The Continuity Logic customized demo provides an opportunity for qualifying organizations to evaluate Frontline Live 5™, with their plans, desired controls, policies, and procedures. This first-of-its-kind system for both business continuity and many other areas of Governance, Operational Risk and Compliance (GRC) is powerful, but often best viewed with some of your familiar plans, data and templates.


Fall World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 28, Issue 3

Full Contents Now Available!

Jon Seals

I recently had a conversation with someone about BYOD and security. He told me that he thought that enterprise was having BYOD fatigue and there was a growing attitude that its security problems were overblown. This person wasn’t alone in his feelings. I had read some articles and heard others repeat similar complaints about BYOD. Perhaps mobile devices weren’t as bad of a security issue as once thought?

Or maybe the threats are even worse than we realized. Some recent studies show just how much of a security risk mobile devices have become within the workplace, and this carries over into BYOD security risks as well.

First, a study conducted by Alcatel-Lucent's Motive Security Labs found that mobile malware has increased by 25 percent in 2014, and 16 million devices – mostly Androids but not exclusively – are infected. For the first time, we’re seeing infection rates of mobile devices that rival those on Windows computers. Out of the top 20 threats, six of them involved spyware meant to track location and monitor the user’s communications. The reason for all this malware, according to an eSecurity Planet article, comes down to the device owner:



Infrascale Announces Cloud Backup Accelerator, a Disruptive Cloud-Centric Approach to Backup
New Hybrid Cloud Backup and Recovery Solution Reduces CAPEX Costs by up to 70 Percent, Overcomes Internet Bandwidth Limitations and Reduces Recovery Times from Days to Minutes


El Segundo, Calif. – Infrascale, a leading provider of secure, cloud-managed data protection, today announced the release of the Infrascale Cloud Backup Accelerator. The all-in-one solution draws inspiration from four emerging technologies– direct-to-cloud backup products, integrated purpose-built backup appliances, WAN acceleration solutions and cloud storage gateways – to create a true industry first that makes cloud backup and recovery five times faster.

Since Infrascale was founded in 2006, its company leaders have believed in the promise of the cloud to protect business data, no matter where it resides, no matter the underlying operating system. But the cloud has inherent limitations, including the time it takes to replicate large datasets to the cloud. For example, with an average internet connection (25 mbps), it would take four days to replicate five terabytes of data to the cloud.

This limitation was one of the primary reasons behind Infrascale’s acquisition in June 2014 of Eversync, a Salt Lake City-based backup appliance manufacturer that had developed leading-edge deduplication technologies. As part of Infrascale’s hybrid strategy, these appliances are now cloud-connected and leverage Infrascale’s growing stack of cloud technologies.

“We wanted to create a fundamentally new approach to data protection that made it practical to back up and recover large datasets to and from the cloud, quickly and securely,” said Ken Shaw, CEO of Infrascale. “Effectively, we wanted to create the backup equivalent of a set-top box. A set-top box is a local appliance that connects your TV to the Internet and makes it possible to view a seemingly endless amount of online content. Similarly, the Cloud Backup Accelerator is a local device that enables businesses to back up their critical data and quickly stream it to the Cloud for long-term storage and archiving.”

The current backup and disaster recovery market puts the burden on companies to either choose an inadequate solution or cobble together products from multiple vendors into a complete data protection solution. Neither of which is practical or affordable.

“Infrascale’s Cloud Backup Accelerator combines the best elements of direct-to-cloud backup such as easy deployment and inexpensive storage with the best parts of purpose-built backup appliances, namely fast backup and recovery, into a simple but powerful solution,” said George Crump, president and founder of Storage Switzerland. “When you add WAN optimization capabilities that go beyond just leveraging deduplication and compression, the Cloud Backup Accelerator becomes a compelling option that businesses should consider.”


Dramatically Better Value

The Cloud Backup Accelerator is priced significantly less (i.e., up to 70 percent less) compared to competing hybrid backup technologies, both in terms of the device and of cloud storage costs. Instead of buying a large backup appliance, which typically is provisioned for extra storage to accommodate future growth, customers can simply purchase a lean backup system with more cloud storage.


Infinite Capacity

With the Cloud Backup Accelerator, IT administrators decide what mission-critical information stays local, based on custom policies, for fast recovery. Since the device is serving more as an intelligent cache, business data automatically spills over to the cloud without users having to worry about the storage limits of the local device.


Built-In WAN Acceleration

The most efficient way to accelerate the transfer of information across the WAN is to not send it in the first place. Infrascale’s integrated WAN acceleration and deduplication technologies significantly reduce the transfer time and payload of copying data to the cloud. This translates to 5X faster upload speeds and quicker recovery of lost critical data, the traditional drawback of cloud-based replication.


Availability and Pricing

Infrascale’s Cloud Backup Accelerator is immediately available for purchase through select volume resellers and includes enterprise backup and recovery software, the accelerator hardware, three years of hardware and software support and updates, and four terabytes of device storage and one terabyte of cloud storage for one year. For more information visit www.infrascale.com/cba/, or view a short video at http://www.infrascale.com/videos/cloud-backup-accelerator-overview/.


About Infrascale

Infrascale provides the industry’s only total cloud platform for data protection. Infrascale‘s platform delivers cloud backup, disaster recovery, file sharing and data archive with military-grade security. This full range of data protection solutions span mobile devices, workstations, and physical or virtual servers. Infrascale’s flexible platform protects data in any environment: public cloud, private cloud or hybrid. Infrascale’s twelve global data centers power over 1,000 independent cloud service companies and MSP’s and protect billions of business-critical files. Founded in 2006, Infrascale is a venture backed cloud company headquartered in El Segundo, California. Visit www.infrascale.com or follow us on Twitter at @Infrascale for more information.

It’s a terrifying but plausible scenario. You’re in an enclosed crowded place—perhaps a subway or a mall—and a terrorist organization releases lethal quantities of a nerve agent such as sarin into the air. The gas sends your nervous system into overdrive. You begin having convulsions. EMTs rush to the scene while you go into respiratory failure. If they have nerve agent antidotes with them, you may have a greater chance of living. If they don’t, you may be more likely to die. Will you survive?

Thanks to CDC’s Strategic National Stockpile CHEMPACK program, the answer is more likely to be yes.

First responders prepare for CHEMPACK training.

First responders prepare for CHEMPACK training.

CHEMPACKs are deployable containers of nerve agent antidotes that work on a variety of nerve agents and can be used even if the actual agent is unknown. Traditional stockpiling and delivery would take too long because these antidotes need to be administered quickly. CDC’s CHEMPACK team solves this problem by maintaining 1,960 CHEMPACKs strategically placed in more than 1,340 locations in all states, territories, island jurisdictions, and the District of Columbia. Most are located in hospitals or fire stations selected by local authorities to support a rapid hazmat response. More than 90% of the U.S. population is within one hour of a CHEMPACK location, and if hospitals or first responders need them, they can be accessed quickly. The delivery time ranges from within a few minutes to less than 2 hours.

The medications in CHEMPACKs work by treating the symptoms of nerve agent exposure. According to Michael Adams, CHEMPACK fielding and logistics management specialist, “the CHEMPACK formulary consists of three types of drugs: one that treats the excess secretions caused by nerve agents, such as excess saliva, tears, urine, vomiting, and diarrhea; a second one that treats symptoms such as high blood pressure, rapid heart rate, weakness, muscle tremors and paralysis; and a third that treats and can prevent seizures.”

Maintaining CHEMPACKs throughout the nation is challenging, but it is an essential part of the nation’s defenses against terrorism. The CHEMPACK team must coordinate with limited manufacturers to keep the antidote supply chain functioning. CHEMPACK antidotes are regularly tested for potency and are replaced when needed. They must be maintained in ideal locations for quick use by hospitals and first responders. But, having them available is only the first step. Personnel who may use them need to know where they are and must be trained. CDC supports state and local partners as they identify CHEMPACK placement locations and conduct trainings for their responders.

2008 map of the fielded CHEMPACK Cache Locations

2008 CHEMPACK locations across the U.S.

Terrorist nerve agent attacks are not hypothetical. The Aum Shinrikyo group in Japan used sarin gas to attack subway passengers twice: an attack in 1994 killed eight people and a second attack in 1995 killed 12. Experts agree that these attacks were amateurish and a better timed and executed attack could have killed many more people.

CDC’s CHEMPACK team is part of the rarely seen network that protects the people of the United States from unusual threats. You might not have heard much about them, but if you are ever attacked by nerve agents, they may be the reason you survive.


The harsh winter of 2015 shows no sign of letting up. It’s too late for enterprises to do much to protect themselves this year. The good news is that, though it doesn’t seem so now, the temperatures will moderate and snow will melt relatively soon.

But, with the uncertainty introduced by global warming, it is irresponsible to assume next year won’t be as bad – or even worse. Therefore, it is important to take special note of what can be done to prepare for next winter.

This prudence seems to be lacking, however. A poll commissioned by property insurer FM Global revealed the problem. It found that 32 percent of workers give their employers grades of “F,” “D” or “C” for winter storm preparedness. Fifty-two percent of full-time workers expressed dissatisfaction with their companies’ winter storm preparations.



I have recently detailed the COSO 2013 Framework in the context of a best practices compliance regime. However there is one additional step you will need to take after you design and implement your internal controls. That step is that you will need to assess against your internal controls to determine if they are working.

In its Illustrative Guide, the Committee of Sponsoring Organization of the Treadway Organization (COSO), entitled “Internal Controls – Integrated Framework, Illustrative Tools for Assessing Effectiveness of a System of Internal Controls” (herein ‘the Illustrative Guide’), laid out its views on “how to assess the effectiveness of its internal controls”. It went on to note, “An effective system of internal controls provides reasonable assurance of achievement of the entity’s objectives, relating to operations, reporting and compliance.” Moreover, there are two over-arching requirements which can only be met through such a structured post. First, each of the five components are present and function. Second, are the five components “operating together in an integrated approach”? Over the next couple of posts I will lay out what COSO itself says about assessing the effectiveness of your internal controls and tie it to your compliance related internal controls.

As the COSO Framework is designed to apply to a wider variety of corporate entities, your audit should be designed to test your internal controls. This means that if you have a multi-country or business unit organization, you need to determine how your compliance internal controls are inter-related up and down the organization. The Illustrative Guide also realizes that smaller companies may have less formal structures in place throughout the organization. Your auditing can and should reflect this business reality. Finally, if your company relies heavily on technology for your compliance function, you can leverage that technology to “support the ongoing assessment and evaluation” program going forward.



NEW YORK – Send Word Now®, the worldwide leader in SaaS-based critical communications technologies for business continuity and disaster recovery, today announced the implementation of its award-winning Alerting Service by Kansas-based Intouch Solutions, Inc.

A fast-growing, privately held marketing agency headquartered in the Kansas City area with offices in Chicago and New York, Intouch Solutions specializes in digital marketing for the pharmaceutical industry. The firm, founded in 1999 and today employing over 500 talented individuals, offers a variety of marketing services, including strategic planning, creative, web and application development, CRM, and media planning and buying.

Intouch Solutions will use Send Word Now's award-winning Alerting Service to bolster employee communications and operational continuity during business disruptions, including inclement weather and IT-related issues.

"The continuity of Intouch's work is critical to our clients," said David Windhausen, Executive Vice President of Technology Services for Intouch Solutions. "We need the ability to activate our communication plan to reach our employees at any time with instructions, should we face any type of business disruption."

With Send Word Now, Intouch Solutions can rapidly send multimodal voice and text alerts to management and staff in time-sensitive situations. The marketing agency can also gather all-important feedback (e.g., "Are you OK?") from message recipients for better employee accountability, plus automatically connect key stakeholders via conference bridge for immediate collaboration.

The Alerting Service will seamlessly integrate with the Intouch Solutions' third-party HR, payroll and benefits tool using Send Word Now's widely deployed API.

"As a very successful pharma marketing company in a highly competitive space, Intouch Solutions clearly understands the importance of technology, communication and strategy," said Lorin Bristow, Senior Vice President, Marketing, Send Word Now. "We are very excited to have them as a client, and look forward to supporting their 'outside the box' thinking not only for business, but for business resiliency."

About Send Word Now
www.sendwordnow.com | 212.379.4900 | 800.388.4796 | marketing@sendwordnow.com
Media inquiries: Linda Young | lyoung@sendwordnow.com | 615.295.6368
Follow us on:  TwitterLinkedIn and Facebook

Headquartered in New York City, Send Word Now is the leading worldwide provider of critical communications solutions. The company's easy-to-use, web-based emergency notification solutions and mobile applications are used by businesses, government agencies, universities and non-profit organizations worldwide to ensure fast, effective, two-way communication when it is needed the most.

Among its many accolades, Send Word Now was named a 'Leader' in Gartner's 2014 Magic Quadrant for U.S. Emergency/Mass Notification Services. Its Alerting Service was awarded "Notification System of the Year" by DRI International, and the company received the 2013 Small Business Achievement Award from the Department of Homeland Security for its work with the Federal Emergency Management Agency (FEMA).

The UAE’s National Emergency Crisis and Disasters Management Authority has published an updated version of the country’s business continuity standard.

The new UAE Business Continuity Management Standard builds upon the first version, published in 2012, and aligns the standard with international best practices and guidelines. It contains three parts:

  • Specifications: sets out all the key parts and elements of the business continuity program.
  • Guidelines: interprets how the elements mentioned in the Specifications work in practice.
  • Toolkit: includes framework templates for developing a business continuity management system.

The Specifications document is available as a free PDF here. For details of obtaining the other parts of the standards contact the NCEMA

In the light of recent news showing that $1bn (£648m) has been stolen since 2013 in cyber-attacks on up to 100 banks and financial institutions worldwide Konrads Smelkovs of KPMG’s cyber security team says that it is time for financial institutions to be more proactive when it comes to information security.

Smelkovs comments:

“These attacks were unique in terms of the organization it took to execute them. However, the tools used by these cyber-crime gangs weren’t particularly sophisticated. It was the persistence and cautious approach of the criminals that netted them the prize. The banks targeted - primarily in Russia and Ukraine - suggest a selective operation in areas where tracking transactions is more complex.

“Financial institutions need to take more of a pre-emptive approach to such attacks. Playing ‘war games’ is one effective way of highlighting potential weak spots where attacks are simulated. Each organization should also look to have someone committed to defending their network, rather than someone who merely adheres to prescribed standards. The continued investment towards anti-malware technology and internal network monitoring tools remains crucial to being a step ahead of cyber criminals.”


No, there is no typo in the title. In today’s C-level world, CRO can stand for Chief Risk Officer, but can also mean Chief Reputation Officer. By definition, the Chief Risk Officer looks after the governance of significant risks (both menaces and opportunities). The Chief Reputation Officer supervises the management of an organisation’s reputation, brand and communications. Looking after risks and reputation are both vital functions for organisations. The question is whether specific job functions are to be created for one or both of them. The definitive answer will depend on different factors.



Security and compliance skills were named as the top IT skills that hiring managers will be seeking in 2015, according to a survey of 405 senior-level technology professionals conducted by Cybrary.IT from late 2014 to early 2015. And that’s good news for the fledgling cybersecurity training site, which began offering its roster of free security courses a few weeks ago.

While the majority of companies represented in the survey plan to spend the same amount on IT training in 2015 that they spent in 2014, 11 percent said they have no money for IT training at all and fewer than 25 percent spend at least 10 to 20 percent of the total IT budget on training.

Billing itself as the first and only tuition-free massive open online course (MOOC) for IT and cybersecurity training, Cybrary.IT, whose founders came out of the paid IT training space, targets “unserved and underserved” individuals and aims to transform cybersecurity training as a whole, as co-founder Ryan Corey told me upon launch. The price of training is a major issue for individuals and companies, as both attempt to keep up with rapidly changing cyber threats and the growing need for specialized security skills.