Speaking of Security co-host, Amanda VanVeen, introduces a new video featuring RSA President, Art Coviello. Art covers new IDC research on the topic of security and business innovation. Forward-thinking security leaders are driving tighter linkages between innovation goals and security strategies.

does this surprise anyone:

A grisly slaying on a Greyhound bus has prompted calls for tighter security on Canadian bus lines, despite the company and Canada's transport agency calling the stabbing death a tragic but isolated incident.

Greyhound spokeswoman Abby Wambaugh said bus travel is the safest mode of transportation, even though bus stations do not have metal detectors and other security measures used at airports.

Despite editorials telling people not to overreact, it's easy to:

"Hearing about this incident really worries me," said Donna Ryder, 56, who was waiting Thursday at the bus depot in Toronto.

"I’m in a wheelchair and what would I be able to do to defend myself? Probably nothing. So that’s really scary."

Ryder, who was heading to Kitchener, Ont., said buses are essentially the only way she can get around the province, as her wheelchair won’t fit on Via Rail trains. As it is her main option for travel, a lack of security is troubling, she said.

"I guess we’re going to have to go the airline way, maybe have a search and baggage check, X-ray maybe," she said.

"Really, I don’t know what you can do about security anymore."

Of course, airplane security won't work on busses.

But -- more to the point -- this essay I wrote on overreacting to rare risks applies here:

People tend to base risk analysis more on personal story than on data, despite the old joke that "the plural of anecdote is not data." If a friend gets mugged in a foreign country, that story is more likely to affect how safe you feel traveling to that country than abstract crime statistics.

We give storytellers we have a relationship with more credibility than strangers, and stories that are close to us more weight than stories from foreign lands. In other words, proximity of relationship affects our risk assessment. And who is everyone's major storyteller these days? Television.

Which is why Canadians are talking about increasing security on long-haul busses, and not Americans.

Back at the FOSE show in April, we conducted a survey and one of the questions asked was about Web 2.0 usage. Honestly, we expected low adoption of these kinds of collaborative and often very public communications tools and were very surprised by the results.

Over 65% of government IT workers surveyed said that Web 2.0 tools are important to their operations. 20% were currently using things like wikis, blogs and RSS feeds with over 50% more planning on having these tools in place by next year.

Our take: many of the Web 2.0 tools are cheap or even free. Of course there are some server and maintenance costs, but the costs of Web 2.0 solutions are a drop in the bucket compared to other federal IT projects. You’ve heard the stories. Most of these tools are easy to get up and running and don’t require extensive training to be an active user.

Basically, our expectation of low adoption was rooted in the idea that the federal government would have more policies, i.e., restrictions, around usage and tighter controls around content and the dissemination of information. Interestingly, I just met someone who worked in the Air Force’s public affairs office at BlogPotomac, a local social media event. He told me that he was there because the Air Force already had multiple blogs across what is obviously a very big organization, but that there was no single policy around blogging. Surprising and the opposite of what we thought.

Perhaps in the end, the ease and speed of adoption and the speed of social media conversations are outstripping the agencies’ ability to get in front of them. And that’s a big lesson learned for agencies and enterprises alike.

Another note: check out this presentation by Chris Rasmussen, Knowledge Management Officer, Intellipedia, National Geospatial-Intelligence Agency, Department of Defense (yes, that’s the title they published for him) from FCW’s Spring Government CIO Summit on the use of social media software within the US intelligence community. It’s pretty funny and has nuggets of good info for anyone looking at adopting these tools.

Guess what? Government agency management and communications officers have the same issues and fears that enterprises do. What if people give away (trade) secrets? What if people drop the “f-bomb”? Possibly the funniest thing in the recording of Rasmussen’s presentation is when he shares the “worst” blog comment that he got on Intellipedia where someone likens him to traitors like Chris Hansen…for doing a blog.

ShareThis

Some day soon, you may go in and turn on your Windows PC and find your most valuable files locked up tighter than Fort Knox.

You'll also see this message appear on your screen:

"Your files are encrypted with RSA-1024 algorithm. To recovery your files you need to buy our decryptor. To buy decrypting tool contact us at: ********@yahoo.com"

How is this any worse than the old hacker viruses that put a funny message on your screen and erased your hard drive?

Here's how I see it, if someone actually manages to pull this up and put it into circulation, we're looking at malware Armegeddon. Instead of losing 'just' your credit card numbers or having your PC turned into a spam factory, you could lose vital files forever.

Of course, you could keep current back-ups. I do, but I've been around this track way too many times to think that many companies, much less individual users, actually keep real back-ups. Oh, you may think you do, but when was the last time you checked to see if the data you saved could actually be restored?

The single most important thing any company or individual can do to improve security is have a good backup strategy. It's been true for decades, and it's still true today.

Also this week, the UK’s Medicines and Healthcare Products Regulatory Agency showed signs of cracking down on disclosure of drug trial results after problems persisted with certain anti-depressant drugs in relation to teenage suicide (even though criminal charges will not be filed).

The sub-prime issue may likely be the next major target for legislative changes, although most discussion seems to be focused on consumer protection at this point, not tighter control over lenders.

In all of these cases, it’s much easier to see in hindsight what companies could have done to avoid such legislative action.  However, I think a case can certainly be made for seriously supporting industry standards...for example, the general success of the PCI Data Security Standard seems to have diminished any strong push to curb data theft through tougher regulations.

There are three important issues in this story — and in the sub-prime crisis in general — that all good risk management professionals know, and should keep in mind as often as possible.

1. Accepting risk can offer substantial competitive advantages. While some argue that Goldman Sachs got lucky on many of its assumptions, the company has a history of aggressive, intelligent risk taking. The lesson here, whether evaluating investments, business partners, emerging markets, or new technologies, is to effectively measure and understand risk exposure to know when it’s worth taking certain chances.

2. Risk management decisions are being closely watched. Customers, business partners, and investors alike have more access to risk management information than ever, thanks in part to rating agencies and regulatory filings. More risk-savvy media are also becoming more likely expose companies demonstrating poor risk management strategies or a lack of commitment to all stakeholders. Case in point, the Wall Street Journal questioned how clients will ultimately react knowing that Goldman Sachs profited greatly by betting against products the company continued to sell them.

3. Widespread risk management failures will get legislators’ attention. It’s still early to tell how far fallout from the sub-prime crisis will reach, but the number of consumers affected has already convinced lawmakers to get involved. We’ve seen other industry-wide risk management failures heading toward this level of attention with pharmaceutical, food, and toy companies. The risk of attracting tighter regulatory pressure should help encourage greater risk and compliance responsibility, and in some cases, cooperation around industry standards and best practices.