Social Icons

Featured Posts

About Us
Dyman & Associates Risk Management Projects is a Risk Management firm whose main office is based in Boston, MA. We operate in the following fields: Cyber Security, Project Management, Emergency Management, Technology Governance, and Physical Security. Our company is a minority-owned enterprise with both MBE & DBE certifications.

Quite often, organizations muddle through crises in isolation, undertaking prime decisions within a vacuum. Dyman & Associates Risk Management Projects has the collective know-how to minimize your exposure to risk and help make your business become more resilient. We will work diligently for your benefit. We believe that honesty, reliability, and excellent customer service serve as the foundation for lasting relationships. Moreover, we supply empathy, humility, and a promise to give back to our community.

Huwebes, Abril 3, 2014

Dyman & Associates Risk Management Projects on Staff editorial: The internet, is it a privilege or human right?

There’s no denying that in this day and age, technology has taken over a considerable portion of our lives. Aside from cellphones, the most prominent technology to have hit our generation is the Internet. Now information, news and even people are literally a Google search away.

Back in 2011, the United Nations (UN) released a statement that said the UN has recognized that Internet access is a human right.

We here at the Sundial believe that Internet access is as of now a privilege, since we have to pay to have access to the net. Given the precedence of the Internet, we believe that the internet should become a human right. Even so, there are some precautions to understand if we were to hand universal control of the Internet to a single power.


To us Matadors, and even more so for those of us at the Sundial, the Internet has become an indispensable tool necessary to do almost all of our daily tasks. Whenever the Internet at school goes down, we freak out.

From just perusing the Internet to using Google Documents to put together an essay for class, the Internet has surgically embedded itself into our daily lives. Many who live in this era can no longer imagine what life would be like without the Internet.

Think about it. In developed nations, nearly everything is found or done online now. The Internet has become the new classifieds, as friends use social media to broadcast a job opening, or when job-seekers use Craigslist, Monster or the company site itself to search and apply for a job. These job searches more than likely lead us to an online application, a print-out of an application or the instructions to email a resume.

But the Internet is more than just a gigantic classified ad. For college students, it’s become a necessity.

Media convergence of the classrooms is taking place, as evidenced by the various my CSUN tablet classes, Moodle and online classes. There’s no denying that the Internet and technology is taking our learning environment beyond the traditional classroom.

Now, tests, quizzes and sometimes even finals are being facilitated through Moodle. Electronic submissions of essays are commonplace, and emailing professors for help or to schedule office hours is often taken for granted.

Not only is that, but reminders and notifications constantly sent to students through the use of the Internet. Applying for FAFSA now takes place online, as well as registering for our classes.

Navigational apps on our smartphones have become common, as people will now say that they will just “navi it.” Now, reaching places we’ve never been to before is easier than ever with the Internet and our phones.
These things that have become second-nature will fall if the Internet goes down.

Internet is a wealth of information

The Internet is an informative and vital tool. It is the source and form of information for billions. Not only does it serve to keep the global community up to date with world events at a swift rate, but it also serves as a worldwide platform built for interactive communication.

From research papers to just reading the news, the Internet has the capacity to hand us information within seconds. Google Search takes literally less than one second to give you results that can number within the millions.

To localize the impact the Internet has on our access of information, look at our own Oviatt library. Books have become searchable online to check for their availability and location. Some texts have even become an online-only text and online resources from other libraries can be pulled by the Oviatt for us to use.

On a global scale, the spread of information has led to various uprisings throughout the world. Just look at Julian Assange, founder of Wikileaks. Wikileaks was able to release over 700,000 documents of classified United States military proceedings. One of the documents included a video in which US soldiers shoot suspected Iraqi rebels from a helicopter. The leak caused to the US Military to review the video.

The Internet spreads word of injustices that happen all around the world. Take the situations happening in Syria, Venezuela and Ukraine. Without the Internet allowing for citizens within those nations to pass information, the world wouldn’t have much knowledge as to what’s really going on.

To a large degree, the Arab Spring revolutions throughout the Middle East and parts of North Africa wouldn’t have gained momentum without the Internet. The revolutionaries during the Arab Spring used social media to organize their communities, and thus inform and mobilize the global community to help support these revolutions.

Control of the Internet

While we support the belief that the Internet should become a human right, there are dangers if governments worldwide were to take control of the Internet.

Making the Internet a human right should not make it a public resource. The physical infrastructure such as cell towers and wiring already laid out by independent companies as well as technical developments are vital in advancing our understanding of what we’re capable of on the web. If the Internet becomes a government utility without competition, it risks stagnation.

Having a market of competitive providers keeps rates reasonable and technology fluid, which could prove beneficial as entrepreneurial companies expand into less-connected areas. Keeping Internet connectivity diversified, as opposed to the way our water is handled, also ensures that no one has definitive control over access and available content.

This is essential when issues like censorship and privacy come into play. For example, during Egypt’s revolution, the internet was censored by the government in order to suppress information and quell the uprisings.

Instead of becoming the source of public Internet access, governments should strive to become a hub for them by brokering contracts and working with private providers to create a public network. There should be regulations on the providers to ensure a diverse market, but not much government interference beyond that. Providers seeking to win public favor would then have to continue to improve their product, theoretically improving the options available to consumers.

As of now, the Internet is a privilege. About two billion people have access to the net, according to the Internet World Stats. However there will come a time where the Internet will become a right. The Internet is changing our society, and has the potential to bring even greater change to this world.

Martes, Abril 1, 2014

Dyman & Associates Risk Management Projects on Data privacy shapes up as a next-generation trade barrier


Revelations about U.S. digital eavesdropping have fanned concerns about Internet privacy and may complicate U.S. attempts to write rules enshrining the free flow of data into trade pacts with European and Pacific trading partners.

As more and more consumers and businesses shop and sign up for services online, the IT industry is working to fend off rising digital protectionism it sees as threatening an e-commerce marketplace estimated at up to $8 trillion a year.

"Restrictions on information flows are trade barriers," Google's executive chairman, Eric Schmidt, said at a Cato Institute event last month, warning that the worst possible outcome would be for the Internet to turn into "Splinternet."

The unease of U.S. technology companies has mounted in lockstep with rising worries overseas about data privacy.

German Chancellor Angela Merkel — a target of U.S. spying — has called for a European Internet protected from Washington's snooping. Brazil and the European Union plan to lay their own undersea communications cable to reduce reliance on the United States. And other countries are showing a preference for storing data on local servers rather than in the United States.
President Barack Obama acknowledged this week that it would take time to win back the trust of even friendly governments.

Trade experts predict the United States will have to make concessions on data privacy in the Transatlantic Trade and Investment Partnership talks (TTIP) with the EU, and will probably not get all it wants in Pacific Rim trade talks either.

"It is unfortunate because there were some good nuanced conversations happening before the spying allegations," said Adam Schlosser, director of the Center for Global Regulatory Cooperation at the U.S. Chamber of Commerce.

"But there is now a tendency to inappropriately conflate national security and law enforcement with ... commercial privacy practices, which has put a damper on rational debate."
The TTIP and the Trans-Pacific Partnership (TPP) talks are billed as next-generation trade negotiations, covering not only tariffs and goods trade but also common standards and goals in areas ranging from labor standards and environmental protection to intellectual property and data flows.

The last two issues are key for digital trade, which encompasses everything from U.S. cherry farmers selling direct to Chinese families via Alibaba Group Holdings' Tmall electronic shopping platform to plane maker Boeing monitoring in-flight diagnostic data on-line.


A 2011 report by the McKinsey Global Institute found almost $8 trillion changed hands each year through e-commerce, something that explains the keen interest IT firms and industry associations are taking in the trade agreements.

According to data compiled by the Sunlight Foundation, the computing and IT industry has been the second-biggest lobbyist on the TPP, after the pharmaceutical industry.
Industry groups such as the Software & Information Industry Association say free exchange of data is the key focus.

"For SIIA and its members, the most crucial issue in the trade agreements under negotiation is to get provisions permitting cross-border data flows," said Carl Schonander, international public policy director at SIIA, whose members include Reuters News parentThomson Reuters.
BSA the Software Alliance, an advocacy group for the software industry has warned that TPP partners Australia, Canada, Chile, Mexico, Peru and Vietnam are among countries adopting or proposing rules banning or limiting companies from transferring personal information off-shore. This might mean U.S. companies have to set up local servers in every country.

"Data flows are the lifeblood of the digital economy," said BSA policy director David Ohrenstein. "Trade agreements (must) ensure borders are open to data flows."


In an ideal world for IT companies, countries signing the TPP would promise not to impede cross-border data flows or make companies set up local servers.

U.S-based lobbyists expect those provisions to make it in, possibly with exceptions, but say work is still needed to convince trading partners to promise that any new regulations - including on privacy - will not restrict trade unnecessarily.

In Europe, where the backlash against U.S. spying has been the strongest, policymakers want changes by mid-2014 to the Safe Harbor Agreement, which allows U.S. companies with European-level privacy standards access to European data.

An opinion poll by the Atlantic Council and the Bertelsmann Foundation found rules governing cross border data flows and the alignment of privacy protections were among the most contentious and important, issues in the U.S.-Europe talks.

Atlantic Council Vice President Fran Burwell said it would be hard to get support from theEuropean Parliament or countries like Germany without an agreement on data protection.

"I think the big concession that (the U.S.) will have to make will be in the data privacy area," she said.
Tension is also brewing over intellectual property. U.S. music, book and software companies see piracy of copyright material as the biggest threat to their exports, while companies like Google worry about being held responsible for the actions of clients on their networks.

Data privacy group Electronic Frontier Foundation said proposals in draft TPP chapters would restrict flexibility in allowing fair use of copyright materials and encourage low-quality software patents by setting the bar too low.

A group of 29 smaller tech companies wrote to U.S. Senate Finance Committee ChairmanRon Wyden last week and warned against including harsher criminal penalties for minor copyright infringements in the TPP. The committee has jurisdiction over trade issues in the U.S. Congress.

"Reddit is a platform the same way that the telephone is a platform," said Erik Martin, general manager of on-line news hub Reddit, one of the signatories to the letter.


"To put so much burden on the providers to deal with problems from individual users is just really going to put a chill on investment and put a chill on innovation."

Linggo, Marso 30, 2014

Dyman & Associates Risk Management Projects on Hughes: Digital spying casts chill on global trade



WASHINGTON - Revelations about U.S. digital eavesdropping have fanned concerns about Internet privacy and may complicate U.S. attempts to write rules enshrining the free flow of data into trade pacts with European and Pacific trading partners. As more and more consumers and businesses shop and sign up for services online, the IT industry is working to fend off rising digital protectionism it sees as threatening an e-commerce marketplace estimated at up to $8 trillion US a year. “Restrictions on information flows are trade barriers,” Google’s executive chairperson Eric Schmidt said at a Cato Institute event last month, warning that the worst possible outcome would be for the Internet to turn into “Splinter net.”

The unease of U.S. technology companies has mounted in lockstep with rising worries overseas about data privacy. German Chancellor Angela Merkel — a target of U.S. spying — has called for a European Internet protected from Washington’s snooping. Brazil and the European Union plan to lay their own undersea communications cable to reduce reliance on the United States. And other countries are showing a preference for storing data on local servers rather than in the United States.U.S. President Barack Obama acknowledged this week that it would take time to win back the trust of even friendly governments.
Trade experts predict the United States will have to make concessions on data privacy in the Transatlantic Trade and Investment Partnership talks (TTIP) with the EU, and will probably not get all it wants in Pacific Rim trade talks either. “It is unfortunate because there were some good nuanced conversations happening before the spying allegations,” said Adam Schlosser, director of the Center for Global Regulatory Co-operation at the U.S. Chamber of Commerce. “But there is now a tendency to inappropriately conflate national security and law enforcement with . . . commercial privacy practices, which has put a damper on rational debate.”

The TTIP and the Trans-Pacific Partnership (TPP) talks are billed as next-generation trade negotiations, covering not only tariffs and goods trade but also common standards and goals in areas ranging from labour standards and environmental protection to intellectual property and data flows.

The last two issues are key for digital trade, which encompasses everything from U.S. cherry farmers selling direct to Chinese families via Alibaba Group Holdings’ electronic shopping platform to plane maker Boeing monitoring in-flight diagnostic data on-line. A 2011 report by the McKinsey Global Institute found almost $8 trillion changed hands each year through e-commerce, something that explains the keen interest IT firms and industry associations are taking in the trade agreements. According to data compiled by the Sunlight Foundation, the computing and IT industry has been the second-biggest lobbyist on the TPP, after the pharmaceutical industry. Industry groups such as the Software & Information Industry Association say free exchange of data is the key focus.

“For SIIA and its members, the most crucial issue in the trade agreements under negotiation is to get provisions permitting cross-border data flows,” said Carl Schonander, international public policy director at SIIA, whose members include Reuters News parent Thomson Reuters. BSA The Software Alliance, an advocacy group for the software industry has warned that TPP partners Australia, Canada, Chile, Mexico, Peru and Vietnam are among countries adopting or proposing rules banning or limiting companies from transferring personal information off-shore. This might mean U.S. companies have to set up local servers in every country.

“Data flows are the life blood of the digital economy,” said BSA policy director David Ohrenstein. “Trade agreements (must) ensure borders are open to data flows.” In an ideal world for IT companies, countries signing the TPP would promise not to impede cross-border data flows or make companies set up local servers. U.S-based lobbyists expect those provisions to make it in, possibly with exceptions, but say work is still needed to convince trading partners to promise that any new regulations, including on privacy, will not restrict trade unnecessarily.

In Europe, where the backlash against U.S. spying has been the strongest, policymakers want changes by mid-2014 to the Safe Harbor Agreement, which allows U.S. companies with European-level privacy standards access to European data. An opinion poll by the Atlantic Council and the Bertelsmann Foundation found rules governing cross-border data flows and the alignment of privacy protections were among the most contentious and important, issues in the U.S.-Europe talks. Atlantic Council vice-president Fran Burwell said it would be hard to get support from the European Parliament or countries like Germany without an agreement on data protection.

“I think the big concession that (the U.S.) will have to make will be in the data privacy area,” she said.Tension is also brewing over intellectual property. U.S. music, book and software companies see piracy of copyright material as the biggest threat to their exports, while companies like Google worry about being held responsible for the actions of clients on their networks. Data privacy group Electronic Frontier Foundation said proposals in draft TPP chapters would restrict flexibility in allowing fair use of copyright materials and encourage low-quality software patents by setting the bar too low.

A group of 29 smaller tech companies wrote to U.S. Senate finance committee chairperson Ron Wyden last week and warned against including harsher criminal penalties for minor copyright infringements in the TPP. The committee has jurisdiction over trade issues in the U.S. Congress. “Reddit is a platform the same way that the telephone is a platform,” said Erik Martin, general manager of on-ine news hub Reddit, one of the signatories to the letter. “To put so much burden on the providers to deal with problems from individual users is just really going to put a chill on investment and put a chill on innovation.”

Biyernes, Marso 21, 2014

Dyman & Associates Risk Management Projects: The Weakest Link in Security?


Hardly a day goes by without news of another data breach. It's safe to say that we live and work in risky times. But there's a growing recognition that cybercriminals aren't the only threat—or even the primary threat to an enterprise. "There's a far greater need to educate and train employees about security issues and put controls and monitoring in place to increase the odds of compliance," says John Hunt, a principal in information security at consulting firm PwC.

It's a task that's easier said than done, particularly in an era of BYOD, consumer technology and personal clouds. According to Jonathan Gossels, president and CEO of security firm SystemsExperts, it's critical to construct policies and security protections around two basic areas: malicious insiders and those who inadvertently breach security. "The best security program in the world can be undermined by ill-advised behavior," Gossels explains.

Construct effective policies. Surveys indicate that many workers are not adhering to existing policies. In some cases, they simply disregard them. "The thing that you have to keep in mind," notes Hunt, "is that policies must be clear, understandable and not interfere with the ability of people to get their work done." If an organization is struggling with non-compliance and shadow IT, then it may be time to reexamine policies, as well as the underlying systems and tools the enterprise has in place. "Many organizations have older policies that don't take into account today's tech tools, such as iPads and other portable devices," says Hunt. The policies should also extend to contract workers and freelancers, he notes.

Educate and train employees. One of the biggest problems, says Gossels, is weak passwords and workers sharing passwords. He recommends educating employees about the use of strong passwords. It's also essential to teach employees about increasingly sophisticated phishing techniques. And executives, including CEOs, make the mistake of clicking bad links. "When you receive an e-mail from the Better Business Bureau or a fax that looks legitimate, it's very easy in the rush of the moment to click it," says Gossels. It's critical that employees learn to hover over links. Some organizations also use simulated phishing and spear phishing attacks to identify careless workers. Finally, employees must understand the risks of using personal clouds, USB drives, and other media to share and store sensitive data.

Develop controls that match policies. It's one thing to introduce a collection of security policies, it's another to build controls that effectively enforce them. According to Gossels, any time an organization introduces a policy, it should also consider how to build in technical controls, preferably automated ones. "The less you leave things to humans and chance, the better off you will be," he says. That means using mobile device management and media asset management tools, two-step verification, encryption, endpoint security, and other security measures. It also means looking for so-called low and slow approaches that frequently fly below the radar. But, more than anything else, it means mapping threats to policies and security systems—and ensuring that tools are in place to wipe lost or stolen smartphones and tablets, when necessary. Hunt adds that it's crucial to consider, when adopting policies, how long it will take to build the matching controls. He sees often companies lagging by nine to 12 months—or more.


Monitor activity and access from all endpoints. There's a growing focus on monitoring the network and endpoints for unusual activity and odd behavior, Hunt explains. "If you detect activity that doesn't fit the norm of a person's role, then it's a good idea to take a closer look at the situation," he points out. In fact, even if an organization embeds role-based policies and controls in its IT systems—something that's generally viewed as a best practice—it's wise to monitor activity and look for anomalies. Networks and systems are particularly vulnerable during mergers and acquisitions and during transitions to different or new systems.

Miyerkules, Marso 19, 2014

Dyman & Associates Risk Management Projects: Information, Disinformation and the Credibility Crisis

A large percentage of the American population no longer trusts mainstream news outlets either on television or in print. A June 2013 Gallup poll indicates nearly 4 out of 5 Americans among younger generations from age 21-64 cannot trust the major news networks, not when the likes of NBC and MSNBC are owned by General Electric, Comcast and possibly Time Warner in this age of super-mergers. Both the circulation and very survival of America’s news print organizations have shriveled or dried up completely.

Amongst the nation’s largest cities, few traditional newspapers are still left today. Even the perennial powerhouse dailies like the New York Times, Washington Post and LA Times have gravely suffered, and in an attempt to keep up with the changing times, years ago moved to the internet as their mainstay means of surviving the computer age. Time Magazine and Newsweek similarly have been forced to downsize with Newsweek permanently suspending its print circulation. In recent years’ Time Magazine in print has been reduced in size to a mere skimpy little shadow of what it once was.

To a significant portion of Americans, all the mainstream news corporations have been rendered state propaganda and disinformation tools for the US government. Indeed their embedded (alias “in-bed”) news reporting has become a cynical joke amongst the populace. Entertainment fluff and filler space have come to obscure and replace real news and real issues that vitally affect the well being, safety and concerns of the American public. The controlling powers behind mainstream media outlets have made a concerted effort to keep American citizens the last to know especially when it comes to world events and developments.

According that that same Gallup poll from last year, this growing distrust that Americans have towards mainstream news is only exceeded by their distrust towards big business, HMO’s and US Congress. Even last month’s Gallup poll shows President Obama’s approval rating dipping to an all time low of just 39% with the majority of Americans now disapproving of his job performance. This negative, across-the-boards view reflects both a generalized discontent and disconnect with today’s status quo power structure. And as a result, a mass exodus of US citizens have switched viewing their world through the known distorted lens of traditional news coverage to that of the world wide web, currently celebrating its quarter century anniversary this week.

Hence, in recent years a growing number of people have been turning to online sources as their primary means for news information and current world events. Despite unlimited numbers to choose from of websites portending to depict accurate coverage of domestic and international events, in today’s world the notion of objective, unbiased news coverage becomes highly suspect. Thus, an informed public must be extremely discerning when it comes to believing what is the truth and what are the lies based on propagandist manipulation. Ultimately individuals will naturally gravitate toward whatever sources of news best fit their particular biases and beliefs based on their world paradigm. So one’s sense of reality and truth about the world becomes both highly elusive and subjective, if not impossible to tease out and grasp.

To compound this already perplexing, complex problem, the systematic dumbing-down of America has produced a mounting population that all too frequently gullibly accepts either the spoon-fed deception and lies of mainstream media or often equally biased non-mainstream news outlets. For decades now Americans have been conditioned to no longer think critically and discriminately to sort out facts from fiction.

Creative questioning, exploring curiosity or daring to challenge authority is entirely absent from the current US public education system bent on homogenized conformity and socialization toward robotic compliance. And as a consequence, too many Americans blindly accept as gospel truth anything they read, that is if they still read at all, naively assuming it would not be fit to print on the internet, in books, magazines or newspapers or seen on TV, if it were not all true.


Lunes, Marso 17, 2014

Dyman & Associates Risk Management Projects: Application awareness using data inspection

Executive Summary

The modern enterprise presents numerous challenges to IT security leaders, as it requires a diverse array of applications, websites, protocols, and platforms. Mobile devices are changing the fundamental composition of network traffic and introducing new types of malware, while consumerization trends such as BYOD are introducing new devices over which IT has little control.

To organize the chaos, IT must look beyond a network packet’s site, port, or IP address and determine a security posture that relies on the complete context of data usage. A deep, thorough inspection of real-time network data can help provide the content awareness required for the granular management that a flexible, modern enterprise requires.

This report examines the shortcomings of traditional security and management processes exposed by device proliferation, an increasingly mobile workforce, and a movement toward cloud applications. It also demonstrates how a deeper understanding of application data in transit can help IT build more-flexible, business-friendly management procedures that continue to provide security and efficiency without disrupting productivity. The report concludes with best practices for testing application-aware network-security devices to gain a greater understanding of the value they will provide when deployed onto the enterprise network.

Consider the following:

·         Traditional security and access controls are no longer capable of protecting enterprise networks yet continue to serve a purpose within a defense-in-depth strategy.

·         BYOD and other consumerization trends bring new threats to the enterprise that must be addressed by innovating network-security and policy management.

·         IT security leaders must validate and test these new application-aware network-security devices and identity-based policy-management systems.


Biyernes, Marso 14, 2014

New Oracle Software Tackles Mobile Security Head On, Dyman & Associates Risk Management Projects

Mobility. It’s not a new trend, but it’s a growing one. Indeed, the workforce is becoming increasingly mobile and that mobility is driving security concerns that software giants like Oracle are trying to solve.
Oracle sees a critical need for solutions that help enterprises control access to business data and also protect that data on mobile devices. Advanced security controls for personal and corporate devices, are needed, without complicating the user experience.

To meet these needs, the enterprise-software maker is launching the Oracle Mobile Security Suite, which lets users securely access enterprise data from their own devices, while at the same time protecting that information by isolating corporate and personal data.

Oracle Says Its Solution Is Different

"By extending security and access capabilities to mobile devices, organizations can protect corporate resources on employee devices without compromising the user experience," explained Amit Jasuja, Oracle's senior VP of Java and Identity Management.

Jasuja said Oracle's security solution brings the firm's Identity Management platform to mobile devices, so organizations can address the bring-your-own-device (BYOD) challenge logically.

Along with Oracle’s existing Identity and Access solutions, the new suite offers an integrated platform that organizations can use to manage access to all applications from all devices -- including laptops, desktops, and mobile devices.

Oracle insists its approach is different from the approaches taken by other mobile device management (MDM) solutions because those others focus on the devices themselves. That strategy can create separate security silos requiring companies to spend more money on expensive products to integrate with their identity solutions.

Instead, Oracle said its Mobile Security Suite focuses on the apps and the users, allowing IT to more efficiently and securely administer and manage access.

An End-to-End Solution

The company said its Mobile Security Suite provides a secure workspace so organizations can separate corporate and personal apps. That means enterprises can protect their apps and data as well as enforce their security policies without interfering with users' personal information.

The workspace also offers security controls, enabling companies to enforce single sign-on, per-app network tunneling, and encryption for stored data, and integration with Microsoft Active Directory for shared-drive access.

As for mobility security controls, the software are able to limit access or restrict functionality based on location. The solution also lets companies control their application policies, including limiting copy/paste/print to prevent data loss. Additionally, if employees are terminated or otherwise leave their jobs, organizations can remotely wipe corporate data and apps from their mobile devices.

The Oracle Mobile Security Suite also includes an e-mail client, secure browser, file manager, white pages app, document editor, and a mobile app catalog that can serve as an app store.