The Continuity Logic customized demo provides an opportunity for qualifying organizations to evaluate Frontline Live 5™, with their plans, desired controls, policies, and procedures. This first-of-its-kind system for both business continuity and many other areas of Governance, Operational Risk and Compliance (GRC) is powerful, but often best viewed with some of your familiar plans, data and templates.


Fall World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 28, Issue 3

Full Contents Now Available!

Jon Seals

Cyber security has been ranked third in a list of boardroom investment priorities, according to a survey released earlier this month by KPMG.

The annual Business Instinct Survey, a poll of 498 C-level executives from businesses across the UK, found under-investment has left many businesses acknowledging the need to increase spending on secure technology.

However, despite acceptance that cyber security is critical to long-term business operations, one in three executives questioned (36 percent) said investing in people skills had become their number one concern, with 19 percent also more focused on plant or machinery purchases.

According to the findings, data protection and cyber threats also ranked third behind corporate governance and regulatory change, and supply chain risk/procurement when boards considered the main risk issues influencing their approach to managing their businesses.



Wednesday, 09 July 2014 15:54

BCI Education Month Reduction

Did you know that September 2014 is BCI Education Month?  Lots of initiatives to develop educational opportunities in BCM.  Here at Bucks New University we are offering 10% off (a saving of £250.00) for those who enrol on the September cohort of the BCI Diploma.

Education Month details here: http://www.thebci.org/index.php/training-education/bci-education-month

Wednesday, 09 July 2014 15:53

New – Foundation Degree in Cyber Security

Cyber-attacks comprise the main security issues facing organisations in the Information Age. The UK Government’s National Security Strategy (first published in 2011) categorises cyber-attacks as a Tier One threat to our national security, alongside international terrorism. According to the UK Government, 93% of large corporations and 87% of small businesses reported a cyber-breach in the past year and analysis from the UK Ministry of Defence estimates the cost to the UK economy at around £11.6 billion a year.

The Government has allocated £860 million towards the UK’s national cyber security strategy to 2016 which has the four objectives of:

- making the UK one of the most secure places in the world to do business in cyberspace;

  • making the UK more resilient to cyber-attack and better able to protect our interests in cyberspace;
  • helping shape an open, vibrant and stable cyberspace that supports open societies;
  • building the UK’s cyber security knowledge, skills and capability.



Wednesday, 09 July 2014 15:52

If Tuberculosis Spreads ...

ATLANTA — DRUG-RESISTANT tuberculosis is on the rise. The World Health Organization reports around 500,000 new drug-resistant cases each year. Fewer than half of patients with extensively drug-resistant tuberculosis will be cured, even with the best medical care. The disease in all its forms is second only to AIDS as an infectious killer worldwide.

The United States has given more than $5 billion to the Global Fund to Fight AIDS, Tuberculosis and Malaria. But drug-resistant tuberculosis isn’t a problem only in the developing world; we must turn our attention to the fight against it here at home.

Tuberculosis rates have declined in the United States in the last decade. In 2012, there were around 10,000 cases, and of those, only 83 were resistant to all of the most commonly used tuberculosis drugs — 44 fewer than in 2011. So far we have been lucky. The low numbers hide the precarious nature of the nation’s public health defense, and how vulnerable we would be to an epidemic.



Big Data promises to bring big changes to the way enterprises collect, store, analyze and use their data. From increased infrastructure to new marketing usage, Big Data will affect many areas of the company. So it’s no wonder that with all that looming on the horizon, hiring managers are scrambling to fill positions opened up by the latest big technology—including software engineering jobs.

In the realm of Big Data, software engineers will be required to find ways to integrate the enormous amounts of data into programs that solve business challenges. If your company is looking to create a new division of software engineering just for Big Data, a good place to start is to hire a senior position to head up the team.

In our IT Downloads area, you will find a ready-to-use job description for a Senior Software Engineer/Big Data. The description is useful for human resources departments and hiring managers when deciding the qualifications of a senior-level software developer in this area. The job description can be used as-is, or use the information included to spur your own company to create a job description for such a position.



Much attention has been paid to the likelihood of more drought, fires and floods as the planet warms, but the most significant impact on public infrastructure won't come from extreme weather events, Paul Chinowsky says.

It will be the the change in what constitutes normal weather in various regions — higher temperatures for more sustained periods of time, higher or lower average humidity and rainfall — that will most tax buildings, roads and bridges that were built for one set of conditions and now have to function in another.

"Road surfaces get weaker in heat," Chinowsky said. "Asphalt gets softer. As trucks and cars pass, you get a lot more potholes, more cracking. It won't be a one time event but a constant thing. That's the part we don't talk about, but that's the part that's going to have a huge economic impact."



The role of local authorities is crucial in the steps towards building resilience against natural disasters due to their ability to manage risk and ensure prevention on the front line, the Committee of the Regions has argued.

The Committee – an assembly of local and regional leaders from all member states – was represented by Cllr Siggs of the European Conservatives and Reformists Group from the UK’s County Council of Somerset. His comments were made in response to a European Commission proposal that contributes to the EU's international obligations in finding a common strategy to build resilience to disasters.

Worldwide between 2002 and 2012, natural disasters were responsible for more than 80,000 deaths and the economic cost was as high as €95bn (£750bn). Cllr Siggs stated that local authorities have three clear roles in disaster management: preparing through improved resilience; reacting with improved coordination; and dealing with the impact afterwards.



HIGHLAND, Ill. – Power management company Eaton’s B-Line business today introduced a new product catalog featuring a range of seismic bracing solutions pre-approved by the California Office of Statewide Health Planning and Development (OSHPD). Designed to help specifiers meet the current code requirements, the catalog – OPM-0052-13 – Fire Sprinkler System Applications – includes a range of products, including many from the TOLCO product line, suitable for commercial applications.

We developed this new product catalog to simplify the process of specifying products to brace fire sprinkler systems,” said Greg Shaughnessy, seismic bracing product manager, Eaton’s B-Line business. “In addition to including a wide range of pre-approved seismic bracing products to help end users meet the strict OSHPD-requirements for projects based on the current California Building Code, CBC 2013, the catalog serves as a valid resource for projects that fall under all of the previous versions of the code.”

The new catalog provides bracing details and load information pages. The numerous details, load charts and product information are designed to function as effective submittal sheets for projects under the jurisdiction of OSHPD or for any project that requires an engineer-stamped submittal. Products in the catalog include a range of seismic bracing products designed for use with fire sprinkler systems, including universal attachments with visual verification features built in for easy layout, design and installation.

For specific information on the new pre-approved catalog and the range of solutions available from Eaton’s B-Line business, visit www.cooperbline.com/tolco.   

Eaton’s B-Line business offers a broad range of support systems, seismic bracing solutions, electrical enclosures and wireways designed to save time and lower total installed cost. The B-Line business serves customers in the commercial construction, oil and gas, mining, solar, communications and data centers, and other markets.

Eaton’s Electrical Sector is a global leader with expertise in power distribution and circuit protection; backup power protection; control and automation; lighting and security; structural solutions and wiring devices; solutions for harsh and hazardous environments; and engineering services. Eaton is positioned through its global solutions to answer today’s most critical electrical power management challenges.

Eaton is a power management company with 2013 sales of $22.0 billion. Eaton provides energy-efficient solutions that help our customers effectively manage electrical, hydraulic and mechanical power more efficiently, safely and sustainably. Eaton has approximately 101,000 employees and sells products to customers in more than 175 countries. For more information, visit www.eaton.com.

AssuredSAN 3004 Leverages Dot Hill's Proven RAID Architecture for Rock Solid Reliability, Ease-of-Use and Upgradability for 16Gb Fibre Channel and 10Gb iSCSI Environments

LONGMONT, Colo. – Dot Hill Systems Corp. (Nasdaq:HILL), a trusted supplier of innovative, enterprise-class storage systems, today announced immediate availability of its AssuredSAN® 3004 lineup, the newest storage arrays based on the company's proven RAID architecture.

A photo accompanying this release is available at http://www.globenewswire.com/newsroom/prs/?pkgid=26381

The AssuredSAN 3004 models improve on previous-generation 3000 Series arrays by providing next-generation affordable storage to meet entry-level requirements with greater capacity and performance. In addition, 3000 Series customers can take advantage of easy field upgradability to the next-generation AssuredSAN 3004 RAID controller, simplifying deployment to achieve an instant performance and connectivity boost.

Leveraging improved price/performance for the Band 21 storage market, AssuredSAN 3004 models provide a full range of flexible, high-speed host connectivity options, and Dot Hill's proven 99.999 percent data availability, making them an excellent fit for vertical market customers as well as standard data center applications such as email, backup, replication and virtualized server environments. In addition, both the AssuredSAN 3004 and 4004 models now provide 50 percent higher capacity storage in the same rack space with support for 6 terabyte hard disk drives.

Dot Hill AssuredSAN 3004 storage systems feature a wide range of high-bandwidth host interface options including 16Gb and 8Gb Fibre Channel, and 10Gb and 1Gb iSCSI with Dot Hill's unique, flexible Fibre Channel/iSCSI converged interface. With the ability to support up to 288 terabytes of total capacity, Dot Hill AssuredSAN 3004 storage systems are available in a variety of 2.5-inch and 3.5-inch hard disk drives (HDDs).

"Dot Hill's ability to deliver more performance from its new 3004 entry-level system is right in line with what users are demanding," noted Mark Peters, senior analyst at Enterprise Strategy Group. "Performance needs are driven up by such things as consolidation, virtualization and VDI as well as many ever-more-demanding applications, all of which are endemic across IT organizations of all sizes. And users realize that affordable performance is paramount; when respondents in ESG's survey of Storage Market Trends were asked about the key messages that storage vendors should emphasize, performance and cost were ranked as the top two value propositions."

AssuredSAN 3004 Solutions Deliver Highest Available Bandwidth with Amazing Flexibility

AssuredSAN 3004 converged interface solutions provide the flexibility to run 16Gb Fibre Channel, 8Gb Fibre Channel, 4Gb Fibre Channel, 10Gb iSCSI and 1Gb iSCSI networks using the same hardware. With a quick swap of a transceiver module, IT administrators can configure their storage in the field to 16Gb Fibre Channel or 10Gb iSCSI.

AssuredSAN 3004 converged interface arrays are fully backward-compatible with 8Gb/4Gb Fibre Channel and1Gb iSCSI networking solutions such as switches and host bus adapters. All AssuredSAN 3004 models are meta-data compatible with previous-generation AssuredSAN arrays, so customers can accomplish data-in-place migration by simply upgrading controllers.

"AssuredSAN 3004 storage systems offer a highly compelling combination of performance and capacity at a tremendous value," said Jason Beeson, solutions director at Hammer plc, the number one European distributor dedicated solely to storage. "The flexibility of the converged interface models makes it easy and inexpensive for IT administrators to upgrade or change storage interfaces in the field from 8Gb to 16Gb Fibre Channel or convert to iSCSI. The AssuredSAN 3004 is ideal for any number of use cases, and is a perfect backup storage target solution for off-site replication."

Performance, Data Availability and Compatibility that Dot Hill Customers Expect

Dot Hill AssuredSAN 3004 solutions are built on the company's proven RAID architecture, and deliver up to 80 percent greater performance over previous-generation 3000 Series products, with sustained sequential read performance of up to 3300 MB/second and writes of up to 2400 MB/second and 40,000 input/output operations per second (IOPS) from disk. The Dot Hill RAID Companion Processor (RCP) allows AssuredSAN 3004 solutions to deliver dramatic performance gains at very aggressive price points, including streaming performance optimization to handle randomized, sequential workloads. Dot Hill's latest firmware utilizes a proprietary Adaptive Read-Ahead Algorithm that analyzes workloads and fine-tunes options for optimal performance, delivering better response times to meet IT service level agreements.

"Utilizing Dot Hill's proven, versatile controller architecture that is featured in all of our next-generation products, the AssuredSAN 3004 lineup is priced to maximize performance and terabytes per dollar, raising the bar for performance in an entry-level storage array," said Joe Swanson, vice president, marketing and business development, Dot Hill.

Support for a Full Complement of Data Management Software

AssuredSAN 3004 arrays support the full complement of Dot Hill's data management services including the company's RAIDar management interface, and disaster recovery software comprised of AssuredSnap for point-in-time snapshots, AssuredCopy for creating volume copies and AssuredRemote for array-based remote replication. Support for popular storage software platforms such as VMware vSphere, Microsoft Hyper-V, Citrix XenServer and Veeam Backup & Replication is included.

1Industry analyst firm IDC characterizes the Band 2 price band encompassing storage systems with a purchase price of $5,000-$9,999.

About Dot Hill

Leveraging its proprietary Assured family of storage solutions, Dot Hill solves many of today's most challenging storage problems - helping IT to improve performance, increase availability, simplify operations, and reduce costs. Dot Hill's solutions combine breakthrough software with the industry's most flexible and extensive hardware platform and automated management to deliver best-in-class solutions. Headquartered in Longmont, Colo., Dot Hill has offices and/or representatives in China, Germany, India, Japan, Singapore, the United Kingdom, and the United States.

For more information, visit us at www.dothill.com.

Statements contained in this press release regarding matters that are not historical facts are "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act. Because such statements are subject to risks and uncertainties, actual results may differ from those expressed or implied by the statements. For a discussion of risks and uncertainties that Dot Hill may face, please consult the Forms 10-K and 10-Q most recently filed with the Securities and Exchange Commission by Dot Hill. Forward-looking statements speak only as of the date they were made and Dot Hill undertakes no obligation to update such statements to reflect changes in circumstances. Dot Hill takes no responsibility for statements made by third parties, such as those made by representatives of Hammer.

Wednesday, 09 July 2014 15:36

Securing Your Virtual Environment

By David Phillips, product manager, Wick Hill

So you have you a shiny new virtual environment up and running.  You may have virtualised all your servers, so that your business-critical databases, CRM systems, ERP applications and email all reside in a virtual environment.  It has been a long project, but now it is complete and you are experiencing the operational, performance and cost gains.  Stop! Think! Have you covered all the bases?  Have you thought about security?

I ask the security question a lot, and in most cases the response is either: "Security is not my responsibility." or ‘"Yes I have considered this and we have implemented the same security as we had in our physical environment."

These responses illustrate a common misconception - that a virtual environment is inherently more secure than a physical one. This is wrong. A malware attack doesn't distinguish between a physical or virtual device.  Cybercriminals pay little regard to the environment. They are just looking for the easiest way in!  There are even Trojan attacks designed specifically to attack virtual machines. 

Another objection I hear to my security questions is that malware cannot survive the decommissioning of non-persistent virtual machines (VM).  Again, rubbish. Some malware can jump from VM to VM and from host to host. 

Finally, cyber-crime does not stand still.  There has been a massive increase in the volume of malware and the attacks are constantly evolving, leaving physical and virtual environments at risk.

There are three options for securing your virtual infrastructure - that is, of course, excluding the fourth option of having no security at all!

1.Traditional ‘agent-based' security
This can provide you with a good solution, although there are some significant drawbacks. Consider the reasons you moved to a virtual environment in the first place.  Cost savings and optimisation are likely to be included in your rationale.  By installing software not optimised for a virtual estate, you are loading a separate copy of anti-malware, software and signature updates on every endpoint. This duplication is massively wasteful in a VM environment. 

On top of this you have the resource nightmare of potential ‘AV storms'.  All your VMs updating at the same time slows everything down and can even bring your environment to a complete halt.  You can also leave your systems vulnerable through what's known as an ‘Instant On Gap,' the window of time after a VM spins up, but before the agent on that VM downloads the latest security updates. 

For virtual systems, optimum consolidation ratios ( the greatest possible density of VMs for your money) is the main goal. Traditional protection is inefficient in virtual environments, taking up resources which could be used to add more VMs.  However, at least with this approach, you are protected and have not left your systems vulnerable to attack.

2. ‘Agentless' Security
This is the next option.  Now we are moving on to protection that is designed to optimise security in a virtual infrastructure.  The security software is loaded onto its own secure virtual machine and no agent resides on the other VMs in the estate.  This allows them to run smoothly with no duplication or redundancies, helping to make the most of your investment.  It also means you can get the security up and running very quickly and there is no need for time consuming reboots. 

This approach is at the other end of the spectrum to the ‘agent-based' approach, addressing most, if not all, of the downsides.  However, you don't get something for nothing and if you look at this approach in more detail, there are a few drawbacks. 

Firstly, you are relying on your security vendor integrating with the virtualisation vendor.  This means that the range of advanced features such as application control, device control and web control may not be available to you.  Also, some virtualisation vendors don't have the technology inbuilt to enable this approach.  You are moving back to pure anti-virus/anti-malware protection, with none of the enhanced options endpoint security gives you. 

So if ‘agent- based' is at one end of the spectrum and ‘agentless' is at the other, is there another option that gives you the best of both worlds? The answer is yes - with ‘light-agent' security. 

3. ‘Light-agent' security
In this architecture, the security software is still loaded onto a secure virtual machine, but an additional lightweight agent is installed on each VM.  This unlocks the potential for deeper, multi-layered protection, including features such as web, device and application policy enforcement.  Now you have achieved most of the benefits of the ‘agent-based' and ‘agentless' approach, giving you the flexibility to setup the most appropriate security posture for your environment.

You may now be scratching your head and wondering how you are supposed to manage all of this and your workstations, laptops and mobile devices.  You are managing enough different consoles at the moment.  You want to keep things as simple and straightforward as possible because complexity is the enemy of security. 

There are security vendors out there that enable you to manage all types of endpoints from one single console.  This allows you to effectively manage your security policies and close any gaps that would exist, when using multiple products and management consoles. However, be aware that not all ‘single' consoles are identical. Some provide a portal into multiple other consoles (with different interfaces).

Kaspersky Lab has a platform that supports all of these options Kaspersky Endpoint Security for Business is ‘agent-based' and offers a full range of endpoint security features including: application, web and device control; mobile security and mobile device management; encryption; systems management; and of course award winning, multi-layered, anti-malware technology.  This can be installed on a wide range of virtual platforms.  Kaspersky also have Kaspersky Security for Virtualization, if you decide to go for the ‘agentless' and ‘light agent' approach. 

Whichever you choose you can manage everything through one single console, the Kaspersky Security Center, giving you the flexibility to have a mixed physical and virtual environment managed from one place.

There are other solutions out there that provide many of the above benefits. However, with the rapid changes in the threat landscape over the last nine months, one thing is certain - doing nothing is no longer a viable option.