Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 28, Issue 1

Full Contents Now Available!

Jon Seals

COUNTER TERROR EXPO 2014, 29-30 APRIL 2014 AT OLYMPIA, LONDON

From government facilities, military bases and critical national infrastructure to the offices of global corporations and safe city projects, there is a critical need to look beyond single, stand-alone security solutions to an integrated approach that ‘joins the dots’ from all the available intelligence and data.

In response to this need, Counter Terror Expo 2014 will be featuring an Integrated Security in Action area which this year is being sponsored by Synectics, a leading name in the design and delivery of integrated surveillance solutions. As Karen Churchill, Sales Manager for Synectic Systems commented: “Counter Terror Expo attracts such a broad range of experts showcasing the latest innovations. It’s a melting pot for ideas and developments that are geared towards tackling threats impacting now and those predicted in the future”.

Synectics will be demonstrating the latest evolution of its field-proven command and control platform, Synergy 3. An open security software platform that mitigates risk and improves operational efficiency, Synergy 3 reflects the company’s continued commitment to customisable ‘hardware-agnostic’ security management systems that intelligently integrate with third-party products. In addition, Synectics will be exhibiting its range of IP and industrial-grade COEX cameras.

Also exhibiting will be ASSA ABLOY Security Solutions and ASSA ABLOY Security Doors. Tina Hughan, Head of Marketing for ASSA ABLOY, commented: “As the global leader in door opening solutions, ASSA ABLOY has a history of specification work on large and complex projects across commercial, public and industrial projects. The Counter Terror Expo provides the ideal platform to showcase our capacity to protect against manual attacks, as well as providing bullet, blast and fire resistance. The event also provides a perfect opportunity for our specification team to meet it’s customers, potential buyers and decision makers in the industry.

In addition to a wide range of locks and doors, ASSA ABLOY will be displaying its innovative CLIQ™ Remote solution designed for organisations with a geographical spread of operations, including remote sites. Enabling the commissioning, programming and full administration of security management centrally via web-based software, the system can eliminate the need to service and monitor locks on site.

For Martin Lomberg, General Manager – Europe, Southwest Microwave, Counter Terror Expo “is clearly focused at professional bodies with a genuine interest in securing critical national infrastructure with the appropriate technologies and intrusion detection systems”. Southwest Microwave will be showcasing its latest IP Network intrusion detection modules and system interface capabilities, encompassing fence, covert buried cable and digital microwave technologies.

There will be live systems on display as well as a team of experts to provide demonstrations and answer specific project or system questions.

David Thompson, Event Manager, Clarion Defence & Security, commented: “The Integrated Security in Action area will feature all of the latest CCTV, access point, perimeter protection and control room security technologies as well as providing an interactive, educational showcase for integrated security platforms in action”.

To register for either a free Exhibition Only Pass or a full Conference Delegate Pass, visit: www.counterterrorexpo.com/register

The MSc Organisational Resilience (OR) at Buckinghamshire New University is loading up with students very rapidly.  The MSc OR is designed to meet the requirements of business, public and private sectors globally and the professionals who are either currently employed in its disciplines or who seek to develop advanced capability.  Our approach has been to design and deliver an accessible postgraduate programme that reflects sector currency and assists in the drive towards further professionalism and research capabilities.  This, we believe, is crucial to developing fluency what is becoming recognised as a coherent, rather than distinct and completely separable, group of linked subjects.  In this programme; the development of mastery in understanding of these links, in their applicability to organisations and business, and the high-level knowledge, confidence and capability necessary to be fully effective as an OR professional are considered to be essential and explicit educational outcomes.

To support and as an adjunct to these requirements, the MSc OR is also designed to meet the needs of students who are, or who aspire to be, employed as managers and as sector influencers in the wide subject area of OR.  There are many currently working in the sector that have long-term experience and are seeking validation and evidence of this through the achievement of postgraduate qualification. In particular, applied postgraduate programmes and awards are considered to be the most desirable and required awards by companies and employers.  Industry also requires, because of the growing inter-relationship and blurred boundaries between the various elements, and the constant development of new risks and the need to mitigate them; the development of organisational and individual capability and knowledge across a range of contributing areas.   Therefore, this programme is designed to educate those with a specialist interest in the following areas and sub-disciplines:

...

http://buckssecurity.wordpress.com/2014/04/15/msc-organisational-resilience-loading-up/

CIO — It's hard to resist the sparkly nirvana that big data, leveraged appropriately, promises to those who choose to embrace it. You can transform your business, become more relevant to your customers, increase your profits and target efficiencies in your market all by simply taking a look at the data you probably already have in your possession but have been ignoring due to a lack of qualified talent to glean value from it.

Enter the data scientist — arguably one of the hottest jobs on the market. The perfect candidate is a numbers whiz and savant at office politics who plays statistical computing languages like a skilled pianist. But it can be hard to translate that ideal into an actionable job description and screening criteria.

This article explains several virtues to look for when identifying suitable candidates for an open data scientist position on your team. It also notes some market dynamics when it comes to establishing compensation packages for data scientists.

...

http://www.cio.com/article/751478/4_Qualities_to_Look_for_in_a_Data_Scientist

Computerworld — The IT response to Heartbleed is almost as scary as the hole itself. Patching it, installing new certificates and then changing all passwords is fine as far as it goes, but a critical follow-up step is missing. We have to fundamentally rethink how the security of mission-critical software is handled.

Viewed properly, Heartbleed is a gift to IT: an urgent wake-up call to fundamental problems with how Internet security is addressed. If the call is heeded, we could see major improvements. If the flaw is just patched and then ignored, we're doomed. (I think we've all been doomed for years, but now I have more proof.)

Let's start with how Heartbleed happened. It was apparently created accidentally two years ago by German software developer Robin Seggelmann. In an interview with the Sydney Morning Herald, Seggelmann said, "I was working on improving OpenSSL and submitted numerous bug fixes and added new features. In one of the new features, unfortunately, I missed validating a variable containing a length."

...

http://www.cio.com/article/751504/With_Heartbleed_IT_Leaders_Are_Missing_the_Point

So what will you choose: public cloud, private cloud – or perhaps a solution in between? The flexibility and scalability of the cloud have also made it well suited to partial use, namely the hybrid cloud solution. Those who can’t quite make up their mind can have as much or as little of the cloud as suits them. However, it’s better still to approach this resource with a clear IT strategy in mind and to make a hybrid cloud solution a deliberate choice, rather than a vague default. Here are two possibilities that could drive a hybrid cloud decision.

...

http://www.opscentre.com.au/blog/successfully-sitting-on-the-fence-with-hybrid-cloud/

IDG News Service (San Francisco Bureau) — Canada's tax authority and a popular British parenting website both lost user data after attackers exploited the Heartbleed SSL vulnerability, they said Monday.

The admissions are thought to be the first from websites that confirm data loss as a result of Heartbleed, which was first publicized last Tuesday. The flaw existed in Open SSL, a cryptographic library used by thousands of websites to enableA encryption, and was quickly labeled one of the most serious security vulnerabilities in years.

The Canada Revenue Agency (CRA) blocked public access to its online services last Tuesday in reaction to the announcement, but that wasn't fast enough to stop attackers from stealing information, it said on its website.

...

http://www.cio.com/article/751475/First_sites_admit_data_loss_through_Heartbleed_attacks

IDG News Service (Washington, D.C., Bureau) — More U.S. Internet users report they have been victims of data breach, while 80 percent want additional restrictions against sharing of online data, according to two surveys released Monday.

While nearly half of all U.S. Internet users avoid at least one type of online service because of privacy concerns, according to a survey by marketing research firm GfK, 18 percent reported as of January that important personal information was stolen from them online, a poll from the Pew Research Center's Internet and American Life Project found. That's an increase from 11 percent last July.

"As online Americans have become ever more engaged with online life, their concerns about the amount of personal information available about them online have shifted as well," Mary Madden, a senior researcher at Pew, wrote in a blog post. "When we look at how broad measures of concern among adults have changed over the past five years, we find that internet users have become more worried about the amount of personal information available about them online."

...

http://www.cio.com/article/751473/Data_Breaches_Nail_More_US_Internet_Users_Regulation_Support_Rises

“We don’t need no education . . .”

I couldn’t help but think of that line from a Pink Floyd song when I saw the headline on an eSecurity Planet article, “Majority of Employees Don’t Receive Security Awareness Training.”

The article goes on to report on a study by Enterprise Management Associates called Security Awareness Training: It's Not Just for Compliance. The study interviewed 600 people at companies of all sizes, from the very small to the very large, and what it found was that more than half of employees not working in IT or security receive no security awareness training. However, business size did make a difference – midsize businesses fared the worst when it comes to security education.

...

http://www.itbusinessedge.com/blogs/data-security/lack-of-security-awareness-training-puts-data-and-networks-at-risk.html

Tuesday, 15 April 2014 14:11

Is the Virtual Data Center Inevitable?

Given the state of virtual and cloud-based infrastructure, it’s almost impossible not to think about end-to-end data environments residing in abstract software layers atop physical infrastructure.

But is the virtual data center (VDC) really in the cards? And if so, does it mean all data environments will soon gravitate toward these ethereal constructs, or will there still be use cases for traditional, on-premises infrastructure?

Undoubtedly, a fully virtualized data operation offers many advantages. Aside from the lower capital and operating costs, it will be much easier to support mobile communications, collaboration, social networking and many of the other trends that are driving the knowledge workforce to new levels of productivity.

...

http://www.itbusinessedge.com/blogs/infrastructure/is-the-virtual-data-center-inevitable.html

I saw an encouraging sign the other day in a Tech Target 2014 Market Intelligence report.  It provided a list of the top IT projects for this year based on a survey of IT professionals.  Number one of the list was server virtualization.  And number two?  Business Continuity/Disaster Recovery (BC/DR).

That’s big news for us at the Disaster Recovery Preparedness Council.  It’s our mission to raise awareness of the need for BC/DR planning and help IT professionals to benchmark their current DR practices and implement ways to improve DR planning and recovery in the event of an outage or disaster.

So, given the results of the Tech Target report, you need to ask yourself where BD/DR falls on your list of priorities this year.  Maybe you’ve got a formal plan and a budget for BC/DR but many companies still do not.  That doesn’t mean you can’t start to develop and/or improve your business continuity strategy today.

...

http://drbenchmark.org/where-is-bcdr-on-your-list-of-priorities/