Fall World 2014

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 27, Issue 3

Full Contents Now Available!

Jon Seals

LINCROFT, N.J. -- The devastation Superstorm Sandy left behind changed the face of many New Jersey communities, perhaps none more so than along the Shore. With individual homes and businesses and even whole communities swept away, many people were left wondering if it’s even possible to live at the Shore.

But also along the Shore are homes that stand like lone sentinels, a testament to mitigation techniques that make structures stronger and safer. Mitigation construction practices such as elevation, berms and use of damage-resistant materials help reduce the risk of future damage. More and more, buildings throughout the country, and along the Shore, are constructed with these techniques.

Mantoloking home surrounded by Sandy floodwaters



When Mantoloking resident Ed Wright built his home 30 years ago, he used a classic mitigation technique: elevation. Last October, that decision proved to be a good one. The storm surge from Sandy swept away five neighboring homes and left his standing alone at the end of the Mantoloking Bridge.

Wright had seen photos of debris washing down the street and elected to elevate the home rather than build on a standard foundation. He built it on 35- to 45-foot pilings sunk into the ground and later enclosed the ground level with breakaway walls, which are designed to collapse in flood waters.

Elevation is a tried-and-true mitigation technique. After a major disaster declaration, the Federal Emergency Management Agency makes Hazard Mitigation grants available to the designated state for projects that reduce or eliminate losses from future disasters.

Projects eligible for hazard mitigation grants include retrofitting buildings to minimize damage from high winds and flooding; elevation of flood-prone buildings; minor flood-control projects; and the purchase of property at risk of repetitive flooding for conversion to open space. The state works with local communities to determine the focus of the Hazard Mitigation program.

Hazard Mitigation grants cover up to 75 percent of approved project costs. State and local governments pay the remaining 25 percent (in-kind donations of labor and materials can contribute toward this share). A project's potential savings must be more than the cost of implementing the project.

A completely restored Mantoloking home, one year after Sandy

While the state sometimes pays for mitigation projects through FEMA grants after a disaster, Wright paid for his home’s elevation as part of the construction cost. It was an investment in the future.

The day after Sandy struck New Jersey, a friend called Wright to tell him his home was the only one standing. When he returned home, he didn’t know what to expect.

“We had no clue,” he said. “It was very emotional to see it standing there all by itself.”

The home experienced minimal damage, losing the furnace, air conditioning unit, washer and dryer, and vehicles.

“We’re very fortunate,” Wright said. “We’re very happy to be here.”

Property owners who are interested in the Hazard Mitigation programs available in New Jersey after Sandy should contact their local emergency management office.

Video-links: Elevation Helps a Home Survive Hurricane Sandy,
What To Do About Mold (in American Sign Language)

Next, the One Year Later series examines the ways in which New Jersey’s private sector got down to business to aid in the recovery process.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema. Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.



The tricky part about data is learning to accept what it says without imposing your own agenda.

It seems Big Data is no exception — at least, when it focuses on traditional, structured data, according to a Harvard Business Review Blog post written by Prof. Theos Evgeniou, Assoc. Prof. Vibha Gaba and consultant/visiting professor Joerg Niessing of international business school, INSEAD.

“A large body of research shows that decision-makers selectively use data for self-enhancement or to confirm their beliefs or simply to pursue personal goals not necessarily congruent with organizational ones,” they write. “Not surprisingly, any interpretation of the data becomes as much an evaluation of oneself as much as of the data.”



IDG News Service (Brussels Bureau) — European Union leaders have given themselves room for maneuver in implementing new data protection laws, while pledging to introduce them in a timely fashion.

All 28 leaders of the E.U. member states discussed issues of data protection, mass surveillance and the digital economy at a meeting that continued late into the night on Thursday.

They agreed that there is a strong need for an improved, robust digital economy in Europe and that artificial barriers between member states must be removed to create the so-called "digital single market."



Sandy facts

  • October 29, 2012, Hurricane Sandy strikes with a storm surge weather experts had never seen before
  • 37,000 primary residences destroyed or damaged
  • 8.7 million cubic yards of debris left behind
  • 2.7 million New Jerseyans without power

The first 48 hours

  • 548 FEMA specialists on the ground in New Jersey
  • Three mobile disaster recovery centers open
  • 3 States responded with Emergency Medical Services – 385 people
  • 8 Disaster Medical Assistance Teams and U.S. Public Health Strike Teams arrive
  • October 31, 2012, the first FEMA Individuals and Household Program disbursement of $155,027

Response milestones at one year

  • More than $5.67 billion in total federal assistance approved for Individual Assistance grants, SBA low-interest disaster loans, National Flood Insurance Program payments and Public Assistance grants.

Individual Assistance

  • More than $413 million approved for individuals and households including:
    • Nearly $356 million for housing assistance
    • More than $56.6 million for other needs, including clothing, household items, disaster-related damage to a vehicle, and disaster-related medical and dental expenses
  • More than 261, 000 people contacted FEMA for help or information
  • 127,046 housing inspections completed
  • 36 disaster recovery centers opened
  • 90,000 visits to disaster recovery centers
  • 5,546 individuals and families housed temporarily in hotel rooms under the Transitional Sheltering Assistance program
  • 3,410 survivors received disaster unemployment assistance

U.S. Small Business Administration

  • More than $819.8 million in SBA low-interest disaster loans approved for homeowners, renters and businesses

National Flood Insurance Program

  • More than $3.5 billion paid on all claims in flood insurance payments made to policyholders

Public Assistance

  • More than $926 million was approved in FEMA Public Assistance grants to communities and some nonprofit organizations that serve the public
  • 4,959 projects approved so far

A whole community response

  • 507 voluntary agencies were involved in recovery
  • More than 1.6 million meals and 1.4 million liters of water were distributed
  • 21 languages were used to communicate assistance information to survivors
  • More than 1 million multilingual fliers were distributed
  • Nearly 8.7 million cubic yards of debris was removed
  • At peak, more than 2,429 people were deployed to New Jersey by FEMA and other federal agencies
  • 36 federal agencies assisted FEMA during Hurricane Sandy in New York
  • The U.S. Army Corps of Engineers received 335 requests for generators – 106 installed at peak
  • Approximately 300,000 pounds of food was provided by the U.S. Department of Agriculture
  • The Defense Logistics Agency delivered 2.3 million gallons of fuel to distribution points in New York and New Jersey
  • The Port of New Jersey was closed to incoming and outgoing vessel traffic because of Superstorm Sandy, according the U.S. Coast Guard


John Stagl weighs into an ongoing debate which is taking place on Continuity Central about what the role of the business continuity planner is.

We have over the past couple of decades developed an entire industry of business continuity planners and planning trainers to help companies deal with unanticipated events that can impact a company’s performance in the market place. This entire effort is founded on the assumption that companies will go out of business without these plans in place. Too often, these plans are developed by individuals who do not have access to, nor completely understand the strategic goals and pressures impacting the company. In most cases these well intentioned individuals do not even understand the dynamics of the competitive market in which the company functions every day. Even more importantly, these ‘planning individuals’ have not been trained to look for external factors that may influence the success of their company as part of their planning efforts. They have been educated to believe that all of the information they need is present within the company and known by the various levels of management in that company. The consequence of this naïve orientation is a business continuity plan document that is obviously lacking in fundamental information to achieve the company’s goals and long term success.

For years these planners have been trying to find ways to convince upper management that this planning effort is valuable to the company. At the same time professional and certification groups staffed with individuals who have also been trained with this inadequate planning method have created ‘standards’ of best practices for companies. Auditing firms, sometimes with a profound lack of complete business understanding, have embraced these planning methods and standards as critical factors that must be present in order for a company to be managed effectively. The result is a planning process within a company that is still, after all of these years, viewed as a necessary expense and not an asset.



Dave Anderson looks at how organizations can overcome a common barrier to cloud computing adoption.

The benefits of adopting cloud technologies have been widely reported, and are commonly understood. However, the decision to adopt a cloud strategy brings with it many questions and concerns about jurisdictional and regulatory control over the privacy and protection of sensitive data. For instance, data residency and sovereignty requirements often insist that certain types of sensitive and private data are stored where the government will have legal jurisdiction over it. More often than not, this means within its borders. But the cloud allows providers to possibly store, process or back-up data across several global locations, as well as allowing organizations to freely move data outside of national borders. So, how does this impact compliance to data residency requirements?

Addressing data residency, protection and privacy concerns requires an understanding of both international and domestic regulations. Companies that do business in Europe must understand the implications of regulations such as the European Data Protection Law, as well as local data mandates. The EU’s Data Protection Directive is an example of this, as it prohibits personal data that can be linked to an individual from moving outside the EU, sometimes even outside of a specific country’s borders. Data residency is also particularly concerning for multi-nationals that have offices all over the world, covering several jurisdictions.



LINCROFT, N.J. -- One month after Superstorm Sandy, Dan Shields and his business partner, Robert Higgins, were thanking their lucky stars.

Their waterfront restaurant, Windansea in Highlands, had withstood the raging flood tides and winds of Sandy with only relatively minor damage.

The Windandsea restaurant overlooks a sandy beach and a calm sea.

Atlantic Highlands, N.J., Oct. 10, 2013 -- The Windansea restaurant withstood flood tides and winds with minimal damage from Hurricane Sandy. By renovating with FEMA's building recommendations prior to Sandy, the restaurant was able to open shortly after storm. Rosanna Arias/FEMA

The rest of Highlands was not so fortunate. Flood waters had inundated dozens of homes and businesses in the low-lying sections of the borough. Debris littered the streets; a mobile home park on the north side of the borough was in shambles.

As flood waters receded in the business district, store owners had to reckon with the physical destruction of their businesses and the loss of their livelihoods.

Many of Shields’ and Higgins’ fellow restaurateurs were essentially out of business for the long term, faced with major damage from the storm.

What saved Windansea?



The borough’s new building code that required properties in flood zones to comply with tough new Federal Emergency Management standards. “We had to stick to ‘V’ zone construction,” said Shields, referring to the strictest standards for properties located in high-risk flood zones. “I felt like we were the poster child for FEMA.”

When the business partners bought the restaurant in 2000 for $690,000, they planned to invest approximately $300,000 in renovating the old restaurant, formerly known as Branin’s Wharf. But as work on the building progressed, hidden problems came to the surface. “It was just a terrible, terrible building.” Ultimately, more than 50 percent of the existing building had to be demolished. One day, as they worked on the restaurant, officials from FEMA and the borough drove up and told them to stop work. “You’ve got to do it our way,” they told the partners.

The structure would have to be rebuilt in compliance with FEMA standards for “V” zone construction, the strictest standard that applies to properties at high risk of flooding.

Patrons sit in the undamaged outdoor seating area of the Windandsea restaurant.

Atlantic Highlands, N.J., Oct. 10, 2013 -- Hurricane Sandy damaged many businesses along the waterfront with floodwater and wind. The Windansea Restaurant received little damage because of mitigation measures taken prior to Hurricane Sandy. Rosanna Arias/FEMA To put it mildly, the partners were not happy. The shoestring budget they had assembled to pay for what they thought would be a fairly simple remodeling job wouldn’t cover the extensive construction that the town demanded. “It was a completely different animal from buying a little restaurant and (fixing it up),” Shields said.

Making the bayfront building flood-resistant required driving 80 pilings that measured 12 inches in diameter into the ground to a depth of 30 to 40 feet, reinforcing the roof and walls with steel rods and connecting the elements of the entire structure with steel plates and structural steel to hold the floor to the walls.

The project took a year longer than the partners anticipated and cost over $1 million more than they had originally budgeted.

“I felt like I was victimized,” Shields told the Asbury Park Press a few weeks after the storm, “like FEMA was trying to prove a point, trying to flex their muscles and trying to take it out on a little guy like me.”

He doesn’t feel that way anymore.

Though the building sustained some damage to its first floor lobbies and outdoor Tiki bar, Windansea was able to re-open less than three weeks after the storm. “There was not a crack in the sheetrock, not a thing out of place.”

Video-links: Avanti Linens Recovery and Mitigation Efforts, NJ Stronger Than The Storm Ribbon Cutting

Next, the One Year Later series examines the ways in which New Jersey’s private sector got down to business to aid in the recovery process.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema. Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.


With 1) SalesForce and other large SaaS vendors announcing grandiose plans for cloud IAM, not just for access control but also provisioning and 2) long-standing IAM 'arms suppliers' extending into the cloud (CA CloudMinder, SailPoint) we are already seeing pureplay cloud IAM players (Okta, OneLogin, Ping, etc.) starting to scratch their heads as to how to deal with the pressure. 

Forrester expects that we will see the following in the next 12-18 months:



By Martin Welsh and Keith Taylor

Too often information security incident response plans, disaster recovery and business continuity plans are not aligned with the overall corporate crisis management process. Now, more than ever, an organization must be able to quickly respond to a security breach, both from a tactical response and via a strategic corporate message. In this article we will discuss the benefits of, and offer an approach to, integrating the security response process into the overall corporate crisis management plan.

Similar efforts go into building, managing, exercising and maintaining both security incident response plans and overall corporate crisis management plans. For most organizations the escalation, notification and decision making process is similar, regardless of the incident. The struggles organizations encounter, while developing these plans, also tend to be similar. Building awareness, understanding roles and responsibilities, allocating time and resources (financial and human), can all be impediments to sound response plans.

Better plans can be developed by overcoming these shortcomings through integration.



Russ Timpson

The key messages when it comes to fire safety resilience are that:

  • Prescriptive approaches to fire risk mitigation are reactive, cumbersome and commercially irrelevant
  • Fire risk ownership will only be achieved through linkage to business imperatives such as resilience, supply chain integrity and insurance
  • Tools and techniques do exist to assist those tasked with risk ownership to understand the scope and scale of the risks involved