All too often, I run into BCM and DR practitioners that talk about their ‘Awareness’ programs and what they do to get their message of BCM/DR awareness across to the rest of the organization. Let’s face it, we all have an Awareness component to our programs but it’s how the Awareness component is executed that will make the difference.
We tend to build our other components such as BIAs, Crisis Plans, Crisis Teams, Continuity Plans, Technology Recovery Plans and others, before we turn to the Awareness component. We tend to wait until we get to a specific point before we begin to focus on getting the BCM/DR message across. I think differently.
The BCM/DR awareness message starts the moment the practitioner begins their role. It’s up to them to educate and work with others in their organization to get the message out there when they start, not when they get near the end or when it seems there’s enough information to communicate. You can communicate awareness right away; there is no reason to wait in getting the message out there.
Once a month, my co research director and partner in crime, Chris McClean, and I will use our blog to highlight one of the 26 people that collaborate to deliver our team’s research and services and always make Chris and I look really, really good. Each “Analyst Spotlight” includes an informational podcast and an offbeat interview with the analyst. This month’s Analyst Spotlight features our newest analyst, Martin Whitworth. Based in London and bringing experience as a CISO and Head of Security across several industries, Martin will cover the most pressing issues keeping CISOs reaching for another bourbon on the rocks, including security strategy, maturity, skills and staffing, business alignment, and everyone’s favorite pastime, reporting to the board.
An old sports tenet says that you can’t tell the players without a scorecard. It is equally true that you can’t play the game without a playbook. Yet most emergency operations centers are doing just that.
EOCs all share one basic currency — information. At its core, an EOC is an information processing and dissemination mechanism that supports and coordinates operations in the field. So how information is analyzed, processed and acted upon often means the difference between life and death. But there is a systemic problem.
All too often, emergency operations plans and EOC standard operating procedures state that the operations center will establish and maintain situational awareness and disseminate a common operating picture. Unfortunately no one ever tells you how to do that. Why does that matter? Because every single decision EOC responders make depends on accurate, complete and current situational awareness and a common operating picture, otherwise known as SA/COP. But several issues complicate the problem.
Tripwire, Inc., has announced the results of a study conducted by Dimensional Research on improving the cybersecurity literacy of Fortune 500 boards and executives. The study examined corporate executives’ view of cybersecurity risks, as well as measured their confidence and preparedness in the event of a security breach. Study respondents included 200 business executives and 200 IT security professionals at US companies with annual revenues of more than $5 billion.
Key findings include:
- C-level executives are less confident (68 percent) than non C-level executives (80 percent) that cybersecurity briefings presented to the board accurately represented the urgency and intensity of the cyberthreats targeting their organizations.
- C-level executives (65 percent) were less confident than non C-level executives and IT executives (87 percent and 78 percent respectively) in the accuracy of the tools their organization uses to present cybersecurity risks to the board.
- 100 percent of C-level executives and 84 percent of non C-level executives consider themselves ‘cybersecurity literate,’ despite ongoing cyberattacks and high profile breaches.
“The lower level of confidence on the part of C-level executives reflects a sea change in the way that executives handle cybersecurity risks,” said Dwayne Melancon, chief technology officer for Tripwire. “The reality is that an extremely secure business may not operate as well as an extremely innovative business. This means executives and boards have to collaborate on an acceptable risk threshold that may need adjustment as the business grows and changes. The good news is that this study signals that conversations are beginning to happen at all levels of the organization. This is a critical step in changing the culture of business to better manage the ongoing and rapid changes in cybersecurity risks.”
While the results of the Tripwire study indicate an increased preparedness on the part of IT professionals, they expose the uncertainty at the C-level and point toward the need to increase literacy in cybersecurity and its attendant risks in the near-term. Competitive pressures to deploy cost-effective business technologies may affect resource investment calculations for security; these competing business pressures mean that conscientious and comprehensive oversight of cybersecurity risk at the board level is essential.
"I'm not surprised that C-level executives are less confident than their boards or IT executive staff,” said Melancon. “That lack of confidence comes, in large part, from the networking and informal benchmarking that takes place among C-level executives at the peer level. There is a lot of 'comparing notes' that happens between C-level peers. When this happens, you are able to get a more informed view of where you are in your overall cyber risk preparedness. This is in direct contrast to IT professionals who generally have a more insulated view of their own cyber risk, which can lead to a false sense of security. That difference in perspective – internal inputs vs. external inputs — may very well explain the confidence gap this survey highlights.”
To download the whitepaper of this study, please click here.
Cloud deployments such as cloud-based file sharing and cloud storage have been growing at such a rapid rate, they are expected to become the largest percent of IT budgets as early as 2016. The industry is keeping up with this rapid growth by creating standards and guidelines for how cloud service providers and MSPs should operate.
A proposed international standard released earlier this year focuses on data privacy in public clouds – specifically in relation to business-to-business cloud usage – and how customers should maintain control of their personally identifiable information.
The new international standard, designated ISO/IEC 27018 is described by ISO as “an important first step for protecting PII in the cloud. It is built on previous ISO guidance and will continue to evolve along with [cloud service providers] to provide more secure services upon which businesses can grow.”
Integration provides enterprise security teams with real-time, worldwide storm tracking and hurricane alerts, in a consolidated view with enterprise assets
LANSING, Mich. – IDV Solutions, LLC and Sea Island Software, Inc. today announced that the companies have formed a technical partnership and completed an integration of Sea Island’s HurricaneMapping.com storm tracking data with IDV Solutions' Visual Command Center® enterprise risk visualization (ERV) platform.
The combined technologies provide enterprise security teams with real-time, worldwide tracking and alerting for hurricanes, tropical storms, and typhoons, enabling them to assess and mitigate the risk to employees, facilities, and operations.
For National Hurricane Preparedness Week, the companies will host a webinar at 1 p.m. EST on Wednesday, May 27 on the forecast for the 2015 hurricane season, plus information about the various tropical cyclone seasons and how storm data is tracked and used by organizations. Click here for more information.
Visual Command Center helps organizations take command of risk by providing a real-time, common operating picture of their personnel and operations in relation to potential threats. It unites information on global sources of risk, like weather, terrorism, and natural disasters, with data from an organization's internal data stores and physical security systems, visualizing the consolidated information on an interactive map and timeline. When a risk is detected near an asset or employee location, Visual Command Center automatically generates an alert and provides tools that enable security operators to assess and mitigate the threat.
The HurricaneMapping.com service collects hurricane, tropical storm, and typhoon advisories within minutes of their issuance. It combines and normalizes advisories from the U.S. National Hurricane Center, the Central Pacific Hurricane Center, and the Joint Typhoon Warning Center for total global coverage.
When connected to the HurricaneMapping.com service, Visual Command Center visualizes current and forecast storm locations and directions, wind speed swaths, advisories, and zones of hurricane, typhoon or tropical storm risk. It provides organizations with up-to-date risk assessments for all active storms, and alerts them when their assets may be threatened.
“Hurricanes, tropical storms, and typhoons are a major threat to life and property. Connecting Visual Command Center to HurricaneMapping.com offers organizations the most complete and timely information on which to base critical decisions to protect their people and facilities,” said George Siegle, Director of Product Management, IDV Solutions.
“We’re very pleased to partner with IDV Solutions to bring HurricaneMapping.com’s robust tropical storm data into Visual Command Center,” said Karen Townsend, President, Sea Island Software. “Visualization of tropical storm data in the context of a company’s facilities, employees, travelers, and supply chain routes is critical to mitigating risk from these powerful storms.”
About IDV Solutions, LLC
IDV Solutions, LLC is the global leader in delivering Enterprise Risk Visualization capabilities through software and services that enable organizations to protect their assets, ensure continuity of operations and optimize performance. Its Visual Command Center software is used in functions such as security, field services, supply chain, and operations. By repeatedly solving key problems for customers in the Global 2000 and government, IDV and its products have earned a reputation for delivering immediate value and building risk resilient organizations. For more information, please visit http://www.idvsolutions.com.
About Sea Island Software, Inc.
Sea Island Software specializes in hurricane threat assessment. For more than 20 years, the company has been providing high quality hurricane decision support software, reliable round-the-clock data services, and dedicated customer support to the emergency management community. Sea Island is the creator of HURREVAC, the decision support tool of the U.S. National Hurricane Program and the comprehensive storm tracking service, HurricaneMapping.com.
SPRINGFIELD, Va. – Spok, Inc. today announced thatChambers County Emergency Services in Anahuac, Texas, selected its critical alerting solution to improve and expand emergency communications among first responders and other employees. With the new alerting solution in place, county staff can now quickly and reliably reach emergency responders, firefighters, the sheriff’s office, and local hospitals and schools with important alerts that deal with everything from fires to severe weather events.
“If there is a weather event, the operations directors at local hospitals and schools can also be notified.”
“We wanted a new solution we could control and manage in-house,” said Ryan Holzaepfel, emergency management coordinator for Chambers County Emergency Services. Along with the need for more reliable coverage was increasing demand for a system that would work with cell phones, allowing staff to communicate via text messaging and email if needed. They also wanted more reliability and flexibility in how they handled communications. After doing research, Holzaepfel selected Spok’s critical alerting solution due to its robust, flexible design, audit trail, and ease of use with a variety of communication devices.
Efficiency was also a consideration. “If you have a large fire and it will take several departments to manage it, the dispatcher can just contact a large group of people all at once. With the old system, you had to contact each person individually, which could delay response,” said Holzaepfel.
Messages are sent via the solution’s web interface to immediately notify the appropriate people about anything from critical events to regular county business. “The sheriff’s office uses it for different groups, such as animal control, justices of the peace, the arson team, and some of the judges,” said Holzaepfel. “If there is a weather event, the operations directors at local hospitals and schools can also be notified.”
Spok, Inc., a wholly owned subsidiary of Spok Holdings, Inc. (NASDAQ:SPOK), headquartered in Springfield, Va., is proud to be a leader in critical communications for healthcare, government, public safety, and other industries. We deliver smart, reliable solutions to help protect the health, well-being, and safety of people around the globe. Organizations worldwide rely on Spok for workflow improvement, secure texting, paging services, contact center optimization, and public safety response. When communications matter, Spok delivers. Visit us at spok.com or find us on Twitter @Spoktweets.
MAIDENHEAD, UK – Flexera Software, the leading provider of next-generation software licensing, compliance and installation solutions for application producers and enterprises, today announced that a contract has been signed with Nordea, one of the largest financial services groups in Northern Europe, to implement FlexNet Manager Suite for Enterprises across its organisation. The Software License Optimization solution will help to reduce software waste, ensure compliance with vendor policies as well as optimise software spend across Nordea’s software estate, both on the desktop and in the datacenter.
Due to its size and spread, the organisation needed a Software License Optimisation solution that integrated well into its existing environment. After a thorough evaluation, Nordea chose Flexera Software because of its ability to go beyond simple software asset management and ensure optimisation of its software estate – enabling continual compliance. Nordea takes license compliance seriously and wanted to implement FlexNet Manager Suite not only to ensure visibility and control of its hardware and software assets moving forward, but also to eliminate waste in software spend by helping the company buy only what it needs, and use what it has.
Once implemented, FlexNet Manager Suite for Enterprises will continuously monitor application usage and correlate usage data with select software license agreements to provide a continuous, comprehensive view of Nordea’s license position. The software will support efforts to proactively ensure compliance, reduce audit penalty risk and ongoing software spend by uncovering and reharvesting unused software – eliminating waste from buying unneeded software.
“This is a great win for Flexera Software as we further consolidate our leadership position in the large enterprise space in the Nordic region,” said Vincent Smyth, VP EMEA at Flexera Software. “FlexNet Manager Suite is the clear choice for enterprise customers looking to address their Software License Optimisation capabilities from desktop to datacentre, as well as for those demanding a solution tightly integrated with their IT Service Management infrastructure.”
FlexNet Manager Suite for Enterprises includes the following components:
- FlexNet Manager Platform
- FlexNet Manager for Microsoft
- FlexNet Manager for Adobe
- FlexNet Manager for IBM
- FlexNet Manager for Oracle
- FlexNet Manager for Symantec
- FlexNet Manager for SAP Applications
- FlexNet Manager for VMware
- FlexNet Manager for Engineering Applications
- App Portal
- Workflow Manager
- Read our Blog on Software License Optimization
- FlexNet Manager Suite Success Stories
- Related Flexera Software Webinars
- Enterprise License Optimization White Papers
Follow Flexera Software…
About Flexera Software
Flexera Software helps application producers and enterprises increase application usage and the value they derive from their software. Our next-generation software licensing, compliance and installation solutions are essential to ensure continuous licensing compliance, optimised software investments and to future-proof businesses against the risks and costs of constantly changing technology. Over 80,000 customers turn to Flexera Software as a trusted and neutral source for the knowledge and expertise we have gained as the marketplace leader in licensing, installation and compliance for over 25 years and for the automation and intelligence designed into our products. For more information, please go to: www.flexerasoftware.com.
Tenable expands presence in UK market through two-tiered channel distribution
WOKING, Surrey – VAD Wick Hill announced today that it has been appointed as a UK distributor for US-based Tenable Network Security®, Inc. Tenable is the world leader in continuous network monitoring, helping organisations of all types identify vulnerabilities, reduce risk and ensure compliance. The company plans to expand its presence in the UK market, particularly in the enterprise sector, through the channel using Wick Hill as a value added distributor in a two-tiered distribution model.
Wick Hill will sell the full range of Tenable solutions. These include SecurityCenter Continuous View™, which provides the most comprehensive and integrated view of network health and Nessus®, the global standard in detecting and assessing network data.
Ian Kilpatrick, chairman Wick Hill Group, commented: “With increased mobility and a rapidly changing threat landscape, organisations need rapid overview, analysis and threat response on their networks. Tenable’s market-leading solutions are experiencing very high growth, based on fulfilling that need. We already have significant channel interest ahead of the launch, so we are very excited by the opportunity.”
Wayne Hollinshead, director of channel sales EMEA, Tenable Network Security, said: “Wick Hill’s reputation for value added distribution and partner network, coupled with a proven track record of providing leading-edge enterprise security solutions, make them an ideal partner for Tenable as we continue to expand our position as the leading provider of continuous network monitoring solutions in the UK and globally.”
SecurityCenter Continuous View
SecurityCenter Continuous View, Tenable’s market-defining continuous network monitoring platform, brings together the unique sensors for vulnerability scanning, passive network monitoring and event data, and augments them with vulnerability and threat intelligence information to help take the pulse of your network at any time.
The recently launched SecurityCenter 5 delivers a new way to think about security assurance and risk assessment with the industry’s first ever Assurance Report Cards (ARCs). Tenable ARCS in SecurityCenter 5 help CISOs and security teams measure, analyse and communicate the effectiveness of their security programmes to C-level executives, board members and business managers, helping align security policies with business objectives.
SecurityCenter 5 Key Features
- Continuous asset discovery
- Forensic analysis
- Network health assessment
- Vulnerability analytics
- Malware detection
- Compliance monitoring
Nessus is the most widely deployed vulnerability scanner in the world. It is available in Nessus Manager for enterprise users and Nessus Cloud (SaaS) versions.
Nessus Manager combines the powerful detection, scanning and auditing features of Nessus with extensive management and collaboration functions. Nessus Manager enables the sharing of resources including multiple Nessus scanners, scan schedules, scan policies, and most importantly, scan results among an unlimited set of users or groups controlled from a single central console.
Nessus Cloud combines the detection, scanning and auditing features of Nessus with multi-user support for enterprise teams and the flexibility of a cloud deployment. Nessus Cloud is also a PCI DSS Approved Scanning Vendor (ASV) solution.
The recently launched Nessus Agents, available for both Nessus Manager and Nessus Cloud, addresses the unique security challenges that come with an increasingly mobile workforce. Agents help reduce the attack surface of your network by enabling portable devices, such as laptops, to be checked for vulnerabilities, configuration and compliance even when not connected to the network during scheduled assessments. Agents are lightweight, can scan virtual machines and help alleviate the credential headaches associated with traditional network scanning.
Nessus Key Features
- Vulnerability scanning
- Configuration auditing
- Malware detection
- Web application scanning
- Risk Assessment
- Mobile Device Auditing
- Mobile device detection
- Patch management integration
About Wick Hill
Established in 1976, value added distributor Wick Hill specialises in secure IP infrastructure solutions and convergence. The company sources and delivers best-of-breed, easy-to-use solutions through its channel partners, with a portfolio that covers security, performance, access, networking, convergence, storage and hosted solutions.
Wick Hill is part of the Wick Hill Group, based in Woking, Surrey with sister offices in Hamburg. Wick Hill is particularly focused on providing a wide range of value added support for its channel partners. This includes a strong lead generation and conversion programme, technical and consultancy support for reseller partners in every stage of the sales process, and extensive training facilities. For more information about Wick Hill, please visit http://www.wickhill.com or www.twitter.com/wickhill
Partnership will extend ABBYY’s reach in the software markets in the UK and Ireland
LONDON, UK – ABBYY, a leading provider of document recognition, data capture, and linguistic technologies, and QBSD, a value added distributor of managed file transfer, PDF, network monitoring and business software, announced today a distribution agreement in the UK and Ireland. The relationship with QBSD is designed to increase market awareness and demand for ABBYY products and reach new customers in these markets.
“ABBYY is a market leader in PDF, OCR and document solutions – used in all industries including Banking/Finance, Government and Legal,” says Grant James, general manager, QBSD. “We are happy to have them in our portfolio of software products, as we strongly believe many of our customers can benefit from ABBYY’s best-in-class PDF and OCR software.”
QBSD will carry a range of ABBYY desktop products including optical character recognition (OCR) software ABBYY FineReader Professional, ABBYY FineReader Corporate and ABBYY FineReader Pro for Mac which turn paper documents into editable data, as well as ABBYY PDF Transformer which is an essential tool for working with PDF documents. In addition to download versions, QBSD will also distribute ABBYY software in volume licensing, ideal for productivity increase in businesses and organisations of all sizes.
“Our products allow people to access information contained in paper, scans and PDFs. Both individuals and large enterprises can benefit from the increased productivity and reduced costs that result from using ABBYY products,” explains Kristin Wagener, director of the desktop products business unit for ABBYY Europe. “QBSD has been very successful over a long period in the software distribution market and we are genuinely happy to be teaming up with them. Their strong reseller network will help bring ABBYY products to new customers and markets.”
ABBYY UK is a member of the ABBYY Group and supports sales and marketing activities in Western Europe. ABBYY is a leading provider of document recognition, data capture, and linguistic technologies and services. Its products include the ABBYY FineReader line of optical character recognition (OCR) applications, ABBYY FlexiCapture line of data capture solutions, and development tools. ABBYY offers Professional Services to help customers implementing business solutions based on ABBYY’s products. Paper-intensive organisations from all over the world use ABBYY solutions to automate time- and labour-consuming tasks and to streamline business processes. ABBYY products are used in large-scale government projects such as those of Australian Taxation Office, Lithuanian Tax
Inspectorate, Ministry of Education of Russia, Ministry of Education of Ukraine, Montgomery County Government of the USA and the Government of Canada. Companies that license ABBYY technologies include BancTec, Canon, EMC/Captiva, Hewlett-Packard, KnowledgeLake, Microsoft, NewSoft, Notable Solutions, Samsung Electronics and more. ABBYY OCR applications are shipped with equipment from the world’s top manufacturers such as Epson, Fujitsu, Fuji Xerox, Microtek, Panasonic, PFU, Plustek, Ricoh, Toshiba, and Xerox. ABBYY is an international company with offices in Germany, the UK, France, Spain, Ukraine, Cyprus, Russia, the United States, Canada, Australia, Japan and Taiwan. For more information, visit www.ABBYY.com