Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 27, Issue 4

Full Contents Now Available!

Jon Seals

Halifax Hospital used the VOLO Recovery Communication System to alert employees during recent shooting incident.


ORMOND BEACH, Fla. – Kevin Noel, Director of Safety and Security at Halifax Hospital used the VOLO Recovery cloud based communication system to contact hospital executives and employees after a dangerous shooting that occurred at the Hospital on Monday January 6th 2014. According to witnesses Jonathan Rodriguez a 20-year-old man threatened patients and nurses with a gun before killing himself. Fortunately the event ended without serious injury to Halifax employees or patients.


Cloud based communication systems like VOLO are becoming increasingly popular among businesses such as Hospitals, Banks and Retailers. According to Mr. Noel ”with the increase in severe weather, and violent threats that exist today I decided it was time to stop depending on the antiquated “call-tree” method of communicating to my staff. Technology today is so powerful and inexpensive; there is no reason to put off acquiring a mass communications system”. Kevin goes on to state, “I was able to use our notification system to provide real time updates to our executive team as the situation unfolded. We have since expanded the user base to all employees as this is a great way to inform them of situations on campus that may impact how they get to work or what’s going on before they get here.”


Register for the upcoming VOLO active shooter webinar http://info.volorecovery.com/webinar

In many organizations, executives and employees – and even auditors, will ask Business Continuity Management (BCM) / Disaster Recovery (DR) practitioners if they have plans for every situation possible; every potential risk and every potential impact to the organization. Considering that the number of risks that exist in the world today is basically infinite – once you calculate all the various potential impacts to an organization from a single event – there will be communication, restoration and recovery plans that just can’t be developed, documented, implemented, communicated, validated or maintained. It is impossible to have a response to every situation; the secret it to be able to adapt to the situation and leverage the response plans you do have to help adapt to the disaster situation.


Still, the questions will come about these plans and why a response isn’t captured for a particular situation and its resulting scenarios. A BCM/DR practitioner must be able to address these questions and be able to respond with reasons as to why specific plans don’t – and can’t – exist.


There are a few key reasons that practitioners must be able to communicate to those asking the questions and they are noted below.

...

http://stoneroad.wordpress.com/2014/01/31/bcm-dr-plans-that-cant-be-made/

CSO — Target's disclosure that credentials stolen from a vendor were used to break into its network and steal 40 million credit- and debit-card numbers highlights the fact that a company's security is only as strong as the weakest link in its supply chain.

No matter how strong Target's internal security was, if the breach started with a third-party vendor, then the weakness was in how the retailer managed the security risk all large companies face when partners and suppliers interact with their networks, experts say.

"Hackers have reached a new level of mastery and companies are really struggling," Torsten George, vice president of marketing and products at risk management vendor Agiliance, said. "They're putting a lot of effort in protecting their own networks, but how do you really go after your suppliers and vendors? How do you assess the risk in doing business with them?"

...

http://www.cio.com/article/747555/Target_Credential_Theft_Highlights_Third_Party_Vendor_Risk

It's frustrating.

Enterprise Risk Management, ERM, is simple and straight forward.

In plain and simple English, it it management of all risks across the organization that can disrupt "business as usual".

Period.

Unlike Business Continuity (BC) which, as I understand it, is concerned with "the usual suspects" of environmental events, human error, and technology error or malfunction, ERM is concerned with ALL threats, including those not directly under the auspices or control of the organization.

...

http://johnglennmbci.blogspot.com/2014/01/erm-bc-coop-why-limit-risk-management.html

NETWORK WORLDThis vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

Today's IT security teams are faced with rapidly mutating threats at every possible point of entry from the perimeter to the desktop; from mobile to the cloud. Fueled by the fast evolution of the threat landscape and changes in network and security architectures, network security management is far more challenging and complex than just a few years ago.

Security teams must support internal and external compliance mandates, enable new services, optimize performance, ensure availability, and support the ability to troubleshoot efficiently on demand--with no room for error. That's a lot to balance when managing network security.

...

http://www.cio.com/article/747437/Best_Practices_for_Network_Security_Management

January 31, 2014

Lessons from Atlanta

What many would call a “dusting,” we Atlantans would call a “snowpocalypse” as evidence by this week’s 2 inches of snow which crippled the city, causing severe gridlock across the metro area, stranding school children and commuters who were forced to abandon cars on the highway. The mayor of Atlanta and Governor Deal have been making the media circuit, trying to explain what happened to cause the city to grind to a halt, but regardless of who’s fault it was, it’s time to take a look at the situation and see what we can learn from a preparedness perspective. Here are our top 5 lessons learned, that don’t just apply to folks in the Deep South, but to everyone who might be caught in an emergency situation.

  1. You can always count on…yourself. We’d like to be able to tell you that someone from your local, state, or federal government will always be available 24/7 to help everyone during an emergency, but that’s just not realistic. First responders are there to help the people in the most need, it’s important that everyone else be self-sufficient until emergency response crews have time to get the situation under control. That means you need to be prepared for the worst, with supplies, plans, and knowledge to make sure you can care for yourself and your family until the situation returns to normal.
  2. Keep emergency supplies in your car. So much of our lives revolve around our vehicles. For most of us that’s how we get to and from work everyday, shuttle our kids, and buy groceries. And in places like Atlanta many of us have long commutes, during which time anything could happen. You have emergency supplies in your house, why not in your car? Many motorists were stranded on the highways for 10 hours or more. You need to make sure you have a blanket, water, food, and other emergency supplies stored away in your trunk just in case.
  3. Make a family emergency plan. If you can’t pick up your kids who will? Many parents were stranded on the interstate and unable to get to their children’s schools. Sit down with your family and go over what you would do in different emergency situations. Is there a neighbor or relative in the area that can help out if you aren’t able to get to your kids. Let them know you’d like to include them in your plan. Make sure you also come up with a communication plan, that includes giving everyone a list of important phone numbers, not just to save in your cellphone but to keep in your wallet or kids’ backpack. Many commuters’ cell phones died while they were sitting on the roadways for hours. If all your important phone numbers are saved to your device and it died, would you be able to remember your neighbor’s number to ask them to check in on the kids when a Good Samaritan loans you their phone?  
  4. Keep your gas tanks full. This is important to remember in other emergencies like hurricanes, when people are trying to evacuate.  If there’s a chance you’re going to need your car, or your ability to get gas is going to be restricted (due to road closures or shortages), make sure you fill up your tank as soon as you hear the first warning. Many of the motorists trying to get home this week ran out of gas, worsening the clogged roads and delaying first responders from getting to people who really needed their help.  
  5. Listen to warnings. The City of Atlanta and the surrounding metro area was under a winter storm warning within 12 hours of the first flakes, but residents and area leaders were slow to listen, most people didn’t start taking action until the snow began to fall, which lead to a mass exodus of the city. While no one likes to “cry wolf” in situations like these, it’s better to be safe than sorry. Learn the difference between a watch and a warning, and start taking action as soon as you hear the inclement forecast.

http://blogs.cdc.gov/publichealthmatters/2014/01/lessons-from-atlanta/

Earlier this week, I wrote about the challenges of data illiteracy. I think it’s particularly a problem in fields where data has been collected, but maybe is not seen as a way to guide strategy or output.

Education is one such field (they hate being called an industry, even though, let’s face it, they are). While education as a whole is data-heavy, its main focus is not on managing data or information, but on student output. And while data has been used to produce change, it’s not often used in a particularly strategic way. When test scores go down, that data triggers policy and sometimes theory change, but seldom is the data used to inform that change.

...

http://www.itbusinessedge.com/blogs/integration/data-dives-a-step-in-the-right-direction.html

Data Privacy Day was earlier this week. I can’t think of a time when data privacy was more discussed among businesses and individuals than right now, and yet, this day to focus on privacy went largely unnoticed. At least, I had no idea it was coming until a couple of people alerted me. Now I know it falls every January 28.

Of course, data privacy isn’t something we should be thinking about only one day a year. Nor should data privacy be seen only in relation to NSA spying and Edward Snowden. It is something that should be practiced regularly and improved upon whenever possible in order to keep information from getting into the wrong hands (and I don’t mean the government).

As Guidance Software’s Anthony Di Bello pointed out in a blog post, data privacy and security needs to be used everywhere for it to be effective. The best practices used at work should extend to home. The trick is making sure employees understand why instituting best practices for privacy is so important. Di Bello provided an example from a chief information security officer (CISO) with whom he works, and I think this advice should be shared:

...

http://www.itbusinessedge.com/blogs/data-security/data-privacy-day-should-be-every-day.html

NETWORK WORLDThis vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

If you've built something yourself rather than buy it, like a book shelf or a bird house, you know the satisfaction of shaping something to your needs. And as long as nothing goes wrong, you're in good shape. But if it breaks you can't return it to the store for an exchange; you have to fix it yourself. And while repairing a bookshelf is one thing, recovering applications in a data center when they fail is something else entirely.

Linux is an excellent tool for creating the IT environment you want. Its flexibility and open-source architecture mean you can use it to support nearly any need, running mission-critical systems effectively while keeping costs low. This flexibility, however, means that if something does go wrong, it's up to you to ensure your business operations can continue without disruption. And while many disaster recovery solutions focus on recovering data in case of an outage, leaving it at that is leaving the job half done. Having the information itself will be useless if the applications that are running it don't function, and you are unable to meet SLAs.

...

http://www.cio.com/article/747433/How_to_Keep_Your_Linux_Heavy_Data_Center_Up_and_Running

Network World — An MIT research team next month will show off a networked system of flash storage devices they say beats relying on DRAM and networked hard disks to handle Big Data demands.

The copious amounts of data now collected for analyzation by organizations overtaxes computers' main memory, but linking hard disks across an Ethernet network to solve the problem proves too slow, according to the researchers.

Their Blue Database Machine, or BlueDBM (sounds like an IBM product!), consists of flash devices controlled by serially networked field-programmable gate array chips that can also process data. The researchers say flash systems can find random pieces of information from within large data sets in microseconds, whereas the seek time for hard disks can be more than double that.

...

http://www.cio.com/article/747432/MIT_Researchers_Resort_to_Flash_for_Big_Data_Storage