Fall World 2016

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 29, Issue 2

Full Contents Now Available!

Jon Seals

If it seems like businesses are fighting a losing battle against malware and other security threats, it could be because they are.

A new study conducted by ThreatTrack Security found that security professionals are losing ground in the battle against cybercriminals and other adversaries compared with a similar study conducted two years ago:

The study found organizations still struggle mightily with how to combat cybercrime, despite lessons learned from spectacular cyberattacks on Target, Sony and the U.S. government in the last couple of years. There seems to be a growing sense of realism regarding the difficulties of fighting cybercrime, and it’s clear that analyzing advanced malware still takes too long. For most companies, it takes anywhere from one to 24 hours, despite the availability of tools that enable them to analyze code and malicious behavior in minutes.

According to the study, only 20 percent of respondents to the study said they feel their security defenses have improved since the last study (that’s compared to nearly 40 percent who saw improvement two years ago).

...

http://www.itbusinessedge.com/blogs/data-security/why-it-seems-like-cybersecurity-is-a-losing-battle.html

Monday, 01 February 2016 00:00

The strategic value of resilience

When I started this series of blog posts about the future of resilience, I wanted to address its potential to add value by bridging the divide between risk management and performance improvement. My first resilience blog post introduced the topic and defined organizational resilience. This is the forth and final blog post in this series, which focuses on its strategic value.
 
If organizational resilience is to earn its place on the board’s agenda, it must demonstrate value in terms that the board understands and recognises as strategically important. Otherwise, Resilience Managers will find themselves, like Harry Potter and the Business Continuity Managers I described in my People Resilience post, consigned to the cupboard under the stairs only to be summoned in case of emergency. Resilience becomes strategically important when it demonstrably enables and facilitates achievement of the organization’s Strategic Objectives. Referring to the diagram above, the first step to operationalise resilience in The Organization Today and then embed resilience into the organization’s strategic Transformative Programmes that will deliver The Desired Future State. 
 
So how does this work in practice?
 
...
 

Sickweather, a disease surveillance company based in Baltimore, has made its illness data available to developers so they can create apps that present disease forecasts and outbreak maps. The company's Sickweather mobile app is already available for iTunes and Android users, touting itself as a Doppler radar for sickness.

In a phone interview, CEO Graham Dodge suggested that disease forecasts could become common conversational fodder alongside weather forecasts, thanks to social media, the source of the company's illness data. Already, AccuWeather has incorporated disease forecasts into its StoryTeller content platform. Meanwhile, Johnson & Johnson and thermometer-maker Swaive are using the company's data in their respective mobile apps.

Through Sickweather's API, developers can fetch JSON-formatted data about illness reports at specific map coordinates, disease forecasts for a given area, and contagion threat level scores for leading sources of illness. The API can also receive illness reports from developers' apps.

...

http://www.informationweek.com/mobile/mobile-applications/flu-forecasting-app-helps-your-boss-marketers-plan-ahead/d/d-id/1324115

By now you’ve surely heard that moving forward, every company will be a software company, and that shift is happening now as companies large and small scramble to transform into digitally-driven organizations.

Wherever you turn, businesses are facing tremendous disruptive pressure. What’s interesting is that the theory about how firms should be dealing with this massive change is itself in flux, transforming if you will, as organizations come to grips with the idea that the most basic ways they do business are being called into question.

Just over a year ago when I researched this topic, I found that the general method for dealing with disruption was developing pockets of innovation inside a company using labs or incubators to prime the innovation pump. Today, when I explore the same issues, I’m finding that companies are taking a much more comprehensive approach that has to do with reviewing every department and business process in the organization.

...

http://techcrunch.com/2016/01/31/digital-transformation-requires-total-organizational-commitment/

There are one million cybersecurity job openings in 2016. Where are all of those jobs? This week we take a look at the cybersecurity job boom in the U.S. government sector.

The Office of Personnel Management (OPM) suffered the largest cyber attack over the past year, resulting in the theft of contact records on more than twenty million people including those who applied for government security clearances and went through background checks, and nearly two million spouses and domestic partners of those applicants. As the OPM hack news unraveled, it got worse — revealing that hackers stole the digital fingerprints of more than five million people employed by the U.S. federal government… the same fingerprints that are sometimes used for access to so-called locked down buildings and computers.

OPM recently announced it is hiring 1,000 new cybersecurity professionals, which have been approved by the U.S. Department of Homeland Security (DHS). Federal News Radio recently listed the duties the new cyber hires will carry out – which includes cyber risk and strategic analysis, incident handling and malware/vulnerability analysis, program management, distributed control systems security, cyber incident response, cyber exercise facilitation and management, cyber vulnerability detection and assessment, network and systems engineering, enterprise architecture, intelligence analysis, investigation, investigative analysis and cyber-related infrastructure interdependency analysis.

...

www.forbes.com/sites/stevemorgan/2016/01/31/help-wanted-1000-cybersecurity-jobs-at-opm-post-hack-hiring-approved-by-dhs/

JEFFERSON CITY, Mo. – Missouri homeowners, renters and business owners are eligible and encouraged to purchase National Flood Insurance Program (NFIP) policies even if their home or business isn’t located in a flood plain or high-risk zone.

The NFIP aims to reduce the impact of flooding on private and public structures. It does so by providing affordable flood insurance and encouraging communities to adopt and enforce floodplain management regulations.

NFIP insurance is available to homeowners, renters, condo owners/renters, and commercial owners/renters. But in order to purchase a policy the residence or business must in a community that participates in the NFIP. Missouri communities in the program are listed here — http://www.fema.gov/cis/MO.html. Other communities can request to be added if they meet certain criteria.

More than 70 private insurance agents or agencies in Missouri are certified to sell and service NFIP policies, including all of those listed on this link — http://www.fema.gov/wyo_company

Residents can also contact their own insurance agent or company to find out more about federal flood insurance or find an agent serving their area by filling out the One-Step Flood Risk Profile on the FloodSmart.gov home page (www.floodsmart.gov).

Costs vary depending on how much insurance is purchased, what is covered and the property's level of flood risk. Those in moderate- to low-risk areas can purchase a special Preferred Risk Policy (PRP) that provides building and contents coverage for one low-price. Typically, there's a 30-day waiting period from date of purchase before your policy goes into effect.

Why is an NFIP policy necessary if federal aid is available after a flood? Federal disaster assistance typically comes in the form of small grants or low-interest loans to help cover flood damage, not to fully compensate for losses. Even then, those grants and loans are only available if the president formally declares a disaster. NFIP policies are not dependent on a federal disaster declaration.

Flooding occurs in moderate- to low-risk areas as well as in high-risk areas due to factors like poor drainage systems, rapid accumulation of rainfall, snowmelt, and broken water mains. In addition to floods, NFIP policies also cover damage from mudflows. In fact, over 20-percent of all flood insurance claims come from areas outside of mapped high-risk flood zones.

NFIP policyholders who have questions about their flood insurance policy or the claims process, as well as disaster survivors who have general questions about the program, can contact the support hotline by calling toll-free 800-621-3362. For individuals who are deaf, hard of hearing or have a speech disability using 711 or VRS, please call 866-337-4262. For individuals using a TTY, please call 800-462-7585.

###

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status.  If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

FEMA’s mission is to support our citizens and first responders and ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

For real-time disaster updates, follow us on Twitter at https://twitter.com/femaregion7 and turn on mobile notifications.

 
State/Tribal Government or Region: 

When you’re trying to determine your IT DRP strategy, you can have many options open to you and you can’t just dismiss them without good reason.  Identify the pros and cons of each solution and document them so you can see which option is best for you – or at least the top 3 solutions that work best for you and have the best bang for your buck. 

When you have met with the various vendors or partners – this means meeting with internal and external sources depending on the solution, and determined everything from resources needed (physical and financial) and the details of each option (documented), it’s then time to take it up the ladders.  You don’t just make the decisions on your own or with a small group of people; you’ve got to get approval from Senior Leadership, as ultimately, they are the ones who’ll be paying for everything.  They need to understand the how’s and why’s of doing what you propose so they can make the right decision based on need.  Remember, they might have other plans in the works that you aren’t privy too – yet – and might need to discuss amongst themselves and some of their team members which option is best based on information you may not have at your disposal.

...

https://stoneroad.wordpress.com/2016/01/30/bcm-dr-getting-agreement-on-the-it-drp-strategy/

The annual addresses delivered by governors around the country underscored policy priorities that routinely top the lists of state chief executives — education, economic vitality, health care and transportation. And while state-to-state differences are evident, what also comes through is that many elected leaders now see technology as an important tool that helps meet their policy objectives. And many of them are talking about it.

Data-Driven Dialog

The most viable solutions come from well-informed policymakers. This year’s speeches revealed that data-driven government is catching on. Many governors, including New Mexico’s Susana Martinez, talked about the role of data in powering more effective education policies. Martinez touted the role of data in reducing truancy and setting students on a path to success, while Washington Gov. Jay Inslee noted its importance in tackling the issue of gun violence. New Jersey Gov. Chris Christie spotlighted data analysis that found that more than 86 percent of the state’s costliest Medicaid users suffer from mental illness and/or substance abuse. That finding is fueling improvements to treatment options that can also help lower costs. 

...

http://www.govtech.com/state/2016-State-of-the-State-Addresses-Does-Technology-Matter.html

Monday, 01 February 2016 00:00

Marsh launches new cyber risk facility

Insurance broker Marsh has launched a new global excess cyber risk facility, Cyber ECHO, which provides insurance coverage for organisations globally.

Following a series of high-profile cyber losses, underwriters have become more selective, according to Marsh, and in some cases are reducing the amount of capital they are willing to deploy on certain risks – especially those involving health care and payment card data.

This is particularly acute in the excess cyber market, where rates have more than doubled in the US over the last 12 months, said the firm.

“Cyber ECHO brings greater stability to the excess market with up to $50 million in ‘follow form’ coverage for clients of any industry sector and risk profile around the world,” said Marsh.

...

http://www.intelligentinsurer.com/news/marsh-launches-cyber-risk-facility-7716

What if you were able to give everyone in your organization the flexibility and freedom to securely work anywhere in the world and on any device? What types of productivity gains would your company see as a result? What efficiencies or cost savings might your IT department receive from moving desktops to your datacenter and managing these virtual workstations through one single pane of glass?

social-03 

Our Cisco UCS team is excited to present the new Maxwell generation NVIDIA Tesla M6 GPU for the Cisco UCS B200M4 Blade and the NVIDIA Tesla M60 GPU for Cisco 2U Rack Rack Servers. Cisco and NVIDIA have joined forces to deliver this new graphics solution.  Combining security, reliability and manageability from Cisco UCS and adding NVIDIA’s GRID technology, we’re able to deliver performance and speed needed to run high-end applications on virtual desktops. What’s better is that you have two form factor options to fit your organization’s’ data center footprint.

...

http://blogs.cisco.com/datacenter/from-desktop-to-data-center-changing-the-game-with-graphics