The Continuity Logic customized demo provides an opportunity for qualifying organizations to evaluate Frontline Live 5™, with their plans, desired controls, policies, and procedures. This first-of-its-kind system for both business continuity and many other areas of Governance, Operational Risk and Compliance (GRC) is powerful, but often best viewed with some of your familiar plans, data and templates.


Spring World 2016

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 28, Issue 3

Full Contents Now Available!

Jon Seals

New model will help forecasters predict a storm’s path, timing and intensity better than ever

This is a comparison of two weather forecast models looking six hours ahead for the New Jersey area. Image on left shows the forecast which doesn't distinguish localized hazardous weather. Image on right shows the new HRRR (High-Resolution Rapid Refresh) model that clearly depicts where local thunderstorms (yellow and red coloring) are likely. (Credit: NOAA)

This is a comparison of two weather forecast models looking six hours ahead for the New Jersey area. Image on left shows the forecast which doesn't distinguish localized hazardous weather. Image on right shows the new HRRR (High-Resolution Rapid Refresh) model that clearly depicts where local thunderstorms (yellow and red coloring) are likely. (Credit: NOAA)

Today, meteorologists at NOAA’s National Weather Service are using a new model that will help improve forecasts and warnings for severe weather events. Thanks to the High-Resolution Rapid Refresh (HRRR) model, forecasters will be able to pinpoint neighborhoods under threat of tornadoes and hail, heavy precipitation that could lead to flash flooding or heavy snowfall and warn residents hours before a storm hits. It will also help forecasters provide more information to air traffic managers and pilots about hazards such as air turbulence and thunderstorms.
Developed over the last five years by researchers at NOAA’s Earth System Research Laboratory, the HRRR is a NOAA research to operations success story. It provides forecasters more detailed, short-term information about a quickly developing small-scale storm by combining higher detail, more frequent radar input and an advanced representation of clouds and winds. The HRRR model forecasts are run in high resolution every hour using the most recent observations with forecasts extending out 15 hours, allowing forecasters to better monitor rapidly developing and evolving localized storms.

VIDEO: NOAA launches new tool to improve weather forecasts. (Credit: NOAA)

“This is the first in a new generation of weather prediction models designed to better represent the atmosphere and mechanics that drive high-impact weather events,” said William Lapenta, Ph.D., director of the National Centers for Environmental Prediction, part of the National Weather Service. “The HRRR is a tool delivering forecasters a more accurate depiction of hazardous weather to help improve our public warnings and save lives.”

High Resolution

Hyper local forecasts are possible with the HRRR because of higher resolution. The HRRR’s spatial resolution is four times finer than what is currently used in hourly updated NOAA models offering a more precise prediction of a storm’s location, formation, and structure. Using the HRRR, forecasters have an aerial image in which each pixel represents a neighborhood instead of a city. “This increase in resolution from eight to two miles is a game-changer,” added Lapenta.
What Goes In…

The HRRR starts with a full 3-D picture of the atmosphere one hour before the forecast and then brings in observations from surface stations, commercial aircraft, satellites, and weather balloons to create a more detailed and balanced starting point for the forecast. Another key innovation for the HRRR is adding in radar data every 15 minutes during that hour to help the model “know” where precipitation is ongoing. Integrating atmospheric data gathered before a model run, including radar data at a two mile resolution, provides a more accurate picture of what is happening in the atmosphere at the start of the forecast. This helps predict changes to storms and development of new storms faster than current models.

…And What Comes Out

The HRRR model’s hourly output includes more frequent snapshots, in 15 minutes intervals, of the atmosphere. With this information forecasters can better anticipate and predict the onset of a storm and critical details of its evolution, allowing for earlier watches and warnings. 

“The HRRR model will provide forecasters a powerful tool to help them inform communities about evolving severe weather,” said Stan Benjamin, Ph.D., a research meteorologist at NOAA’s Earth System Research Laboratory who led the research team that developed the model. "Being able to warn the public of weather hazards earlier and with greater detail is an outstanding return from NOAA's investment in research and observation systems."

Many NOAA scientists were involved with testing, optimizing, and implementing the model, including experts at NOAA’s National Weather Service and its National Centers for Environmental Prediction. NOAA’s partners at the Cooperative Institute for Research in Environmental Science at the University of Colorado at Boulder and the Cooperative Institute for Research in the Atmosphere at Colorado State University, Fort Collins helped with development. NOAA researchers partnered with users such as the Federal Aviation Administration, the National Center for Atmospheric Research, and the Department of Energy to significantly improve forecasts for aviation, energy among other industries through the HRRR model.

“Implementation of the HRRR is just one of many model improvements made possible with NOAA’s boost in its supercomputing power for weather prediction,” said Louis Uccellini, Ph.D., director, National Weather Service. “With advances in our forecast models, like the HRRR, we’re moving toward building a Weather-Ready Nation by improving our forecasts, providing better information to decision makers, and helping communities become more weather-ready and resilient against severe weather events.”

NOAA's National Weather Service is the primary source of weather data, forecasts and warnings for the United States and its territories. NOAA’s National Weather Service operates the most advanced weather and flood warning and forecast system in the world, helping to protect lives and property and enhance the national economy. Working with partners, NOAA’s National Weather Service is building a Weather-Ready Nation to support community resilience in the face of increasing vulnerability to extreme weather. Visit us at weather.gov and join us on Facebook and Twitter.

NOAA's mission is to understand and predict changes in the Earth's environment, from the depths of the ocean to the surface of the sun, and to conserve and manage our coastal and marine resources. Join us on TwitterFacebookInstagram and our other social media channels.

Wednesday, 01 October 2014 14:44

Review, Update Your Insurance Policies

EATONTOWN, N.J. -- September is National Preparedness Month, and the latter half of the year is an ideal time for people to review their insurance policies. Understanding the details of what specific policies cover and what the policyholder is responsible for after a disaster is important as both clients’ needs and insurance companies’ rules change.

Insurers’ decisions and legislative changes have the biggest effect on changes in policies. Consumers should make themselves aware of possible changes in these areas and know what to look for while reviewing their policies.

What’s Covered

The first check is the most obvious: the actual coverage. Policyholders should look at the specifics of which property is covered and the type of damage that is covered. Property owners should know that floods are not covered by standard insurance policies and that separate flood insurance is available. Flood insurance is required for homes and buildings located in federally designated high risk areas with federally backed mortgages, referred to as Special Flood Hazard Areas (SFHAs). Residents of communities that participate in the National Flood Insurance Program (NFIP) are automatically eligible to buy flood insurance. According to www.floodsmart.gov, mortgage lenders can also require property owners in moderate to low-risk areas to purchase flood insurance.

There are two types of flood insurance coverage: Building Property and Personal Property. Building Property covers the structure, electrical, plumbing, and heating and air conditioning systems. Personal Property, which is purchased separately, covers furniture, portable kitchen appliances, food freezers, laundry equipment, and service vehicles such as tractors.

What’s Not Covered

Policy exclusions describe coverage limits or how coverage can be purchased separately, if possible. Property owners should know that not only is flood insurance separate from property (homeowners) insurance, but that standard policies may not cover personal items damaged by flooding. In these cases, additional contents insurance can be purchased as an add-on at an additional cost. Some policies may include coverage, but set coverage limits that will pay only a percentage of the entire loss or a specific dollar amount.

The Federal Emergency Management Agency’s Standard Flood Insurance Program (SFIP) “only covers direct physical loss to structures by flooding,” FEMA officials said. The SFIP has very specific definitions of what a flood is and what it considers flood damage. “Earth movement” caused by flooding, such as a landslide, sinkholes and destabilization of land, is not covered by SFIP.

Structures that are elevated must be built at least to the minimum Base Flood Elevation (BFE) standards as determined by the Flood Insurance Rate Maps (FIRMs). There may be coverage limitations regarding personal property in areas below the lowest elevated floor of an elevated building.

Cost Impact of Biggert-Waters

The Biggert-Waters Flood Insurance Reform Act of 2012 extends and reforms the NFIP for five years by adjusting rate subsidies and premium rates. Approximately 20 percent of NFIP policies pay subsidized premiums, and the 5 percent of those policyholders with subsidized policies for non-primary residences and businesses will see a 25 percent annual increase immediately. A Reserve Fund assessment charge will be added to the 80 percent of policies that pay full-risk premiums. Un-elevated properties constructed in a SFHA before a community adopted its initial FIRMs will be affected most by rate changes.

In March 2014, the Consolidated Appropriations Act of 2014 and the Homeowner Flood Insurance Affordability Act (HFIAA) of 2014 were signed into law, lowering rate increases on some policies, preventing rate increases on others, and delaying the implementation of Section 207 of Biggert-Waters, which was to ensure that certain properties’ flood insurance rates reflected their full risk after a mapping change or update. HFIAA also repeals a portion of Biggert-Waters that eliminated grandfathering properties into lower risk classes. Many of the changes have not yet been implemented because the necessary new programs and procedures have not been established.

Other Conditions

The General Conditions section informs the consumer and the insurer of their responsibilities, including fraud, policy cancellation, subrogation (in this case, the insurer’s right to claim damages caused by a third party) and payment plans. Policies also have a section that offers guidance on the steps to take when damage or loss occurs. It includes notifying the insurer as soon as practically possible, notifying the police (if appropriate or necessary) and taking steps to protect property from further damage.

“FEMA’s top priority is to provide assistance to those in need as quickly as possible, while also meeting our requirements under the law,” FEMA press secretary Dan Watson said. “To do this, FEMA works with its private sector, write-your-own insurance (WYO) company partners who sell flood insurance under their own names and are responsible for the adjustment of their policy holders’ claims.”

Policyholders should speak with their insurance agent or representative if they have any questions about coverage. For further information and direction, call the NFIP Call Center at 1-800-427-4661 or the NFIP Referral Center at 1-888-379-9531. Comprehensive information about NFIP, Biggert-Waters, HFIAA and flood insurance in general can be found at the official NFIP website, www.floodsmart.gov.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at www.twitter.com/FEMASandywww.twitter.com/fema, www.facebook.com/FEMASandy, www.facebook.com/fema, www.fema.gov/blog, and www.youtube.com/fema. Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.”

Enterprise-ready apps leverage mobile devices to power multichannel retail strategies

SAN FRANCISCO – Scandit (www.scandit.com), developer of the leading software-based barcode scanning solution for smartphones, tablets and wearable devices, has released an integrated suite of mobile apps to enhance the consumer shopping experience and retail operations. Scandit’s Mobile App Suite for Retail provides a series of fully customizable, cross-platform mobile applications for retail employees and customers including: Clienteling, Mobile Point of Sale (mPOS), Mobile Shopping (mShopping), Self-Checkout, Shopping Lists and Procurement. This suite of retail apps successfully powers multichannel retail strategies from the back of house to the sales floor, and beyond.

Scandit has leveraged the ubiquity of mobile devices and the consumerization of IT trend in the workplace to create a mobile suite that will allow retailers to adopt consumer and employee-facing apps with unprecedented ease for rapid time to market. “In order to compete in today’s environment, retailers need to deliver a highly differentiated mobile experience for shoppers and employees, but many don’t have the in-house resources to develop these applications” said Samuel Mueller, CEO at Scandit. “We deliver an innovative set of fully customizable but functionally complete retail apps, which are easy to integrate with existing systems, allowing the retailer to customize and deploy the apps rapidly—without the high cost of development.”

Scandit’s pioneering app suite has successfully lowered the barrier of entry for retailers to adopt mobility across a variety of use cases. “Retail chains are seeking new and innovative ways to engage customers and manage their operations”, continued Mueller. “Our Mobile App Suite bridges this gap with fully customizable and vertically integrated applications that empower the retailer and the customer simultaneously.”

Built on the success of Scandit’s software-based barcode scanner, which is utilized on over 50 million mobile devices worldwide, the Mobile App Suite for Retail integrates Scandit’s enterprise-grade scanning performance and functionality as a critical component for retail success. It’s a true one-stop shop that retailers can rely on to build out a robust mobile strategy that will engage customers, streamline operations and drive sales.

Further information about the Mobile App Suite for Retail can be found at: http://www.scandit.com/products/mobile-app-suite-retail/

About Scandit

Scandit delivers high performance mobile solutions for smartphones, tablets and wearables, designed to transform consumer engagement and operational efficiency for today’s forward-looking enterprises. Scandit solutions are built on its patented software-based barcode scanner and are used in a variety of industries including retail, manufacturing and logistics. With more than 15,000 licensees in 80 countries, Scandit processes hundreds of millions of scans per year and develops enterprise-grade solutions for many of the world’s most prestigious brands including Ahold, Bayer, Coop, Homeplus (Tesco), NASA and Saks Fifth Avenue. Founded in 2009 by a group of researchers from MIT, ETH Zurich and IBM Research, today Scandit and its network of global integration and technology partners are pushing the boundaries of mobile AIDC (automatic identification and data capture), delivering ground-breaking identification and data capture applications to customers. For more information visit www.scandit.com.

Leading ASEAN law & tax firm DFDL, ranked tier 1 for general business law by Chambers Asia, has deployed CRM solution Lexis® InterAction® from LexisNexis® Enterprise Solutions, a leading provider of content and technology solutions. InterAction is the focal point for all contact-related information and provides authoritative relationship intelligence for business development across the firm's network of offices in Bangladesh, Cambodia, Indonesia, Laos PDR, Myanmar, Singapore, Thailand and Vietnam. Over 250 employees including fee earners and support staff are using the solution. 

DFDL chose InterAction for its superior functionality and LexisNexis' successful track record of implementing the solution in professional services organisations of all sizes and complexities.

Today, InterAction underpins the firm's Preferred Client Programme, whose goal is to proactively enhance client satisfaction and continuously improve service levels to fuel business growth. With InterAction being tightly integrated with Microsoft Outlook, fee earners are actively using the solution to improve the quality of engagement with clients. They are able to access InterAction from within Outlook, eliminating the need to log in to a separate system. The solution's ability to proactively push contact specific information to users is a huge benefit to time short professionals too. This in fact has encouraged adoption of CRM by fee earners at DFDL.  The solution is also integrated with DFDL's practice management system. All this combined has truly made InterAction the information and relationship intelligence hub for the entire organisation.   

"InterAction is an essential part of our commitment to client development and continued provision of world class legal advice and service to our clients across the region," commented Michel Dauguet, CEO, DFDL. "We looked at a number of software solutions to support our CRM effort, but InterAction best fit the bill. It offers the depth and breadth of functionality, but at the same time is easy and intuitive to use. Now as an organisation we are able to leverage the combined network of all our offices for business advantage and for the benefit of our customers. It is a powerful capability."

"InterAction continues to grow its global footprint due to its compelling capabilities," said Guy Phillips, Sales Director at LexisNexis Enterprise Solutions. "The solution is designed for professional services organisations, which is why it so precisely meets the needs of firms in the legal sector. We are very excited to be working with an organisation of the stature of DFDL."

The Lexis InterAction customer relationship management solution is designed for professional services organisations to help drive business relationships, accelerate firm growth and increase revenue.  By providing powerful relationship intelligence that goes beyond 'who knows whom', the solution uncovers unanticipated risks, facilitates personalised and streamlined  communications  and enables execution of business development plans that can be measured by client, segment or industry - all enabling firms to deliver value and exceed client expectations. InterAction can be accessed by users from within Microsoft Outlook and also 'on the move' from a range of mobile devices.

About LexisNexis Legal & Professional
LexisNexis Legal & Professional (www.lexisnexis.com) is a leading global provider of content and technology solutions that enable professionals in legal, corporate, tax, government, academic and non-profit organisations to make informed decisions and achieve better business outcomes.  As a digital pioneer, the company was the first to bring legal and business information online with its Lexis® and Nexis® services. Today, LexisNexis Legal & Professional harnesses leading-edge technology and world-class content, to help professionals work in faster, easier and more effective ways. Through close collaboration with its customers, the company ensures organisations can leverage its solutions to reduce risk, improve productivity, increase profitability and grow their business. Part of Reed Elsevier, LexisNexis Legal & Professional serves customers in more than 100 countries with 10,000 employees worldwide.

As a leading provider of software platforms, LexisNexis® Enterprise Solutions (www.lexisnexis-es.co.uk) works with customers to drive productive, efficient and reliable business decisions. Its solutions include Lexis® Visualfiles™; for case management and workflow; Lexis® InterAction®, a customer relationship management tool; and LexisOne™, an enterprise-grade business management solution powered by Microsoft Dynamics® AX.

Evaluation Based on Completeness of Vision and Ability to Execute

HUNTSVILLE, Ala. Emerson Network Power, a business of Emerson and a global leader in maximizing availability, capacity and efficiency of critical infrastructure, today announced it has been positioned by Gartner, Inc. in the “Leaders” quadrant of the first “DCIM Tools Magic Quadrant.”1 Gartner defines DCIM (data center infrastructure management) tools as “tools that monitor, measure, manage and control data center resources and energy consumption.”

The Magic Quadrant report evaluated 17 vendors and recognized Emerson Network Power for completeness of vision and ability to execute for all of its DCIM solutions. “We consider our positioning in the “Leaders” quadrant confirmation that our DCIM tools solve our customers’ biggest data center challenges,” said Enzo Greco, vice president and general manager, Software, Emerson Network Power’s Data Center Solutions business. “Being recognized as a leader in the “DCIM Tools Magic Quadrant” makes Emerson Network Power the only DCIM vendor named a leader in three independent evaluations.”2

The Trellis™ Platform

The Trellis™ platform is Emerson Network Power’s comprehensive DCIM solution, which delivers the capabilities needed for intuitive, scalable enterprise-class infrastructure monitoring and management. This technology bridges the gap between facilities and IT operations in the data center, allowing IT to be a key player in planning and executing the organization’s growth initiatives.

According to Ian Tasker, data centre manager, University of Cambridge Information Services, the ability to perform both device-level and strategic management was key to Cambridge University when selecting the Trellis platform for its new data center. “Our primary goal is to reduce energy consumption and carbon footprint by providing an alternative to the many independent, departmental server rooms across campus, many of which run inefficiently. As we migrate services from some independent server rooms into our state-of-the-art data center, the Trellis platform will provide monitoring and management capabilities to drive our current PUE from a conservative estimated average of 2.0 to our goal of 1.2.”

“Information Services also will gain the management information critical to running a data center,” Tasker said. “We often need to add capacity quickly to support new grants, which may require adding anywhere from one to 30 servers. The Trellis platform will give us visibility into capacity and provide the management information we need to plan effectively for growth in this dynamic environment. Additionally, some areas within the data center will operate using a cost recovery model, and the detailed usage information that the Trellis platform can provide will enable accurate charge back for these facility users.”

To learn more about Emerson Network Power’s DCIM solutions, please visit www.EmersonNetworkPower.com/Trellis.

1 Gartner “Magic Quadrant for Data Center Infrastructure Management Tools,” by Jay E. Pultz, David J. Cappuccio, April Adams, Federico De Silva, Naveen Mishra, Henrique Cecci and Rakesh Kumar, September 22, 2014.

2 Additional reports in which Emerson Network Power is named a leader: 1) “IDC MarketScape: Worldwide Data Center Infrastructure Management (DCIM) 2013 Vendor Analysis”; 2)  “EMA Radar Report™ for Data Center Infrastructure Management (doc #241280, May 2013).”  

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About Emerson Network Power

Emerson Network Power, a business of Emerson (NYSE: EMR), delivers software, hardware and services that maximize availability, capacity and efficiency for data centers, healthcare and industrial facilities. A trusted industry leader in smart infrastructure technologies, Emerson Network Power provides innovative data center infrastructure management solutions that bridge the gap between IT and facility management and deliver efficiency and uncompromised availability regardless of capacity demands. Our solutions are supported globally by local Emerson Network Power service technicians. Learn more about Emerson Network Power products and services at www.EmersonNetworkPower.com.

About Emerson
Emerson (NYSE:EMR), based in St. Louis, Missouri (USA), is a global leader in bringing technology and engineering together to provide innovative solutions for customers in industrial, commercial and consumer markets around the world. The company is comprised of five business segments: Process Management, Industrial Automation, Network Power, Climate Technologies, and Commercial & Residential Solutions. Sales in fiscal 2013 were $24.7 billion.  For more information, visit www.Emerson.com.

CMC 3030: Harnessing the Power of Social Media in Crisis Management Live Elearning Course 
ICOR and C4CS® are proud to offer the world's first and only elearning course designed to help professionals better understand and use social media effectively during good times - and during times of crisis. 

Based on University Elearning Programs, Harnessing the Power of Social Media in Crisis Management is an interactive "live" elearning opportunity.  Download the Brochure 

How does it work?
This interactive elearning course runs over a two week time frame - Monday, November 3- Friday, November 14, 2014.  There is extended time to complete the final paper after November 14, 2014.

Access course materials at times convenient to you and complete the following activities each week:

  1. Virtual Instruction:  View and listen to C4CS Professionals teach for approximately 1 hour each week.
  2. "Live" Discussions with Students World-Wide:  Participate in a virtual classroom discussion and answer 2-3 discussion questions each week.
  3. Learn from Experts: There will be reading material assigned each week to supplement the instruction.  Learn from industry experts and the latest research.
  4. Provide Social Media Strategies to the Leadership of your Organization:  As part of the course you will be required to write an essay that demonstrates your ability to write a social media policy or to evaluate the appropriate social media toolkit for your organization.  The work completed in this course can be immediately applied to improve the crisis communications plan for your organization.

Course Description  
Harnessing the Power of Social Media in Crisis Management is an introductory course designed to help professionals better understand and learn to use social media effectively. While the importance of traditional mass media in crisis management and
crisis communication is gradually declining, the impact of social media is rapidly increasing.
No organization can therefore afford to ignore how social media influence public perception and stakeholder action in times of crisis. Integrating social media into crisis management and crisis communication is a must because it significantly improves an organization's crisis readiness and paves the way for a successful recovery.

Target Audience 
This course was developed for managers from all hierarchical levels and a variety of functional areas including business continuity planning, crisis management, emergency management, risk management, corporate communications, public affairs, public relations, and strategic planning.

Credentialing and Accreditation
Successful completion of the CMC 3030: Harnessing the Power of Social Media in Crisis Management course requirements and passing the essay exam with an 80% or higher earns students a Certificate in Social Media Crisis Management Planning accredited by ICOR.

Registration Information  
Course Fee Information
Members of ICOR: $805.50 
Non-Members: $895.00

2014 Class Dates:  
November 3-14, 2014  

Online Registration
Questions?  Contact Education@theicor.org or call toll free (North America) 1.866.765.8321 or +1.630.705/0910 (outside North America)
About C4CS®
C4CS Logo
C4CS® has been providing client partners in the Americas, Asia, and Europe with consulting, management training, and executive coaching services since 1998.

C4CS® specializes in Crisis Management, Crisis Communication, Risk Communication, Issues Management, and Reputation Management and frequently conducts On-Camera Media Skills Coaching, Scenario-Based Crisis Management Training, and customized Risk Communication, Issues Management and Social Media Training.

Tuesday, 30 September 2014 15:28

Top Business Continuity Risks for Retailers

Retail, by its very nature, is fast-moving: competition is intense and customers are increasingly demanding. In this cutthroat environment, the inability to do business can quickly damage a retailer: and making up lost ground is often extremely difficult, if it’s possible at all.

“All businesses need to have business continuity plans in place to avoid risks and minimise disaster, but retailers operate in a particularly competitive environment,” says Grant Minnaar, Business Continuity Management Advisor at ContinuitySA. “Retailers need to understand their risk profiles and make sure they have strategies in place to ensure they can stay trading, or they risk losing customers and damaging their brands.”

ContinuitySA has identified some of the top business continuity risks faced by retailers:



Craig Young overviews the Bash /‘Shellshock’ vulnerability which was recently identified and looks at whether it really is worse than Heartbleed, as has been widely claimed.

What is the vulnerability?

An Akamai researcher discovered that Bash, the dominant command-line interpreter present on Unix/Linux based systems, will improperly process crafted variable definitions allowing trailing bytes to be processed as OS commands. Bash allows users to define environmental variables which contain function definitions and a flaw within this parsing process means that commands specified after the function are executed when the variable definitions are passed to a Bash interpreter. The problem can easily be reproduced by logging into Bash shell and defining a crafted variable definition with trailing commands but in this scenario there is little risk since the commands are limited to the permissions of the already logged in user. Where this ‘Shellshock’ vulnerability really becomes a problem is when we consider the many ways in which Bash is indirectly exposed to an adversary. The most prominent (and worrisome) example of this is web technologies which use the vulnerable command-interpreter to generate responses to http requests. Since various details from the request are stored in Bash variables and passed to the command-interpreter, a remote unauthenticated attacker can use these scripts to inject commands which will run in the context of the web server.



The BCI’s Australasian Awards will be presented in Melbourne on October 17th 2014. The shortlst for the awards has now been published and is as follows:

Business Continuity Consultant of the Year
Steven Cvetkovic MBCI Managing Director Continuity & Compliance Management Services Pty Ltd
Ian Perry Director Chelmsford Consulting Limited
Oliver Pettit Client Director – Risk Services Deloitte Touch Tohmatsu
Ken Simpson MBCI Principal Consultant The VR Group
Paul Trebilcock MBCI Director JBTGlobal Coporate Advisory
Nalin Wijetilleke MBCI Director/Principal Consultant ContinuityNZ Limited

Business Continuity Manager of the Year
John Doble Business Continuity Manager NBN Co.
Sarah McDonald MBCI Senior Manager – Business Resilience Deloitte Touche Tomatsu

Public Sector BC Manager of the Year
Ian Goldfinch MBCI Manager, ICT Continuity Planning eHealth Systems, SA Health
David Reason Senior Risk Manager EQC (Earthquake Commission)

BCM Newcomer of the Year
Dale Cochrane CBCI Business Continuity Consultant National Australia Bank
Mark Dossetor AMBCI Manager Business Continuity Department of Transport, Planning and Local Infrastructure (DTPLI)
Eddie Ramirez Business Continuity Coordinator Westpac Group

Business Continuity Team of the Year
Australian Taxation Office
Department of Justice, Victoria
Victorian Department of Transport, Planning and Local Infrastructure
Kiwibank Ltd

Business Continuity Provider of the Year (Product)
Linus Information Security Solutions Pty Ltd
RiskLogic Pty Ltd

Business Continuity Provider of the Year (Service)
Continuity & Compliance Management Services Pty Ltd
Hewlett-Packard Australia Pty Ltd
Linus Information Security Solutions Pty Ltd
Plan B Limited

Business Continuity Innovation of the Year
Continuity & Compliance Management Services Pty Ltd
PAN Software Pty. Ltd.
RiskLogic Pty Ltd

Most Effective Recovery of the Year
Bank of New Zealand
Plan B Limited
Westpac Banking Corporation

Industry Personality of the Year
Peter Brouggy
Steven Cvetkovic MBCI
Howard Kenny MBCI

More details.

Tuesday, 30 September 2014 15:25

New ISACA guide to IT-related risk scenarios

To help business continuity professionals better understand IT-related risk, they should develop and test risk scenarios. A new guide and tool kit from ISACA provides 60 examples of IT-related risk scenarios covering 20 categories of risk that organizations can customize for their own use.

‘Risk Scenarios Using COBIT 5 for Risk’ provides an understanding of risk assessment and risk management concepts in business terms, based on the principles of the globally recognized COBIT framework. It also defines the following six steps to effectively using risk scenarios to improve risk management:

1. Use generic risk scenarios, such as those presented in the publication, to define a set that is tailored to your organization;
2. Validate the risk scenarios against the business objectives of the organization, ensuring that the scenarios address business impacts;
3. Refine the selected scenarios based on this validation and ensure their level of detail is in line with the business criticality;
4. Reduce the number of scenarios to a manageable set;
5. Keep all scenarios in a list so they can be reevaluated; and
6. Include in the scenarios an unspecified event (an incident not covered by other scenarios)

Risk Scenarios provides scenario examples across categories such as IT investment decision making, staff operations, infrastructure, software, regulatory compliance, geopolitical, malware, acts of nature and innovation. It also provides guidance on how to respond to a risk that exceeds the organization’s tolerance level and how to use COBIT 5 to accomplish key risk management activities.

Risk Scenarios is available at www.isaca.org/riskscenarios