CLUSTERS of corporate techies hunched over their laptops one recent evening in Mountain View, California, feverishly trying to figure out how RK Industries hacked into and stole critical information from its rival, EntraDyn.
It’s a common occurrence, but in this case the firms were fictitious, and the event—a simulated exercise put on by security firm Symantec—featured rock music, a buffet and an open bar for the participants. Even so, it had a serious purpose: Increasingly under Internet attack, more and more businesses are using “cyberwar games” to learn how to spot and counter the tricky tactics used by hackers.
|John Bartlett CBCI, DBCI|
implemented correctly and with maturity, BC can provide significant benefit through the sharing of key information and the prioritisation of activities.
That does not mean that the BC function should manage areas that could introduce a vulnerability under these categories, but it does mean that BC should perform a Quality Assurance and Governance role to ensure activities that could introduce vulnerabilities are being performed correctly, diligently and with the necessary controls. This will ensure BC remains a pro-active measure within the organisation as well as a reactive one.
The official hurricane season is June 1 through Nov. 30, and every year there are named storms and predictions. Each of us has a personal responsibility to have our homes and businesses prepared.
Disasters can hit the economy hard and with tourism being the number one industry in Manatee County we must embrace the concept of year-round preparedness and be able to jump back quickly for the good of our community.
If you think about it, we are focused on preparations for hurricane season, but emergency preparedness can help a business survive when any kind of disaster strikes.
Let’s face it. We are always online in one form or another. If I am not watching television, checking mail, or using one of the 44 apps I have on my smartphone, then I am probably sleeping. Because of these use patterns, the demands on application availability are on the rise, and data is exploding. So let’s think about these two forces and how they impact disaster recovery (DR) planning for your businesses. These forces increase the DR workload for IT staff. As a result, your IT staff may be spending more time on DR instead of supporting strategic and revenue-generating projects. In other words, IT is only helping to maintain the business, not grow the business.
Cloud disaster recovery may be the answer
How do you overcome tight budgets and leaner IT staff when you are constantly being asked to do more with less? Well, you might consider “out-tasking” DR management by using cloud-based disaster recovery services.
Every managed services provider (MSP) has had a question or two on backup and disaster recovery (BDR). To help answer some of the top questions we reached out to disaster recovery (DR) and business continuity (IC) solutions vendor Datto to find out what MSPs have been asking them. Take a seat, grab a pen and paper, and pay attention to what we've learned in this MSPmentor exclusive. But don't worry, there won't be a test.
Datto Sales Manager Hallett Nichol helped us with his insights on this topic. His answers focused on costs, bandwidth and local recovery capabilities.
The highly regulated health care industry has long generated attendant compliance risks. However, a recent spate of legislation and updated regulations, a new Office of Inspector General (OIG) Special Fraud Alert, and increased government enforcement actions are shining a bright light on some of the top compliance risks facing today’s health care professionals. This article reviews the risk areas of strategic relationships and patient information and offers smart steps to consider for health care organizations seeking to mitigate such risks.
Risk areas: strategic relationships, patient information
Federal and state government mandates calling for improved reporting of patient outcomes are among factors driving the formation of strategic relationships between hospitals (providers) and physician groups, providers and health plans, and providers and pharma/medical device manufacturers. The increasing proliferation of risk-/gain-sharing partnerships such as Accountable Care Organizations (ACOs) and other physician-owned entities (aka physician-owned distributorships, or “PODs”) generates numerous compliance risks. Of particular note are risks associated with provisions and regulations such as the following:
For years now, the risk management gurus of the world have lamented the scourge of check-box compliance, urging organizations to make more security decisions based on sound risk management. The philosophy is that risk-based decisions generally yield more compliant environments: if an organization manages its risks, then compliance will naturally fall into place.
It's a sound idea, but when organizations flip their world view from check-box compliance to risk-first decision-making, there's bound to be times when an organization may be managing most risks well but still falls short of compliance requirements. In some cases, the organization has not documented mitigation measures well enough for the auditors yet and in others they are not quite totally compliant yet.
This week, the focus switches to security as AIB’s senior information security specialist talks about managing mobile devices, why real-world testing is important and user buy-in is essential.
As a percentage, how much of your annual IT budget goes on security?
That’s always a good question. To be honest, it’s nearly impossible to quantify as very often, security is taken out of several different budgets. For example, you could look at firewall admin, putting in new security rules – that would fall to the IT network guys rather than the information security team per se. Likewise, we have mainframe sec rules and that would come down to the mainframe team.
The advanced persistent threat is waging an all-out attack on enterprises’ intellectual property.
Yet most companies continue to try to protect themselves using approaches that are years out of date.
That is one of the conclusions in Responding to Targeted Cyberattacks, a frank new how-to book published by global IT association ISACA and written by professionals at Ernst & Young LLP.
The threat landscape has progressed from unsophisticated “script kiddies” to hackers to insiders to today’s state-sponsored attacks, where enterprises are attacked because of who they are, what they do and the value of their intellectual property (IP).