Fall World 2014

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 27, Issue 3

Full Contents Now Available!

Jon Seals

Vocal Ltd, a leading provider of incident management and business continuity communication solutions has announced that it has been shortlisted for a 2013 Business Continuity Institute (BCI) Global Award, for its work in partnership with the Cross-sector Safety & Security Communications (CSSC) partnership prior to and during the London 2012 Olympic and Paralympic Games.

In 2012, Vocal Ltd teamed up with key figures from London’s public and private sectors to help create a communications infrastructure that would help to safeguard London during the Games. This unique and technologically advanced collaboration between the Metropolitan Police, the Home Office, London First and numerous business sector groups was designed to ensure that London stayed connected, and consequently as safe as possible, throughout the summer Olympics.  

Trevor Wheatley-Perry, Vocal’s Managing Director, comments: “Being part of the CSSC project has been one of our proudest achievements to date. During the summer of 2012, we jointly managed to enable safety and security messages to reach every sector of the London business community within seconds, thanks to the cooperation of the public and private sectors, and the innovative communication facilities of Vocal’s iModus suite. The CSSC partnership has created a lasting legacy of cooperation, and set an important worldwide precedent for future incident and event management.”

In addition to winning the award for ‘Best Contribution to Continuity and Resilience’ at the 2013 CIR Awards, the last year has seen the CSSC partnership shortlisted for many accolades, including winning ‘Best Contribution to Continuity and Resilience’ at the CIR awards, and their work with Vocal now stands as a blueprint for effective communication in other event-hosting cities. Most recently, the CSSC has been shortlisted for the prestigious BCI Global Awards, under the category of ‘Business Continuity Innovation of the Year’.

The BCI Global Awards recognise the outstanding achievements of business continuity professionals and organisations from all over the world. Those selected as award winners are highly esteemed within the industry, and can expect international recognition for their efforts in advancing the profession.

“We’re extremely proud to have been shortlisted for this award,” concludes Trevor, “the BCI Awards are frontrunners in the quest to raise the profile of the business continuity profession as a whole. It is an exceptional accolade to be marked out as an organisation whose achievements can help the BCI to spread the critical importance of business continuity to businesses across the globe.”

The winners of the BCI Global Awards will be announced at the BCI Gala Dinner, taking place at the Royal Courts of Justice in London on Wednesday, 6 November 2013. Vocal will be exhibiting at the BCM World Conference and Exhibition, (Stand 46) taking place from 6-7 November at Olympia, London.

David Tickner
Computrix Services

Whether a consultant or an internal business continuity planner, it’s never easy to get management to commit to a continuity program. Perhaps it’s the approach you take or that you find management a bit too bottom line focussed.

Where is the key to gaining corporate commitment for BC programs - the CEO’s office, the CFO or the Risk Manager? Perhaps it’s not even inside your organisation, there could be other options.

...

http://thebceye.blogspot.com/2013/10/walk-mile-in-their-shoes.html

One of the biggest factors in helping people to get along and making businesses profitable is communication. Mobile phones in particular have become the symbol of this: depriving somebody of his or her mobile phone is today akin to torture, at work, at home or anywhere else. The trend continues too towards more advanced and more diverse communications technology, as workers bring in their own mobile devices for work and customers increasingly put their faith in the cyberspace.  Yet, our communication fails when we’re in an elevator, in a tunnel, underground or any place similarly isolated from the business network. Do military communications hold an answer?

If communications are important to most businesses, for the armed forces they are vital. With this in mind, military communications have often been in the forefront of communications technology in sophistication, performance and availability. The Internet that we now take for granted was originally a DARPA (US Defense Advanced Research Projects Agency) project. The goal was to construct a communications network that would automatically reroute information to deal with any part of the network breaking down or being destroyed. Similarly, the army, navy and air force (and the police) had two way radios and radio networks long before the first mobile phones became available for consumers.

...

http://www.opscentre.com.au/blog/the-army-as-the-model-for-business-communications/

I’ve flogged this horse before, but this new info graphic from istock (and video version of it) reminded me of the importance of video on the web.

Imagine it was 1994 and we were having a conversation about crisis communications. You said to me, “You know, this Internet thing might be big. I think crisis communicators ought to look at how this thing called a ‘web site’ might help in a crisis.”

“Pah, fooey,” I would say. “Why would anyone need that? Everyone knows that crisis communication is about putting out press releases and handing them out to the waiting press mob outside the door.”

...

http://ww2.crisisblogger.com/2013/10/why-crisis-communicators-should-pay-more-attention-to-video/

by Hilary Tuttle

 

In the October issue of Risk Management, social media and eDiscovery expert Adam Cohen chatted with me about the biggest corporate risks in sites like Facebook and Twitter, and outlined some best practices for developing and enforcing a social media policy. But behind every account sits one major risk that’s hard to control: a person.

Not all of Cohen’s advice could make the magazine, so here are some of his extra tips for how to mitigate the risks of personal social media – both to protect your company and to protect yourself.

...

http://www.riskmanagementmonitor.com/online-exclusive-how-to-protect-yourself-on-social-media

It’s sometimes easy to forget that, as far as most end users are concerned, analytics is merely a means to an end. As such, those users are generally a lot more interested in the path of least resistance when it comes to applying analytics.

With that issue firmly in mind, Adobe this week at the Digital Marketing Association 2013 conference updated Adobe Analytics, a service that allows users to analyze massive amounts of unstructured Big Data.

Nate Smith, product marketing manager at Adobe, says Adobe Analytics eliminates all the complexity associated with Big Data by exposing analytics applications as a service. As a result, organizations don’t have to invest in expensive data scientists to organize their data; they just load it into the Adobe Marketing Cloud.

...

http://www.itbusinessedge.com/blogs/it-unmasked/adobe-delivers-big-data-analytics-via-the-cloud.html

It’s sometimes easy to forget that, as far as most end users are concerned, analytics is merely a means to an end. As such, those users are generally a lot more interested in the path of least resistance when it comes to applying analytics.

With that issue firmly in mind, Adobe this week at the Digital Marketing Association 2013 conference updated Adobe Analytics, a service that allows users to analyze massive amounts of unstructured Big Data.

Nate Smith, product marketing manager at Adobe, says Adobe Analytics eliminates all the complexity associated with Big Data by exposing analytics applications as a service. As a result, organizations don’t have to invest in expensive data scientists to organize their data; they just load it into the Adobe Marketing Cloud.

How would you coordinate 30,000 volunteers in 5,000 locations across an arc 500 miles long in just eight weeks?

That was the challenge Aaron Titus faced in the wake of Superstorm Sandy. Undaunted, he went to work. Realizing he couldn't do it alone, he focused on building a solution that decentralized the coordination process, worked across agencies, and empowered leaders in the field. He succeeded. 

- See more at: http://blogs.csoonline.com/security-leadership/2802/conversation-aaron-titus-using-open-source-coordination-transform-disaster-recovery#sthash.dSBium9X.dpuf

Our staff recently was informed of a new emergency and disaster preparedness free mobile app solution called the “In Case of Crisis” mobile solution.

The “In Case of Crisis” mobile solution —  created and developed by Irving Burton Associates (IBA) –allows institutions – e.g. educational, corporate, government or hospitality — convenient and secure access to emergency information with features such as easy-to-read instructional and building diagrams, one-tap key contact calling, and push notifications for updates/alerts and maps.

The app includes access to a library of 85 possible emergency event scenarios with templates and images or organizations can customize with their own event details. A dedicated client success team provides hands-on coaching and best practice tips for publishing emergency plans to mobile devices.

Is this the real life? Is this just fantasy? Either way, we’re delighted to be taking our first turn at hosting Cavalcade of Risk #194. For those of you who, like us, are new to this, the CavRisk blog carnival is a round-up of risk and insurance-related posts from around the blogosphere.

Our debut as a Cav host kicks off with a post on fantasy insurance in which Hank Stern of InsureBlog poses the question: What if your Fantasy Footballer gets sidelined in real life? The good news is there’s an insurance policy for that. Game on.

Next up, at Workers’ Comp Insider, Julie Ferguson, brings us back to real life with a roundup of the impact that the government shutdown is having on workplace health & safety and various regulatory and employment-related matters. It’s her second, and hopefully last, roundup on the shutdown, Julie notes.

...

http://www.iii.org/insuranceindustryblog/?p=3409

Enterprise Web Application Firewall for AWS

HOUSTON, TX – Alert Logic (www.alertlogic.com), a leading provider of Security-as-a-Service solutions for the cloud, today announced availability of its web application firewall (WAF), Web Security Manager on Amazon Web Services (AWS). Alert Logic’s Web Security Manager, along with Threat Manager and Log Manager, provide a comprehensive suite of security & compliance solutions for AWS customers, who are able to take advantage of hourly or a monthly billing directly from Alert Logic.

Web Security Manager protects cloud environments by blocking web application attacks—such as SQL injection and cross-site scripting—with a combination of signature-based detection and application behavior profiling, stopping unauthorized application activity before an attack compromises an application. Unlike CDN-based "cloud WAFs" that rely on simplistic blocking policies, Web Security Manager provides the same full WAF functionality previously available only in traditional environments. Designed for elastic cloud environments, Web Security Manager auto-scales the same way as the application it protects. Along with WAF protection, Alert Logic also offers ActiveWatch services that provide 24x7 management by experienced web application security analysts to optimize protection, to relieve users of a critical but challenging function.

“With the launch of Web Security Manager, Alert Logic makes available a full enterprise-ready suite of Security-as-a-Service solutions built for the cloud,” said Misha Govshteyn, chief strategy officer & co-founder at Alert Logic. “Now enterprises with cloud-enabled IT infrastructures can leverage all of our cloud-based web security & compliance solutions engineered for easy implementation through AWS.”

“We are pleased that Alert Logic will be offering its entire suite of managed security products on AWS,” said Terry Wise, Director, Worldwide Partner Ecosystem, AWS. “The addition of Alert Logic’s Web Security Manager enhances our shared-responsibility security model and gives customers additional security capabilities and convenience, via the AWS on-demand, pay-as-you-go cloud infrastructure.”

The inclusion of Web Security Manager in Alert Logic’s offerings for AWS builds on the powerful foundation of AWS that customers like Chargify, a recurring billing management company, use. The company will launch Web Security Manager to further protect its web applications in the AWS cloud.

“Alert Logic has built a differentiated security model for AWS that further helps customers like ourselves,” said Drew Blas, head of operations at Chargify.“As the only web application firewall that offers auto-scaling architecture with AWS, Web Security Manager is exactly what we need in our cloud environment.”

 About Alert Logic Web Security Manager

Web Security Manager delivers inline protection of web applications from dangerous cyber threats such as SQL Injection and Cross Site Scripting, along with full coverage of OWASP Top Ten attacks. Using a combination of both positive and negative security models, Web Security Manager blocks malicious traffic while allowing legitimate traffic to pass unaffected. Key benefits of Web Security Manager are:

·       Designed and built for AWS, Web Security Manager auto-scales with protected cloud instances

·     Web Security Manager satisfies PCI DSS requirement 6.6, providing protection against the OWASP Top 10 vulnerabilities without resource-intensive code review

·     Because Web Security Manager profiles application and traffic behavior, it provides immediate protection against zero-day attacks that signatures cannot detect – unauthorized application activity is blocked automatically

·     Optional ActiveWatch service provides 24x7 Security Operations Center monitoring of all activity and ongoing WAF tuning to optimize protection, removing the biggest challenge of WAF utilization

A presentation given by Alert Logic and AWS on the new Web Security Manager offering is available athttp://youtu.be/-Vr9BmDYSWo. More information about Alert Logic’s Web Security Manager, Threat Manager and Log Manager, which can be purchased through AWS or directly through Alert Logic, can be found at www.alertlogic.com.

About Alert Logic

Alert Logic, the leading provider of Security-as-a-Service solutions for the cloud, provides solutions to secure the application and infrastructure stack. By integrating advanced security tools with 24×7 Security Operations Center expertise, customers can defend against security threats and address compliance mandates. By leveraging an “as-a-Service” delivery model, Alert Logic solutions include day-to-day management of security infrastructure, security experts translating complex data into actionable insight, and flexible deployment options to address customer security needs in any computing environment. Built from the ground up to address the unique challenges of public and private cloud environments, Alert Logic partners with over half of the largest cloud and hosting service providers to provide Security-as-a-Service solutions for business application deployments for over 2,300 enterprises. Alert Logic is based in Houston, Texas, and was founded in 2002. For more information, please visit www.alertlogic.com.

with Dan Zitting

5 Steps to Integrating Governance, Risk Management and Compliance Activities Across the Organization

Governance, risk management and compliance (GRC) efforts are often spread across an organization. Each department takes a different approach with its own systems, technologies and tools to engage in risk management activities. Senior management is often stymied in trying to get a clear picture of risk across the organization, having to compare apples and oranges served up from various silos of GRC activity.

Without a consistent way to look at the universe of risk across the organization, how can you weigh impact and likelihood and keep up to date on ever-changing risk profiles?

...

http://www.corporatecomplianceinsights.com/cant-see-the-risk-forest-for-the-grc-silo-trees