Disaster Recovery Journal

Data shows that publicized hacks, cyberattacks and data breaches continue to increase, and the majority of attacks are from outsiders. According to Verizon's 2013 Data Breach Investigations Report, released in April, 92% of breaches in 2012 were attributed to outsiders, and 19% involved state-affiliated actors.

Regardless of the motives and the types of hackers or attackers, it behooves chief information security officers (CISOs) and security staff to take actions to better defend their data from these miscreants. Data theft has consequences for organizations: bad press, impact on reputation, devalued share prices and the costs of investigating the breach. Companies may also have to take legal action and make notifications to affected individuals if a breach involves personal data theft.

...

http://searchsecurity.techtarget.com/feature/Data-breach-protection-requires-new-barriers

The Federal Emergency Management Agency's Collaboration Community website, www.fema.ideascale.com, is currently being used to assess stakeholders' opinions of possible changes to National Incident Management System (NIMS) doctrine.

FEMA's National Integration Center (NIC) is taking feedback and engagement in this way. The site lets visitors express approval or dislike of individual ideas; some are in the negative zone but a few have positive margins of 30 or even 50 "votes." One idea currently in positive territory is this: "FEMA should assist with the implementation Risk Management framework by assisting communities to develop a community specific Risk Register to assess future risks to the community and mitigation activities that can lower the risk score. This would NOT be a FEMA product (so not meant to be tracked as a deliverable with metrics assigned, etc.,) but a communications technique that can start with listening to the community of what they see as future risks and where FEMA can help identify mitigation resources that can help (grants, CRS, future conditions modeling, etc.,). The community would own this risk register in that FEMA is only interested in helping them apply this to become more resilient. However, it would be a good way for FEMA to measure action as a result of the Risk MAP program. The key concept here is to apply the Risk Management approach as a communications process rather than a part of production task."

...

http://ohsonline.com/articles/2013/05/02/fema-getting-feedback-on-nims-update-ideas.aspx

At 11KBW’s information law seminar in May, one of the discussion topics was ‘the future of data protection’. Here are some further thoughts on some interesting trends and developments.

Progress at the EU level

A major issue on this front is of course progress on the draft EU Data Protection Regulation – on which see this blog post from the ICO’s David Smith for an overview of the issues currently attracting the most debate. While that negotiation process runs its course, the Article 29 Working Party continues to provide influential guidance for users and regulators on some of the thorniest data protection issues. Its most recent opinion addresses purpose limitation, i.e. the circumstances under which data obtained for one purpose can be put to another. A summary of its views is available here.

...

http://www.panopticonblog.com/2013/04/29/data-protection-trends-possibilities-and-foi-disclosures/

Go through the content in our Backup and Disaster Recovery (BDR) Infocenter to learn how to close deals with customers, leverage demos for sales, and sell BDR in an uncertain economy -- all helpful, practical, and useful topics. The next step, however, is to keep customers happy and wanting more. Customers want to see result and a return on their investment, which may be difficult to demonstrate if disaster hasn't reared its ugly head. How should managed services providers (MSPs) keep BDR customers happy, without being technical about it? It's a lot easier than you may think.

...

http://mspmentor.net/infocenter-bdr/msps-kiss-your-bdr-customers

Marsh has recommended that United States Congress reauthorize the Terrorism Risk Insurance Program Reauthorization Act (TRIPRA) in light of ongoing strong demand for terrorism risk insurance and the possibility that opting not to reauthorize the program could lead to price increases.

If TRIPRA, commonly known as TRIA, is allowed to expire or is substantially changed, terrorism insurance capacity may be difficult to acquire at reasonable costs for insureds, especially those with significant exposures in a central business district or major city, notes Marsh’s 2013 Terrorism Risk Insurance Report, released Tuesday. Almost 2,600 companies were surveyed, notes Marsh, a global leader in insurance broking and risk management.

...

http://www.canadianunderwriter.ca/news/demand-for-terrorism-coverage-remains-strong-marsh/1002270006/

One of the many roles of public health is to protect consumers from threats like foodborne outbreaks. Much of this hinges on quickly getting out clear messages to the public that provide simple steps to help stem the spread of disease. This is something public health professionals have been doing for over a hundred years, but a recent outbreak of Salmonella Heidelberg got us wondering, “Are we doing enough to keep the public safe? Are we too slow? And, How can we improve?”

That’s not to say there weren’t triumphs in this outbreak, but like most responses we had a moment of self-reflection when the crisis was over and we were able to take a step back and consider our methods. What we found was a need for stronger policies and faster messaging to the public.

...

http://blogs.cdc.gov/publichealthmatters/2013/05/are-we-too-slow/

As law enforcement desperately hunted the Boston Marathon bombing suspects, the city’s reliance on commercial cellular wireless carriers became an escalating problem. Just like runners who had trouble reconnecting with their families, the city experienced major crashes in the aftermath of the deadly bombing.

"I called Comcast and asked them to open up the Xfinity Wi-Fi in Watertown," Boston Chief Information Officer Donald Denning said in an interview with Stateline.

...

http://www.emergencymgmt.com/safety/Boston-Bombings-Public-Safety-Broadband-Network.html

Sure, your employees are hired to fill specific roles, but anyone who’s been in the middle of a crisis situation knows that a whole new set of responsibilities pops up, whether you’re ready or not.

BCM president Jonathan Bernstein was recently interviewed for a Hotel News Now article on terrorism risks for hoteliers, and the insight he shared holds true for any type of organization:

...

http://managementhelp.org/blogs/crisis-management/2013/05/01/every-employee-is-a-crisis-manager/

As data flows between countries with disparate data protection laws, firms need to ensure the safety of their customer and employee data through regulatory compliance and due diligence. However, multinational organizations often find global data privacy laws exceedingly challenging. To help our clients address these challenges, Forrester developed a research and planning tool called the Data Privacy Heat Map (try the demo version here). Originally published in 2010, the tool leverages in-depth analyses of the privacy-related laws and cultures of 54 countries around the world, helping our clients better strategize their own global privacy and data protection approaches.

Regulation in the data privacy arena is far from static. In the year since we last updated the heat map, we have seen many changes to how countries around the world view and enforce data privacy. Forrester has tracked and rated each of these 54 countries across seven different metrics directly within the tool. Among them, seven countries had their ratings change over the past year. Some of the most significant changes corporations are concerned with involve:

...

http://blogs.forrester.com/christopher_sherman/13-05-01-forresters_2013_update_to_the_data_privacy_heat_map_shows_increasing_global_momentum_towards_d

Only about half of state and local government CIOs polled in a recent survey said they’re prepared for a cyber-attack — even as 28 percent of them reported experiencing a system hacking or attack attempt in the previous year.

While a majority of the 36 state and local government CIOs told the Consero Group’s Government IT survey that they had necessary infrastructure in place, about 42 percent said they found the systems vulnerable to security breaches and cyber threats, and 44 percent said they don’t feel prepared for such attack.

...

http://www.govhealthit.com/news/survey-local-state-gov-cios-underprepared-attacks