Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.
C. Warren Axelrod

Risky Behavior – New York Times’ Swan Songs

Depending on the reach and scope of a catastrophe, it is possible for large amounts of sensitive information, including personally identifiable information and corporate intellectual property, to lose their physical protection and become easily accessible, as when blowing around in a hurricane or floating in flood waters. While the chances of misuse may be lower because the access to the information was not premeditated, there is still a danger of inappropriate disclosure and misuse. Consideration must be given to forms of storage that can withstand wind trauma, explosions, floods, and the like.

It is possible that both primary and secondary information storage and processing facilities are destroyed by the same catastrophic event. This happened in the terrorist destruction of the World Trade Center and in post-Katrina New Orleans. In such situations it is difficult or impossible to recover or reconstruct the information. Consideration must be given to storing critical information out-of-region or “in the cloud.”

Backup sites might become unusable, unavailable, or unreachable as the result of a catastrophe. I know of at least one such example. If you recall, airlines grounded their planes for about a week after 9-11 in order to put in place some additional security capabilities so that passengers would be willing to fly. During that week there was a major storm in Florida and a particular company declared a disaster. Their backup facility was in Chicago, but there were no flights. They ended up having to go via road, delaying their recovery by several days.


  1. Ken Salchow Feb 17, 2009 at 9:18 am | Permalink

    This is exactly the reason why I always list Alien Invasion in my risk assessments. The point is to break the normal barriers of thought and get people to really brainstorm about the very real potential of things that they wouldn’t normally think of.

    AND, of course, when the Alien’s do invade, I know I’ll be able to prove due diligence. 😉

    Thanks for the post and the continued efforts!

  2. Jamie Saker Apr 19, 2009 at 10:18 am | Permalink

    Or Brooks could have read Bookstaber’s “Demons of Our Own Design” (April 2007), which is black-swanesque in its exploration of financial risk and the derivatives market. Bookstaber’s discussion of complex systems and tight linkages is a particularly valuable contribution to the world of financial and operational risk literature.

    Bookstaber also has a must read chapter on the importance of derivatives markets as a supplier of liquidity. The entire book gives one of the better educations on how financial markets are paying you increasingly for liquidity risk taken — more than most other coefficients. Remove derivatives markets and you will increase market volatility. Of course, there still are countless challenges we have yet to figure out with markets. The dominant presence of a single player on one side of a contract (e.g. LTCM, Amaranth) causes market noise to become signal and subsequently defeats traditional concepts of market behavior. Like operational risk, large regions of homogeneous condition in the risk terrain distort market rule behavior in a manner similar to the time/space distortion the movement of planetary bodies creates through space.

    I’d recommend both Bookstaber’s book (available in paperback and Kindle now) as required reading for any serious IT or operational risk professional.

Post a Comment

Your email is never published nor shared. Required fields are marked *