Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 27, Issue 3

Full Contents Now Available!

Jon Seals

The PC is dead. The PC is not dead. The PC is sort of dead, but that’s OK because the new client devices are much cooler.

By now, just about every theory on the PC’s future in the enterprise has been thoroughly consumed and digested by the technorati. And while the term “dead” gets thrown around a lot, it is clear that although the PC is no longer the primary means of data access in the enterprise, neither is it headed for the scrap heap.

A more likely scenario is that the PC will change in both form and function as the enterprise heads into the cloudy, mobility-drive future. The key question, then, is how.

...

http://www.itbusinessedge.com/blogs/infrastructure/make-way-for-the-multi-pc-enterprise.html

There is a 75% chance of an El Niño event in 2013, according to an early warning report published in Proceedings of the National Academy of Sciences (PNAS). The researchers used a new method that uses network analysis to predict weather systems up to a year ahead, instead of the usual six-month maximum of other approaches. The model successfully predicted the absence of El Niño in 2012 and 2013.

El Niño events are characterized by a warmer Pacific Ocean, which results in a disruption to the ocean-atmosphere system. This can lead to warmer temperatures worldwide, droughts in Australia and Southeast Asia, and heavy rain and flooding in parts of the U.S. and South America. If such an event occurred toward the end of 2014, the increased temperatures and drought conditions could persist through 2015.

The researchers suggested that their work might help farmers and government agencies by giving them more time to prepare and to consider investing in flood- or drought-resistant crops.

...

http://www.riskmanagementmonitor.com/new-forecasting-method-predicts-75-chance-of-el-nino-in-2014

The Target data breach is the gift that keeps on giving. It continues to capture attention with new revelations and insights.

The real opportunity for security professionals is to side-step speculation and use the coverage to spark productive conversations. The kinds of discussions that help others understand your value and set the stage for necessary changes.

The latest development was the potential compromise through a third party HVAC contractor. 

Now the details around Target, an ongoing investigation, are still a bit murky. Brian Krebs is on the case and providing a valuable service to the industry. Let’s leave investigation to Brian and take the opportunity to build on his work to improve our organizations.

- See more at: http://blogs.csoonline.com/security-leadership/2984/if-target-got-breached-because-third-party-access-what-does-mean-you#sthash.zZMSvMgx.dpuf

Leading business continuity solution provider Vocal has been awarded the ISO 22301 Standard accreditation

As the world’s first international standard for business continuity management, the ISO 22301 has been developed to ensure that organisations are able to anticipate their clients’, suppliers’ and partners’ abilities to manage the unexpected. Organisations who are awarded the standard understand and prioritise the threats to their business, and are therefore able to minimise the risk of disruption to their stakeholders in the event of an incident. When customers choose a product or service provider, an ISO accreditation is business shorthand for reliability.

In most cases, a robust business continuity management system can help a company to earn an ISO accolade. From fires to IT failures, extremist incidents to torrential rain – anything can happen in the world of business. An accredited organisation must have a system in place which is capable of protecting against, reducing the likelihood of, and ensuring their business’ recovery from any disruptive, dangerous, or damaging incidents.

This year, the iModus Suite, Vocal’s own award-winning business continuity management system, has helped Vocal to reach the ISO 22301 Standard, cementing its position as one of the forerunners of the worldwide business continuity industry.  

 “We are committed to delivering industry-leading services to our customers and exceeding expectations of all our stakeholders in the event of any business disruption,” says Vocal’s Business Continuity Program Lead, Glynnis Kellaway.

“The recommendation from the ISO further underlines the fact that Vocal upholds globally-recognised best practices and continual improvement with respect to our Business Continuity Management System. This furthermore gives our stakeholders more reason to have complete confidence in their relationship with us and their use of our products and notification solutions.”

To find out more about the ISO 22301 accreditation, please visit the following website: http://www.bsigroup.co.uk/en-GB/iso-22301-business-continuity/.

About Vocal and the iModus Suite:

·        Vocal is recognised throughout the world as a trusted innovator of multi award-winning and proven business continuity and communication solutions. In 2007, Vocal launched iModus; the first fully integrated business continuity suite encompassing Notification, Planning, Mapping, Alerting, Staff Safety and Incident Management modules. iModus has been used by many of the world’s largest businesses during major business-affecting incidents, for example the 7/7 terrorist attack in London, the London 2012 Olympics, and the operation which was put in place after Hurricane Sandy caused devastation to the US east coast.

·        iModus now operates in over 85 countries and is a key part of the critical plans of a large number of global organisations.

·        As well as providing solutions to various challenges, Vocal provides its clients with exceptional technical support and accomplished account management, underpinned by a 24/7 customer service team which ensures that clients get the most out of their iModus suite.

New Data Center Facilities, Enhanced Cloud Services and

Leading Partnerships Capture Market Share

BATON ROUGE, La. – Further elevating its leadership in business continuity, cloud-based virtualization, and battle-tested data recovery, Venyu today announced a strong finish to FY2013. The notable results underscore the company’s value as a proven leader in cloud-based services as well as its ability to cost-effectively secure and protect mission-critical data.

In September, Venyu announced its acquisition by EATEL, a leading regional telecommunications service provider.  The agreement provides access to new growth opportunities and resources, while strengthening complementary service lines with integrated business solutions.  As a wholly-owned subsidiary of EATEL, Venyu is now focused on accelerating company growth beyond its regional service areas and into new markets.

The company also broke ground on its data center expansion in Baton Rouge, LA in 2013. The new data center will open in April 2014.  Highlighting an ability to provide quality, secure cloud-based services, the data center is designed to guarantee the highest levels of security, uptime, connectivity, and redundancy.  The footprint features fully redundant power distribution, climate control, and fire suppression – with an enhanced emphasis on power density and management. 

“Whether we’re offering cloud hosting, backup, or colocation, companies rely on Venyu as a strategic business partner to help protect their digital assets and cost-effectively augment their IT services,” said Scott Thompson, CEO of Venyu.  “As the demand for more value-added cloud services continues to increase, we will meet these challenges by expanding our offerings with leading applications supported by the industry’s best customer service and support teams.”

Additionally, Venyu’s agreement with Alert Logic now provides access to superior data protection through full integration of intrusion detection and log management.  The partnership is the foundation for Venyu’s Web Security Manager (WSM) – an enhanced layer of security, blocking suspicious traffic at the firewall and appliance level, and protecting web servers from attack without compromising availability.

Venyu also partnered with CMA Technology Solutions in an effort to support joint customers using IBM System i Power Servers.  With the CMA Series I technology infrastructure – a new resource placing IBM servers within Venyu’s data centers – legacy users can now harness Venyu’s RestartIT® cloud-based backup and recovery services.  Spotlighting several 2013 successes, Venyu partnered with Coretelligent to bring data backup services to venture capital investment firms in New England and to California’s Bay area and provided Baton Rouge-based Woman’s Hospital – one of the nation’s first specialty hospitals recognized for superior care of women and infants - with disaster recovery services. 

Rounding out the year, the Louisiana-based business collected high marks from the industry with a range of accolades, including:

To find out more or connect with Venyu for back-up, recovery, colocation and managed services, please visit www.venyu.com

About Venyu

Venyu is a premier provider of data center, managed hosting, cloud, virtualization and data protection solutions. By leveraging Venyu's portfolio of innovative, ROI-focused solutions, including VenyuCloud and RestartIT, within secure, highly available data centers, organizations can reduce IT costs while increasing security and scalability. For more information about Venyu and its industry-leading offerings, please visit www.venyu.comYour Data Made Invincible™.

Mark Kedgley examines the importance of real-time file integrity monitoring in a constantly and quickly evolving threat landscape.

Few experts would argue against the importance of real-time file integrity monitoring (FIM) in an era of fast changing and sophisticated security threats. It is literally impossible to second guess the method of a breach and therefore the ‘last line of defence’ detection offered by FIM has never been more critical. The worldwide coverage of the recent breach at Target shows how vital cybersecurity is, and how high the stakes are if your defences are breached. Little wonder that leaders in security best practices such as NIST, the PCI Security Standards Council and the SANS organisation all advocate FIM as an essential security defence.

That said, many would also challenge the actual value and quality of some FIM deployments over the past decade. From the highly complex, $multimillion software investments all the way down to freeware, far too many deployments are actually increasing, rather than reducing, business risk by creating a deluge of unmanaged and unmanageable alerts. Put simply - too much information and not enough context to provide an effective solution.

...

http://www.continuitycentral.com/feature1146.html

Protiviti recently partnered with North Carolina’s State University’s ERM Initiative to conduct its second annual ‘Executive Perspectives on Top Risks Survey’. This obtained the views of more than 370 United States-based board members and C-suite executives about risks that are likely to affect their organization in 2014.

Key findings included:

  • The overall survey responses suggest a business environment in 2014 that is slightly less risky for organizations than it was a year ago - however, board members view it to be more risky this year compared to 2013.
  • Regulatory change and heightened regulatory scrutiny represents the top overall risk for the second consecutive year.
  • Cyber threats and privacy/identity management are seen as an increasing threat.

The top 10 risks as perceived by executives are:

...

http://www.continuitycentral.com/news07099.html

According to the Philadelphia Business Journal and other internet sources, hackers apparently accessed Target's data base via a subcontractor's data credentials.

The Wall Street Journal reports that a Pittsburgh PA refrigeration contractor began working with Target in 2006 installing and maintaining refrigerator systems in stores as the discounter expanded its fresh food offerings. Through that relationship, the contractor was linked remotely to Target's computer systems for "electronic billing, contract submission and project management.

Target's liability comes from its IT security advisors' failure to ask the important "What if" questions.

...

http://johnglennmbci.blogspot.com/2014/02/erm-bc-coop-vendor-with-access-to-data.html

Recent breaches of customer data at retailer Target and banking giant Barclays are making headlines and underscore the growing risk to businesses from data breaches.

Of course, there’s a personal impact too.

The just-released 2014 Identity Fraud Report by Javelin Strategy & Research reveals that data breaches are now the greatest risk factor for identity fraud.

In 2013, one in three consumers who received notification of a data breach became a victim of fraud, up from one in four in 2012, the report found.

Some 46 percent of consumers with breached debit cards in 2013 became fraud victims in the same year, compared to only 16 percent of consumers with a social security number breached.

...

http://www.iii.org/insuranceindustryblog/?p=3543

National Business Ethics Survey by Ethics Resource Center Reveals Decline in Workplace Misdeeds, Improvement in Ethics Culture in Past Six Years 

ARLINGTON, Va.  — Research released today by the Ethics Resource Center (ERC), America’s oldest nonprofit advancing high ethical standards and practices in public and private institutions, reveals that workplace misconduct is at an historic low, having steadily and significantly declined since 2007.

The eighth National Business Ethics Survey (NBES) shows that 41 percent of more than 6,400 workers surveyed said they have observed misconduct on the job, down from 55 percent in 2007. In addition, the report found that fewer employees felt pressure to compromise their standards, down to nine percent from 13 percent in 2011.

Noted Michael G. Oxley, ERC Chairman of the Board, former Congressman and House co-sponsor of the Sarbanes-Oxley Act of 2002, “Companies are working harder to build strong cultures and implement increasingly sophisticated ethics and compliance programs. The results of the survey are encouraging and show that companies are doing a better job of holding workers accountable, imposing discipline for misconduct and letting it be known publicly that bad behavior will be punished.”

...

http://www.corporatecomplianceinsights.com/news/survey-workplace-misconduct-at-historic-low/

By with Nidhi Rao

Whether based on a whistleblower complaint or because you are subject to an inquiry from a governmental agency, a company faced with potential employee misconduct must perform an internal investigation. The goals of an internal investigation are to understand the nature and scope of the issue(s) and to take necessary remedial action promptly. To be truly effective,  an organization should aim to achieve these goals while minimizing the impact on the company’s routine business operations.

Unfortunately, companies often inadvertently overlook certain issues in this process, which can result in an ineffective investigation and may pose additional litigation risks for the company.

Here is a list of five factors often overlooked when conducting an internal investigation:

...

http://www.corporatecomplianceinsights.com/five-factors-often-overlooked-when-conducting-an-internal-investigation/