A Risk Scenario for Small Businesses in Hurricane Sandy Type Disasters

This research uses a series of surveys followed by mathematical modeling to help discover risk factors, mitigating actions, and the highest return scenarios as a basis for a low-cost business continuity/disaster recovery plan. The surveys use a Delphi study format in order to rank a base list of risks and mitigating actions and to supplement those lists with ones added by the participants. Survey results are analyzed and presented back to the group for a second round of ranking and supplementing the risk/action categories. This paper describes the top ten risks and high value scenario for small business interruptions as determined by a Delphi survey of small businesses affected by Hurricane Sandy. The highest ranked risk is loss of business reputation. The research then uses Cross Impact Analysis and Interpretive Structural Modeling to determine the risk interactions and the highest valued scenario for which to prepare

Enhancing hospital planning capacity and resilience in crisis scenarios using interpretive structural modeling (ISM)

Hospitals are the critical support infrastructures. In the confrontation with natural disasters, infectious diseases, and other crises that severely affect the supply and demand of local medical services—and even jeopardize the hospital itself—, the hospital needs first to secure the essential emergency functions and, secondly, to recover from the impact as quickly as possible. Hospital resilience has numerous influencing elements and evaluation criteria, but there are still ambiguous boundaries in their internal influence relationships and hierarchical structures. Therefore, this study explores the determinants and pathways of practice for strengthening hospital resilience from an internal management perspective, applying Group Decision Making and Interpretive Structural Modeling (ISM) to pool the knowledge and experience of experts in related fields and identify critical variables. Based on the information collected and analyzed, a hierarchical model of hospital resilience was established. The results and practical applicability of the model were then validated by external experts to provide new knowledge for the development of hospital resilience management.Os hospitais são infraestruturas críticas. No confronto com desastres naturais, doenças infeciosas ou outras crises que afetem gravemente a oferta e a procura de serviços médicos locais—e que até põem em risco o próprio hospital—, o hospital precisa, em primeiro lugar, de assegurar as funções essenciais de emergência e, em segundo lugar, de recuperar desses impactos o mais rapidamente possível. A resiliência do hospital tem numerosos elementos de influência e critérios de avaliação, mas existem ainda fronteiras ambíguas nas suas relações de influência interna e nas suas estruturas hierárquicas. Neste contexto, o presente estudo explora determinantes e práticas para reforçar a resiliência hospitalar a partir de uma perspetiva de gestão interna, aplicando métodos de tomada de decisão de grupo e Interpretive Structural Modeling (ISM) para reunir o conhecimento e a experiência de especialistas em áreas relacionadas e identificar variáveis críticas. Com base na informação recolhida, foi estabelecido um modelo hierárquico de resiliência hospitalar. Os resultados e a aplicabilidade prática do modelo foram validados por peritos externos, no sentido de fornecer novos conhecimentos para o desenvolvimento da gestão da resiliência hospitalar

Collaborative development of a small business emergency planning model

Small businesses, which are defined by the US Small Business Administration as entities with less than 500 employees, suffer interruptions from diverse risks such as financial events, legal situations, or severe storms exemplified by Hurricane Sandy. Proper preparations can help lessen the length of the interruption and put employees and owners back to work. Large corporations generally have large budgets available for planning, business continuity, and disaster recovery. Small businesses must decide which risks are the most important and how best to mitigate those risks using minimal resources. This research uses a series of surveys followed by mathematical modeling to help discover risk factors, mitigating actions, and the highest return scenarios as a basis for a low-cost business continuity/disaster recovery plan. The surveys use a Delphi study format in order to rank a base list of risks and mitigating actions and to supplement those lists with ones added by the participants. Survey results are analyzed and presented back to the group for a second round of ranking and supplementing the risk/action categories. After two rounds of surveys the data is presented to an expert panel to investigate how the risks interrelate. Quantifying the interrelationships is the basis for the Cross Impact Analysis model that is able to show the relative impact of one event upon another. Once the impacts are known, a series of high valued scenarios are developed using Interpretive Structural Modeling. These high valued scenarios can be used by the small businesses as a basis for a business continuity/disaster recovery plan

Modelling of the Electric Vehicle Charging Infrastructure as Cyber Physical Power Systems: A Review on Components, Standards, Vulnerabilities and Attacks

The increasing number of electric vehicles (EVs) has led to the growing need to establish EV charging infrastructures (EVCIs) with fast charging capabilities to reduce congestion at the EV charging stations (EVCS) and also provide alternative solutions for EV owners without residential charging facilities. The EV charging stations are broadly classified based on i) where the charging equipment is located - on-board and off-board charging stations, and ii) the type of current and power levels - AC and DC charging stations. The DC charging stations are further classified into fast and extreme fast charging stations. This article focuses mainly on several components that model the EVCI as a cyberphysical system (CPS)

Cyber Infrastructure Protection: Vol. II

View the Executive SummaryIncreased reliance on the Internet and other networked systems raise the risks of cyber attacks that could harm our nation’s cyber infrastructure. The cyber infrastructure encompasses a number of sectors including: the nation’s mass transit and other transportation systems; banking and financial systems; factories; energy systems and the electric power grid; and telecommunications, which increasingly rely on a complex array of computer networks, including the public Internet. However, many of these systems and networks were not built and designed with security in mind. Therefore, our cyber infrastructure contains many holes, risks, and vulnerabilities that may enable an attacker to cause damage or disrupt cyber infrastructure operations. Threats to cyber infrastructure safety and security come from hackers, terrorists, criminal groups, and sophisticated organized crime groups; even nation-states and foreign intelligence services conduct cyber warfare. Cyber attackers can introduce new viruses, worms, and bots capable of defeating many of our efforts. Costs to the economy from these threats are huge and increasing. Government, business, and academia must therefore work together to understand the threat and develop various modes of fighting cyber attacks, and to establish and enhance a framework to assess the vulnerability of our cyber infrastructure and provide strategic policy directions for the protection of such an infrastructure. This book addresses such questions as: How serious is the cyber threat? What technical and policy-based approaches are best suited to securing telecommunications networks and information systems infrastructure security? What role will government and the private sector play in homeland defense against cyber attacks on critical civilian infrastructure, financial, and logistical systems? What legal impediments exist concerning efforts to defend the nation against cyber attacks, especially in preventive, preemptive, and retaliatory actions?https://press.armywarcollege.edu/monographs/1527/thumbnail.jp

Generating The All-Hazards Intelligence Synthesis Model In The Homeland Security Intelligence Enterprise

The United States all-hazards homeland security operational and intelligence domains are multijurisdictional, multiagency, and multidisciplinary intelligence challenges for all-hazards intelligence analysts. A common analytical conceptual framework is needed to help unify homeland security intelligence enterprise analysts who work in an all-hazards, all-source, all-crimes, and all-disciplinary intelligence environment. A unifying all-hazards intelligence synthesis model that unites intelligence analysts with the law-enforcement, cybersecurity, technology, and natural science disciplines, would benefit the homeland security and intelligence domain enterprises. The purpose of the applied research was to discover and generate an all-hazards analysis model that enables the production of risk-informed applied intelligence products in a pluralistic intelligence environment that is privacy, civil rights, and civil liberties compliant. A comprehensive literature review was conducted following the four-step collect, analyze, synthesize, and apply process. This process is derived from proven knowledge, information, and risk management programs, as well as proven intelligence analysis methodologies, for gathering information about adversarial, cyber, technological, and natural hazards and threats to social, technological, and environmental resources. The research resulted in the generation of a universal all-hazards intelligence synthesis model that may be applicable to systems safety engineering, criminal, political, military, economic, social, and medical intelligence activities

Exploring the Project Risk Management: Highlighting the Soft Side of Project Management

The majority of the approaches to managing project risk follow the logic of process groups. Project Management Institute (PMI) has 29 tools and techniques related to risk management process groups. Consequently, engineering and business schools have been accused of educating managers with sharp analytical skills but little understanding of social problems. The literature suggests that too much attention is focused on learning the techniques and formalities of risk management but not enough on the advanced issues of management. Also, the literature argues that there are two approaches to project management (hard and soft). The hard side only covers part of the managerial aspects which helps to manage foreseeable uncertainties. However, unforeseeable uncertainties need skills that related to soft side approaches such as emotional intelligence, navigating the organization’s culture, risk attitude, participative leadership style, and managing the relationship with stakeholders. This study provides an intensive review of the literature to discuss the need for integrating the hard and soft sides of management to achieve an effective risk management process. In addition, it proposes a conceptual framework that provides guidelines to enhance overall risk management efficiency

Cyber defensive capacity and capability::A perspective from the financial sector of a small state

This thesis explores ways in which the financial sectors of small states are able todefend themselves against ever-growing cyber threats, as well as ways these states can improve their cyber defense capability in order to withstand current andfuture attacks. To date, the context of small states in general is understudied. This study presents the challenges faced by financial sectors in small states with regard to withstanding cyberattacks. This study applies a mixed method approach through the use of various surveys, brainstorming sessions with financial sector focus groups, interviews with critical infrastructure stakeholders, a literature review, a comparative analysis of secondary data and a theoretical narrative review. The findings suggest that, for the Aruban financial sector, compliance is important, as with minimal drivers, precautionary behavior is significant. Countermeasures of formal, informal, and technical controls need to be in place. This study indicates the view that defending a small state such as Aruba is challenging, yet enough economic indicators indicate it not being outside the realm of possibility. On a theoretical level, this thesis proposes a conceptual “whole-of-cyber” model inspired by military science and the VSM (Viable Systems Model). The concept of fighting power components and governance S4 function form cyber defensive capacity’s shield and capability. The “whole-of-cyber” approach may be a good way to compensate for the lack of resources of small states. Collaboration may be an only out, as the fastest-growing need will be for advanced IT skillsets