• WHAT IF YOU COULD HAVE A CONTINUITY, COMPLIANCE AND RISK CLOUD SOLUTION THAT... INTRODUCING FRONTLINE LIVE 5 WHERE CONTINUITY AND COMPLIANCE CONVERGE

    Continuity Logic’s Frontline Live 5™ is the first leader in Gartner’s Magic Quadrant Business Continuity (BCMP) software category that has effectively converged continuity, risk and compliance in a one easy to use cloud-based solution.

Fall World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 28, Issue 3

Full Contents Now Available!

Jon Seals

In the digital version of “physician, heal thyself,” it seems that some large data organizations are utilizing Big Data and other advanced functions for their own purposes, namely, driving greater efficiency and performance in the data center.

It only makes sense, after all, that a construct as complicated as a virtual, dynamic data environment would need all the help it can get to not only provide an accurate picture of what is going on amid myriad boxes and wires, but also tell how best to improve things.

Google, for example, is turning toward advanced machine intelligence at some of its largest facilities with an eye toward fulfilling the twin goals of greater performance and less energy consumption. Through the use of neural networks and advanced analytics, the company says it is well on the way to the kind of predictive functionality that absorbs everything from IT loads, pump speeds, cooling metrics and hundreds of other data points. With advanced modeling, the company says it can calculate the expected PUE of a properly equipped facility with 99.6 percent accuracy.

...

http://www.itbusinessedge.com/blogs/infrastructure/turning-big-data-into-a-better-data-center.html

IBM launched a new cloud-based service program this week to help companies jump-start Big Data analytics, called IBM Cloud Business Solutions.

The first batch includes 12 subscription-based managed services, which basically means it couples consulting services with pre-built IBM assets, including advanced analytics and cloud infrastructure.

Eventually, IBM will have 20 cloud-based business solutions available. The first dozen address high-demand areas such as customer analytics, customer data, marketing management and industry-specific mobile tools.

IBM ranked as one of Information Week’s top 16 Big Data Analytics Platforms earlier this year, but this is its first foray into a cloud-based service for Big Data. Other companies do offer cloud-based Big Data analytics, including two pure-plays, 010data and Amazon Web Services (AWS).

...

http://www.itbusinessedge.com/blogs/integration/ibms-new-cloud-based-solution-offers-to-manage-big-data-analytics-for-you.html

Monday, 02 June 2014 14:33

Insuring Against Third-Party Cyberrisk

The tremendous growth in cyber insurance is being fueled in part by the desire of companies to cede some of the risk of a cyber breach to insurers.  In many cases insurers are eager to take on this risk—provided they can objectively quantify and understand the risks they are underwriting.

However, is it enough to only look at the cyber risk of the insured?  Increasingly companies are being attacked through their third-party vendor networks; one study by the Ponemon Institute reported 23% of data breaches are attributable to third party vendors. As companies share critical customer information with vendors, they expose themselves to a breach through these extended networks. Criminals have even started to target small to medium sized companies as a way to access the sensitive information of the larger firms they serve.

...

http://www.riskmanagementmonitor.com/insuring-against-third-party-cyberrisk

9900C Offers Highest Efficiency, Smallest Footprint and Lowest Total Cost of Ownership in a True On-line Double Conversion UPS

WARRENDALE, Penn.Mitsubishi Electric, an industry leader in designing and manufacturing reliable, environmentally friendly uninterruptible power supplies (UPSs), today announces its new one megawatt (1.05 MVA) 9900C UPS– the first true on-line double conversion UPS at this power level to feature the highest efficiency at all load levels. In addition, the 9900C UPS is smaller in size and lighter in weight than competing products. Mitsubishi’s technology results in a reduced total cost of ownership (TCO) as well as improved power usage effectiveness (PUE) over conventional UPSs.

Delivering up to 97 percent efficiency, the 9900C three-phase UPS substantially reduces operation and cooling costs and is ideal for large data center applications. Easily scalable up to eight units for N+1 redundancy or N capacity, the 9900C delivers the highest power density per square foot of floor space.

As one of the largest manufacturers of Insulated Gate Bipolar Transistor (IGBT) technology in the world, Mitsubishi achieves superior UPS performance and reliability through smart control of the IGBTs. The 9900C incorporates Digital Signal Processor and Direct Digital Control (DDC) in order to achieve the full benefits of the most advanced generation of IGBTs. In addition, its three-level conversion design provides an unprecedented 15-year lifetime on the capacitors.

Our customers running mission-critical processes demand the highest level of power availability, scalability and efficiencies,” said Dean Datre, general manager, Mitsubishi Electric Power Products’ UPS division. “With our technology, users do not have to compromise system availability to achieve high efficiency, flexible scalability and, most importantly, reduced total cost of ownership. We are pleased to add the 9900C UPS to our flagship 9900 Series UPS family, providing our customers with unparalleled reliability.”

For additional ease-of-use, the 9900C provides a variety of open architecture communications methods as well as an intuitive LCD touch panel to quickly access system status, monitoring and control.

The feature-rich 9900C UPS is available now and is fully supported by Mitsubishi Electric Power Products’ factory–direct, 24x7x365 services, training, and application expertise as well as a three-year parts and labor warranty. For more information on Mitsubishi’s award-winning UPSs, visit www.meppi.com/Products/UninterruptiblePowerSupplies/products/Pages/default.aspx or call 724-772-2555.

About Mitsubishi Electric Power Products, Inc. UPS Division

Since 1964, Mitsubishi Electric has manufactured precision-engineered, high quality uninterruptible power supplies to protect its customers’ mission-critical equipment during times of power instability. Mitsubishi Electric leads the industry in designing and manufacturing reliable, environmentally-friendly UPS systems to extend uptime, prevent data loss and protect against power surges. Mitsubishi Electric Power Products’ UPS division offers systems in both single- and multi-module configurations and a broad range of kVA capacities. Visit www.meppi.com for more information.  

Anyone who currently holds an ICOR ISO 22301 Lead Auditor Certificate or who passes the exam in the future is eligible to apply to the PECB ISO 22301 Auditor Certification Scheme as a Provisional Auditor, Auditor, or Lead Auditor dependent upon your BCM experience and audit hours.  PECB's certification scheme is ANSI accredited.
To learn more about the PECB ISO 22301 Auditor Certification Scheme visit PECB.

BCM 5000: ISO 22301 Lead Auditor - PS-Prep BCMS Auditor
 BCM 5000: ISO 22301 Lead Auditor - PS-Prep BCMS Auditor is a 5-day instructor led course that prepares internal and 3rd party auditors as well as BCM professionals to audit BCM programs against ISO 22301 - the international standard for Business Continuity Management Systems.  In addition, in the US participants are also taught the critical content of the NFPA 1600 and ASIS.SPC.1 standards.

   

BCM 5000 provides students with the skills and knowledge to conduct and lead effective business continuity management system audits in accordance with the requirements of the BCMS standards, ISO 19011: 2012 and ISO 17022: 2012.  Participants learn how to audit a BCMS, how to write an audit report, how to interpret the requirements of ISO 22301, how to understand the guidance of ISO 22313, and will explore examples of compliance to these requirements for the purpose of audit, program improvement, and self-assessment. 

2014 Course Schedule
*  
July 21-25, 2014               Perth, Australia                     Risk West  
July 28-August 1, 2014      Seattle, WA                          Computer Classrooms in Seattle
August 4-8, 2014              Brisbane, Australia                www.jbtglobal.com
August 18-22, 2014           Canberra, Australia               www.jbtglobal.com
August 25-29, 2014           Chile                                    contacto@protivitiglobal.com.pe
September 29-Oct. 3, 2014 Sydney, Australia                www.jbtglobal.com
October 13-17, 2014          Chicago, IL                           The Summit Executive Center
December 1-5, 2014          Brisbane,Australia                 www.jbtglobal.com
December 8-12, 2014        San Ramon, CA                    San Ramon Conference Center    

*Go to www.theBCI.org for courses scheduled via BCI global partners. 


Class meets 8:00 AM - 5:00 PM Daily
 

 Register Now! 

  

Course Description  (Download the Brochure

ISO 22301 Lead Auditor teaches the principles and practices of independent auditing of a BCMS and
guides the student through the audit process using a balance of formal instruction and practical case study activities. The focus of the course content is on the requirements of ISO 22301 and how these requirements are implemented in a Business Continuity Management System. 

BCM 5000 provides students with the skills and knowledge to conduct and lead effective business continuity management system audits in accordance with the requirements of ISO 22301:2012, ISO 19011:2012, and ISO 17022: 2012. 

Attendees will also gain the necessary knowledge to prepare for an external audit, conduct an compliance audit as part of a self-assessment, as well as how to develop a standards-based business continuity program.

Who should attend? Existing Lead Auditors, BC professionals, IS professionals, & Internal Auditors.
The course audience also includes those with auditing experience who are interested in adding
the auditing of BCM Systems to their audit capabilities for conducting internal and/or external audits as well as BCM professionals who wish to add the auditing competence to their skill sets. 

  

To assist with the understanding of the overall process, the class is constructed around a case study and each activity is applied to the case study as we move through the course and practice applying the requirements of the standards to auditing practices.

  

Also included in the course are small 'quizzes" taken after each section and an exam review "Jeopardy" game to prepare for the exam. 

Course materials include the following:

  • Student Guide - Over 300 pages of text and pictures (not ppts!) to be used as a future reference 
  • Case study
  • Sample plans and supporting documentation to evaluate the case study against the standards and audit requirements
  • Compliance Scorecard for meeting requirements of ISO 22301 and PS-Prep standards
  • Standards Compliant Templates for all major requirements  

Course Outline and Learning Objectives

Part 1:  Requirements of a Business Continuity Management System

Part 2:  Developing Strategies to Mitigate Risk

Part 3:  BCM Program Implementation - the elements of a BCM program and keeping it up to date

Part 4:  Embedding BCM into the Culture of the Organization

Part 5:  Program Improvement, Audit Practices, Writing the Audit Report, exam review and exam

  

As a result of successfully completing BCM 5000, students will demonstrate competence in and an understanding of the following areas:

  1. The key practices of a business continuity program for organizations of all sizes  
  2. The requirements for auditing business continuity programs under ISO 22301 and the PS-Prep standards  
  3. The essential elements of the standards
  4. Practical audit practices and how to write the audit report 

Attendees should have one or more of the following competencies:

  1. Experience in internal and / or 3rd party auditing 
  2. Experience / expertise in business continuity management    
  3. Understanding of standards and standard implementation  

Accreditation and Certification

 

BCM 5000: ISO 22301 Lead Auditor - PS-Prep BCMS Auditor is accredited by the American National Standards Institute (ANSI).  ANSI is the only US accreditation body.    

Upon completion of BCM 5000 and passing the exam with a rate of 80% or higher, attendees will earn a certificate as an ISO 22301 Lead Auditor and/or BCMS Auditor.   

  

Register NOW!

  

Course Fee: $2,895.00 USD includes all course materials, breakfast, lunch, and refreshments. 

All course materials are shipped to you upon registration via FedEx.

  

Questions?  Contact Lynnda Nelson at toll free North America 866-765-8321, +1630-705-0910 or Education@theicor.org

Worldwide weather service now compatible with Inmarsat’s latest handheld

SEATTLE, Wash. – OCENS SpotCast delivers weather forecasts directly to the face of your satellite phone anywhere in the world. SpotCast service is now compatible with the IsatPhone Pro 2 released by Inmarsat this spring.

The IsatPhone Pro 2 is a rugged and reliable upgrade to the IsatPhone Pro. Most notably, the ‘2’ registers to the Inmarsat network in just a few seconds and even allows receipt of SMS text messages and call alerts with a stowed antenna., splash and shock resistance is improved to IP64 and IK04. The phone’s new screen includes a high-visibility, scratch-resistant transflective display that is noticeably more readable in even full sun conditions (SpotCast reports delivered to the new phone are exceptionally crisp and easy to read). Industry battery life becomes even better with 8 hours talk and 160 hours of standby capacity. In short, the ‘2’ looks and feels like a satellite phone built to handle the toughest of operating conditions.

SpotCast weather forecast contains four (4) individual forecasts spread across a 24 hour period for your location.

Each forecast contains a timestamp in your local time zone and up to five weather factors including temperature, precipitation, surface pressure, wind speed and wind direction. 48 hour and 72 hour forecasts are also available. And because forecasts are delivered to your phone through its SMS channel there is no charge to you for these deliveries through the Inmarsat network. Outbound requests for a forecast are charged by your satellite provider at normal texting rates.

Please contact OCENS for further information about the IsatPhone Pro 2 and SpotCast worldwide weather or view additional details online at www.ocens.com.

About OCENS, Inc.

OCENS data services, software and apps merge easy-to-use applications with unprecedented content offerings to affordably deliver data over satellite phones to remote users around the world. OCENS weather, ocean and fishing services provide access to the largest collection of GRIB and classical data that can be found anywhere. Using patented pull-me technology, OCENS WeatherNet provides fast access to the world’s widest selection of weather and ocean information over PC and Mac platforms. GRIB Explorer processes highly compressed GRIB information into unique decision products for use on PC, Mac or iPad platforms. MetMapper transforms static weather charts and satellite imagery into dynamic planning tools. OCENS’ iPhone, Android, Windows phone and Blackberry apps provide weather and messaging services to the smartphone community. Its SpotCast weather service provides multi-day, multi-point forecasts of weather and ocean conditions for any point on earth in a highly compact form. OCENS augments its software core with satellite equipment and airtime solutions it provides in cooperation with all the major satellite providers.

New Fireware® OS allows users to deploy, configure and manage wireless access points from a WatchGuard UTM or NGFW without additional hardware

WatchGuard® Technologies, has announced that its Unified Threat Management (UTM) and Next-Generation Firewall (NGFW) appliances are the first to allow users to deploy, configure and manage both wired and wireless network security through a single device in a 'single pane of glass' view. This enhanced wireless functionality - made possible by the release of WatchGuard's Fireware® 11.9 operating system - eliminates the need for additional wireless network management solutions and gives IT professionals a unified Web interface for managing and monitoring their entire network in real time.

"Today, wireless is an extension of an organisation's wired network, yet IT professionals are often forced to use separate tools and complex solutions when securing and managing those networks," said Dave R. Taylor, vice president of corporate and product strategy at WatchGuard Technologies. "The latest update to our platform is a significant step forward and an industry first. It will save customers time and money by allowing them to consolidate management and security around their wired and wireless networks. Set your policies once and they apply to all traffic, wired and wireless alike."

WatchGuard's Fireware 11.9 gives IT professionals the ability to quickly map wireless Access Points (APs) and coverage, change both wired and wireless security policies simultaneously and to enforce traffic, coverage and security standards across the entire network infrastructure. The organisation can also evaluate traffic and channel conflicts, identify vulnerabilities, manage bandwidth prioritisation and even map all wireless activity on neighbouring networks sharing the same frequency. This insures that all traffic and security issues are apparent and can be addressed in real time, including rogue APs that may mimic others on the network.

Version 11.9 of WatchGuard's Fireware operating system includes other best-of-breed services such as: AntiVirus, AntiSpam, Application Control, Advanced Threat Protection (ATP) and Data Loss Prevention (DLP). Fireware also integrates WatchGuard DimensionTM, the company's award-winning big data visibility tool, through any WatchGuard threat management appliance.

For more details about WatchGuard's wireless network capabilities and new indoor/outdoor APs, click here - www.watchguard.com

About WatchGuard Technologies, Inc.
WatchGuard® Technologies, Inc. is a global leader of integrated, multi-function business security solutions that intelligently combine industry standard hardware, Best-of-Breed security features, and policy-based management tools. WatchGuard provides easy-to-use, but enterprise-powerful protection to hundreds of thousands of businesses worldwide. WatchGuard products are backed by WatchGuard LiveSecurity® Service, an innovative support program. WatchGuard is headquartered in Seattle, Wash. with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com.

For additional information, promotions and updates, follow WatchGuard on Twitter @WatchGuardTech on Facebook, or on the LinkedIn Company page.

Yesterday, Institutional Shareholder Services (ISS), a third-party advisor to Target Corp. investors, recommended ousting Target’s Audit Committee because they failed to do appropriate risk management, resulting in a breach of customer data. According to Twin Cities Business Magazine, ISS stated that “… in light of the company’s significant exposure to customer credit card information and online retailing, these committees should have been aware of, and more closely monitoring, the possibility of theft of sensitive information, especially since it involves shoppers and the communities in which the company operates, as well as the overall impact on brand reputation and brand value.”  This suggests a fundamental lack of understanding of both the nature of the breach and who should be held responsible for the outcome.

First, let's understand what really happened here: Target updated their point of sale (POS) systems before the holiday season. There was a known vulnerability in those POS systems that let credit card data travel between the POS system and the register before it was encrypted and sent off to the clearinghouse for approval. Target’s technology team was warned of the vulnerability and DECIDED that the risk was worth accepting – not the board, not the auditors; it was the people involved in the project who accepted the risk of losing 70 million records. When departments accept that level of risk, they in essence, end the conversation.  The audit committee and board of directors would be none the wiser. When was the last time you notified your board about how you were disposing of hard drives?

...

http://blogs.forrester.com/renee_murphy/14-05-29-dont_blame_targets_audit_committee_for_the_sins_of_technology_management

Previously, I shared how some executives are skeptical about Big Data analytics and its ability to match their own business intuition.

This made me wonder: How do some leaders find that Big Data analytics actually enlightens their business behavior? To help you find the path, I’ve compiled five expert tips that may illuminate your Big Data analytics projects.

Tip 1: New analytics often requires new behaviors. Michael Schrage, a research fellow at MIT Sloan School’s Center for Digital Business, says in his discussions with companies, those who struggle or achieve only moderate outcomes tend to use Big Data analytics primarily for decision support. By contrast, Big Data achievers leverage Big Data to change their conversations.

...

http://www.itbusinessedge.com/blogs/integration/five-expert-tips-for-succeeding-with-big-data-analytics.html

CSO - Signal-to-noise ratios are hard to manage. As a security professional, you want the threat data, you want the attack notifications and alerts, and you need intelligence. But, when there's too much coming in, those alerts and notifications fall to the wayside. They're easily dismissed and ignored.

After all, if a device is generating 60 alerts a day - and for the first few weeks none of them amount to anything - as new alerts from that device arrive, they're eventually going to be dismissed.

This happens because the IT / InfoSec department has other things to worry about, and there isn't enough time (or people) to deal with a flood of alerts. It's possible the device generating the alerts will be properly tuned and configured later, but that depends on the staff's workload.

...

http://www.computerworld.com/s/article/9248654/Information_overload_Finding_signals_in_the_noise