Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 27, Issue 3

Full Contents Now Available!

Jon Seals

Mobile devices such as smartphones, laptops and thumb drives are becoming increasingly vital to productivity, but your organization’s data could be at risk if one of these devices is lost or stolen. The amount of protected health information (PHI) that is transported through mobile environments is staggering and healthcare organizations have a responsibility to investigate security incidents and report PHI exposures. To protect the organization and its patients, it is crucial that IT staffs and privacy and security officers know what to do if a breach is suspected.

Having even a simple incident response plan in place that focuses on rapid identification and a coordinated response gives healthcare organizations important advantages in the fight against cyber crime. First, a plan allows IT to greatly reduce the time between the discovery of a possible exposure and the identification of any data that was compromised. Reduced response time can keep the data loss to a minimum and assists the organization in providing mandatory notification within the time frame allowed. In addition, a formal process gives IT the ability to quickly limit unauthorized access to the network and sensitive data, thus limiting the amount of information that may be exposed.

...

http://healthitsecurity.com/2013/07/01/managing-a-health-data-breach-with-a-response-plan/

Disaster can strike in an instant. Whether it is weather-related, man-made or due to some other cause,disasters often occur with little or no warning. That's why creating and implementing an emergency-preparedness plan could mean the difference between saving your business and losing it all.

At the heart of every successful plan is clear communication. Mobile devices such as smartphones andtablets can help ag retailers and their employees connect with each other and authorities, spreading critical information in a time of crisis. Helping to keep the lines of communication open are dozens of mobile appsspecifically designed for emergency preparedness. I’ve researched the most commonly used ones and compiled them in this handy list (in no particular order):

...

http://www.croplife.com/article/34563/10-best-apps-for-emergency-preparedness

The year 2013 will be a turning point in how governments around the world view the threat of floods in a new age of extreme weather events.

India, Nepal, Canada and many countries in Europe have experienced huge losses over the last two months due to intense precipitation that has triggered extreme flooding affecting millions of people’s well-being and livelihoods.

The shocking loss of life in India underlines how vitally important it is that we start planning for future scenarios far removed from anything that we may have experienced in the past.

When we look at the worldwide escalation in economic losses from disasters over the last five years, it is clear that our exposure to extreme events is growing and this trend needs to be addressed through better land use and more resilient infrastructure as we seek to cope with population growth and rapid urbanisation.

...

http://www.trust.org/item/20130701083848-mav3e/

Kylie Fowler got controversial when she spoke last month to an audience of asset management and configuration management professionals at the BCS CMSG Conference in London about the five constants she always encounters in her 10-plus years of working as an IT asset management consultant.

While these constants may always hold true, and her advice on how to deal with them held some surprises.

She counselled the audience always to listen to their data - “your data has a huge amount to tell you if you use it correctly,” she said.

...

http://www.theregister.co.uk/2013/07/01/it_asset_management_five_constants/

With the explosion of data in the enterprise and the ability to use as-a-service storage models, important security-level practices are undermined and organisations lose sight of potential threats. In the absence of these standards, IT teams are struggling to identify and assess potential risks, opening their organisations to catastrophic security breaches.

The new HP Cloud Security Risk and Controls Advisory Services, part of the HP Converged Cloud Professional Services Suite, deliver choice, confidence and consistency to customers by combining expertise from across HP, supporting the management of data risk, identification of vulnerabilities and maintenance of compliance with IT governance. This provides clients with solutions that protect their information before it migrates to or from the cloud, whether it is a public cloud, private cloud or hybrid deployment. As a result, organisations can reassign IT resources from spending time on manual tasks to focusing on innovation.

...

http://biztech2.in.com/news/cloud-computing/hp-secures-data-migration-to-the-cloud/161042/0

No business today is immune from the ravages of storms and power outages – not to mention earthquakes, fires or other unforeseen disasters that can strike in a minute.

Although all companies need a disaster recovery plan, insurance agents have an even greater obligation to put one in place to enable them to operate after a catastrophe to handle the claims of hard-hit clients.

Here are five tips to keep in mind when developing a plan for confronting disaster and for keeping your agency operating through tough times.

...

http://www.insurancejournal.com/magazines/features/2013/07/01/296795.htm

Disaster Recovery as a Service (DRaaS) backs up the whole environment, not just the data.

"Most of the providers I spoke with also offer a cloud-based environment to spin up the applications and data to when you declare a disaster," says Karyn Price, Industry Analyst, Cloud Computing Services, Frost & Sullivan. This enables enterprises to keep applications available.

Vendors offer DRaaS to increase their market share and revenues. Enterprises, especially small businesses are interested in the inexpensive yet comprehensive DR solution DRaaS offers. There are cautionary notes and considerations too that demand the smart businesss attention before and after buying into DRaaS.

...

http://www.csoonline.com/article/735737/3-things-to-consider-before-buying-into-disaster-recovery-as-a-service

Yesterday I was interviewed by NPR for a program airing this weekend about PR and reputation problems caused by racism. It’s always good for someone who helps others prepare for media interviews to do a real one themselves to bring some lessons home. I wasn’t too happy with the interview despite having prepared by thinking through key messages.

In case you catch the story, and some of what I said is included, here is how I intended to answer the question.

1. It’s always about credibility.

While there isn’t a denial, or he said/she said in this case, people are still looking at Paula closely to see if she is to be believed. No doubt trust and respect for at least some has been shaken by revelation of her past attitudes and behavior. Now they are looking to see if she is telling the truth and can rebuild trust. Sincerity is everything. Sadly, I think Paula is very much lacking in this right now with bungled apology, standing up the Today Show, a rocky performance there, and as far as I know, no real action taken–just words. Sincerity and credibility, like all things trust related, are judged more by actions than words.

...

http://ww2.crisisblogger.com/2013/06/what-advice-to-give-those-involved-in-reputation-wrecks/

Federal chief information security officers (CISOs) know that it isn’t a matter of whether their agency will be subject to a cyber-attack; it is a question of how frequently the attacks will occur. 

But, the real concern that keeps CISOs awake at night is wondering when one of the attacks succeeds -- and they know one eventually will -- whether it will successfully compromise the network and disrupt operations, or even worse, result in stolen sensitive, classified or personally identifiable information (PII). 

The traditional approach to addressing common system and network vulnerabilities, which includes placing the problem in silos based on the particular type of attack or its target, is no longer enough to meet the challenges posed by today’s hackers and cyber criminals. Instead, the federal cyber-security landscape requires that agencies take an enterprise approach to cyber risk management, and to do so, CISOs must be able to understand and visualize the human and technology interactions that impact the agency in cyberspace. That’s where analytics can help.

...

http://www.gsnmagazine.com/node/30287?c=cyber_security

With the operational complexities and regulations businesses face today, basic computer services and support may not be enough to allow them to keep pace with their competition. Myriad regulations and a multitude of other activities make it difficult for any contemporary organization to survive (let alone thrive) without people who can design and implement increasingly specialized systems…and keep them up and running. Of course, before the first piece of that IT infrastructure has even been identified, someone has to determine the company’s goals and build the guidelines that will help achieve those objectives.

Those are several of the roles solution providers should be involved in. Businesses need someone to be their architect; not just for system design but also to develop the policies and programs that must be in place to automate their processes. For example, before customer-related information and business-critical data can be safely and securely stored using a cloud backup solution, someone has to determine which files, records and other details need to be saved.

...

http://thevarguy.com/blog/be-information-security-specialist-your-customers-need