Business Continuity Awareness Week takes place between 17th – 21st March 2014 and this year includes an opportunity to take part in the first business continuity ‘Flashblog’.
The Flashblog is basically a collection of short articles written around the same theme and published on the same date.
The topic which has been set is "Counting the cost, and benefits, for business continuity” and 500 word articles are being sought from the perspective of as many different types of authors as possible.
Articles will be published on various platforms (including Continuity Central), depending on the author’s preference, and will go live at 11am GMT on Tuesday 18th March using the hashtags #countingthecost and #bcFlashBlog.
For more details of how to take part go to http://bcflashblog.postach.io/join-in-the-bc-flashmob
The NFPA Technical Committee on Emergency Management and Business Continuity will meet between March 25th-27th 2014 to discuss progress on the 2016 edition of NFPA 1600.
The agenda for the First Draft Meeting, which will take place at Hilton St. Petersburg Carillon Park, St. Petersburg, FL, is as follows:
1. Starting time: 8:30 a.m., March 25, 2014.
2. Welcome (Don Schmidt, Chair)
3. Self-introduction of members and guests
4. Approval of Minutes of Pre-First Draft Meeting, Salt Lake City, 2013 Oct 22-23
5. Approval of agenda
6. NFPA staff liaison report (Orlando Hernandez)
Committee membership update
Distribution of sign-in sheets
7. Organizational reports/News related to NFPA 1600
8. Task group reports
9. Act on Public Comments to NFPA 1600. Take any other actions necessary to complete the ROC for NFPA 1600.
10. Old business.
11. New business
To read the minutes of the October 22nd-23rd meeting click here (PDF).
Risk levels and uncertainty change significantly over time. Competitors make new and sometimes unexpected moves on the board, new regulatory mandates complicate the picture, economies fluctuate, disruptive technologies emerge and nations start new conflicts that can escalate quickly and broadly. Not to mention that, quite simply, stuff happens, meaning tsunamis, hurricanes, floods and other catastrophic events can hit at any time. Indeed, the world is a risky place in which to do business.
Yet like everything else, there is always the other side of the equation. Companies and organizations either grow or face inevitable difficulties in sustaining the business. Value creation is a goal many managers seek, and rightfully so, as no one doubts that successful organizations must take risk to create enterprise value and grow. The question is, how much risk should they take? A balanced approach to value creation means the enterprise accepts only those risks that are prudent to undertake and that it can reasonably expect to manage successfully in pursuing its value creation objectives.
Computerworld — Now, here's a noble goal. U.K. telecom giant Orange on Friday (Feb. 21) launched a campaign to encourage companies to be much more transparent about the data they are collecting with their mobile apps, as well as helping consumers to better control how such data is used. Laudable, really -- and terribly unrealistic.
I'm not even talking about the fact that most companies would rather not be transparent about why they retain consumer data. ("We're trying to get you to buy expensive stuff that you don't need and probably don't even really want. Why do you ask?") The real problem is that you can't disclose what you don't know.
There is no question that technology today forms the core of business. In their role of facilitating transactions and storing sensitive data—the data of both the staff of the company and the stored data of the clients—the systems and networks of companies are increasingly under siege. This makes data both the most precious asset to the corporation, and the most vulnerable. Losing it may cause irrevocable damage to the reputation of a business, and thereby also the trust of shareholders. Logically, then, network security should be a key focal point in the disaster recovery plan of any business that wishes to stay afloat.
How, then, do we prepare our businesses to deal with threats to network security?
InfoWorld — Advanced persistent threats have garnered a lot of attention of late, deservedly so. APTs are arguably the most dangerous security concern for business organizations today, given their targeted nature.
An APT attack is typically launched by a professional organization based in a different country than the victim organization, thereby complicating law enforcement. These hacking organizations are often broken into specialized teams that work together to infiltrate corporate networks and systems and extract as much valuable information as possible. Illegally hacking other companies is their day job. And most are very good at it.
By all expert opinion, APTs have compromised the information infrastructure of any relevant company. The question isn't whether you've been compromised by an APT, but whether you've noticed it.
Resiliency is generally defined as the ability of an organization to (a) withstand threats that could have significant impact and (b) recover from any disruption within the thresholds set by the business. Resiliency is often, mistakenly, considered the responsibility of IT. Technological resiliency is of paramount importance, but cannot alone assure the resilience of an organization.
One of the ways to become more resilient is to reduce risk exposure and thereby increase the organization’s ability to withstand threats. How can this be achieved?
A Ground-Up Approach to Risk Reduction
Understand that risks are inherent in the assets (sites, people, processes, IT services and subsystems, suppliers, equipment, etc.) that vital operations rely on. Risk reduction efforts should focus on decreasing the risk exposure of those critical assets. Decreasing risks at this granular level can, with their cumulative effect, reduce the organization’s overall risk exposure.
In reviewing the results of the new 2014 Annual Report on the State of Disaster Recovery Preparedness from the Disaster Recovery Preparedness Council in this blog, I’ve focused on the bad news so far. Based on hundreds of responses from organizations worldwide, the Annual Report provides several insights into the best practices of companies that are better prepared to recover from outages or disasters.
You can download the report for free at http://drbenchmark.org/
OK, so here’s the good news. Some companies seem to be doing much better at preparing for outages and they exhibit certain traits that distinguish them from others who are not doing so well.
CHICAGO – Just a few inches of water can cause tens of thousands of dollars in damage to your home. A flood insurance policy could protect you from the devastating out-of-pocket expenses caused by flooding.
Don’t wait until it’s too late. A policy takes 30 days from application and payment to go into effect. And a typical homeowner’s insurance policy does not cover floods.
“Snow thaw and the potential for heavy spring rains heighten the flood risk throughout our area in the coming months,” said FEMA Region V Administrator Andrew Velasquez III. “A flood insurance policy is the best option to protect your home from the costly damage floodwaters can cause.”
Historically, flooding has resulted in millions of dollars in damages throughout the state of Wisconsin. In 2010, heavy rains dumped nearly 8 inches of water in a two hour period over the city of Milwaukee, resulting in more than 23,000 reports of damage from local residents. Last June, severe thunderstorms dumped a total of 8-13 inches of rain over northwestern, southwestern, and south central Wisconsin causing significant damage. Some areas received 1-2 inches of rainfall per hour that resulted in flash flooding and mudslides.
FEMA recommends that all Wisconsin residents visit FloodSmart.gov or call 1-800-427-2419 to learn how to prepare for floods, how to purchase a flood insurance policy and the benefits of protecting your home or property investment against flooding. You can also contact your insurance agent for more information.
FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.
Follow FEMA online at twitter.com/femaregion5, www.facebook.com/fema, and www.youtube.com/fema. Also, follow Administrator Craig Fugate's activities at twitter.com/craigatfema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.
IDG News Service (Washington, D.C., Bureau) — The U.S. Congress should pass a law requiring businesses that have lost customer information in cyberattacks to notify those affected, U.S. Attorney General Eric Holder said Monday.
In light of recent data breaches, including at Target and Neiman Marcus, a data-breach notification law would help the U.S. Department of Justice combat crime, protect privacy and prevent identity theft, Holder said in a video message.
"As we've seen -- especially in recent years -- these crimes are becoming all too common," Holder said. "And although Justice Department officials are working closely with the FBI and prosecutors across the country to bring cybercriminals to justice, it's time for leaders in Washington to provide the tools we need to do even more: by requiring businesses to notify American consumers and law enforcement in the wake of significant data breaches."