Risk Messaging & The Duty of Care

Comment

Risk Messaging & The Duty of Care

March 29, 2015 - Alexandria, VA - J. Kelly Stewart, Managing Director & CEO of Newcastle Consulting, LLC, was the Moderator for a Panel discussion on the topic of Risk Messaging & The Duty of Care.  

The panel of experts from industry and government shared thoughts on the critical role of data in meeting Duty of Care obligations.  Traveler safety is first and foremost dependent on data – and not just data – but accurate and structured data.  Combine that with compliance challenges, the equally vast range of differing systems producing the data, the need for that data to be consistent, traceable and to address factors of disruptive technologies in the sharing economy, and agencies are facing some potentially grave outcomes.  Any delays between data insight and actionable decision-making can have catastrophic effects.

_______________________

Newcastle Consulting, LLC is an Enterprise Security Risk and Information Management Consultancy that provides proactive, predictive, and responsive advice and access to information critical in building a companies' resilience to operational risk. We constantly aim to achieve excellence by exceeding expectations through careful analysis in new approaches to risk management, security design and resiliency.

Comment

Intelligent Command Centers - Make Informed Decisions and Coordinate Responses to Save Lives

Comment

Intelligent Command Centers - Make Informed Decisions and Coordinate Responses to Save Lives

October 23, 2015 - New Orleans, LA - J. Kelly Stewart, Managing Director & CEO of Newcastle Consulting, LLC, will be conducting a conversation on Intelligent Command Centers.  In a world of evolving safety and security risks, from man-made crises to natural disasters, there is a need for an organization to have an intuitive command and control center to gather actionable intelligence, analyze data, and evaluate risk to ensure the safety and security of personnel. This is effectively accomplished by real-time situational awareness and organizational interoperability.

This program focuses on the development and design of an effective command center to prevent, mitigate, and respond to critical risks at your organization. Become better attuned to an incident command system that can optimize communication and coordination.

The Program

The First 10 Minutes in the Command Center (Setting the context)
What determines a command center? How is it formed and what is its purpose? Should it be an area of an integrated intelligence and information sharing? Today’s communications landscape has changed. Immediate messaging and alerts are more readily accepted due to the advances in smartphone technology. It is through these advances that command centers or fusion centers must be flexible, reliable, secure, and most importantly, places of fluent communication.

Definition / Types and Configurations
Communication is key at any command center. These centers exist for control purposes by gaining/maintaining situational awareness and coordinating resources and response activities. Understanding the different types of command centers is essential, as one size does not fit all situations.

CONOPS (Concept of Operations)
The Concept of Operations should be a document available and relevant to all stakeholders, no matter their background or role within the organization. Case studies provided explain how the Concept of Operations answers who, what, when, where, why, and how for the new or existing plan in place. Its relevancy and importance are critical in understanding and determining success.

Customizing and Designing Your Intelligent Command Center
Examine the necessary aspects of designing and customizing an Intelligent Command Center suited to fit the needs of the organization and the crises it may face. Understand the change in paradigms from traditional command and control structures, to flexible and virtual centers that are predicated on the operational environment. 

Project Management / Process Management
Clearly comprehending the roles, responsibilities of command, fusion, and emergency centers is essential for effective coordination, collaboration, and dissemination of information necessary for the proper execution of the mission.

Standards and Guidelines
When determining the design and staffing of a command center, what needs to be considered? Standards and guidelines define expectations and become the basis for how staff is trained and what they need to do during various situations. Learn how certain standards and guidelines impede or assist in the design, function, and effectiveness of the command center. 

Case Studies
Practical applications used in varying situations will be reviewed and discussed to provide attendees the opportunity to adapt lessons learned and best practices to their particular situations. 

Future Trends, ROI, and Value Add
Designing a command and control center is an exercise in intensive planning. It is an expensive endeavor, and all stakeholders must buy into the concept, details, and focus in order to make it effective. Through proper planning and preparation, execution of the command center strategy can be effectively accomplished, resulting in a proactive, predictive, and responsive facility, ready for use now and into the future, with a lower cost of ownership. 

Indicative of today’s environment is the return-on-investment and the value that command centers add to the organization and its operation. Attendees will receive a detailed understanding behind the future trends that envelop command centers to make them centers of information, allowing for better communication and intelligence to add value to an organization and, if need be, save lives.

_____________________

Newcastle Consulting, LLC is an Enterprise Security Risk and Information Management Consultancy that provides proactive, predictive, and responsive advice and access to information critical in building a companies' resilience to operational risk. We constantly aim to achieve excellence by exceeding expectations through careful analysis in new approaches to risk management, security design and resiliency.

Comment

Reduce Risk - Increase Resilience

Comment

Reduce Risk - Increase Resilience

October 21 - 22, 2015  -  New Orleans, LA - J. Kelly Stewart, Managing Director & CEO of Newcastle Consulting, LLC,  had the privilege of conducting the 2nd Annual Risk, Threat, and Vulnerability Workshop.  

This two-day program begins by explaining the differences between risk, threat, and vulnerability and then demonstrates how assessments are absolutely essential for organizational resilience. It offers a comprehensive examination of all aspects of planning and implementing a risk assessment program in any organization, small or large, public or private, and in any industry or setting. Through engaging lecture, eye-opening case studies, and a site visit to see the principles in action, this program covers the essential topics listed in the overview.  A Risk, Threat & Vulnerability Assessment tool will be introduced for applying the principles taught.
 

Learning Objectives:

  • Learn how to develop an effective risk management and assessment program that is highly valued within your organization. 
  • Understand how to integrate risk assessment into the business process in a way that provides timely and relevant risk information to management. 
  • Develop the skills to identify necessary people and assets that provide the enterprise tangible and intangible value. 
  • Learn how to develop a solid business case for the program—one that addresses cost, benefit, and operational aspects. 

Program Overview

Communicating and Developing the Business Case

The key task behind planning and conducting a risk assessment program is developing an understanding of the organization to be assessed. 

Risk Management Process

Before starting the design of the risk assessment program, it is important to understand the objectives and to evaluate both the extent and efficacy of the current risk control measures and system. This includes the scope, as well as risk control parameters, methods, and plans currently in place for risk management activities at the organization. 

Analyzing the Risk

What is the scope of the risk assessment program? Is it meeting the organization’s risk assessment objectives? Does it consider the context of the organization, its needs, and requirements? The scope should define the processes, functions, activities, physical boundaries (facilities and locations), and stakeholders to include within the boundaries of the risk assessment program. Learn how to match the scope with the resources available. 

Treatment of the Risks/Mitigation

Risk rating scales are defined in relation to organizations’ objectives in scope. Risks are typically measured in terms of impact and likelihood of occurrence. Impact scales of risk should mirror the units of measure used for organizational objectives, which may reflect different types of impact such as financial, personnel, and/or reputation. The time perspective used to assess the likelihood of risks should be consistent with the time perspectives related to objectives. 

Organizational Resilience and Risk

Building a resilient organization is a cross-disciplinary and functional endeavor. An organizational resilience approach to managing risks encourages critical infrastructure businesses to develop a more natural capability to deal with unexpected disruptions to “business-as-usual” activities. Discover the most effective ways to approach resilience that allow organizations to adapt to changes in their operating environments over time. 

Test, Measure, Review, Document Control, and Assurance

Understand the various tools and techniques that can be used to determine risk assessment. Identify how organizations can now bring their individual residual risk ratings together into a portfolio view to identify interdependencies and interconnections. Management can then determine any actions necessary to revise its risk responses or address design or effectiveness of controls. Successful implementation should translate into reduced risk exposures on organizations’ risk maps. 

NEW Case Studies

Each section within the course of instruction includes practical case studies that can be easily understood. 

NEW Interactive Exercise

A Risk, Threat & Vulnerability Assessment tool will be used by the class for practically applying the principles taught. 

______________________

Newcastle Consulting, LLC is an Enterprise Security Risk and Information Management Consultancy that provides proactive, predictive, and responsive advice and access to information critical in building a companies' resilience to operational risk. We constantly aim to achieve excellence by exceeding expectations through careful analysis in new approaches to risk management, security design and resiliency.

Comment

J. Kelly Stewart presents at ASIS 61st Annual Seminar & Exhibits!

Comment

J. Kelly Stewart presents at ASIS 61st Annual Seminar & Exhibits!

September 27 - October 1, 2015:  Anaheim, CA - We are proud to announce that the Managing Director & CEO for Newcastle Consulting, LLC - J. Kelly Stewart - will be presenting at the ASIS 61st Annual Seminar & Exhibits in Anaheim, California. Kelly will be conducting a conversation on  four sessions throughout the conference.  Please share the information and if attending, please introduce yourself to Kelly in person.  Mr. Stewarts' conversations are as follows:

A Risk Assessment Approach to Facility Security Design  Sunday, 9/27 8am - 5pm  Understanding the facility security design process is absolutely critical for any stakeholder involved in a project. Before anyone begins talking about security solutions, project initiators have to understand the process and key players involved. Experts will define the steps in a proven process: from establishing the need for security, through asset and risk assessment, through development of functional requirements, to identifying preliminary mitigation measures. Before embarking on a security project, learn the importance of functional requirements and hear practical examples of how they are best developed and used. 

Security Architecture & Engineering, Part I: Analysis & Basis of Design   Monday, 9/28 11am - 12pm  Understanding the security system design process is critical for any stakeholder involved in the project. Before talking about security solutions, project initiators have to know the process and identify the key players. Learn how to define the steps in a proven process: establish the need for security, conduct asset and risk assessments, develop functional requirements, and identify preliminary mitigation measures. Hear practical examples of how these steps are developed and used. 

Learning Objectives:  (1) Introduction and Overview of the Security Systems Design Process; (2) Understand the purpose and benefits of Security Risk Assessments; (3)  Understand the Roles and Responsibilities of the Project Team

Panel Discussion on Key Access Control Trends and Technology  Monday, 9/28 1:45pm - 3pm  From integration to interoperability, what are the latest trends, and what standards are fast developing? How are leading companies using the cloud for Access Control? These topics and more will be covered in this comprehensive session.

Panel:  
J. Kelly Stewart - 
Managing Director & CEO, Newcastle Consulting, LLC
Ron Martin - CEO, Consullition, LLC
Shayne Bates - Principal Consultant, LMC Consulting Group, Microsoft Global Security
Phil Aronson - CEO, Aronson Security Group                                                                                                                                          Moderator:  Ron Worman - CEO, The Sage Group

Why Integrated Security Risk Management is Essential  Tuesday, 9/29 4:30pm - 5:30pm  Security risk management still holds a predominantly “physical” tone in most critical infrastructure organizations. IT security risk management has received considerable attention over the past decade, but remains primarily a vulnerability scanning function in most organizations. Operational technology security risk management is almost non-existent. What's missing is an integrated approach to managing critical infrastructure risk. To manage risk, a new tool needs to be developed. Discuss the necessities of changing the security risk management paradigm. 

Learning Objectives: (1) Understand why Critical Infrastructure security risk management requires an Enterprise, or End-to-End view of security risk; (2) Comprehending why IT, OT and Physical (traditional) security risk need to be COMPLETELY INTEGRATED; (3) Identify and comprehend a new methodology that utilizes Governance, Risk and Compliance.

______________________

Newcastle Consulting, LLC is an Enterprise Security Risk and Information Management Consultancy that provides proactive, predictive, and responsive advice and access to information critical in building a companies' resilience to operational risk. We constantly aim to achieve excellence by exceeding expectations through careful analysis in new approaches to risk management, security design and resiliency.

Comment

Stewart instructs on Facility Security Design

Comment

Stewart instructs on Facility Security Design

June 15, 2015 - San Antonio, TX  - J. Kelly Stewart, Managing Director and CEO of Newcastle Consulting, LLC had the honor of instructing approximately 65 security practitioners at an intensive, three-day program that detailed a systematic and professional approach to the design of a fully integrated physical security program. Stewart joined three other Security Subject Matter Experts (SMEs) Mark Schreiber of Safeguards Consulting, LLC; Rick LaValle of Creador Architecture, LLC; and Rene Rieder of Arup.  The unique blend of expertise provided solid recommendations, best practices and a cost-effective, fully functional facility security system design foundation for improving protection against terrorism, workplace violence, street crime, and other threats. 

Instructors focused on demonstrating how integrating multiple security systems in a layered effect would contribute to the protection of assets as well as the control and reduction of loss. Those integrated systems may include CPTED and architectural security, critical infrastructure protection, building designs, interior/exterior layout, intrusion detection systems, structural barriers, access controls, communications, and CCTV assessment. Stewart focused on his core expertise of a Comprehensive Risk, Threat and Vulnerability Assessment.  

An All-Hazard or Comprehensive Security Risk, Threat and Vulnerability Assessment offers an organized and systematic approach to assessing risks of the organization providing an informed decision-making baseline to determine a particular course of action.  Risk assessments provide the analytical framework for risk management of the organization as well as the basis for establishing a good security design.  Stewart guided students through a detailed step-by-step approach for an effective risk assessment.  Once completed Stewart was assisted by the other SMEs in conducting a practical, in-classroom exercise to reinforce what was taught.  

"Kelly, Mark, Rene and Rick facilitated fantastic training this week! Their breadth and depth of knowledge and experience is inspiring, as is their passion in instructing others. I’m proud to be a part of a great organization like ASIS International and affiliated with professionals such as these gentlemen!"

_____________________

Newcastle Consulting, LLC is an Enterprise Security Risk and Information Management Consultancy that provides proactive, predictive, and responsive advice and access to information critical in building a companies' resilience to operational risk. We constantly aim to achieve excellence by exceeding expectations through careful analysis in new approaches to risk management, security design and resiliency. 

Comment

Stewart speaks on Joint Panel Exploring Global Risks and Trends for Security Planning & Preparation

Comment

Stewart speaks on Joint Panel Exploring Global Risks and Trends for Security Planning & Preparation

May 19, 2015 - McLean, VA - During an early morning brunch at McCormick & Schmick's, J. Kelly Stewart, Managing Director & CEO for Newcastle Consulting, LLC took part in a panel discussion with Basile Pissalidis, Director of Security for Interaction.org, and Jeff Winton, Director of Risk Messaging for Concur, concentrating on trends in international security and current trends for organizations operating in North Africa and the Middle East.  Further discussion centered on changing global threats, security best practices, and the impact on duty of care and international risk programs.

Particular discussion points included:

  • Trending Global Risks in 2015 and Beyond
  • Comprehensive Risk, Threat & Vulnerability Assessments
  • Reputation Risk in the world of Social Media
  • Jihadism and implications for International Organizations
  • Overview of the Current Situation in Yemen

For more information go to The Chronicle section of Newcastle Consulting, LLC's website (www.nccllc.net).

_____________________

Newcastle Consulting, LLC is an Enterprise Security Risk and Information Management Consultancy that provides proactive, predictive, and responsive advice and access to information critical in building a companies' resilience to operational risk. We constantly aim to achieve excellence by exceeding expectations through careful analysis in new approaches to risk management, security design and resiliency.

Comment