Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 29, Issue 4

Full Contents Now Available!

Jon Seals

Wednesday, 17 August 2016 00:00

BCI: Raising awareness of cyber resilience

The Business Continuity Institute - Aug 17, 2016 09:24 BST

Chosen by those working in the industry, the theme for Business Continuity Awareness Week 2017 will be cyber resilience, and the event itself will be held between the 15th and 19th May 2017.

As the world becomes more and more digital, so do the threats that it faces. Just as we need to protect our organizations from the disruptions that occur in the physical world, we also have plans in place to deal with disruptions in the virtual world.

We have witnessed large organizations like eBay, Target and Sony all suffer the consequence of a data breach. We have seen an increase in the magnitude of DDoS attacks like the one that brought down the BBC's website over the new year. We are experiencing an increase in the occurrence of ransomware attacks on all sizes of organizations including hospitals and local authorities. No longer can we think "it will never happen to me".

As the Business Continuity Institute's latest Cyber Resilience Report showed, two-thirds of organizations had experienced at least one cyber security incident during the previous twelve months, and 15% had experienced at least ten. Given the prevalence of the threat, it perhaps no surprise that the BCI's Horizon Scan Report noted that, of all the possible causes of disruption, cyber attacks and data breaches were the top two concerns for business continuity professionals. It is therefore extremely fitting that this will be the theme for BCAW next year.

The BCI will soon start to publish some helpful resources for you to use, but in the meantime, make sure you save the date. Also think about how you could get involved, and how you will help to raise awareness of the need for business continuity and the importance of cyber resilience.

The theme was chosen following the results of a feedback survey published after BCAW 2016. Of all the suggestions made for a theme for BCAW 2017, one-third related to cyber resilience, making it the clear favourite. The survey also asked whether people preferred BCAW being held in May, whether it was better when it was held in March, or whether another month should be chosen. An overwhelming four-fifths preferred the May date.

New Trusted Choice® survey shows that many homeowners lack basic financial protections to withstand unexpected disasters

ALEXANDRIA, Va. —As disaster season peaks, a new national consumer survey commissioned by Trusted Choice® and the Independent Insurance Agents & Brokers of America (IIABA or the Big “I”), reveals that many homeowners lack adequate insurance coverage, do not fully understand their homeowners policies and do not have enough savings to support their households in the event of a disaster.

The August 2016 homeowner survey found:

  • At least 73% of respondents don’t have a flood insurance policy that is separate from their homeowners coverage;
  • More than 40% of those surveyed don’t have or don’t know if they have coverage that will fully replace their belongings and home in the event of a disaster;
  • At least 28% of homeowners polled do not have enough savings to support their households for even one month after a disaster if they had to leave their home. Only one-third said they could support their household for more than three months in this circumstance.
  • Less than one-third of respondents have an up-to-date and complete home inventory stored away from their premises.

“Most people think that a basic homeowners policy will cover them in the event of a disaster, however these new findings highlight that a startling number of homeowners have not taken some of the most basic steps to adequately prepare for a disaster such as a hurricane, flood or fire,” says Robert Rusbuldt, Trusted Choice® president and Big “I” president & CEO. “This is disturbing as hurricane and wildfire seasons are about to peak, affecting many parts of the country.

With almost three-quarters of respondents lacking proper flood insurance coverage, they are completely vulnerable and have no protection from damage caused by rising water or flooding including common problems such as seepage of underground water into a home, leaky roofs and toppled trees from saturated soil. According to FEMA, floods are the leading disaster in the United States, and people outside high-risk flood areas file more than one-fifth of all National Flood Insurance Program (NFIP) flood insurance claims.

“It is very troubling—with flooding being so pervasive and hurricane season in full swing—that this large majority of homeowners is risking everything,” says Madelyn Flannagan, Big “I” vice president of agent development, research and education. “A little planning and knowledge can go a long way. Homeowners should consult with their Trusted Choice® independent insurance agent to find out more about flood coverage and other gaps in their insurance.”

The survey also showed a lack of basic understanding regarding standard homeowners insurance coverage. More than one-fifth of survey respondents didn’t know whether they have replacement cost coverage for their belongings and home (which allows them to replace lost possessions with new items) or if they have actual cash value coverage (which takes depreciation of the structure and personal items into consideration). In most standard homeowners policies actual cash value is the default coverage.

“The risk of financial ruin in the event of a major disaster is significantly higher for those homeowners who have only actual cash value coverage because they cannot fully recoup their losses,” continues Flannagan. “Sadly, this survey shows that only 58% have replacement cost coverage. Trusted Choice® recommends homeowners purchase replacement cost coverage and take a hard look at their finances to ensure they are prepared.”

Unfortunately, this new research shows that more than half of those surveyed (56%) have just enough savings to support their households for three months or less if they had to temporarily move away as a result of a disaster to their property. Notably, 28% said they couldn’t sustain for even a month. Most alarming, 14% of those surveyed reported that their savings would be drained in less than a week. For off-premises living expenses in these cases, a standard homeowners policy provides only limited protection (usually 10% of the coverage on your home) and a flood policy provides NO COVERAGE.

The survey was conducted for Trusted Choice® and the Big “I” by MFour Mobile Research, Inc. using MFour’s Surveys on the Go® Smartphone Application Panel which includes Apple and Android mobile device users. MFour is an independent research company headquartered in Irvine, California. Interviews of a nationally representative sample of 1,000 U.S. homeowners were conducted in August 2016 and weighted by age and gender to represent the general U.S. population over age 18. More information about MFour can be obtained at www.mfour.com.

To request a copy of the complete survey results or an interview with a national spokesperson or a Trusted Choice® insurance agent in your area, please contact Sue Nester (broadcast), (703) 706-5448, susan.nester@iiaba.net or Margarita Tapia (print and online) at (703) 706-5374, margarita.tapia@iiaba.net.

Trusted Choice® educates consumers about the benefits of using independent agents and brokers for their insurance needs: choice of companies, customized policies and advocacy support. Trusted Choice® is the consumer marketing identity for more than 26,000 independent insurance agencies and brokerage firms and 70 leading insurance companies. For more information, go to www.TrustedChoice.com.

Founded in 1896, the Independent Insurance Agents & Brokers of America (IIABA or the Big “I”), is the nation’s oldest and largest national association of independent insurance agents and brokers, representing a network of approximately a quarter of a million independent insurance agents, brokers and their employees nationally. Its members are businesses that offer customers a choice of policies from a variety of insurance companies. Independent agents and brokers offer all lines of insurance—property, casualty, life and health—as well as employee benefit plans and retirement products. Web address: www.independentagent.com.

SAN FRANCISCO – IObit, a leading system utilities and security software provider, today unveiled its brand new IObit Uninstaller 6 which delivers an easier and more secure solution to safely remove Windows built-in apps & problematic updates, get rid of the annoying advertising plug-ins & extensions in popular web browsers especially Microsoft Edge and completely delete stubborn programs.

To combat the ever increasing number of complaints about the unwanted programs that come with Windows 10, IObit Uninstaller 6 offers a simple way to securely uninstall most of preinstalled Windows apps and the outdated, failed or problematic updates. To avoid uninstalling important programs by mistake, IObit Uninstaller 6 provides a detailed list of selected programs before removing them. Meanwhile, the Restore Point allows the users to roll back the uninstalled programs when it’s necessary. Moreover, IObit Uninstaller 6 can detect and remove advertising plug-ins & extensions on most popular browsers even on Microsoft Edge to ensure a faster and more secure online environment. What's more, with improved Powerful Scan, IObit Uninstaller 6 can automatically detect leftover files and registry entries after the uninstall or a third-party uninstall and offer a one-click approach to clean up all the remnants.

IObit Uninstaller 6 Makes It Easy to Remove Windows Built-in Apps & Problematic Updates​​​​​

"After upgrading to Windows 10, there are many built-in apps installed, by default, on the computer," said Antonio Zhang, Marketing Director at IObit. "However, most Windows 10 users have no idea about how to deal with those unwanted and useless apps. Outdated and problematic Windows update is a thorny problem as well. But we provide an easy method to help them. We are focusing on developing light and easy-to-use tools for Windows 10 user to optimize and protect their computers."

Now IObit Uninstaller 6 is available for download on IObit.com and CNET Download.com. It can fully support for Windows 10, 8/8.1, 7, XP and Vista.

About IObit Uninstaller 6

IObit Uninstaller 6 is a portable but powerful uninstall tool to easily and completely remove unwanted programs and stubborn plug-ins & toolbars. Now with an even larger database, IObit Uninstaller 6 can help to detect and remove malicious and ad-based plug-ins & extensions for Microsoft Edge. With the Windows App feature, IObit Uninstaller 6 can remove Windows 10 apps and Windows updates. What's more, Force Uninstall can remove broken files & applications and hidden & unlisted programs, while Powerful Scan can detect and remove all leftover files and registry entries.

About IObit

Founded in 2004, IObit provides consumers with innovative system utilities for Windows, Mac, and Android OS to greatly enhance operational performance and protect their computers and mobile devices from security threats.

www.iobit.com

From where IT professionals sit, these are early days for industrial IoT. Still, the software, hardware, and network ecosystem required for delivering on the promise of IoT will eventually transform the way enterprises think about running everything. Here are four cloud-based industrial IoT startups worth knowing.

Who are the most promising internet of things (IoT) startups? Venture capitalists, sensing the opportunity, are looking for companies to invest in. Millions of dollars are available for technologies with a track record and a good idea. One particular area of interest for us here at InformationWeek is the activity around cloud-based industrial IoT platforms.

From where IT professionals sit, these are early days for industrial IoT. Still, the software, hardware, and network ecosystem required for delivering on the promise of IoT will eventually transform the way enterprises think about running everything.

Industrial operations, supply chain, commerce, and customer service are some of the enterprise environments expected to be dramatically transformed by IoT.

...

http://www.informationweek.com/iot/4-industrial-iot-startups-taking-development-to-the-cloud/d/d-id/1326613

With our recent successes demonstrating NetScaler CPX to developer audiences at DockerCon in Seattle and StackWorld in San Francisco, Citrix is getting ready for LinuxCon in Toronto on August 22.

Stop by the Citrix booth for demos of NetScaler CPX and NetScaler MAS and more. And be sure to catch the keynote on “New Requirements for Application Delivery in a Microservices Application World” from Abhishek Chauhan, Delivery Networks VP and CTO.

The number of attendees and the level of excitement at these shows demonstrate that one of the biggest disruptions in the IT world is happening now. This is the shift to microservices application architectures and the transformation of the server architecture to Linux containers.

Microservices applications are made up of many independent processes that are loosely linked together. New features can be added to an application by installing a new microservice and making it a part of the application infrastructure.

...

https://www.citrix.com/blogs/2016/08/16/getting-to-a-multi-cloud-application-delivery-architecture/

Six in 10 organizations say they must demonstrate compliance and auditing of privileged accounts indicating that privileged account management (PAM) security is now a firm requirement to comply with government and industry regulations.  This is just one of the many findings from a Benchmark Global Survey with responses from more than 500 IT security professionals from organizations around the world.  The findings indicate that privileged account management is not just a security issue, but also a regulatory compliance issue within their organization or industry.

The Survey is part of a new Report, 2016 State of Privileged Account Management that exposes several, significant security gaps in how organizations manage and secure their privileged account passwords and access and shows the extent to which privileged account management security is rising in priority and required for regulatory compliance.

The main reason privileged accounts are so critical to both industry and regulatory compliance is that privileged accounts contain what are known as the “keys to the kingdom.” These accounts have full permissions to computer systems and environments that typically have access to the locations where sensitive data like financial records, classified data or personal identifiable data like email addresses and credit card and social security numbers are stored.  It is ultimately crucial that organizations monitor and track any unauthorized modifications, theft, sabotage and privacy breaches of privileged accounts.  The U.S. Computer Emergency Readiness Team (CERT) has published several recommendations on how to reduce the risk of insider abuse of accounts. To ensure security controls of privileged accounts are much more secure than regular accounts, they recommend applying a “Least Privilege” approach and implementing security policies and controls with strict password creation and management.  Audit and Track Changes and Continuously Discover and Update Accounts are amongst other security recommendations from CERT.

...

http://corporatecomplianceinsights.com/cybersecurity-compliance-regulations-tougher-privileged-accounts/

Storage systems have become their own unique and complex computer field and can mean different things to different people. So how can we define these systems? Storage systems are the hardware that store data.

For example, this may be a small business server supporting an office of ten users or less – the storage system would be the hard drives that are inside of that server where user information is located. In large business environments, the storage systems can be the large SAN cabinet that is full of hard drives and the space has been sliced-and-diced in different ways to provide redundancy and performance.

...

http://blog.krollontrack.co.uk/pieces-of-interest/make-big-avoiding-data-loss-large-storing-systems/

Geary W. Sikich and Joop Remmé pose three questions which aim to enable organizations to explore the relationship between corporate social responsibility and governance risk and compliance activities/obligations.

Introduction

In this article we posit three questions.  The first question is: “Is it a social responsibility of companies that they undertake a comprehensive risk assessment?”  The second question: “Does the notion of conscience and its application to the generation and use of risk information and information in general, create an obligation for the organization to disclose the results of the comprehensive risk assessment?”  The third question: “How do the people in the organization communicate the information from the comprehensive risk assessment to stakeholders and yet preserve security and protect the organization?”

The three questions may, at first, appear simple and straightforward.  However, as we dissect each, we find that there is significant complexity intertwined in these questions.  While this article does not attempt to provide a rigid framework or hard and fast answers to the above questions, it is our intent to set in motion a dialogue regarding corporate social responsibility (CSR) and its relationship with governance risk and compliance (GRC) activities/obligations that form a social contract between the organization and its stakeholders.

...

http://www.continuitycentral.com/index.php/news/erm-news/1333-the-unintended-consequences-of-risk-reporting

I’ve been working with Citrix products for 13 years and a part of Citrix Consulting for almost 5 years. In that time, I’ve realized that the technical challenges have changed from time to time, but the organizational and administrative challenges remain unchanged.

Topics like infrastructure layout, application delivery methods, project, change and release management are often not defined all that well. These circumstances lead to issues like quality constraints and human resources bottlenecks, which have impacts that are often bigger than the technical problems.

As such, I decided to write a blog series about the importance of business processes as they relate to Citrix virtualization products. Given that such processes are specific to every company, please don’t expect to receive a full set of definitions that you can copy and paste into your environment. The intention of this series is to give you a direction and an idea of what such processes might look like.

...

https://www.citrix.com/blogs/2016/08/15/the-importance-of-business-processes-part-1-release-management/

How do you think your company fares in cybersecurity readiness?

This question came to my mind today after reading two articles. The first was a Tech Target article that discussed what every company should know about cybersecurity readiness. One of the points in this piece covered identity management:

This is made up of various plans, policies, procedures and technology aimed at providing appropriate access to information resources and an understanding of how those resources are used and by whom.

Identity management includes areas such as authentication, authorization and access control. And that leads to the second article I read. eSecurity Planet reported on a recent Ponemon Institute and Varonis Systems study found that more than 60 percent of end users are accessing data that they shouldn’t be, but at the same time, less than a third of IT departments are ensuring that only authorized people have access on a need-to-know basis.
 
...