Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 27, Issue 3

Full Contents Now Available!

Jon Seals

The NFPA Technical Committee on Emergency Management and Business Continuity will meet between March 25th-27th 2014 to discuss progress on the 2016 edition of NFPA 1600.

The agenda for the First Draft Meeting, which will take place at Hilton St. Petersburg Carillon Park, St. Petersburg, FL, is as follows:

1. Starting time: 8:30 a.m., March 25, 2014.

2. Welcome (Don Schmidt, Chair)

3. Self-introduction of members and guests

4. Approval of Minutes of Pre-First Draft Meeting, Salt Lake City, 2013 Oct 22-23

5. Approval of agenda

6. NFPA staff liaison report (Orlando Hernandez)
Committee membership update
Distribution of sign-in sheets

7. Organizational reports/News related to NFPA 1600

8. Task group reports

9. Act on Public Comments to NFPA 1600. Take any other actions necessary to complete the ROC for NFPA 1600.

10. Old business.

11. New business

12. Adjourn

To read the minutes of the October 22nd-23rd meeting click here (PDF).

Risk levels and uncertainty change significantly over time. Competitors make new and sometimes unexpected moves on the board, new regulatory mandates complicate the picture, economies fluctuate, disruptive technologies emerge and nations start new conflicts that can escalate quickly and broadly. Not to mention that, quite simply, stuff happens, meaning tsunamis, hurricanes, floods and other catastrophic events can hit at any time. Indeed, the world is a risky place in which to do business.

Yet like everything else, there is always the other side of the equation. Companies and organizations either grow or face inevitable difficulties in sustaining the business. Value creation is a goal many managers seek, and rightfully so, as no one doubts that successful organizations must take risk to create enterprise value and grow. The question is, how much risk should they take? A balanced approach to value creation means the enterprise accepts only those risks that are prudent to undertake and that it can reasonably expect to manage successfully in pursuing its value creation objectives.

...

http://www.corporatecomplianceinsights.com/the-risk-appetite-dialogue/

Computerworld — Now, here's a noble goal. U.K. telecom giant Orange on Friday (Feb. 21) launched a campaign to encourage companies to be much more transparent about the data they are collecting with their mobile apps, as well as helping consumers to better control how such data is used. Laudable, really -- and terribly unrealistic.

I'm not even talking about the fact that most companies would rather not be transparent about why they retain consumer data. ("We're trying to get you to buy expensive stuff that you don't need and probably don't even really want. Why do you ask?") The real problem is that you can't disclose what you don't know.

And companies seem to know frighteningly little about what their mobile apps are doing, if efforts by Starbucks, Delta, Facebook, Match.com and eHarmony are any indication.

...

http://www.cio.com/article/748725/Transparency_About_Data_Retention_Requires_Knowing_What_You_have

There is no question that technology today forms the core of business. In their role of facilitating transactions and storing sensitive data—the data of both the staff of the company and the stored data of the clients—the systems and networks of companies are increasingly under siege. This makes data both the most precious asset to the corporation, and the most vulnerable. Losing it may cause irrevocable damage to the reputation of a business, and thereby also the trust of shareholders. Logically, then, network security should be a key focal point in the disaster recovery plan of any business that wishes to stay afloat.

How, then, do we prepare our businesses to deal with threats to network security?

...

http://www.opscentre.com.au/blog/the-importance-of-network-security-in-disaster-recovery-planning/

InfoWorldAdvanced persistent threats have garnered a lot of attention of late, deservedly so. APTs are arguably the most dangerous security concern for business organizations today, given their targeted nature.

An APT attack is typically launched by a professional organization based in a different country than the victim organization, thereby complicating law enforcement. These hacking organizations are often broken into specialized teams that work together to infiltrate corporate networks and systems and extract as much valuable information as possible. Illegally hacking other companies is their day job. And most are very good at it.

By all expert opinion, APTs have compromised the information infrastructure of any relevant company. The question isn't whether you've been compromised by an APT, but whether you've noticed it.

...

http://www.cio.com/article/748682/6_Lessons_Learned_About_the_Scariest_Security_Threats

Resiliency is generally defined as the ability of an organization to (a) withstand threats that could have significant impact and (b) recover from any disruption within the thresholds set by the business.  Resiliency is often, mistakenly, considered the responsibility of IT.  Technological resiliency is of paramount importance, but cannot alone assure the resilience of an organization.

One of the ways to become more resilient is to reduce risk exposure and thereby increase the organization’s ability to withstand threats.  How can this be achieved?

A Ground-Up Approach to Risk Reduction

Understand that risks are inherent in the assets (sites, people, processes, IT services and subsystems, suppliers, equipment, etc.) that vital operations rely on. Risk reduction efforts should focus on decreasing the risk exposure of those critical assets. Decreasing risks at this granular level can, with their cumulative effect, reduce the organization’s overall risk exposure.

...

http://ebrp.net/reducing-risk-exposure-a-first-stride-on-the-path-to-resiliency/

In reviewing the results of the new 2014 Annual Report on the State of Disaster Recovery Preparedness from the Disaster Recovery Preparedness Council in this blog, I’ve focused on the bad news so far.  Based on hundreds of responses from organizations worldwide, the Annual Report provides several insights into the best practices of companies that are better prepared to recover from outages or disasters.

You can download the report for free at http://drbenchmark.org/

OK, so here’s the good news.  Some companies seem to be doing much better at preparing for outages and they exhibit certain traits that distinguish them from others who are not doing so well.

...

http://drbenchmark.org/the-good-news-best-practices-emerging-from-dr-preparedness-research/

CHICAGO – Just a few inches of water can cause tens of thousands of dollars in damage to your home. A flood insurance policy could protect you from the devastating out-of-pocket expenses caused by flooding.  

Don’t wait until it’s too late. A policy takes 30 days from application and payment to go into effect. And a typical homeowner’s insurance policy does not cover floods.

“Snow thaw and the potential for heavy spring rains heighten the flood risk throughout our area in the coming months,” said FEMA Region V Administrator Andrew Velasquez III.  “A flood insurance policy is the best option to protect your home from the costly damage floodwaters can cause.”

Historically, flooding has resulted in millions of dollars in damages throughout the state of Wisconsin. In 2010, heavy rains dumped nearly 8 inches of water in a two hour period over the city of Milwaukee, resulting in more than 23,000 reports of damage from local residents. Last June, severe thunderstorms dumped a total of 8-13 inches of rain over northwestern, southwestern, and south central Wisconsin causing significant damage.  Some areas received 1-2 inches of rainfall per hour that resulted in flash flooding and mudslides. 

FEMA recommends that all Wisconsin residents visit FloodSmart.gov or call 1-800-427-2419 to learn how to prepare for floods, how to purchase a flood insurance policy and the benefits of protecting your home or property investment against flooding. You can also contact your insurance agent for more information.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at twitter.com/femaregion5, www.facebook.com/fema, and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at twitter.com/craigatfema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

IDG News Service (Washington, D.C., Bureau) — The U.S. Congress should pass a law requiring businesses that have lost customer information in cyberattacks to notify those affected, U.S. Attorney General Eric Holder said Monday.

In light of recent data breaches, including at Target and Neiman Marcus, a data-breach notification law would help the U.S. Department of Justice combat crime, protect privacy and prevent identity theft, Holder said in a video message.

"As we've seen -- especially in recent years -- these crimes are becoming all too common," Holder said. "And although Justice Department officials are working closely with the FBI and prosecutors across the country to bring cybercriminals to justice, it's time for leaders in Washington to provide the tools we need to do even more: by requiring businesses to notify American consumers and law enforcement in the wake of significant data breaches."

...

http://www.cio.com/article/748691/US_Attorney_General_Calls_for_Data_breach_Notification_Law

C-level executives are struggling with a very real problem: how to gain access to the real-time data that drives their business. In the new on-demand economy, if an enterprise doesn't have control of its real-time data, it's difficult to compile meaningful results that help a business grow and compete.

Most conventional enterprise performance management (EPM) platforms were designed for a slower business climate and fail to produce actionable insights from current and relevant data inside a relevant window of opportunity. In addition, most older implementations are complex and difficult to manage, requiring power users to serve as data gatekeepers. Automation is what it's all about in 2014.

However, EPM is evolving, and as a result, it's changing the way enterprises operate around the world.

...

http://www.itbusinessedge.com/articles/how-enterprises-can-get-better-access-to-real-time-data.html