Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 27, Issue 3

Full Contents Now Available!

Jon Seals

Just $6 billion of the $44 billion in estimated insured global losses arising from catastrophes in 2013 were generated by man-made disasters, little changed from 2012, according to Swiss Re sigma preliminary estimates.

But as an article on the Lloyd’s website reports, even though natural catastrophes may have dominated the news headlines in 2013, a series of man-made disasters have had a significant impact on a number of communities.

In fact around 5,000 lives were lost as a result of man-made disasters in 2013, according to Swiss Re sigma estimates.



IDG News Service (Bangalore Bureau) — Target has confirmed that data from about 40 million credit and debit cards was stolen at its stores between Nov. 27 and Dec. 15.

The statement from the retailer Thursday follows reports that thieves had accessed data stored on the magnetic stripe on the back of credit and debit cards during the Black Friday weekend through card swiping machines that could have been tampered with at the retailer's stores, a practice known as card skimming.

The data could have been used to create counterfeit cards that could even be used to withdraw money at an ATM, according to the reports.



Lists, kits, packs… they often exhibit order and completeness, two dimensions that are also important for effective business continuity. They are also the underlying principles of the ‘battle box’, a repository for vital information to allow an organisation to carry on operating in adverse conditions. Just like first aid kits and motorists’ emergency packs, a battle box should focus on the essentials. It should also be accessible and ‘grabable’ so that it can be made readily available to those responding to an incident.  However, there’s more a viable battle box than just ticking off items to be put in it.



Privacy is on trial in the United States. Legal activist Larry Klayman asked U.S. District Judge Richard J. Leonto require the NSA to stop collecting phone data and immediately delete the data they already have. Their argument was that US citizens have a right to privacy and this is a violation of the 4th Amendment of the Constitution protecting you from illegal search and seizure. Monday' ruling that this practice is unconstitutional has privacy activists cheering in the streets, but it will not be a lasting victory.

In the United States, there is not a single privacy law on the books. (You can argue that HIPAA is a privacy law, but nuances exists that can lessen its impact.) What is protected has come from judgments based on the application of the 4th Amendment regarding search and seizure. US citizens were given "privileges”, thanks to Richard Nixon, which say we have an expectation of privacy when using a phone, which basically means that the government has to get a warrant for a wiretap. (It’s worth noting that in the UK, they don’t get that privilege.)

Data is up for grabs. And everyone is grabbing.



CSO — Christmas is fast approaching. Now, and after the office is back to normal after the first of the year, employees are going to return with several shiny new gadgets, along with the expectation that they'll "just work" in the corporate environment. Security will be a distant afterthought, because it's still viewed as a process that hinders productivity.

The back and forth between security helping or hurting productivity is a battle that has existed before the mobile device boom, and it will exist long after the next big technological thing arrives. But the fact remains security is an essential aspect to operations.

Analysts from Frost & Sullivan have estimated that mobile endpoint protection market will reach one billion dollars in earned revenue by 2017, a rather large number given that last year the market was worth about $430 million. The reason for the large projection is simple; mobile is the new endpoint, and everyone has one.



CIO - Superstorm Sandy, the Fukushima Daiichi nuclear plant near-meltdown and ongoing regional natural disasters such as Typhoon Haiyan all wreak havoc with the capability of many affected companies - thousands, if not more - to continue business operations.

We define business risk as any event or activity that threatens the capability of a company to concentrate on its primary goal of generating revenue. There's also business risk from unexpected or unbudgeted costs to a company owing to improper management or monitoring of the software running in an enterprise. Do you recognize that there may be significant business risks to your company lurking in your IT operations, even as you take the time to read this article?

Business risk is what organizations continually work to mitigate via disaster recovery or business continuity plans - and rightfully so. But a company may also be exposed to elevated business risks owing to two frequently overlooked issues: Software asset management (SAM) and software license management (SLM). Let's take a look at the how your organization can mitigate business risk using SAM and SLM.



CSO — Data loss, privacy violations, stolen source code, malware development, and more. In hindsight, 2013 was busy year for security professionals, as well as a costly one for the organizations and individuals targeted by criminals.

As mentioned, 2013 was a busy year with regard to security incidents. While there's still a month left, the fact remains that one-hundred million plus records have been compromised during the past eleven months. The source of this loss has been blamed on everything from nation state attacks and activists, to hackers with an agenda.




iso27001standard.com – A new book called Becoming Resilient: The Definitive Guide to ISO 22301 Implementation was published and it describes the process of implementing business continuity according to ISO 22301, an international standard for business continuity management. Its author, Dejan Kosutic, wanted to provide an easy-to-read, practical handbook for business continuity implementation that will be helpful not just for the beginners in this area, but also for experienced business continuity professionals.

Becoming Resilient ISO 22301 is a relatively new standard; however, it has already become a leading international standard for business continuity management. The biggest problem with its implementation is that it is rather complex and there are not many people with enough experience to handle such projects. So Kosutic’s main idea was to create a step-by-step handbook that can be used by people who are in charge of implementation of this standard.

Dejan Kosutic Picture “In this book I wanted to cover all the in-depth details of such complex implementation, but on the other hand I wanted to avoid using specialized language that no one understands,” says Kosutic. He added, “This book gives a complete methodology for ISO 22301 implementation, seen from a consultant perspective: I tried to pass along my own knowledge collected throughout my consulting career.”

The book is written primarily for beginners in business continuity – the people who are just entering this area, and have very little knowledge about it. All the steps, from the very beginning all the way to the ISO 22301 certification are explained, including many practical examples. However, the book might also be interesting for business continuity professionals – e.g., for ISO 22301 consultants – especially the part where implementation options are explained. Finally, the book might be interesting for experienced business continuity practitioners because it systematically summarizes all the key business continuity elements in the ISO 22301 framework – as Kosutic says, “I was actually inspired by my experience delivering courses about the basics of ISO 22301: most of the attendees are beginners, but sometimes the experienced business continuity professionals also attend such courses – typically, their comment is, ‘I already knew most of the stuff from ISO 22301, but having all these things put together was definitely worth it.’ And this is exactly how the book is structured.”

The book covers all the core business continuity elements: business impact analysis, risk assessment and mitigation, business continuity strategy, business continuity planning, incident response, crisis management, recovery, exercising and testing, etc. However, it also focuses on other important requirements of ISO 22301 – the role of top management, objectives, measurement, document control, internal audit, and corrective actions. Finally, the book covers all the steps that come before and after the implementation – the crucial step of how to convince your top management to fund this kind of a project, how to structure the project team, and also how to prepare for the certification and how to speak to the certification auditor.

Kosutic tried to make this book as practical as possible – each section that describes different business continuity elements covers the following aspects:

  • Purpose – the purpose of each business continuity element, how it fits with other elements, and how to deal with it with optimum effort
  • Inputs – which inputs you need to take into account when making decisions about the implementation
  • Options – which options exist for implementing particular elements of business continuity
  • Decisions – which decisions need to be made when starting the implementation
  • Documentation – which documents need to be written, and how to structure them

Click here to visit the official Becoming Resilient website.

About Dejan Kosutic

Dejan Kosutic is the author of numerous articles, video tutorials, documentation templates, webinars and courses about business continuity and information security management. He is the author of the leading ISO 27001 & ISO 22301 Blog, and has helped various organizations including financial institutions, government agencies, and IT companies implement business continuity management according to these standards.

Documents provide guidance for restoration industry professionals

ROCKVILLE, MD – The Restoration Industry Association (RIA) has released two fact sheets addressing asbestos issues restoration contractors may encounter in the course of their restoration projects. The fact sheets were developed by RIA’s Environmental Council to educate and protect contractors from the dangers of mishandling asbestos-containing materials. 

The comprehensive version of the fact sheet addresses asbestos-containing materials, health issues, regulations, classes of asbestos work, hazard communication, training, control measures and resources. The abridged version covers health issues, regulations and some training information.  Both versions may be downloaded for free from the RIA website, www.restorationindustry.org through the RIA Store.

“This is the first in a series of fact sheets the Environmental Council is developing to educate our members and the industry on important environmental issues,” said Tom Peter, CIH, council chairman and lead author of the fact sheet. “There are serious fines and health considerations when companies work with asbestos-containing materials, and RIA believes it’s important to educate and protect workers and their clients. These sheets aren’t all encompassing, but they give professionals the critical information they need and additional resources to learn more.”

The fact sheet underwent an extensive peer review and contains general information and best practices. Contractors are encouraged to consult the applicable federal, state, and local laws and regulations for their jurisdictions.

To download the fact sheets, visit the RIA website at www.restorationindustry.org and click on the RIA Store link.

The Restoration Industry Association (RIA) has member firms worldwide. RIA provides industry leadership, supports science, and promotes best practices for cleaning and restoration through certification, training and standards development. More information is available on the RIA website: www.restorationindustry.org.

Demand for Competitive Price and Lower Latency Connectivity in the Northwest Drives Expansion 


  • Global Capacity announces the expansion of its One Marketplace platform with a new Point of Presence (PoP) located at 2020 5th Ave., Seattle, WA in Equinix’s SE2 data center. 
  • “With the new hub in Seattle, all major West Coast business centers are within 10ms from a One Marketplace PoP,” says Ben Edmond, Chief Revenue Officer for Global Capacity.
  • One Marketplace not only provides visibility into competitive pricing, it is a procurement system that simplifies the ordering and provisioning of network services and tracks the performance for each circuit purchased all with a single SLA, service agreement, point of contact, and full network visibility and management.

CHICAGO, Ill. – Global Capacity, the leading network connectivity company, today announces the expansion of its One Marketplace platform with a new Point of Presence (PoP) located at 2020 5th Ave., Seattle, WA in Equinix’s SE2 data center.  Global Capacity’s Seattle PoP provides an additional interconnectivity point to One Marketplace, fortifying access to the platform throughout the Pacific Northwest as well as providing an international gateway to Canada and Asia. 
One Marketplace provides bi-directional interconnection and market-competitive opportunities for network buyers and sellers, enabling both groups to meet increased supply and demand, while expanding the breadth and reach of their network services.  With speeds scaling from 1.5 Mbps to 10 Gig, Global Capacity’s One Marketplace offers a breadth of service attributes to meet customers’ network transport needs for voice, data, storage and video applications.  
“Customer demand for competitively priced network connectivity and lower latency has fueled Global Capacity’s Pacific Northwest expansion,” says Ben Edmond, Chief Revenue Officer for Global Capacity.  “With the new hub in Seattle, all major West Coast business centers are within 10ms from a One Marketplace PoP.”
The Seattle One Marketplace PoP offers both businesses and service providers efficient, cost- competitive connectivity to:

  • Over 250 network and cloud service providers through campus cross-connects;
  • Global Capacity’s reach to over three million commercial Ethernet addresses and near-ubiquitous TDM reach;
  • The Equinix Internet Exchange and Ethernet Exchanges;
  • The Westin Building Exchange interconnection hub, with more than 100 participants;
  • The Seattle Internet Exchange, with more than 250 participants;
  • Asian markets via transoceanic cable landings; and
  • Canadian businesses and locations from a U.S. PoP.

One Marketplace provides users with real-time design, pricing and ordering of network services. The marketplace provides transparency into network pricing and visibility into available capacity across multiple access networks and technologies. One Marketplace not only provides visibility into competitive pricing, it is a procurement system that simplifies the ordering and provisioning of network services and tracks the performance for each circuit purchased all with a single SLA, service agreement, point of contact, and full network visibility and management.
Learn more about interconnecting to Global Capacity’s One Marketplace by visiting www.globalcapacity.com/products-services/interconnection, or email solutions@globalcapacity.com

About Global Capacity 
Global Capacity is the marketplace of networks, delivering ubiquitous network connectivity solutions via its industry-leading platform, One Marketplace.  One Marketplace eliminates the complexity and inefficiency of a fragmented network market by combining an aggregated, interconnected physical network with a unique cloud application that automates the design, pricing, ordering, delivery, and maintenance of network solutions.  One Marketplace provides cost-effective, high-performance network solutions that support the exploding bandwidth requirements driven by the cloud, mobility and globalization for wholesale and enterprise customers.  Additional information can be found at www.globalcapacity.com or by connecting with Global Capacity on Twitter and LinkedIn.