Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 28, Issue 1

Full Contents Now Available!

Jon Seals

Monday, 04 November 2013 15:30

2013 HSEEP Overview, Part 2

Contributed by Frank Kriz, MS, CEM, CPM, PEM

In Part 1 of this overview introduced the Presidential Policy Directive 8: National Preparedness (PPD-8) and the National Preparedness Goal (NPG). In addition, the five (5) Mission Areas and the Core Capabilities identified in the NPG were reviewed.

PPD-8 and the NPG are the base documents that set the outline for the overarching National Preparedness System (NPS) (November 2011). The National Preparedness System outlines an organized process for the whole community to move forward with preparedness activities and ultimately achieve the National Preparedness Goal.

One term that will be repeatedly seen throughout this and other NPS documents is “Whole Community.” This includes individuals, families, and households; communities; the private and nonprofit sectors; faith-based organizations; and local, state, tribal, territorial, insular, and federal governments. Whole Community is defined in the National Preparedness Goal as “a focus on enabling the participation of federal, state and local government partners in order to foster better coordination and working relationships.”

...

http://lighthousereadiness.com/lrg/hseep-overview-2/

Monday, 04 November 2013 15:29

Adobe Data Breach Highlights Security Risk

The impact of a data breach at software maker Adobe appears to be worsening. When it first announced the breach on October 3, Adobe said that cyber attackers had compromised accounts and passwords of nearly 3 million users. Now that number has jumped to at least 38 million users.

What’s more a blog post at PCWorld indicates that a further 150 million usernames and hashed passwords were taken from Adobe. While Adobe says these could include inactive IDs, test accounts and IDs with invalid passwords, the company is still investigating.

PCWorld also reports that the hackers stole source code for flagship Adobe products such as Photoshop, Acrobat, and Reader.

...

http://www.iii.org/insuranceindustryblog/?p=3421

A revolutionary new architecture aims to make the internet more “social” by eliminating the need to connect to servers and enabling all content to be shared more efficiently.

One colleague asked me how, using this architecture, you would get to the server. The answer is: you don’t.

Dirk Trossen

Researchers have taken the first step towards a radical new architecture for the internet, which they claim will transform the way in which information is shared online, and make it faster and safer to use.

The prototype, which has been developed as part of an EU-funded project called “Pursuit”, is being put forward as a proof-of concept model for overhauling the existing structure of the internet’s IP layer, through which isolated networks are connected, or “internetworked”.

The Pursuit Internet would, according to its creators, enable a more socially-minded and intelligent system, in which users would be able to obtain information without needing direct access to the servers where content is initially stored.

- See more at: http://www.cam.ac.uk/research/news/future-internet-aims-to-sever-links-with-servers#sthash.doUoCvJ5.dpuf

BSI has opened a consultation period for its new 'BS 11200 Crisis Management - Guidance and good practice' standard.

According to BSI, BS 11200 will provide guidance on crisis management to help top managers in an organization to implement and develop a crisis management capability. It is intended for any organization regardless of location, size, type, industry or sector.

Feedback can be given about BS 11200 until 10th January 2014.

Go to http://drafts.bsigroup.com/Home/Details/52021 to read the draft and submit your comments.

Monday, 04 November 2013 15:25

The State of Risk-Based Security 2013

The State of Risk-Based Security Management is an in-depth study conducted by Ponemon Institute and sponsored by Tripwire. The study is designed to reveal how organizations are applying rigor­ous and systematic analytical techniques in order to quantify and evaluate the security risks that impact an organization’s information assets and IT infrastructure.

Download Full Report

The State of Risk Based Security 2013 (PDF)

Andrew Scott
Business Continuity Institute

The BCI is a global organisation with Members, Forums, Chapters and Partners all across the world, but whether it is due to time, distance or perhaps even environmental concerns, unfortunately not everyone who would like to attend the BCM World Conference and Exhibition on the 6th and 7th November will be able to do so. Sadly some people will miss out…

I don’t know about you but I sometimes feel like I’m doing several jobs at once. I'm sure we all do at times but even so, and with the best will in the world, none of us will be able to attend all three streams of the conference at the same time, not to mention the packed exhibition that will be going on or the free seminar programme taking place. With so much happening, we simply cannot attend everything. Again, sadly some people will miss out…

...

http://thebceye.blogspot.com/2013/11/making-most-of-your-conference.html

Pacnet Enabled Network (PEN) Delivers Scalable Bandwidth and Software-enabled Intelligence to Take Networking into Cloud-Computing Age
 
  • Pacnet announces today the beta launch of the Pacnet Enabled Network (PEN), an industry-first service platform that leverages software-defined-networking (SDN) to deliver flexible and scalable bandwidth configurable by customers, heralding a major advance in the capabilities of enterprises and carriers to build high-performance and cloud-ready networks.
  • Powered by Pacnet’s innovative Network-as-a-Service (NaaS) model, PEN delivers scalable bandwidth and software-enabled intelligence, allowing customers to dynamically provision bandwidth in minutes, based on their business needs.
  • PEN puts Pacnet at the forefront of industry efforts to meet the networking challenges prompted by the growth of cloud computing, offering customers scalable bandwidth that adapts to their networking requirements, integrating software-enabled intelligence with Pacnet’s unsurpassed network of wholly-owned data center and undersea cable infrastructure.

HONG KONG – Pacnet today announced the beta launch of the Pacnet Enabled Network (PEN), an industry-first service platform that leverages software-defined-networking (SDN) to deliver flexible and scalable bandwidth configurable by customers, heralding a major advance in the capabilities of enterprises and carriers to build high-performance and cloud-ready networks.
 
Powered by Pacnet’s innovative Network-as-a-Service (NaaS) model, PEN delivers scalable bandwidth and software-enabled intelligence, allowing customers to dynamically provision bandwidth in minutes, based on their business needs. PEN users are able to create a virtualized cross-connected environment leveraging Pacnet’s wholly-owned network of data centers and telecommunications infrastructure for unrivalled coverage of financial and business centers across Asia-Pacific.
 
“PEN is a quantum-leap for the industry that catapults networking into the cloud-computing age,” said Jim Fagan, President of Managed Services at Pacnet. “With the region’s most extensive coverage of data centers and subsea cable network, Pacnet has the capabilities to execute and deliver next-generation tools to help our customers stay on top of their networking needs in the demanding world of cloud.”
 
PEN offers customers the ability to self-provision bandwidth, manage and monitor network usage and account information in real-time. The platform utilizes OpenFlow, an open-source technology, for high-performance network management, providing seamless connectivity to a hybrid cloud service environment, giving customers the flexibility to choose their cloud vendor.
 
PEN at a glance: key customer benefits
  • Leverage Pacnet’s unrivalled global infrastructure: PEN is built on an enterprise class network, which offers point-to-point international private connections to customers, and extensive data center facilities across 10 data centers in Asia-Pacific.
  • Fully automated provisioning with flexible network optimization options: PEN customers can provision dynamic bandwidth within minutes either through Pacnet Connect, a Web-based portal, or via an Application Programming Interface (API), eliminating the need for manual processes. This gives users the control to customize and configure network based on their performance and quality of service requirements.
  • Pay for what you use: With a flexible pricing model, customers will be billed according to the amount, quality and duration of network usage.
  • Hybrid cloud gateway: PEN, which utilizes an OpenFlow based software controller, extends enterprise class data centers and private clouds to any external cloud vendors, offering customers the flexibility to create a truly virtual Asia-Pacific data center.
As enterprises continue to rapidly embrace cloud computing to meet their business needs, the-increasing volume and complexity of data traffic place severe strains on networks that are based on traditional hierarchical architectures. PEN puts Pacnet at the forefront of industry efforts to meet the networking challenges prompted by the growth of cloud computing, offering customers scalable bandwidth that adapts to their networking requirements, integrating software-enabled intelligence with Pacnet’s unsurpassed network of wholly-owned data center and undersea cable infrastructure.
 
PEN offers customers access to major multiple or large carriers and data centers through the Pacnet network, and creates a virtualized cross-connected environment. This means customers can provision a network from the Pacnet Hong Kong data center to their on-premises facilities in Australia.
 
With a full launch expected in the first quarter of 2014, PEN is at the center of Pacnet’s transformation into a “next-gen” provider of cloud, data center and telecommunication services, increasing options for customers and generating additional synergies with other existing Pacnet managed services offerings.
 
 More PEN Resources:
  • PEN website
  • Pacnet President of Managed Services Jim Fagan’s blog and video
  • Pacnet Vice President of Data Center Construction & Operations Giles Proctor’s blog and video
  • Pacnet will demonstrate PEN live at the OpenStack Hong Kong Summit 2013 in AsiaWorld-Expo at 6:20pm on 5 November 2013 (Hong Kong time).
 
About Pacnet
Pacnet is Asia-Pacific’s leading provider of managed data connectivity solutions to major telecommunications carriers, large multinational enterprises and government entities in the Asia-Pacific region.  Ownership of the region’s most extensive high-capacity submarine cable systems with over 46,000 km of fiber and connectivity to interconnected data centers across 14 cities in the Asia-Pacific region gives Pacnet unparalleled reach to major business centers in key markets including China, India, Japan and the United States.  Combined with a comprehensive set of managed network and value-added data center services, its assets and experience in the region have helped Pacnet service large businesses worldwide including Fortune 500 companies.  Pacnet is headquartered in Hong Kong and Singapore, with offices in all key markets in the Asia-Pacific region and North America.  For more information, please visit: www.pacnet.com.

Despite a dramatic increase in mobile device sales in the past year, BYOD security among employees remains static. Gartner forecasts 2013 tablet shipments to grow 67.9 percent, with shipments reaching 202 million units, while the mobile phone market will grow 4.3 percent, with volume of more than 1.8 billion units.

For the second year in a row, Coalfire examined the BYOD trend for interconnected employees and what it means for companies and the protection of their corporate data. Most organizations want the increase in productivity that mobile devices offer, but the majority do not provide company-owned tablets or mobile phones as a cost-saving measure.  Employees who want to use these devices must buy their own and are all too often left to secure potentially private information themselves.

...

http://www.corporatecomplianceinsights.com/employees-and-companies-not-taking-byod-security-seriously

Wednesday, 30 October 2013 15:35

Cyber threat opportunity

Ken Simpson
The VR Group

Only a week to go until the BCM World Conference!

What if we took a different approach to our reflective learning this time?

Instead of waiting until after the conference to reflect and integrate what we have learned, what if we took a proactive approach and spent some time ahead of the conference reflecting on what aspects of our current practice we need to change.

What if that reflection also included reframing the problem – not just how can I fine tune my practices within current frameworks and constraints, but how would I want to transform my practice going forward and remove some of those constraints.

...

http://thebceye.blogspot.com/2013/10/cyber-threat-opportunity.html

CIO — When George Borst made the jump in 1997 from general manager of Toyota's Lexus division to head of the company's finance group, he was faced with a big decision.

The finance group's four core systems were in woeful shape, needing upgrades to improve performance and keep up with the rapid growth of finance operations. Borst came to the job long on strategy but admittedly a bit short on the intricacies of IT and finance, having come from sales, marketing and product-planning groups.

"I wish I'd paid a lot more attention in college to my economics and finance courses," he jokes. "But I was sent over there for a reason: to help increase sales and get closer to the dealers."

...

http://www.cio.com/article/741940/This_C_Suite_Recognizes_That_Failure_is_Part_of_Innovation

Wednesday, 30 October 2013 15:33

New England: One Year After Hurricane Sandy

BOSTON – One year ago today, on October 29th, 2012, the Northeast braced for impact as Hurricane Sandy came barreling toward our coastline. Although New England was spared the brunt of the storm, residents and businesses along the shores of Connecticut, Rhode Island, Massachusetts and New Hampshire suffered severe damages from wind and water, many losing homes and livelihoods. Towns along the coasts of Connecticut and Rhode Island were nearly impassable after the storm, roadways choked with debris and sand from a significant storm surge that swept through beachfront communities.

The Department of Homeland Security’s Federal Emergency Management Agency (FEMA) continues to work closely with its partners to help individuals and communities recover from Hurricane Sandy.

In the past year over $125.9 million in FEMA funding has been obligated toward Hurricane Sandy recovery in New England:

Individual Assistance

More than $15.5 million in Federal Emergency Management Agency grants approved for individuals and households region-wide, which includes:

Connecticut:

  • More than $13.8 million for housing assistance
  • More than $1.1 million for other needs assistance

Rhode Island

  • $378,748 for housing assistance
  • $42,592 for other need assistance

More than $51.6 million in Small Business Administration disaster loans approved for homeowners, renters and businesses in Connecticut.

More than $285.3 million in National Flood Insurance Program payments made to policy holders. Including:

Connecticut

  • More than $249.5 million paid to flood insurance policy holders

Rhode Island

  • More than $35.8 million paid to flood insurance policy holders

Public Assistance

More than $59.1 million in Public Assistance grants to reimburse local, state and tribal governments and eligible private nonprofits region-wide for some of the costs of:

  • Emergency response
  • Debris removal
  • Repairing or rebuilding damaged public facilities

The committed efforts of  many additional federal, state and local agencies and organizations continue to assist  states, towns, communities and individuals in the recovery process.