Fall World 2016

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 29, Issue 3

Full Contents Now Available!

Jon Seals

A study published Thursday confirmed that the 100,000 tons of methane that flowed out of Aliso Canyon was the largest natural gas leak disaster to be recorded in the United States, and that it doubled the methane emission rate of the entire Los Angeles basin.

Researchers with the University of California's Irvine and Davis campuses, along with the National Oceanic and Atmospheric Administration (NOAA) found during the peak of the leak that "enough methane poured into the air every day to fill a balloon the size of the Rose Bowl."

University officials called it a first-of-its-kind study on the gas leak, published in the journal Science.

"The methane releases were extraordinarily high, the highest we've seen," said UCI atmospheric chemist Donald Blake in a statement. Blake, who has measured air pollutants worldwide for more than 30 years, collected surface air samples near homes in Porter Ranch.



The growing complexity of today’s enterprise computing environment means critical corporate data is stored in increasingly fragmented and heterogeneous infrastructures. Ensuring all this decentralized data is backed up in case of breach or disaster is a major cause of anxiety for both business executives and senior IT professionals.

That’s because comprehensive data protection is really not core to most people’s jobs – most of you have other things to worry about, and you just hope and pray that the systems you’ve implemented have backed up your data and will recover it in case of a disaster. But you’ve got your fingers crossed because you’re really not that confident that they will.

According to Jason Buffington, principal analyst for data protection at ESG, improving data backup and recovery systems has been a top five IT priority and area of investment for the past several years. That’s because continually-evolving computing infrastructures and production platforms are forcing companies to reexamine their data protection strategies. “When an organization goes from 30 percent virtualized to 70 percent, or from on-premises email servers to Office 365 in the cloud, these evolutions to your infrastructure drive the need to redefine your data protection strategy,” says Buffington. “Legacy approaches for data protection can’t protect all of the data in these more complex environments.”



Extending security to mobile devices and increasing the resilience of the enterprise against hackers are the two big moves Hewlett-Packard Enterprise will be announcing today at the RSA Conference in San Francisco.

The announcements mark a change of thinking at HPE, as the company wants to do a better job of weaving security into its service offerings and of responding to security issues "at machine speed," according to Chandra Rangan, vice president of marketing for HPE Security Products.

The company redefined the issues of today's threat landscape in its HPE Security Research Cyber Risk Report 2016 Report. Looking at mobility threats, HPE used its Fortify on Demand threat assessment tool to scan more than 36,000 iOS and Android apps for needless data collection. Nearly half the apps logged geo-location, even though they didn't need to. Nearly half of all game and weather apps collected appointment data, even though that information is not needed, either. Analytics frameworks used in 60% of all mobile apps can store information that can be vulnerable to hacking. Logging methods can also expose data to hacking.



(TNS) - For Harvey County Sheriff T. Walton and Community Chaplain Jason Reynolds, the past four days have been a blur.

While Walton was tasked with responding to a very dangerous situation, Reynolds was tasked with supporting first responders like Walton and all the others who showed up immediately at the mass shooting at Hesston’s Excel Industries, where four people, including the shooter, were killed Thursday and 14 others injured.

Finally, Monday was an opportunity for the two men to sit side-by-side and speak briefly of what they experienced.

For Walton, the tragedy began unfolding as he learned of a shooting victim near 12th and Meridian in Newton. As he was dealing with that incident, another 911 call came through.

“Everyone is coming to me and I hear of more shootings on the radio. I am trying to figure this out,” Walton said.



Tuesday, 01 March 2016 00:00

BCI: The rules of business continuity

The rules of business continuity

Why do we have business continuity management programmes? Is it because we want to make sure our organizations are able to respond to a disruption? Probably yes! It is common sense that we would want to be prepared for any future crisis.

In some cases however, it is also because there is a legal obligation to do so. Many organizations are tightly regulated depending on what sector they are in or the country they are based, and therefore must have plans in place to deal with certain situations. Furthermore, the rules and regulations that govern us are often being revised, and sometimes it can be difficult to keep up with which ones are applicable.

There is a solution however. The Business Continuity Institute has published what it believes to be the most comprehensive list of legislation, regulations, standards and guidelines in the field of business continuity management. This list was put together based on information provided by the members of the Institute from all across the world. Some of the items may not relate directly to BCM, and should not be interpreted as being specifically designed for the industry, but rather they contain sections that could be useful to a BCM professional.

The ‘BCM Legislations, Regulations, Standards and Good Practice’ document breaks the list down by country and for each entry provides a brief summary of what the regulation entails, which industries it applies to, what the legal status of it is, who has authority for it and, of course, a link to the full document itself.

The BCI has done its best to check the validity of these details but takes no responsibility for their accuracy and currency at any particular time or in any particular circumstances. The BCI is reliant on those working in the industry to provide updates to this document, so if you do come across any inaccuracies then please contact Patrick Alcantara and advise him of the required updates.

Looking to make it simpler and less expensive to back up data, Oracle today unveiled an update to Oracle StorageTek Virtual Storage Manager System software that enables Oracle customers to back up data and archive directly into the Oracle cloud.

That move comes on the heels of acquiring Ravello Systems, a provider of a nested hypervisor technology that makes it simpler to deploy hybrid cloud computing environments, at a cost of $500 million.

Steve Zivanic, vice president of the Storage Business Group at Oracle, says version 7.0 of StorageTek Virtual Storage Manager System makes it possible for IT organizations to back up and archive data from both mainframes and distributed systems to a common public cloud. In the case of the mainframe in particular, the cost savings associated with not having to locally back up data on to a mainframe platform are substantial, says Zivanic.



Tuesday, 01 March 2016 00:00

HPE Looks to Encrypt Mobile Data

With more data than ever being generated by mobile computing devices, securing that information has become a major challenge for IT organizations that often don’t control either the endpoint or even the network being used to transmit data.

At the RSA Security 2016 conference today, Hewlett-Packard Enterprise (HPE) moved to address that issue with the release of HPE SecureData Mobile, a solution that extends HPE encryption software to devices running Apple iOS and Google Android operating systems.

Chandra Rangan, vice president of marketing for HPE Security, says that given the lack of control most IT organizations have over mobile computing, it’s imperative that they find a way to encrypt data both when it’s at rest and in motion. In fact, a scan of 36,000 Apple iOS and Google Android devices conducted by HPE found that many of these applications routinely collect geolocation and calendar data. That information, notes Rangan, can in turn be used by hackers to enable all kinds of socially engineered attacks. In fact, the desire to get at that data helps explain why in 2015 there were 10,000 new Android threats discovered each day. And while Apple iOS devices benefit from being on a closed network, the number of malware exploits aimed at Apple iOS rose 230 percent in 2015.



If you are wondering whether a mobile solution would be right for your crisis management plan, start with a look at how much business life has changed in recent years.  Then ask whether your organization is keeping up or lagging behind when it comes to crisis planning.

In the past, it was sufficient to add crisis plans and emergency instructions to company intranets or send by email. That was a huge improvement over handing executives in the company a binder with the plans.

But now we are well into the twenty-first century, and the whole concept of crisis management has evolved.  Beyond planning for fires, floods, and strikes, organizations must prepare to cope with workplace violence, terrorist attacks, epidemics, data loss, data breaches, reputation damage, and a host of other possibilities that were not even thought about twenty or thirty years ago. Some of these crises will occur with no warning, and reach catastrophic levels in minutes or hours.



Over the many years I’ve been working in a clean room, I’ve grown quite familiar with hard drives and the many pros and cons they can present. Generally speaking, hard drives can be a pretty resistant medium when used correctly and a technology I confidently use for storing my personal files. However, I know bad things can happen to good data as I have witnessed countless damages and failures to these devices that can cause data loss.

In this post I will focus on physical issues in hard drives (HDDs) as the problems faced by this technology are completely different from those experienced by other alternatives available in the market, such as solid state drives (SSD).



Buyers, beware! While a car with one careful previous owner (we’ve all heard that one, right?) may still be a viable purchase proposition, somebody else’s security may be ill-suited to your organisation. Second-hand security can crop up in situations like company mergers and acquisitions. One of the challenges is to see beyond what the other party is telling you. Your prospective business partner may be assuring you with all the honesty in the world that security in its firm covers all requirements. However, what is true for one organisation does not necessarily carry over to another.