Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 27, Issue 4

Full Contents Now Available!

Jon Seals

“We don’t need no education . . .”

I couldn’t help but think of that line from a Pink Floyd song when I saw the headline on an eSecurity Planet article, “Majority of Employees Don’t Receive Security Awareness Training.”

The article goes on to report on a study by Enterprise Management Associates called Security Awareness Training: It's Not Just for Compliance. The study interviewed 600 people at companies of all sizes, from the very small to the very large, and what it found was that more than half of employees not working in IT or security receive no security awareness training. However, business size did make a difference – midsize businesses fared the worst when it comes to security education.

...

http://www.itbusinessedge.com/blogs/data-security/lack-of-security-awareness-training-puts-data-and-networks-at-risk.html

Given the state of virtual and cloud-based infrastructure, it’s almost impossible not to think about end-to-end data environments residing in abstract software layers atop physical infrastructure.

But is the virtual data center (VDC) really in the cards? And if so, does it mean all data environments will soon gravitate toward these ethereal constructs, or will there still be use cases for traditional, on-premises infrastructure?

Undoubtedly, a fully virtualized data operation offers many advantages. Aside from the lower capital and operating costs, it will be much easier to support mobile communications, collaboration, social networking and many of the other trends that are driving the knowledge workforce to new levels of productivity.

...

http://www.itbusinessedge.com/blogs/infrastructure/is-the-virtual-data-center-inevitable.html

I saw an encouraging sign the other day in a Tech Target 2014 Market Intelligence report.  It provided a list of the top IT projects for this year based on a survey of IT professionals.  Number one of the list was server virtualization.  And number two?  Business Continuity/Disaster Recovery (BC/DR).

That’s big news for us at the Disaster Recovery Preparedness Council.  It’s our mission to raise awareness of the need for BC/DR planning and help IT professionals to benchmark their current DR practices and implement ways to improve DR planning and recovery in the event of an outage or disaster.

So, given the results of the Tech Target report, you need to ask yourself where BD/DR falls on your list of priorities this year.  Maybe you’ve got a formal plan and a budget for BC/DR but many companies still do not.  That doesn’t mean you can’t start to develop and/or improve your business continuity strategy today.

...

http://drbenchmark.org/where-is-bcdr-on-your-list-of-priorities/

Leading institute for business continuity recognizes BC planning and management company for best software and industry personality of the year


PHILADELPHIA, Pa. – The 2014 Business Continuity Institute (BCI) North America Awards took place on Sunday March 30th as part of the Disaster Recovery Journal (DRJ) Spring World 2014. At the event, BCI recognized Strategic BCP® in two categories:

    1. ResilienceONE® BCM Software as “Business Continuity Product of the Year”
    2. Frank Perlmutter (CBCP/MBCI) as “Industry Personality of the Year”

Why ResilienceONE was awarded “Business Continuity Product of the Year”: Since 2004 ResilienceONE BCM software from Strategic BCP has provided Business Continuity professionals a comprehensive, convenient way to manage risk, continuity, and resilience. It provides a simple way to achieve Business Continuity, Disaster Recovery, Business Impact Analysis, Risk Assessment, and Crisis Management—including guaranteed compliance with 30 leading industry standards—all within one cloud-based solution. Built upon a time-tested framework of simplified user input and powerful relational-database analysis, it is well-received by both clients and the industry, including nearly 70,000 end users and 98% client retention rate since product inception.


Why Frank Perlmutter was awarded “Industry Personality of the Year”: As president and co-founder of Strategic BCP, Frank’s outspoken and unequivocal passion for advancing the discipline of business continuity is evident throughout every aspect of his professional life. As hands-on practitioner/consultant, he demonstrates unique creativity in cost-saving BC practices. As BC industry evangelist, he leads several LinkedIn vertical market groups and advocates upgraded BC practices and profiles among the 6,000 practitioners (experienced and new) attending his scores of seminars. In 2013, he adapted his revolutionary BCP Genome™ to ensure full compliance with 30 industry standards for ResilienceONE users, then freely shared the principles with the industry, via seminar and white paper.


“Frank’s foresight and business continuity planning and management solutions have long been praised in our industry, says BCI US Chapter President Doug Weldon (FBCI). “We congratulate Strategic BCP.”


About Strategic BCP
Strategic BCP® represents a team of business continuity management specialists who empower organizations of all sizes to build cost-effective, action-based plans that can be implemented immediately in the event of downtime. The company’s award-winning BCM software, ResilienceONE®, integrates risk assessment and management, BC plan development and maintenance, incident management, and compliance issues in one comprehensive easy-to-implement solution. It features proprietary algorithms and metrics that automate cumbersome tasks and provide comprehensive

Citicus has signed a licensing agreement with ISACA® to provide support for COBIT 5® in its award-winning risk and compliance management software, Citicus ONE. The combination of Citicus ONE and COBIT 5 provides a unique toolkit for organizations that want to adopt, reference or align with the industry-leading COBIT framework for the governance and management of enterprise IT.

Using Citicus ONE with COBIT 5 will enable organizations to:

  • Benchmark their enterprise IT against the 37 COBIT 5 enabling processes and their supporting activities
  • Assess the status of their information security programme against the COBIT 5 for information security specification
  • Identify, record and track actions needed to conform with the COBIT recommended practices
  • Monitor progress towards full alignment with the COBIT 5 framework over time.

COBIT 5 is the latest edition of ISACA’s globally accepted framework, providing an end-to-end business view of the governance of enterprise IT that reflects the central role of information and technology in creating value for enterprises. The principles, practices, analytical tools and models found in COBIT 5 embody thought leadership and guidance from business, IT and governance experts around the world.

Citicus ONE is a leading governance, risk and compliance software tool available either as an on-demand hosted service or as an in-house installable solution. As well as supporting COBIT 5, Citicus ONE contains an extensive library of other standards such as ISO27001, PCI-DSS, ISF SoGP and NIST and can be easily customized to incorporate an organization’s own policies and standards.

Simon Oxley, managing director at Citicus says, “We are delighted to integrate the capabilities of Citicus ONE with the rich content of the COBIT 5 framework.  Our customers are under increasing pressure to maximize the benefits from their risk and compliance management activities and the ability to use Citicus ONE as a support tool for COBIT implementation is a real help to them.”

About Citicus (www.citicus.com)
Citicus Limited was formed in 2000 by Sian Alcock, Marco Kapp, and Simon Oxley.  Its award-winning Citicus ONE risk and compliance management software has been implemented in public and private sector enterprises of all sizes around the world, and Citicus’ partnership relationship with customers helps them implement and run their risk programmes successfully.

It’s been an extraordinary month, with scenarios that include a missing plane (see Divya Yadav’s research note); another round of deaths at Fort Hood just as the report on lessons learned in the Washington Shipyard was released; a Supreme Court decision that makes us wonder if the justices believe that free speech is the same as money; and, right in our backyard, a devastating mudslide from which not all the bodies have been removed.

The month also included the first meeting of the mayor’s City of Seattle Disaster Recovery Plan Executive Advisory Group, of which I am a member. This group is charge with imagining how recovery efforts, not the response itself, might proceed, and to consider how some planning now might make decisions easier to make after a catastrophic event such as an earthquake:  “what policy changes, planning or other strategies should be acted on now?  How will we ensure we have the necessary resources (staff, equipment, facilities, etc.) to get back to acceptable levels of service and to meet our legal mandates?”

...

http://anniesearle.createsend.com/t/ViewEmailArchive/r/ED5F90523766F0B22540EF23F30FEDED

Computerworld — Try this: Go online to translate.google.com.

In the left-hand input box, type, "The spirit is willing, but the flesh is weak." In the right-hand box, decide which language you want it translated to. After it's translated the first time, copy the translated text and paste it into the left-hand box for conversion back into English.

If you don't get exactly the original text, the back-translation will in all likelihood still reflect at least part of the original thought: That the actions of the subject fell short of his or her intentions and not that the wine was good but the meat was tasteless, which the phrase could mean in a literal translation.

...

http://www.cio.com/article/751443/AI_Gets_its_Groove_Back

IDG News Service — Four researchers working separately have demonstrated a server's private encryption key can be obtained using the Heartbleed bug, an attack thought possible but unconfirmed.

The findings come shortly after a challenge created by CloudFlare, a San Francisco-based company that runs a security and redundancy service for website operators.

CloudFlare asked the security community if the flaw in the OpenSSL cryptographic library, made public last week, could be used to obtain the private key used to create an encrypted channel between users and websites, known as SSL/TLS (Secure Sockets Layer/Transport Security Layer).

...

http://www.cio.com/article/751440/Tests_Confirm_Heartbleed_Bug_Can_Expose_Server_39_s_Private_Key

Due to the complexities of making products, most manufacturers are used to having large influxes of data from machines, processes, shipping, etc. What may be new to these companies, though, is having tools to retrieve actionable information from these piles of Big Data.

LNS Research and Mesa International teamed up to compile a survey of manufacturers on how they are using new technologies. Among the information gathered was how these companies felt they could use Big Data from the manufacturing plants and the overall enterprise. Of the more than 200 responses, 46 percent felt that Big Data analysis could help them “better forecast products” and production. Another 39 percent believed that Big Data mining will allow them to “service and support customers faster.” Other metrics from the survey include:

...

http://www.itbusinessedge.com/blogs/integration/big-data-can-provide-manufacturers-bigger-efficiencies.html

The number of countries with downgraded political risk ratings grew in the last year, as all five emerging market BRICS countries (Brazil, Russia, India, China, South Africa) saw their risk rating increase, according to Aon’s 2014 Political Risk Map.

As a result, countries representing a large share of global output experienced a broad-based increase in political risk including political violence, government interference and sovereign non-payment risk, Aon said.

The 2014 map shows that 16 countries were downgraded in 2014 compared to 12 in 2013. Only six countries experienced upgrades (where the territory risk is rated lower than the previous year), compared to 13 in 2013.

Aon noted that Brazil’s rating was downgraded because political risks have been increasing from moderate levels as economic weakness has increased the role of the government in the economy.

...

http://www.iii.org/insuranceindustryblog/?p=3627