ARM 55C
Why should organizations report cyber crimes to authorities?
1. A public relations benefit 2. Law enforcement agencies can help control loss exposures. 3. They are less likely to be viewed as an "easy target" by cyber criminals.
Materials accounting
A physical inventory of an organization's materials to ensure that all materials releases or losses have been identified.
Population at risk
A population living within the existing or potential areas of contamination.
Compliance audit
A procedure to identify and analyze existing and potential compliance problems.
Retention
A risk financing technique by which losses are retained by generating funds within the organization to pay for the losses.
An example of Strict Liability in pollution liability
A toxic waste handler was held liable for injuries resulting from escape of hazardous waste even though the escape did not result from the handlers negligence.
Computer sabotage
The deliberate and hostile destruction of hardware or software or the disruption of productive processes. Example - A disgruntled employee poured orange juice into five computers.
Arson
The deliberate setting of fire to property for a fraudulent or malicious purpose.
Embezzlement
The fraudulent taking of money or other personal property by one to whom that property has been entrusted.
What is a risk an organization faces from malicious software?
The organization could be held liable for failing to protect its client's or customer's personal information.
Shoplifting
The removal of merchandise from a store by stealth without purchasing it. Example - Seventeen small kitchen appliances disappeared from the merchandise shelves in a store.
What is the purpose of the financial responsibility requirements under RCRA - Resource Conservation and Recovery Act?
To require permit holders to provide evidence that they have the financial resources to clean up any material from the facility that causes environmental damage and to compensate victims for bodily injury and property damage.
Clean Water Act
To improve the quality of surface water by prohibiting or regulating the discharge of pollutants into navigable waters and restoring them to fishable or swimmable quality.
Physical controls for cyber risk
To place barriers between cyber criminals and their targets. Example - Guards, locked doors, central security alarms, limit access to computer equipment
Motor Carrier Act of 1980
To protect the environment from releases of harmful materials during transportation of such materials by motor carriers in interstate or intrastate commerce.
Toxic Substance Control Act
To regulate the chemical manufacturing industry and prevent the importation or manufacture of dangerous chemical substances without adequate safeguards.
How could an organization be exposed to reputation risk through social media?
1. A single negative item of information. 2. Employees may post negative comments about their employer, competitors, customers or others. 3. Employees may inadvertently disclose confidential business information.
Characteristics of a population at risk
1. Amount and extent of potential harm. 2. Number of the population affected. 3. Population concentration. 4. Vulnerability of each population to the exposure. 5. Value an organization or society places on the at-risk population.
What are the essential steps in selecting new drivers?
1. Analyzing job functions 2. Recruiting applicants 3. Screening applicants 4. Hiring employees 5. Orienting employees
Control measures organizations may take related to climate change
1. Appointment of team or individual to be responsible for climate change risk management. 2. Risk avoidance 3. Disclosure of financial risk 4. Disaster planning 5. Reduction of greenhouse gases 6. Energy conservation and alternate energy usage 7. Adoption of "green" building measures and approaches 8. Support for stricter building codes 9. Integration of climate change with overall business strategies
What factors help an organization plan routes that will control motor vehicle fleet losses?
1. Being safe 2. Cost effective 3. Reliable 4. Reasonable in distance 5. Flexibility if the main route is closed
Insurance organizations should consider in relation to climate change
1. Commercial general liability 2. Special environmental liability coverage 3. D&O liability insurance
What is the life cycle of a fleet system?
1. Conceptual phase - determining what types of motor vehicles are needed. 2. Engineering phase - selecting the types of vehicles, operators, routes, roads, schedules and maintenance the fleet needs. 3. Production phase - purchasing the vehicles. 4. Operational phase - using the selected vehicles to transport freight or passengers over the selected routes and schedules. Also maintaining the vehicles. 5. Disposal phase - eliminating old vehicles and replacing with those that will fulfill the organization's transportation needs.
Steps in the environmental risk assessment process
1. Create an assessment plan. 2. Assemble the team. 3. Gather information to identify loss exposures. 4. Analyze environmental loss exposures.
What are the challenges organizations face that support the need for technology to safeguard motor vehicles and their cargo?
1. Driver error 2. Supervision of drivers
Managerial controls used to reduce criminal opportunity
1. Education 2. Applicant screening 3. Rotation of employees
Internal and external resources that can help overcome the difficulty of identifying environmental loss exposures.
1. Environmental compliance personnel within the firm. 2. Legal counsel 3. Operational personnel 4. Environmental consultants 5. EPA
What features of an organization may present opportunities for crime?
1. High value, easily transported items 2. Unguarded property 3. Vulnerable people 4. Unprotected key operations
Process used to identify environmental loss exposures.
1. Identify what materials are present, the quantities of those materials, and the potentially harmful properties of the materials at the locations in question. 2. Identify the potential routes those materials could take if they were released from or within the facility. Air, ground water, surface water, sewers, and air ducts are examples of routes that contaminants can follow. 3. Identify the target populations of living entities that could be affected if the identified materials followed the potential routes.
What are the methods of risk financing for cyber risk?
1. Insurance 2. Non-insurance risk transfer 3. Retention
What reasons would a commercial motor vehicle (CMV) carrier/employer or driver be required to undergo drug/alcohol testing?
1. Pre-employment 2. Random 3. Reasonable suspicion/reasonable cause 4. Post accident 5. Return to duty 6. Follow-up
Personnel controls for cyber risk
1. Pre-employment screening 2. Training 3. Outlining unacceptable cyber behavior 4. Termination procedures that include revoking access and passwords.
What are the benefits of a properly structured cyber risk security strategy?
1. Preserve an organization's resources. 2. Reduce the severity of losses. 3. Hasten the organization's recovery.
What are the characteristics an organization's fleet system have to fulfill its purpose?
1. Reliable 2. Safe and well maintained 3. Efficient 4. Environmentally neutral 5. Lawful
Litigation risks organizations face related to climate change.
1. Shareholder suits 2. Class action suits 3. Regulatory agency actions
What risk control measures can be taken to prevent an organization from being a relatively easy crime target?
1. Shielding the organization's assets and activities by maintaining physical, procedural and managerial barriers that reduce criminal opportunities. 2. Reducing criminals' perceptions that they can commit crimes against the organization without being detected and with legal impunity.
Risk control measures that focus on deterrence and detection of crime.
1. Sound personnel policies 2. Physical controls 3. Procedural controls 4. Managerial controls 5. Investigation and prosecution of crimes
What are some motor vehicle safety considerations for controlling losses associated with cargo?
1. Suitability to the vehicle 2. Proper loading 3. Suitability of routes 4. Safeguards against inherent vice - a condition that can cause property to deteriorate or destroy itself. Example - Frozen food spoiling in an unrefrigerated vehicle; decorative porcelain breaking when jostled together during shipping.
What are the types of rest breaks the CMV drivers carrying property are required to take under FMCSR hours of service rules?
1. Take a 10 hour break after 14 hours of on-duty time. 2. Take a 30 minute rest break after 8 hours on duty. 3. Take a 34 hours off duty break after they have reached their weekly maximum on duty hours.
What, in addition to a review of an organization's physical facilities, does an EPA evaluation of compliance consider?
1. The accountability of the board of directors for environmental matters. 2. The assignment of environmental responsibility within senior management ranks. 3. The effective dispersion of responsibility through all levels of the organization. 4. The day-to-day operation of the system in controlling activities that involve hazardous materials.
What re the factors an organization should consider when selecting vehicles for its motor vehicles fleet?
1. The anticipated cargo 2. Characteristics of the cargo 3. Number of passengers 4. Geographic area the vehicle will be operating.
What are the unique characteristics of environmental loss exposures when developing a plan to manage them?
1. They are difficult to identify. 2. They tend to elude traditional exposure identification methods. Example: Historical losses may not reveal potential environmental claims. 3. The amount of loss may be difficult to measure at a particular point in time. 4. They may result from a perceived, rather than real, exposure to a toxic material or from a fear of future injury resulting from an actual exposure. 5. They are often severe. 6. Many environmental remediation laws are funded in accordance with a "let the polluter pay" funding concept. 7. Advances in technology can change the loss exposure. Example: New equipment can measure concentrations of contaminants from ten part per million to ten parts per billion. 8. The amount of loss can increase substantially over time as the contamination migrates farther from its source.
Describe the broad types of crime losses caused by counterfeiters and forgers.
1. They can induce an organization to accept falsified currency, checks, credit cards, other negotiable instruments, documents or artwork. 2. By creating or using unauthorized or stolen copies of the organization's own documents, they can impersonate the organization.
Benefits of social media
1. To develop an ongoing relationship with customers. 2. To create and convey a customer friendly image that contributes to business success. 3. To disseminate information. 4. To provide customer service and feedback 5. To monitor public perception and to respond quickly to changes in those perceptions. 6. To gather information about prospective employees. 7. To promote products or services. 8. To monitor social networks and blogs for reference to their own and their competitors products and services.
Ways an organization might use environmental risk assessments.
1. To improve the overall quality of its environmental risk control program. 2. To identify environmental liabilities assumed when property is transferred. 3. To determine the nature and extent of contamination. 4. To identify the best risk control measures to prevent further contamination. 5. To underwrite insurance.
Risk transfer techniques applied to climate change
1. Weather derivatives 2. Carbon trading
What are the implications for risk control and fleet safety management regarding system relationship in an organization's fleet system?
1. When a smaller system fails, it becomes more likely that each of the larger systems of which the smaller system is a part will also fail. Example - Air brake valve failure causes brakes to fail which causes an accident. 2. The failure of a larger system degrades the environment in which its subsystem operates, increasing the strain on those subsystems and therefore the probability that those subsystems will fail. Example - If a truck is in an accident, systems such as fuel, braking and cooling could be compromised even though apparent signs of damage may not be obvious.
An example of Negligence in pollution liability
A contractor working at a manufacturing facility left a valve open on a process line overnight, causing the contents of a storage tank connected to the line to be released into an adjacent stream, which in turn, caused property damage, bodily injury, and natural resource damage.
Hold-harmless agreement or indemnity agreement
A contractual provision that obligates one of the parties to assume the legal liability of another party.
Computer Crime
A criminal act using a computer to gain authorized or unauthorized access to steal, interrupt or misuse computer system information.
An example of Intentional Tort in pollution liability
A factory discharged untreated chemicals into a stream, and property owners who lived downstream sued the factory owner for trespass.
Defamation
A false written or oral statement that harms another's reputation.
Weather derivatives
A financial contract whose value is based on the level of a weather-related index derived from variables such as average temperature, snowfall, precipitation, or wind velocity. Example: Ski resort purchases weather derivatives to mitigate the financial risk arising from higher temperature and lack of snowfall.
Counterfeiting
A form of forgery that involves privately duplicating a country's currency or presenting it as genuine with knowledge that it is not. Example - Unauthorized copies of a stores gift cards were redeemed in exchange for $1,000 in merchandise.
Perimeter system
A type of burglar alarm system that is designed to signal an alarm whenever unauthorized entry is made into the building.
Denial-of-service attack
An attempt to overwhelm a computer system or network with excessive communications in order to deny users access.
Fraud
An intentional misrepresentation resulting in harm to a person or an organization. Example - A customer who claimed to have slipped and fallen in the store was paid a settlement. Security cameras later discovered that the customer faked the fall.
Nuisance
An intentional tort in environmental claims. Includes loud noises, noxious odors, bright lights, fog generation, electrical waves, electromagnetic fields.
Trespass
An intentional tort in environmental claims. It involves the physical deposition of pollutants on the property of the claimant alleging injury. Examples: dust or particulate matter released in the air, discharge of chemicals in a stream, the runoff of pesticides onto a neighbors property or thermal emissions into a river.
Cyber risk loss exposure
Any condition that presents the possibility of financial loss to an organization from property, net income or liability losses as a consequence of advanced technology transmissions, operations, maintenance, development or support.
How might net income losses arise as a result of environmental pollution?
Any environmental contamination event is likely to result in some degree of business interruption, revenue reduction, negative press, and consumer boycotts. Under extreme circumstances, a shutdown may even be necessary. Significant expenses can also be incurred in environmental cleanup.
How do advances in technology change environmental loss exposures?
As detection equipment is developed that can measure smaller quantities of contaminants, the loss exposure increases.
How might an organization incur property losses as a result of environmental pollution?
Because legal and financial consequences of pollution cleanup can reduce the net value of a property and make it difficult to sell. Spills and leaks may also result in inventory losses for an organization.
How does cyber risk bodily injury liability loss exposures occur?
Because of an organizations software development. Example - A program written for Dr.'s and pharmacists to warn of adverse interactions between drugs. Program fails to warn about a drug interaction and someone is hurt and sues.
How can an organization's social media activities increase its degree of exposure to legal risk?
Because of the pervasiveness of social networking and the speed at which communication occurs.
Why should organizations continually evaluate and revise cyber risk control measures?
Because technology that cyber criminals use is always evolving and changing.
Biometrics
Biological identification of an individual using anatomy and physiology.
Surveillance cameras
By capturing crimes on film. these can facilitate the identification, conviction and incarceration of criminals and can discourage crime.
What are some measures managers use to compensate for lack of fleet driver supervision?
By using procedural and physical controls Example - Written driver logs; precise routes; call supervisor at predetermined times; two-way radio or cell phones.
Economic environment as it pertains to fleet safety
Can be positive or negative. During prosperity, fleet safety is more likely to be supported by adequate budgets. In recessionary periods, budgets may be cut at the very time that economic forces intensify some major fleet risks.
Theft through hacking
Computer hackers typically steal data to learn trade secrets or to determine a competitor's marketing or financial strategy. Hackers may use computer viruses or "Trogan horses" that surreptitiously cull credit card data, passwords, or other sensitive information from an organization's systems.
Legal environment as it pertains to fleet safety
Consists of laws under which a fleet operates.
Why does risk control of crime losses differ from risk control losses caused by accidents, negligence or natural events?
Crime is an intentional act. Effective risk control measures against crime losses must recognize that criminals are driven by hostile intent.
How do cyber risk property damage liability loss exposures occur?
Due to an organization's overall technology operations, including those related to software, hardware, electronic data and other media. Example - Software is updated and downloaded on another company's system and caused the company's network inoperable causing considerable damage to the system.
Physical environment as it pertains to fleet safety
Encompasses highways, weather conditions, terrain, communities and other tangible objects and forces that the vehicles in the fleet encounter along their routes. Example - Adverse weather conditions can quickly affect the safe operation of any vehicle.
How does cyber risk personal and advertising injury liability loss exposures occur?
From an organization's websites, such as disparaging statements in online forums or false advertising.
Quantitative risk assessment
Identifies and analyzes numerical relationships between an exposure and the actual occurrence of adverse effects to human health or the environment - determines cause and effect.
How could an organization be exposed to loss of contingent business income as a consequence of cyber risk?
If it is dependent on income "contingent" on a location, such as key customers, suppliers, utilities and third-party outsourcers, that it does not own or operate and that location is exposed to cyber risk loss exposures. Typical loss exposures include computer network attack, virus, denial of service attack, sabotage, off-site power failure, failure of third party to properly manage and secure data, website defacement and abuse of wireless networks.
Under what circumstances can an employer legally base a hiring decision on personal information acquired from social media sources?
If the information relates to behavior that would directly affect an applicants job responsibilities.
Benefit of Safety Measurement System (SMS) technology.
It is used to track and update safety performance data. Tools are used to evaluate the reasons for safety problems. Officials use this information to recommend remedies, to encourage corrective action and to access penalties. The CSA (compliance, safety and accountability program) has led to more efficient and effective intervention and the ability to reach more carriers than was possible with compliance reviews; carriers are also better able to identify and correct their own safety issues.
What are the financial responsibilities under the Oil Pollution Act - OPAl
It mandates that each party responsible for a vessel or facility from which oil is discharged, or is threatening to be discharged, into or upon navigable waters, adjoining shorelines, or the exclusive economic zone of the U.S. is liable for removal costs and damages.
What would be the consequence of an organization not acting on data captured by an onboard computer that indicates unsafe driving?
Liability would be imposed on the organization, especially if the drivers unsafe behavior leads to the driver being involved in an accident.
What is the distinction between tangible property and intangible property in regards to cyber risk property loss exposures?
Many commercial liability coverage forms define property damage to mean damage to tangible property and state that electronic data are not tangible property for coverage purposes. Although commercial property forms typically do not distinguish between tangible and intangible property, they usually limit coverage for loss of electronic data to an amount that is insufficient for most insureds. Consequently, covered, or not covered at all, by basic commercial property and liability insurance policies.
How might environmental pollution results in personnel losses?
Occupational exposure to hazardous materials can cause chemical burns or other on-the-job injuries. Many work environment contaminants have a cumulative effect on the human body that results in illness or disease.
How might an organization be exposed to cyber risk liability loss exposures?
Organization that maintain a presence in cyber space. These exposures arise from using email, maintaining websites, developing software, and conducting business operations, such as sales and service, on the internet.
How does cyber risk errors and omissions liability loss exposures occur?
Organization's that design and service computer networks and software.
Denial of service
Prevent proper network communication. During such an attack, the organization's server may be flooded with so much incoming data that it crashes. The attackers may follow-up with extortion emails. Alternately criminals may hack into customer databases and send out hundreds of thousands of emails illicitly, thereby wasting valuable computer time.
Locks, bars and safes
Restrict entry by delaying a thief's entrance.
Procedural control for cyber risk
Specify the tasks be performed in secure way that prevent or reduce cyber risk loss. Example - Passwords, antivirus software, data encryption, firewalls, prohibit employees from using the organization's computers to access inappropriate websites.
Burglary
The act of breaking into or out of any closed building or space not open for business to commit another felony. Example - Five flat screen televisions were stolen from a stores storage room; a door had been forced to gain entry.
Forgery
The act of creating or presenting false documents or artwork as genuine in order to commit fraud.
Espionage
The act of obtaining confidential information through personal observation or mechanical, digital or electronic techniques that circumvent efforts to protect the information's confidentiality.
Robbery
The act of taking tangible personal property from another by force or by thread of force against that person or against another.
How do real-time tire pressure monitors and onboard tire inflation systems improve commercial motor vehicle fleet safety?
They alert drivers to improperly inflated tire conditions that can cause excessive tire wear, loss of fuel efficiency and unsafe driving conditions. For eight-wheeled vehicles and "run flat" tires, these monitors can alert the driver to a flat tire and the need to decrease speed and seek repairs.
Why are environmental loss exposures often difficult to identify?
They arise from activities that were conducted many years in the past or may be created by extremely small quantities of hazardous substances that are difficult to detect or measure. Reviewing summaries of historical losses may not reveal any information on potential environmental claims. Physical inspections of facilities do not always reveal possible causes of environmental damage that may be buried underground or otherwise hidden from view.
How do some environmental statutes create strict liability for polluters?
They contain provisions that make certain parties responsible for environmental injury even though they were not at fault or negligent.
How does cyber risk intellectual property liability loss exposures occur?
Through the use of copyright or trademark infringement on an organization's website.
Comprehensive Environmental Response, Compensation and Liability Act - CERCLA
To facilitate the cleanup of any abandoned or uncontrolled sites containing hazardous substances, including numerous old dump sites.
Clean Air Act
To improve the quality of ambient air by regulating emissions from both mobile and stationary sources of air pollution.
Theft of computer time
Unauthorized use by employees of computer time for personal purposes can occur when computer use if not supervised or audited. This crime also increases the probability of loss from the surreptitious manipulation of data. Example - Computer records documented that three office employees spent a total of 75 hours shopping online during work hours.
Carbon trading
Used to control the overall amount of pollution in a given geographical area or country. Example: Emissions caps set too high for some organization can be purchased from another organization that has exceeded its allotted emissions cap.
Alarms
Used to detect an intruder who has already entered the premises.
Security guards
Used to perform periodic patrols to ensure that the building structure and its contents are secure.
Computer network breach
Vulnerable computer servers present loss exposures to computer operations because of their vital central administrative role within computer networks. Password protection to reduce such exposures can fail if pass words are revealed.
Competitive environment as it pertains to fleet safety
When an organization is operating under normal competitive pressures from similar organization, fleet safety is more likely to receive the emphasis and the financial and managerial support it deserves. When competition becomes intense, fleet safety efforts and expenditures may be lowered in efforts to save money in the short term.
Vandalism
Willful and malicious damage to or destruction of property.
Qualitative risk assessment
used to identify and analyze either existing hazards, to remediate pre-existing conditions, or potential hazards, to prevent environmental losses.