Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 27, Issue 4

Full Contents Now Available!

Jon Seals

While knowing the latest IT security measures or top marketing strategies are important, they aren't the skills that are going to pay off in the long run for today's college graduates, new research shows.

A study by Kaplan University's College of Business and Technology discovered that critical thinking and written communications are the most important skills college graduates majoring in business or information technology programs will need to succeed in the work force.

"Technology becomes obsolete quite rapidly," said Kaplan University professor Lynne Williams. "Good communication skills remain with you throughout your working life."

...

http://www.businessnewsdaily.com/4666-information-technology-communication-thinking-skills.html

A new inspector general report criticizing a government contractor's USB drive security practices is an important reminder of why all healthcare organizations need to control the use of mobile storage media and ports.

"Because USB devices connect directly into computers and can store large amounts of data, they can potentially cause serious harm to computers and networks or compromise sensitive data if their use is not properly controlled," says the report from the Department of Health and Human Services' Office of Inspector General.

Among the risks posed by USBs are the spread of malware and the inappropriate download, storage and removal of data by users, resulting in breaches or possible fraud.

Security weaknesses such as those identified by the OIG are common throughout healthcare and need to be addressed to help protect patient privacy, says independent IT security consultant Tom Walsh.

...

http://www.govinfosecurity.com/improving-security-for-usb-drives-a-5851

Cloud came as blessing in disguise for back-up and disaster recovery services. Traditionally, we have depended on tapes and data centres for the both which required huge investments. The paradigm shift brought by the cloud has made it possible SMB sector to explore these services.

"It won't happen to me", is some kind of self-assuring myth which mostly people feel comfortable with. I was going through a document from Texas University which tells us that only six per cent of the smaller business survives the catastrophic data losses.

University of Minnesota found that "93 percent of business that lost their data centre for 10 days or more filed bankruptcy". If these facts are true, DR and backups acts as life line for our business as bad times cannot be completely avoided. Disasters just don't happen; they are chain of critical events. Not having a robust DR could be one of them.

...

http://www.ciol.com/ciol/experts/190450/powering-backup-dr-cloud

Especially in military operations, it's impossible to eliminate risk, but it can be minimized. Many of their risk-management techniques can apply to your flying.

No matter what we do in an aircraft, we cannot eliminate risk entirely. Instead, we can manage that risk and take positive steps to mitigate or reduce it; in rare cases, we may even be able to eliminate it. An example of the latter might be canceling a trip for poor weather, or because of a mechanical issue. But we should be mostly concerned with mitigating and reducing the risks our flying poses.

Of course, there are many ways to accomplish these goals. I believe most of us in general aviation have sat through a presentation or seminar discussing risk management. While serving in the U.S. Marine Corps, I sat through those classes as well as taught them, and I always came away with the same question, "How will this reduce the mishap rate?" Given the resources available, along with the missions, the military's way of managing risk can't be implemented by the average GA pilot. But it's worthwhile to examine the military's risk-management process. Using it as a template, then taking some simple steps and applying its techniques over time, on our own, can help reduce the GA mishap rate, before someone does it for us.

...

http://www.avweb.com/news/features/military_risk_management_pilots_208888-1.html

Good news for managed services providers (MSPs) offering backup and disaster recovery (BDR) solutions. Storage software revenue increased in the first quarter this year led by strength in data protection and recovery software, according to a report from International Data Corp. (IDC). Here are the details.

The worldwide storage software market grew by 3.2 percent during the first quarter of 2013 compared to the same quarter of 2012. Revenue during the quarter climbed to $3.6 billion.

Eric Sheppard, research director for storage software at IDC pulled out the key areas of strength in the market. "Demand was strongest for data protection and recovery software as well as storage and device management software. This was driven by a broad need for data resiliency, improvements to operational efficiencies, and better insights into installed data center infrastructure."

...

http://mspmentor.net/backup-and-disaster-recovery/data-protection-and-recovery-software-demand-drives-strong-demand-q1

The overall purpose of business continuity planning is to ensure the continuity of essential functions during an event that causes damage or loss to critical infrastructure. A continually changing threat environment, including severe weather, accidents, fires, technological emergencies, and terrorist-related incidents, coupled with a tightly intertwined supply chain, have increased the need for business continuity efforts.

To ensure long-term viability, companies should develop, maintain, conduct, and document a business continuity testing, training, and exercise (TT&E) program. The business continuity plan should document these training components, processes, and requirements to support the continued performance of critical business functions. Training documentation should include dates, type of event(s), and name(s) of participants. Documentation also includes test results, feedback forms, participant questionnaires, and other documents resulting from the event.

...

http://www.emergency-response-planning.com/blog/bid/59726/Business-Continuity-Testing-Training-and-Exercises

Although each business disruption is unique and many decisions will have to be made as situations unfold, a business continuity plan provides a framework and preparation to guide these decisions, as well as a clear indication of who will make them. A successful business continuity plan includes the following elements.

Define a team structure

  • Develop a clear decision-making hierarchy, so that in an emergency, people don’t wonder who has the responsibility or authority to make a given decision
  • Create a core business continuity team with personnel from throughout the organization, including executive leaders, IT, facilities and real estate, as well as physical security, communications, human resources, finance and other service departments
  • Create supporting teams devoted to related functions such as emergency response, communications, campus response and business readiness

...

http://www.citrix.com/solutions/business-continuity/best-practices.html

The effectiveness of data classification and retention policies can have strong ripple effects across an organization's entire IT risk management framework. After all, how data is classified can determine what risk management priorities are placed on it and the less data that is retained long-term, the less volume the organization has to sift through to determine appropriate protection levels.

"Risk management practices should be based on data or system classification. System classification is simply the 'high water mark' of data stored, processed or transmitted on the system," says Doug Landoll, CEO of Assero Security. "The required security controls for a system are based on the system classification. Risk management, as one of those controls, would be based on this as well."

...

http://www.darkreading.com/risk/data-classification-can-boost-risk-manag/240157074

How can you prioritize various backup and disaster recovery (BDR) issues? Smart managed services providers (MSPs) focus on four potential scenarios. The idea is to understand each scenario and its correlation with time to recovery.

Strata Information Technology Inc. President Pete Robbins, a BDR specialist, uses these four scenarios to properly assess each situation:

...

http://mspmentor.net/infocenter-bdr/backup-disaster-recovery-bdr-4-scenarios-msps

June 21, 2013

Risks within risk

For want of a nail

The Atlantic hurricane season arrived June 1. The Pacific typhoon season arrived a little earlier and promptly sent a typhoon across Mexico.

Many organizations have “hurricane” plans. To my mind, that’s foolish. Any “threat specific” plan is, in my opinion, foolish.

The problem with a “hurricane” plan is that it can overlook a risk within a risk.

Consider a hurricane’s main components.

Wind.

Rain.

Storm surge (flood).

Wind is, for the most part, harmless. True, it can blow the roof off a building and that can lead to other damages to a property. And true, it can bring down power lines.

A wind’s main threat potential is carrying missiles – anything it can pick up and hurl along at high velocity.

...

http://johnglennmbci.blogspot.com/2013/06/erm-b-c-coop-risks-within-risk.html