Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 27, Issue 4

Full Contents Now Available!

Jon Seals

I saw an encouraging sign the other day in a Tech Target 2014 Market Intelligence report.  It provided a list of the top IT projects for this year based on a survey of IT professionals.  Number one of the list was server virtualization.  And number two?  Business Continuity/Disaster Recovery (BC/DR).

That’s big news for us at the Disaster Recovery Preparedness Council.  It’s our mission to raise awareness of the need for BC/DR planning and help IT professionals to benchmark their current DR practices and implement ways to improve DR planning and recovery in the event of an outage or disaster.

So, given the results of the Tech Target report, you need to ask yourself where BD/DR falls on your list of priorities this year.  Maybe you’ve got a formal plan and a budget for BC/DR but many companies still do not.  That doesn’t mean you can’t start to develop and/or improve your business continuity strategy today.

...

http://drbenchmark.org/where-is-bcdr-on-your-list-of-priorities/

Leading institute for business continuity recognizes BC planning and management company for best software and industry personality of the year


PHILADELPHIA, Pa. – The 2014 Business Continuity Institute (BCI) North America Awards took place on Sunday March 30th as part of the Disaster Recovery Journal (DRJ) Spring World 2014. At the event, BCI recognized Strategic BCP® in two categories:

    1. ResilienceONE® BCM Software as “Business Continuity Product of the Year”
    2. Frank Perlmutter (CBCP/MBCI) as “Industry Personality of the Year”

Why ResilienceONE was awarded “Business Continuity Product of the Year”: Since 2004 ResilienceONE BCM software from Strategic BCP has provided Business Continuity professionals a comprehensive, convenient way to manage risk, continuity, and resilience. It provides a simple way to achieve Business Continuity, Disaster Recovery, Business Impact Analysis, Risk Assessment, and Crisis Management—including guaranteed compliance with 30 leading industry standards—all within one cloud-based solution. Built upon a time-tested framework of simplified user input and powerful relational-database analysis, it is well-received by both clients and the industry, including nearly 70,000 end users and 98% client retention rate since product inception.


Why Frank Perlmutter was awarded “Industry Personality of the Year”: As president and co-founder of Strategic BCP, Frank’s outspoken and unequivocal passion for advancing the discipline of business continuity is evident throughout every aspect of his professional life. As hands-on practitioner/consultant, he demonstrates unique creativity in cost-saving BC practices. As BC industry evangelist, he leads several LinkedIn vertical market groups and advocates upgraded BC practices and profiles among the 6,000 practitioners (experienced and new) attending his scores of seminars. In 2013, he adapted his revolutionary BCP Genome™ to ensure full compliance with 30 industry standards for ResilienceONE users, then freely shared the principles with the industry, via seminar and white paper.


“Frank’s foresight and business continuity planning and management solutions have long been praised in our industry, says BCI US Chapter President Doug Weldon (FBCI). “We congratulate Strategic BCP.”


About Strategic BCP
Strategic BCP® represents a team of business continuity management specialists who empower organizations of all sizes to build cost-effective, action-based plans that can be implemented immediately in the event of downtime. The company’s award-winning BCM software, ResilienceONE®, integrates risk assessment and management, BC plan development and maintenance, incident management, and compliance issues in one comprehensive easy-to-implement solution. It features proprietary algorithms and metrics that automate cumbersome tasks and provide comprehensive

Citicus has signed a licensing agreement with ISACA® to provide support for COBIT 5® in its award-winning risk and compliance management software, Citicus ONE. The combination of Citicus ONE and COBIT 5 provides a unique toolkit for organizations that want to adopt, reference or align with the industry-leading COBIT framework for the governance and management of enterprise IT.

Using Citicus ONE with COBIT 5 will enable organizations to:

  • Benchmark their enterprise IT against the 37 COBIT 5 enabling processes and their supporting activities
  • Assess the status of their information security programme against the COBIT 5 for information security specification
  • Identify, record and track actions needed to conform with the COBIT recommended practices
  • Monitor progress towards full alignment with the COBIT 5 framework over time.

COBIT 5 is the latest edition of ISACA’s globally accepted framework, providing an end-to-end business view of the governance of enterprise IT that reflects the central role of information and technology in creating value for enterprises. The principles, practices, analytical tools and models found in COBIT 5 embody thought leadership and guidance from business, IT and governance experts around the world.

Citicus ONE is a leading governance, risk and compliance software tool available either as an on-demand hosted service or as an in-house installable solution. As well as supporting COBIT 5, Citicus ONE contains an extensive library of other standards such as ISO27001, PCI-DSS, ISF SoGP and NIST and can be easily customized to incorporate an organization’s own policies and standards.

Simon Oxley, managing director at Citicus says, “We are delighted to integrate the capabilities of Citicus ONE with the rich content of the COBIT 5 framework.  Our customers are under increasing pressure to maximize the benefits from their risk and compliance management activities and the ability to use Citicus ONE as a support tool for COBIT implementation is a real help to them.”

About Citicus (www.citicus.com)
Citicus Limited was formed in 2000 by Sian Alcock, Marco Kapp, and Simon Oxley.  Its award-winning Citicus ONE risk and compliance management software has been implemented in public and private sector enterprises of all sizes around the world, and Citicus’ partnership relationship with customers helps them implement and run their risk programmes successfully.

It’s been an extraordinary month, with scenarios that include a missing plane (see Divya Yadav’s research note); another round of deaths at Fort Hood just as the report on lessons learned in the Washington Shipyard was released; a Supreme Court decision that makes us wonder if the justices believe that free speech is the same as money; and, right in our backyard, a devastating mudslide from which not all the bodies have been removed.

The month also included the first meeting of the mayor’s City of Seattle Disaster Recovery Plan Executive Advisory Group, of which I am a member. This group is charge with imagining how recovery efforts, not the response itself, might proceed, and to consider how some planning now might make decisions easier to make after a catastrophic event such as an earthquake:  “what policy changes, planning or other strategies should be acted on now?  How will we ensure we have the necessary resources (staff, equipment, facilities, etc.) to get back to acceptable levels of service and to meet our legal mandates?”

...

http://anniesearle.createsend.com/t/ViewEmailArchive/r/ED5F90523766F0B22540EF23F30FEDED

Computerworld — Try this: Go online to translate.google.com.

In the left-hand input box, type, "The spirit is willing, but the flesh is weak." In the right-hand box, decide which language you want it translated to. After it's translated the first time, copy the translated text and paste it into the left-hand box for conversion back into English.

If you don't get exactly the original text, the back-translation will in all likelihood still reflect at least part of the original thought: That the actions of the subject fell short of his or her intentions and not that the wine was good but the meat was tasteless, which the phrase could mean in a literal translation.

...

http://www.cio.com/article/751443/AI_Gets_its_Groove_Back

IDG News Service — Four researchers working separately have demonstrated a server's private encryption key can be obtained using the Heartbleed bug, an attack thought possible but unconfirmed.

The findings come shortly after a challenge created by CloudFlare, a San Francisco-based company that runs a security and redundancy service for website operators.

CloudFlare asked the security community if the flaw in the OpenSSL cryptographic library, made public last week, could be used to obtain the private key used to create an encrypted channel between users and websites, known as SSL/TLS (Secure Sockets Layer/Transport Security Layer).

...

http://www.cio.com/article/751440/Tests_Confirm_Heartbleed_Bug_Can_Expose_Server_39_s_Private_Key

Due to the complexities of making products, most manufacturers are used to having large influxes of data from machines, processes, shipping, etc. What may be new to these companies, though, is having tools to retrieve actionable information from these piles of Big Data.

LNS Research and Mesa International teamed up to compile a survey of manufacturers on how they are using new technologies. Among the information gathered was how these companies felt they could use Big Data from the manufacturing plants and the overall enterprise. Of the more than 200 responses, 46 percent felt that Big Data analysis could help them “better forecast products” and production. Another 39 percent believed that Big Data mining will allow them to “service and support customers faster.” Other metrics from the survey include:

...

http://www.itbusinessedge.com/blogs/integration/big-data-can-provide-manufacturers-bigger-efficiencies.html

The number of countries with downgraded political risk ratings grew in the last year, as all five emerging market BRICS countries (Brazil, Russia, India, China, South Africa) saw their risk rating increase, according to Aon’s 2014 Political Risk Map.

As a result, countries representing a large share of global output experienced a broad-based increase in political risk including political violence, government interference and sovereign non-payment risk, Aon said.

The 2014 map shows that 16 countries were downgraded in 2014 compared to 12 in 2013. Only six countries experienced upgrades (where the territory risk is rated lower than the previous year), compared to 13 in 2013.

Aon noted that Brazil’s rating was downgraded because political risks have been increasing from moderate levels as economic weakness has increased the role of the government in the economy.

...

http://www.iii.org/insuranceindustryblog/?p=3627

On Tuesday 18th March 2014, as part of the Business Continuity Awareness Week activities, we witnessed the first ever BC Flash Blog. This is probably a new term to most readers, it is a virtual Flash Mob – but instead of a dance routine the participants wrote and published their own blog post or article.

The event featured 22 writers, from all sectors of the BC industry – and from various corners of the globe. All the articles were on the same subject, and published at the same time. In keeping with the BCAW theme, the subject was “Counting the costs, and benefits, for business continuity”, with each writer taking their own, unique, perspective on this issue.

If you haven’t already done so, you can find links to all 22 of these blogs here. If we do nothing else, we can at least pay these writers the respect of reading their work.

...

http://thebceye.blogspot.com/2014/04/business-continuity-flash-blog.html

CSO — Size matters when it comes to security, according to Davi Ottenhelmer. Ottenhelmer, senior director of trust at EMC, titled his presentation at SOURCE Boston Wednesday, "Delivering Security at Big Data Scale," and began with the premise that, "as things get larger, a lot of our assumptions break."

The advertised promise of Big Data is that it will help enterprises make better decisions and more accurate predictions, but Ottenhelmer contends that is placing far too much trust in systems that are not well secured. "We're making the same mistakes we've made before," he said. "We're not baking security into Big Data we're expecting somebody else to do it later on." Ottenhelmer, who is completing a book titled,A "Realities of Big Data Security," said he does defense research, and focuses on avoidance and detection. "Avoidance is the best way to escape a damaging attack," he said. "You can move data centers at real-time speeds. You can keep the old one as honeypot, and just observe what's going on with it without causing any harm. Big Data allows it now more than ever."

...

http://www.cio.com/article/751414/As_Companies_Grow_Managing_Risks_Gets_More_Complex