Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Bonus Journal

Volume 29, Issue 5

Full Contents Now Available!

Jon Seals

Jon Seals

The Federal Emergency Management Agency (FEMA) is requesting that qualified individuals who are interested in serving on the FEMA National Advisory Council (NAC) submit an application to be considered for appointment.

The NAC is a Federal advisory committee established to ensure effective and ongoing coordination of Federal preparedness, protection, response, recovery, and mitigation for natural and man-made disasters, including acts of terrorism. The NAC is a geographically diverse mix of officials, emergency managers, and emergency response providers from state, tribal, and local governments, the private sector, and nongovernmental organizations who advise the FEMA Administrator on all aspects of emergency management.

FEMA is accepting applications for open positions in the following discipline areas:

  • Elected Tribal Government Executive (one representative appointment)
  • Non-elected Tribal Government Official (one representative appointment)
  • Emergency Management Field (one representative appointment)
  • Emergency Response Providers, which includes fire, law enforcement, hazardous materials response, emergency medical services, and organizations representing emergency response providers (one representative appointment)
  • Standards Setting and Accrediting Organizations, which includes the voluntary consensus codes and standards development community (one representative appointment)
  • Individuals with Disabilities (one representative appointment)
  • Health Scientist (one Special Government Employee (SGE) appointment)
  • Infrastructure Protection Expert (one SGE appointment)
  • Administrator Selections (up to five SGE appointments)

The FEMA Administrator may also appoint additional candidates to represent emerging leaders in emergency management.

All appointments are for 3-year terms beginning in September of 2017. All applications must be received by the close of business on March 15, 2017.

Detailed instructions on how to apply can be found at: http://www.fema.gov/membership-applications and in the Federal Register Notice.

SAN FRANCISCO—As hacking collectives target both the public and private sectors with a wide range of motivations, one thing is clear: Destructive attacks where hackers destroy critical business systems, leak confidential data and hold companies for ransom are on the rise. In a presentation here at the RSA Conference, the nation’s largest cybersecurity summit, Charles Carmakal and Robert Wallace, vice president and director, respectively, of cybersecurity firm Mandiant, shared an overview of some of the biggest findings about disruptive attacks from the company’s breach response, threat research and forensic investigations work.

In their Thursday morning session, the duo profiled specific hacking groups and the varied motivations and tactics that characterize their attacks. Putting isolated incidents into this broader context, they said, helps companies not only understand the true nature of the risk hackers can pose even in breaches that do not immediately appear to target private industry.

One group, for example, has waged “unsophisticated but disruptive and destructive” against a number of mining and casino enterprises in Canada. The hackers broke into enterprise systems, stole several gigabytes of sensitive data and published it online, created scheduled tasks to delete system data, issued ransom requests, and even emailed executives and board members directly to taunt them about the data exposed and increase the pressure to pay. Further increasing that pressure, the group is known to contact journalists in an attempt to publicize the exposed data. Victims have endured outages for days while trying to recover data from backups, and some have paid the ransoms, typically requested in the range of $50,000 to $500,000 in bitcoin.

...

http://www.riskmanagementmonitor.com/10-lessons-learned-from-breach-response-experts/

BATON ROUGE, La. — State and federal emergency management officials encourage survivors of the Feb. 7 tornadoes to begin repairs as soon as they can.

Storm survivors do not need to wait for a visit from FEMA or their insurance company to clean up and make repairs. FEMA inspectors and insurance claims adjusters will be able to verify damage.

It’s important for survivors to take photographs of damage and keep recovery-related receipts. Insurance companies may need both items, while FEMA may need receipts.

Survivors should check for structural damage before entering their homes.
Emergency management officials encourage survivors to register for FEMA help as soon as they can. They only need to register once and only one registration is allowed per household.

FEMA assistance may help eligible homeowners and renters pay for a temporary place to stay, make repairs or replace certain damaged contents.
Survivors can register online at DisasterAssistance.gov or by calling 800-621-3362 from 7 a.m. to 10 p.m. daily. Multilingual operators are available. Survivors who use a TTY may call 800-462-7585. Survivors who use 711 or Video Relay Service may call 800-621-3362.

FEMA assistance is not taxable, doesn’t need to be repaid and doesn’t affect other government benefits.

Those who are referred to the U.S. Small Business Administration should complete and return the application for a low-interest disaster loan. It is not required to accept a loan offer, but returning a completed application is necessary for FEMA to consider survivors for certain forms of disaster assistance.

Friday, 17 February 2017 17:14

Pricing Strategies For SaaS Providers

Most leaders of SaaS providers understand the importance of minimizing Churn and maximizing account enrichment, but few fully appreciate how vital to those goals is a good pricing and licensing strategy. My newly published report Pricing Strategies For Software-As-A-Service  is a must read for any business software company that sells or is thinking of selling via a subscription model. Here is a quick overview for anyone who isn't yet a Forrester client. 

Some industry experts talk about the "magic ratio" of lifetime customer value to acquisition cost. Aligning the price you charge each customer more closely with the value they are likely to receive from your product is vital to increasing the former and reducing the latter. Simplistic pricing undermines lifetime value by undercharging those customers who get the most benefit from your product. Don't think you can fix this error later if you get it wrong at the start - I've seen many start-up vendors limit their growth potential in this way. Flat rate pricing helped them get traction early on, but then when they wanted to accelerate revenue growth they found it impossible to persuade those early adopters to switch to a variable pricing structure. 

Perpetual license sellers can get away with mis-selling and over-charging because they've banked enough lifetime customer value before the customer realizes its mistake. SaaS providers can't do that. This article from billing vendor Chargify explains how over-selling to the wrong customers can seriously damage a vendor's health, not only from higher churn, but also from customer complaints and misguided efforts to save doomed accounts. Therefore, sound analysis of how your product delivers real, measurable business value - and alignment of your pricing strategy with that analysis - is vital for long term success. My report explains how to optimize the three key elements of that strategy:

...

http://blogs.forrester.com/duncan_jones/17-02-17-pricing_strategies_for_saas_providers

Friday, 17 February 2017 17:13

Why Compliance Officers Need Independence

I recently read a great blog post by Tom Fox on why compliance officers need independence.  And former federal prosecutor Michael Volkov, who completely understands the CCO’s hard job, has reiterated the value of independence here, although this is mostly old news to any CCO who has been in the trenches.  With the feedback we are seeing to the launch of the Compliance 2.0 Infographic, this is probably a good time to discuss the independence issue.

Why is independence so critical to the establishment of a strong compliance program that works?  The CCOs in my networks know the answer, and they have the scars on their backs to prove it.  I’ve said that the CCO’s role is an incredibly hard job – maybe the hardest one in the company.  I use a single slide to summarize why this is so.

Here are some ways independence helps CCOs do their job well:

...

http://www.corporatecomplianceinsights.com/why-compliance-officers-need-independence/

Page 1 of 2465