 miles in a single day. This too, is rare, as we usually fly at that distance but if we drive, much of the risk assessments involve identifying weather hazards, potential fatigue-related issues, and vehicular maintenance. Mitigation procedures usually involve placing chains on the tires of our duty vehicle or renting a 4×4, identifying locations to rest or stop for the evening, and ensuring proper maintenance is performed on vehicles prior to mission execution.

Along similar lines, being a special agent responsible for investigating procurement and white-collar crimes relating to high dollar contracting efforts, we conduct annual Economic Crime Threat Assessments on government organizations that perform contracting functions. These threat assessments are designed to identify vulnerabilities within organizations that may make them susceptible to fraud, waste, and abuse. Much of the criteria to make these assessments involve the number of dollars spent on contracting efforts, the sensitivity of those contracting efforts, contracting efforts that may impact Soldier safety, and the experience level of the contracting staff administering the contracts. Once we identify organizational vulnerabilities, we rank them as High, Medium, and Low based on the prescribed criteria. That information is useful because we are then able to conduct a number of proactive investigative measures to mitigate those risks in the form of formal audits of organizations and specific contracting programs, providing fraud briefings to contracting personnel, and Crime Prevention Surveys.

Although the risk assessment described above focus on entirely different subjects, executives and in my organization’s case, contracting entities, the goals of identifying risks and mitigating those risks by implementing appropriate measures, remains the same. The risk assessment serves as an invaluable tool for both security and law enforcement professionals to better protect those they serve.

Reference:

Oatman, Robert L., (2006). Executive protection: New solutions for a new era. Arnold, MD: Nobel HouseHouseH

(Response 3 Need 250 word response and 1 cited reference)

Last Edited By James Weichold on Oct 17, 2019 12:31 PM

Hello Class, something a little different from me for this forum. My organization, Santa Fe College, wouldn’t talk to me about how they do risk assessment so I am going to approach this weeks forum from a standpoint of having owned my own aerospace company. I will be doing a compare and contrast of what Oatman suggest EPS should do in the book with what I did, or I should say, didn’t do and you all will be able to look at and see all the mistakes I made as the CEO of my company.

First off lets look at what Oatman suggest EPS should do for a risk assessment. The EPS should study several key categories of information:

– Executive exposure to varies types of danger

– Executives attractiveness as a target

– Executives public exposure

– Security measures currently in place for the principal

The information from the above can be developed by studying the following:

– Corporate information exposure

– Individual information exposure

– Other risk assessment elements

– Risk climate

– The principals own concerns

Alright, I never saw myself or felt that I was a very attractive target; I was a very small fish in a very large pond. The contracts I had were with Lockheed Martin (LM). My company was an aerospace consulting company and was brought in my high profile executives in order to work some issues they were having at one of their manufacturing sites. As far as exposure to various types of danger I would say I was exposed to work place violence in the fact that the local management was not pleased that I was brought in to the facility and they were at first hostile towards me. I dealt with this in two ways. First I maintained a constant awareness of my environment and surroundings and I had a meeting with the local upper executives at the site and had a “come to Jesus” meeting with them. After the meeting the hostilities toward me subsided but I also probably increased my threat level for work place environment. I also developed and had very good working relationships with middle management and the facility work force who found me more of an interest than a threat. Public exposure is where I feel I made my biggest mistake. When I started the company I started a google site, facebook site and a twitter account all for the company. I had my information on the sites and mentioned I was married with children and grandchildren. I never mentioned my children or grandchildren’s names but I did mention my wife name but she was also the vice president of the company. I had no images of anyone to include my wife with the exception of myself. My face was plastered on the sites.

I realized this was a mistake when I started to get contacted by other entities, only, from the Middle East. I had several tours of duty to the Middle East and would not have normally been concerned had it not been for the work I was doing. Since I was only being contacted by Middle East sources I immediately closed all my internet sites. This was the only fix I could figure out to do to solve this issue.

As far as other risk to myself or wife there was always the crime in the local area which was almost non-existent. The drive to the LM site was a rather long one and so I would say the biggest threat to my wife and myself was getting into an accident either on the highway, if that was the route I took, or going through all the small towns to get to the site.

As far as I was concerned I had no concerns until the Mid East sources started contacting me and I felt I dealt with that ok. Anyway everybody let me know.

Oatman, R. L. (2006). Executive Protection: New Solutions for a New Era. (Rev. Ed.). Arnold Md: Noble House

Weichold, J. W. (2019) CEO/Owner TYG Aerospace.