Category: Uncategorized

“plans are worthless, but planning is everything.”

by paulandrescott, posted in Data Breach, Development, Law, Leadership, Privacy, Project Management, Ransomware, Security, Uncategorized

Just the other day, I had a pleasant conversation with a senior leader of a very prosperous company here on the West Coast.  Our dialog concerned her company’s future.  What will business be like once COVID begins to truly recede.   Together, our discussion was focused on formulating plans for the organization to be flexible, and very focused on delivering value.  We are seeking to take advantage of what was learned during this pandemic.

I made the comment, that plans are not prescriptions.   She, laughed and quipped, “plans are worthless, but planning is everything.”  I listened and pondered this response.  She was correct — this statement gave me pause.  To me, it was insightful, rational, even enlightening.   I concurred immediately.  

Entertained by my admiration of the comment, she advised me that she was not the original author.  Former President and US Army General Dwight D. Eisenhower authored this enlightening passage.  General Eisenhower, the Supreme Allied Commander for the invasion of Europe during World War II, planned and plotted, spending enormous efforts into planning.  However, as history showed us, situations arise, the adversary does not behave as we planned.    He and the allied forces were faced with extraordinary circumstances.

Plans may not have been executed in the same manner as outlined.  However, planning and the plans themselves, provided the framework, the map for how to proceed, ultimately, defeating the enemy and ending the war.

This pandemic may not be on the order of a World War.  However, COVID is very serious: impacting lives, families and businesses throughout the world.    As Eisenhower demonstrated, I would encourage us all to be nimble and agile in our approach to business operations—looking for the advantages and productive means to win.  Planning is still a wise endeavor.   Let’s go forth and conquer our destiny as a business.  Let’s plan to win, by being very nimble to adjust and keep moving forward to success.   Like the Allied forces, we will face strife and setbacks, however, if we keep planning and moving forward, we will win.

Data Privacy Legislation for Washington Businesses

by paulandrescott, posted in Data Breach, Development, Law, Privacy, Ransomware, Security, Uncategorized

Ascension Technical Group is hosting an interactive TEAM’S session on April 8th at 10AM-11AM PDT. You can register now and we’ll send you a TEAM request.

The Webinar will provide analysis on the draft Washington Data privacy Act (WPA), its impact on business and detail the associated penalties for data privacy breeches.

This  webinar will help businesses determine potential security vulnerabilities and identify a mitigation strategy. The cyber breech discussion, will review the benefits of an in-depth security assessment that includes reviewing current policies, procedures, technical environments and other security related functions. Details will be provided on applicable standards including, ISO/IEC 27001, NIST 800-53, ISA 62443, COBIT 5, CIS CSC, CCPA, GDPR and PCI DSS.

Topics that will be covered include:

  • Data Security & Privacy
  • Awareness and Training with related policies, procedures, and agreements.
  • Governance, Analysis & Mitigation
  • Information Protection Processes
  • Identity Management, Authentication and Access Control
  • Protective Technology, Anomalies and Events, Detection Processes
  • Response & Recovery Planning
  • Law Enforcement

We look forward to your participation in this interactive TEAM’s Session on  April 8th at 10 AM -11 AM PDT.

How Privacy Legislation affect your business.

by paulandrescott, posted in Data Breach, Law, Privacy, Ransomware, Security, Uncategorized

There is current legislation and standing law that will affect your firm’s ability to manage Consumer Data. Legislation is now in process that will affect Human Resource Data of your employee’s next year.  Washington State has legislation almost completed today.  If you wish to book a free one-on-one briefing, please select the button below and we can call you to advise you of the current issues relating to privacy and security.

Ascension partnering with Insperity, was scheduling, an Executive Briefing regarding Privacy legislation that affects your business.  We wanted to invite you or members of your team.  Due to the warranted restrictions in preventing the spread of the COVID-19 virus, we are moving the briefing to later this Spring or Summer. However, if you wish to book a free one-on-one briefing, please select the button below and we can call you to advise you of the current issues relating to privacy and security.

Washington State Privacy Law — Senate and House are meeting to hopefully compromise.

by paulandrescott, posted in Data Breach, Law, Privacy, Security, Uncategorized

After the House of Representatives passed an amended Privacy Bill on the evening of March 6th, the Senate received the Bill and responded ” Senate refuses to concur in House amendments.” The Senate “Asks House to recede from amendments.”

Today, the “House insists on its position and asks Senate for a conference. Conference committee appointed. Representatives Hudgins, Hansen, Dufault.” And the “conference committee request was granted.”

Now, hopefully the committee jointly can work out the details and come to some compromise that helps both the consumer and business.

You can find updated information regarding the bill at https://app.leg.wa.gov/billsummary/?billNumber=6281&year=2020&initiative=False


"The appearance of U.S. Department of Defense (DoD) visual information does not imply or constitute DoD endorsement."

Finding Humanity in Big Data

by paulandrescott, posted in Project Management, Uncategorized

At the beginning of Operation Iraqi Freedom in 2003, I was assigned as the Senior Intelligence Officer for the 1st Battlefield Coordination Detachment (1st BCD) at the Combined Air Operations Center on Prince Sultan Air Base in Saudi Arabia.  As the name of our unit implies, our mission was to coordinate ground and air operations for the invasion of Iraq.  This was a monumental task and the amount of information that passed through our desks was almost unfathomable.  It is difficult to paint a complete picture, but we were coordinating the movement of two entire Armies; with hundreds of thousands of ground troops, from multiple nations; hundreds of air assets, ranging from combat, intelligence, refueling, command/control and troop transport aircraft to Army helicopters and drones.  On top of all that, everything was constantly and simultaneously moving.  Talk about big data.

In order to monitor all this activity, we had no less than about 15 separate battlefield operations systems daisy-chained together, but with fewer than that many soldiers on shift to operate all the computers.  Information was flying across the screens faster than the ticker at the New York Stock Exchange.  The Combined Air Force Component Command used a system of kill boxes to coordinate air interdiction targets on the battlefield and it was the 1st BCD’s mission to deconflict fires between the ground and air component commands.  The air and ground components agreed to open a certain kill box north of Baghdad, which meant that everyone agreed there were no friendly forces in the area.  However, out of the thousands of icons representing maneuver forces on the ground, I noticed a small blue blip on the screen.  Fortunately, just before the invasion, the Army fielded the Blue Force Tracking system, which was an emitter to show where units were located.  I did a quick investigation and discovered a U.S. Special Operations Detachment operating well forward of the main battle area (as Green Berets are supposed to do), so I denied opening the kill box.  If the Blue Force Tracking system was not fielded, if one of the battlefield operations systems did not work properly, and if I stepped away from my station for a few minutes, that SOF detachment would likely have been destroyed.  There is perhaps nothing more tragic in war than friendly or civilian casualties.

In business, it is hard to detect the human element in big data.  We tend to focus on processing massive amounts of information as quickly as possible.  However, as leaders we must look at our systems from the customers’ perspective.  Customers have a lot of online choices these days, but a human touch goes a long way to earning lasting loyalty.  An occasional personal note or phone call to a customer following an online transaction adds humanity to big data; especially if there is a negative experience.  People see that and know the company values them as a person, rather than just a transaction or anonymous account number.

Ascension has the expertise to assist your company in customer relationship management.  We can help your company with the transformation between technology and cultural changes.

By John Winters, Colonel U.S. Army {Retired}

Sharks are in the water for our data! Are you worried?

by paulandrescott, posted in Uncategorized

Earlier this year, I attended a Security Summit here in Seattle. There was a statistic sited that placed Cyber Security and Privacy Policy into the top three concerns for CEOs in America. PWC, sited this statistic in a recent 2019 CEO Survey (2) Also, only 38% of CEO’s surveyed, felt comfortable with their respective Cyber Security posture.

I know when I formed my first Security Program Office in the early 2000’s, I never observed security and/or privacy on the list of my peers and top leaders of the organizations. However, today security has become top of mind. Many leaders are now worried about their respective jobs as well as their companies’ reputation.

Unforunately, at Ascension, we have leaders calling us, after such a breach or security incident has happen. It is difficult to watch CxO’s asking themselves, “What happened? Why did I get targeted?” Assessment is the first step to preventing this situation.

Feel free to comment: “Are you worried about CyberSecurity?

Please do not give company or personal specifics, unless you wish to call me.

Have a great day! Paul Scott

CItations:

(2) Price Waterhouse Cooper (2019 Published). US CEO agenda 2019. Retrieved from https://www.pwc.com/us/en/library/ceo-agenda/ceo-survey.html

Seattle employee at the center of major Data Breach

by paulandrescott, posted in Uncategorized
Copy of Compliant Header filed July 27, 2019

This morning over a cup of coffee, I gazing at the front page of my Wall Street Journal. Casually scanning the stories. Something caught my eye; the Wall Street Journal stated that a Seattleite is at the center of a Major Data Breach. Here from Seattle, a former Amazon employee has been arrested, in connection with the Capital One Breach affecting 106 Million Card Applicants. Wow

Estimating the cost to the company is typically, at least $100 to $150 per user, it would be easy to estimate the initial cost to Capital One will be well over $100M, and most likely upward of $200M, when you factor in all the internal remediations and legel cost that are never recovered by any company.

CyberSecurity seems like an impossible task. I will grant you that it is not an easy task; but I will say that focus and diligence is our best tactic so far. We cannot hide our faces in the sand anymore. We must confront these issues and do our best to protect both our companies information as well as our customer’s data. I believe we should all ponder how to become more secure and act accordingly in an expeditious fashion. This wordgram may help you ponder and reflect on this issue.

At Ascension, we are working to insure ourselves and our clients are protecting both corporate and individual data. Again, I think we need to ask ourselves, are we doing enough to protect customer and/or business information? Ponder this question and free free to comment. Thank you

CyberSecurity – The next 9/11?

by paulandrescott, posted in Uncategorized

We see many new clients that have to deal with cybersecurity breaches and/or issues of non-compliance with security standards. Today, I was reading about CEO’s concerns over cybersecurity may be the “biggest Threat to the world’s economy.” I believe they are correct. CNBC article: Cybersecurity is the biggest threat to the world economy over the next decade, CEOs say

Unforunately, many firms still have not realized the benefits of CyberSecurity Standards. These standards are not a fullproof remedy for breaches; however, it is the best defense for companies to protect themselves. To summarize, companies need to consider standards and procedures for:

  • Asset Management
  • Business Environment
  • Governance
  • Risk Assessment
  • Risk Management Strategy
  • Supply Chain Risk Management
  • Identity Management, Authentication and Access Control
  • Awareness and Training
  • Data Security
  • Information Protection Processes and Procedures
  • Maintenance
  • Protective Technology
  • Anomalies and Events
  • Security Continuous Monitoring
  • Detection Processes
  • Response & Analysis
  • Mitigation
  • Improvements
  • Recovery Planning
  • Improvements
  • Communications

Paul Scott, CEO Ascension

Infrastructure

by John Winters, posted in Uncategorized

Now that the 2018 elections are over (well except Florida), leaders in both political parties are looking for legislation they can pass to show their constituents positive accomplishments.  Setting aside rancor between Democrats and Republicans, the two topics where both sides agree something can and must be done are infrastructure and the opioid crisis.  Improving our nation’s infrastructure is sorely needed.  The American Society of Civil Engineers (ASCE) 2017 Report Card gives the United States an overall grade of D+.  Repairing transportation, water systems, and schools should be at the top of the list, but upgrading our infrastructure is also an investment in the future.  The Dwight D. Eisenhower National System of Interstate and Defense Highways (AKA Interstate Highway System) is the most famous example of this type of infrastructure investment project.

What type of project can we invest our infrastructure dollars to improve connectivity in the United States, like the Interstate Highway System?

The program that immediately comes to mind is Connected Cities (AKA Smart Cities).  The parallels between the Interstate Highway System and Connected Cities are obvious, which makes this an ideal infrastructure project.  The Interstate Highway System brought together a disparate and inefficient road system and built an interconnected network.  This is exactly the same goal as Connected Cities, bringing together disparate and inefficient networks to function together.  The highway system also brought people together by facilitating travel across the country, which is the purpose of Connected Cities, to connect people.

How can Connected Cities infrastructure projects improve safety, commerce, and quality of life?

Another parallel between the two projects are public safety and security.  The Interstate Highway System was also designed as a Strategic Highway Network to facilitate troop mobility to air and sea ports.  Connected Cities contributes to public safety and security by providing early warning for disasters.  The California Department of Forestry and Fire Protection determined at least 17 of the 21 recent major fire in Northern California were caused by power lines, poles and other equipment.  (CAL FIRE)  One of the features of Connected Cities is placing sensors on light fixtures to detect fires and seismic activity, which would immediately alert firefighters and enabled them to suppress forest fires much quicker and easier.

Connected Cities can also make everyday life easier by tying networks together.  Before the Interstate Highway System, navigating roads in the United States was difficult, every state had a different numbering system.  Today, navigating through the various municipal and state government networks is very difficult.  You must have a different accounts and logins in for the DMV, voter registration, taxes, etc.  The concept of Information City, which is part of Connected Cities, will develop technology and communications to bring together social, economic, and governments networks.

We are at a precipice for emerging transportation technology, which means municipalities will soon have to develop revolutionary solutions to control traffic.  Autonomous automobiles are on the horizon and the proliferation of drones makes this a three-dimensional problem.  Connected Cities will have a great advantage by integrating sensors to control traffic and communicate with autonomous vehicles.

The United States will have to address our infrastructure challenges.  This is a great opportunity to not only repair our roads and bridges, but also make fundamental improvements on public safety, commerce, and quality of life for the future.  Ascension Technology Group is a leader in technology solutions for municipalities to help their citizens navigate through a complex network of services.  The fundamental concept of Connected Cities is knowledge-based urban development.  Now is the time to integrate infrastructure investments with the development of Smart Cities.