• PROTECT AND ENHANCE THE VALUE OF YOUR ENTERPRISE

    FREE CUSTOMIZED DEMO

    The Continuity Logic customized demo provides an opportunity for qualifying organizations to evaluate Frontline Live 5™, with their plans, desired controls, policies, and procedures. This first-of-its-kind system for both business continuity and many other areas of Governance, Operational Risk and Compliance (GRC) is powerful, but often best viewed with some of your familiar plans, data and templates.

    LEARN MORE ABOUT FRONTLINE LIVE 5

Fall World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 28, Issue 3

Full Contents Now Available!

Jon Seals

With the Northern Hemisphere now in the midst of hurricane, typhoon and cyclone season, many businesses have emergency plans in place, plywood to board the windows, and generators at the ready. But a new study from economists Solomon M. Hsiang of Berkeley and Amir S. Jina of Columbia, “The Causal Effect of Environmental Catastrophe on Long-Run Economic Growth,” found it is far more difficult for the overall economy to weather the storm.

As Rebecca J. Rosen explained in The Atlantic, economists previously had four competing hypotheses about the impact of destructive storms: “Such a disaster might permanently set a country back; it might temporarily derail growth only to get back on course down the road; it might lead to even greater growth, as new investment pours in to replace destroyed assets; or, possibly, it might get even better, not only stimulating growth but also ridding the country of whatever outdated infrastructure was holding it back.”

After looking at 6,712 cyclones, typhoons, and hurricanes that occurred between 1950 and 2008 and the subsequent economic outcomes of the countries they struck, Hsiang and Jina were able to decisively strike down most of these hypotheses. “There is no creative destruction,” Jina said. “These disasters hit us and [their effects] sit around for a couple of decades.”

...

http://www.riskmanagementmonitor.com/the-long-term-economic-impact-of-hurricanes/

In 2012, when Superstorm Sandy struck the East Coast, thousands of residents were displaced from their homes. In wake of the panic and chaos, Airbnb, an online platform where people list and book accommodations around the world, saw an opportunity to leverage its existing services for neighbors to help neighbors. During the disaster, 1,400 Airbnb hosts — who typically collect payment for accommodations — opened their homes and cooked meals for those left stranded.

After Sandy, Airbnb reached out to the San Francisco Department of Emergency Management to share what it learned and discuss how it could reach a broader audience during an emergency. Simultaneously, the company was in discussions with officials in Portand, Ore., about an initiative to help civic leaders and community members work together to create a more shareable and livable city.

...

http://www.emergencymgmt.com/disaster/Airbnb-Partners-San-Francisco-Portland-Disaster-Relief.html

Company's 97th Patent Describes Improvements to Snapshot Performance for Faster System Recovery

LONGMONT, Colo. – Dot Hill Systems Corp. (Nasdaq:HILL), a trusted supplier of innovative enterprise-class storage systems, today announced innovative technology described in its latest addition to its patent portfolio - a new innovation that improves snapshot performance in storage arrays.

Generated by Dot Hill's AssuredSnap™ snapshot software, which is part of the company's Data Management Services (DMS) suite, snapshots are versatile and extremely useful tools for backup and data recovery operations. By reducing the number of operations required to access snapshot metadata, the invention disclosed in Dot Hill's 97th US patent, numbered 8,751,467, improves storage controller performance when using data snapshots, which can result in faster system recovery.

Traditionally, when an application on a storage controller wants to access snapshot data from a storage system, the application first needs to retrieve the storage device's snapshot metadata. The status quo approach of accessing metadata is inefficient since it involves multiple steps of copying cache pages. Using Dot Hill's patented approach the application can use the cache page address to access the metadata. A second application is allowed to access the cache page and can also update the metadata in this approach. After the application finishes its update, cache pages are mirrored to the remote system and written back to the appropriate storage devices. This patented approach streamlines the data recovery process.

"Our customers run demanding applications that require high-performance storage with rock-solid reliability," said Ken Day, chief technology officer, Dot Hill. "Besides providing 99.999 percent data availability in all our AssuredSAN storage systems, we never stop innovating to set ourselves apart from the competition. Dot Hill's growing patent portfolio is a reflection of a world-class engineering team that develops highly differentiated storage solutions."

Dot Hill's patent portfolio builds on the extensive intellectual property behind Dot Hill AssuredSAN and AssuredSAN Pro solutions, which deliver rock-solid, wicked-fast solutions to customers and OEM partners. Dot Hill's continuous innovation benefits the company's key vertical market customers in the Media & Entertainment, Telecommunications, Oil & Gas, Big Data & Analytics and Digital Imaging sectors, that require high-performing storage to support demanding applications.

About Dot Hill

Leveraging its proprietary Assured family of storage solutions, Dot Hill solves many of today's most challenging storage problems - helping IT to improve performance, increase availability, simplify operations, and reduce costs. Dot Hill's solutions combine breakthrough software with the industry's most flexible and extensive hardware platform and automated management to deliver best-in-class solutions. Headquartered in Longmont, Colo., Dot Hill has offices and/or representatives in China, Germany, India, Japan, Singapore, the United Kingdom, and the United States.

For more information, visit us at www.dothill.com.

BCM 2000:  Essentials of BCM Series
Implementing ISO 22301, 22313,
22320, 22398, 27031, 31000, 19011 & 17022
Includes BCI's 2013 Good Practice Guidelines 
Looking for a course that is based on international standards?
 
Looking for templates and examples on how to develop a Business Continuity Management System that meets the requirements of the standards? 
 
Do you like to have fun (and maybe even laugh out loud!) when you learn?
Then BCM 2000: Essentials of Business Continuity Management is the course for you!  Download the Brochure 

Course Description 
BCM 2000: Essentials of Business Continuity Management provides you with knowledge to develop a standards-based, auditable, and actionable business continuity program for your organization.
This course is the critical starting point to developing a program that can be certified ISO 22301. It is comprised of 10 individual modules that can be taken as a series or in combination over time.

Essentials of Business Continuity Management provides the foundation necessary for new or current professionals interested in either developing a career in Business Continuity Management, seeking certification, or for those professionals responsible for developing a business continuity program for their organization.

It is designed to expose the participant to all aspects of a holistic BCM program and to be a solid "how to"guide for building a business continuity program for all types of organizations.


Student activities are included throughout the course and are designed as knowledge checks to reinforce lesson materials and to provide attendees with hands-on activities that will enable them to become familiar with and apply these principles in their jobs.

Delivery Structure
Essentials of BCM is offered as an elearning course that includes the following elements: Download the Brochure
  • Voice over ppts teaching online
  • pdf's of the course book
  • Templates of how to implement the requirements of the standards (sample policies, reports, etc.)
  • Multi-media that is relevant & fun!
  • BCI's 2013 Good Practice Guidelines 
  • Case study
  • Open for Business Toolkit
  • Course review activities to evaluate for comprehension
  • Practice exam questions (for DRII's Qualifying Exam)
  • Online essay for CEU credit  
  • Email access to a qualified expert for questions
  • Online ISO 22301 Lead Implementer Certification Exam included in course fee 
Certification Requirements
Successful completion of the BCM 2000 series with a passing grade on the online CORS in BCM exam completes the educational component for certification as a Certified Organizational Resilience Specialist (CORS) in BCM / ISO 22301 Lead Implementer.

null
Holders of the CORS certification are entitled to apply for statutory membership with the BCI at the AMBCI or MBCI level, subject to evidence of required experience.
With ISO 22301 as an international standard allowing companies to demonstrate their ability to cope with major threats; as well as provide a management systems approach to business continuity management, this course provides you with what you need todevelop a program that complies with these certification standards.

Register Here

And if you have questions, don't hesitate to call or send an email.
Sincerely,
Lynnda Nelson, President
The International Consortium for Organizational Resilience
Education@theicor.org
866.765.8321 US/Canada  +1630.705.0910 International Calls
BCM 2000: Essentials of Business Continuity Management Series
BCM 2011: Business Continuity Program Development
BCM 2021: The Business Impact Analysis
BCM 2022: The Risk Assessment
BCM 2023: Developing Strategies / Options to Protect the Organization
BCM 2031: Plan Design, Program Structure, & Required Documentation
BCM 2032: Incident Response, Management & Communication
BCM 2033: Business Continuity & Recovery Plans
BCM 2035: Writing the ICT Continuity / IT DR Plan
BCM 2041: Awareness, Training, Testing & Exercising
BCM 2042: Program Evaluation, Improvement & Audit
BCM 2011:  BCM Program Development 
In order to develop a Business Continuity Management System, it is important to understand the requirements of management systems, the core concepts of business continuity, and how to determine the scope of the program, develop policy, and the requirements for leadership and governance. BCM 2011 provides an overview of each of these topics as the foundation for developing and managing the BCMS.

BCM 2021:  The Business Impact Analysis
The BIA process is covered from beginning to end with a focus on the identification of the organization's key products and services and the critical activities and resources that support them.  Examples of BIA data gathering questions, methodology, analysis and reporting provided. 

BCM 2022: The Risk Assessment
Using the ISO 31000 standard on Risk Management as its basis, this course describes the process of conducting a risk assessment and analyzing the results to mitigate risks.  From risk identification, risk description, risk analysis, risk evaluation, risk communication, and risk reporting, this course covers the entire risk assessment process using an enterprise risk management approach.   A key requirement of the standards is the identification of the organization's risk appetite or acceptance and this course provides the methodology for this identification. In addition, BCM 2022 includes a review of different quantitative and qualitative methods for analyzing risk.

BCM 2023:  Developing Strategies / Options to Protect the Organization
This course introduces the student to the challenges of selecting the appropriate strategies / options
for the continuity and recovery of business processes, critical functions, operations and the supporting information technologies within the specified recovery time objective.  Building on the information gathered during the BIA and risk assessment, BCM 2023 explores how to evaluate the different strategies necessary for mitigating risk, continuing operations when possible, and recovering operations if interrupted. BCM 2023 reviews strategies for people, property, assets, technology and information, reputation, suppliers, and financial viability.

BCM 2031:  Plan Design, Program Structure & Required Documentation
In order to develop the actual plan documents the organization will need to decide on the approach, methodology and the plan document structure. BCM 2031 outlines the necessary roles and responsibilities of the members of the organization, the key elements that must be included in every plan type, and how to meet the requirements for managing documentation.

BCM 2032:  Incident Response, Management & Communications
Implementing procedures for responding to an incident of any kind, managing the incident, and ensuring successful communication with all interested parties before, during and after the incident is an essential requirement for all business continuity programs. BCM 2032 also ties to the requirements of ISO 22320 on Incident Management and PAS 200 on Crisis Management & Communications.  The objective of BCM 2032 is to develop and implement procedures for response to and stabilization of the situation following an incident or event, including establishing and managing an Emergency Operations Center and local command centers during the crisis.

BCM 2033:  Business Continuity & Recovery Plans
All of the procedures developed as part of strategy development need to be documented in the business continuity and recovery plan. BCM 2033 reviews the requirements for business continuity plans and how to document procedures according to ISO 22301.

BCM 2034:  ICT Continuity / IT DR Plans & Procedures 
The focus of the ICT Continuity and the IT Disaster Recovery Plan is on the IT infrastructure that supports the business operations and ensuring that the plan in place protects the key infrastructure of
the organization. ISO 27031 on ICT Continuity outlines the methodology for ensuring that the ICT infrastructure supports the BCM infrastructure to ensure that there are no unsupported critical processes and the RTOs can be met. BCM 2034 reviews the guidelines for ICT continuity under ISO 27031, ISO 27001, and NIST 800-34.

BCM 2041:  Awareness, Training, Testing & Exercising 
Building a BCMS culture is an essential component of ensuring a successful program. Determining competence of all parties involved in the business continuity management system and increasing competence through awareness, training, testing, and exercising is a key component of this process and is vital to the success of the BCMS. BCM 2041 also aligns to the guidance of ISO 22398 for developing exercise programs. 

BCM 2042: Program Evaluation, Improvement & Audit 
It is impossible to keep the BCM program current and actionable or to move to a management system without monitoring, measuring, analyzing, and evaluating the BCMS. BCM 2042 explores the requirements for internal audit and management review of the BCMS. Also included are the requirements for writing the audit report based on ISO 19011 and ISO 17022. 
If you would like to submit an article or presentation for a future ICORrespondence Newsletter submit it to Lynnda@theicor.org.
 
Sincerely,
 
Lynnda Nelson, President
The International Consortium for Organizational Resilience
Save 10%
Did you know that you can save 10% on all ICOR courses if you are a member of one of the following organizations?  Contact them to find out how or email info@theicor.org.
  • ICOR
  • ACP
  • AFCOM
  • ASIS
  • BRPA
  • BRPA SW
  • IAEM
  • IFMA
  • NEDRIX 
Become an ICOR Member Today!

Over a series of articles, Hilary Estall, Director of Perpetual Solutions, will be discussing subject areas aimed at those managing a business continuity management system (BCMS) and in particular, those systems certified to ISO 22301. With her pragmatic approach to management systems and auditing in particular, Hilary will offer an insight into areas not widely discussed but still important for the ongoing success of a BCMS.

In the second article of the series, Hilary Estall looks at what’s involved when a certified BCMS reaches its recertification point. What does this mean and what’s involved?

In this article I demystify the process of recertification; the procedure undertaken by certification bodies every third year in the cycle of management system certification. I identify how an organization should prepare and the process of recertification itself. Is it just another audit or is there more to it?

If your organization has a certified business continuity management system (BCMS) you will know that in order to retain it, your certification body will carry out periodical audits. You will also know that when you first achieved certification and were issued with your certificate, it had an expiry date on it, three years hence*. What are the implications of this expiry date and how should you prepare for ‘renewal’?

...

http://www.continuitycentral.com/feature1215.html

Thursday, 14 August 2014 17:10

Data restoration requirements surveyed

When it comes to data restoration, addressing deleted mailboxes or emails is the most common request of IT administrators, according to new survey data from Kroll Ontrack.

When asked how often they receive requests for data restoration, 61 percent of the nearly 200 Ontrack PowerControls customers surveyed across EMEA, North America and APAC report they receive up to five email related restoration requests a month, with an additional 11 percent claiming up to 10 times a month.

In Europe, the second most common data restoration need was disaster recovery (16 percent), followed by missing data (12 percent). In the US, the second most common data restoration need was collection of electronic data for ediscovery (21 percent), followed by consolidating data from older to new applications to eliminate legacy servers (15 percent).

Requests for data restoration came from all departments across an organization, with 24 percent stemming from the internal legal department, 22 percent coming from IT security and 15 percent originating from sales and marketing. Why do these people need their email and documents back? 45 percent of IT administrator respondents note that employees request their email and documents back because they were accidentally deleted. Internal investigations (17 percent) ranked as the second most common source of restoration requests.

http://www.krollontrack.co.uk/software/powercontrols

Historically, vendor solutions for disaster recovery have been created for on-site use for individual enterprises. The client company concerned was the sole owner of the user data involved, and disaster recovery could be implemented without having to worry about anybody else. The cloud computing model changes that situation. It’s possible to use cloud services to have your own dedicated servers and instances of applications, or to share physical space but still have your own application (as in multi-instance setups). However, multi-tenancy (perhaps the defining feature of cloud architectures) makes the application of disaster recovery solutions rather more delicate.

...

http://www.opscentre.com.au/blog/disaster-recovery-services-and-multi-tenancy-in-the-cloud/

Thursday, 14 August 2014 17:09

How Big Data Can Solve Small Data Problems

We talk about Big Data and, now, Small Data as if it’s always clear with which you’re dealing. Big Data means volume, variety or velocity (or all three) and small data is structured and everything else.

Of course, the reality isn’t always so binary, according to a panel of medical and pharmaceutical experts at the recent MIT Chief Data Officer and Information Quality Symposium.

SearchCIO.com covered the event, and, in a recent article, shared a few lessons from the panel’s trial-and-error approach to dealing with data variety. Mark Schreiber’s experience is a perfect example.

...

http://www.itbusinessedge.com/blogs/integration/how-big-data-can-solve-small-data-problems.html

Codenomicon's discovery of OpenSSL's "Heartbleed" flaw this past spring highlighted the increasing importance of source code assurance and quality control as software grows in prominence in daily life. The Heartbleed memory leak opened the door for infiltrators to obtain passwords and security keys to decode encrypted data — a vulnerability that allegedly still threatens enterprise systems months after its discovery, according to a recent report

 
But Kevin Greene (pictured at left), a project manager in the cybersecurity division of the U. S. Department of Homeland Security's Science and Technology Directorate, claims that he has the answer to these kinds of problems. He manages a program called the Software Assurance Marketplace, aka SWAMP, an online platform that allows software developers to submit their code for vulnerability analysis free of charge.
 
According to Greene, SWAMP could have detected the Heartbleed flaw early in its development phase where other vulnerability tools apparently failed.
 
"None of the tools were able to detect the weakness that led to Heartbleed, so to me, using SWAMP, a software researcher can identify the type of anomalies that are in these tools and start working on the techniques that exist in the state of the art tools," Greene said.
...

(MCT) — Karen Windon still gets chills when she thinks back on Hurricane Charley.

"We were right in the cross-hairs for a long time as Charley barreled up the Gulf of Mexico," Windon recalled Tuesday.

Windon, now a deputy administrator for Manatee County, Fla., was the county's public safety director in 2004.

"For me, it was a mixture of tense moments, and swelling pride, knowing we had such a committed team at the emergency operations center at that time," Windon said.

Although Manatee County escaped much of Charley's fury, with a historic right turn that directed it northeast through Punta Gorda and Arcadia on Aug. 13, 2004, it proved to be a game changer.

It changed the local public perception of hurricanes from something to ride out to knowing there could be a dangerous killer on the loose. And Charley put emergency managers on notice that they needed to step up their games.

Manatee County officials got serious about building a stand-alone, hardened emergency operations center that could withstand such natural disaster as a hurricane. Officials moved ahead with plans for a new Public Safety Center that might otherwise have languished on a wish list for years.

...

http://www.emergencymgmt.com/disaster/Hurricane-Charley-Improvements-Emergency-Response.html