Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 27, Issue 4

Full Contents Now Available!

Jon Seals

22 military-style portable structures contributed in partnership with AmeriCares

KIRKLAND, Wash. – On Sunday May 19th, an EF4 tornado struck near the city of Shawnee, Oklahoma, damaging or destroying more than 30 homes, killing one person and injuring six others. The following afternoon an EF5 tornado struck nearby Moore, Oklahoma, killing 24 people and injuring 377, while destroying over 12,000 homes. Just two days later, another storm dumped over 2 inches of rain on the disaster sites. An immediate need became apparent for emergency shelters near and within the disaster locations for staging recovery crews and storing the vast amount of perishable goods donated by charity groups.

Immediately following the disaster, Alaska Structures Inc. donated 22 military-style portable structures to support the recovery efforts in Oklahoma. Alaska Structures managed the donation in partnership with AmeriCares, a non-profit disaster relief and humanitarian aid organization. The emergency shelters were delivered and set up by Alaska Structures' employees at a variety of locations identified by AmeriCares as having a need. Collectively, the structures provide 12,675 square feet of total floor space, with the provision of air-conditioning, lighting and electrical outlets.

The donated emergency shelters are steel-frame, fabric structures, designed to withstand 100-mph winds and engineered to provide service for 10 years or more. The tan, quonset-style military tents are similar to Alaska Structures' shelters deployed by the US Armed Forces throughout the world. Collectively, the shelter equipment along with the electrical and air-conditioning systems donated are valued at approximately one half million dollars.

It is expected that the recipients of the donation will retain the equipment once this disaster recovery work has been completed. The shelters survived the second wave of storms passing through the Oklahoma City area on 31 May, which included torrential rain and hail, along with very high winds. The durability of the Alaska Structures will allow them to be used not only during the many months required for this particularly recovery effort, but also for future disaster events in the years to come.

About Alaska Structures Inc.

Alaska Structures (AKS) designs, engineers and delivers the highest quality fabric building systems for extreme environments. Since it was founded in 1975, over 45,000 AKS shelters have been tested and proven in over 60 countries around the world, including more than 30,000 Alaska Military Shelters and 15,000 Alaska Environmental Control Units in Afghanistan and Iraq. For more information see www.AlaskaStructures.com.

As millions of baby boomers plan the sale of their businesses over the coming years, a trillion-dollar opportunity for them and their advisors, those who identify, measure and reduce risks will earn the highest values, while those relying on hope alone stand to lose millions and suffer seller's remorse

SAN DIEGO – Business owners have a major life event they each face: "How much can I receive for my company?" A critical step is obtaining an independent, qualified business appraisal. CPAs and attorneys then can recommend a transition plan that saves time, money and client worry.

"Our valuation reports are cutting edge because no other firm specifically identifies a company's value drivers and risks. These metrics become an owner and advisor roadmap. Thrifty owners err applying rules of thumb and software to save money. Neither captures the 800+ factors we consider. For every $1.00 paid in fees, we commonly find $200 to $10,000 in potential value. Let's take Relationships. We'll examine client concentration, vendor reliance, company culture, management depth, staffing turnover, advisor involvement and banking leverage. These factors reflect how the owner has managed and minimized risk; the lower the risks, the higher the pricing multiple and the higher the value," shares Carl Sheeler, Ph.D., ASA, a nationally recognized 20+ year business valuation expert.

Sheeler states, "Owners frequently overestimate their companies' values and underestimate the time needed to prepare and sell their companies. They might spread the risk, cash in some of their chips and have Private Equity or staff acquire a minority interest. The infused funds and skin in the game causes company values to climb manyfold in a few years. Reducing risks can easily change a pricing multiple from 3x to 7x earnings. Owners become excited knowing what they need to do and harnessing the knowledge of their trusted advisors, family and key staff to do it."

Business Valuations Ltd. has seven offices nationwide. Since 1954, it has served midmarket business owners and their advisors for tax, transaction and transfer purposes as well as disputes. Dr. Sheeler has been the firm's steward since 1992 and was the 2012 Worth Magazine's Leading Advisor. His doctoral dissertation addresses private company illiquidity. He authored the Valuation Chapter for the AICPA's and California Bar's Succession Planning Manuals.

New features will help organizations strengthen and streamline their information security, risk, and compliance programs across internal business lines and third-party vendors, in accordance with industry standards and best practices

PALO ALTO, Calif. – In response to increasingly complex and dynamic IT security and threat environments, MetricStream has announced its enhanced IT GRC solution, which will empower organizations and employees with a broad range of new advanced tools and functionalities.

The enhanced solution facilitates enterprise-wide oversight of IT risks and threats, and provides powerful analytics to help organizations efficiently model threat scenarios and risks, and determine the most effective response. The solution also integrates content from sources such as NIST and CERT, as well as COBIT 5 and the Shared Assessments' Standard Information Gathering (SIG) 2013 questionnaire and Agreed Upon Procedures (AUP) 2013, to help organizations build a truly word-class IT GRC program.

The increasing frequency and sophistication of cybersecurity attacks and data breaches have made it more critical than ever for organizations to proactively secure their IT environments, and effectively comply with regulations and standards such as PCI DSS, HIPAA, NERC, FISMA, and ISO 27001. In line with these requirements, MetricStream provides an integrated portfolio of solutions to streamline, integrate, and strengthen end-to-end IT GRC processes.

MetricStream IT GRC Solution now offers many new and enhanced features, including:

Sophisticated security and risk analytics based on Big Data architecture: The solution aggregates massive volumes of security and threat data from a wide variety of sources (e.g., social media, vulnerability scanners, threat advisories), using Big Data architecture based on Hadoop or MongoDB frameworks. It then maps this data to enterprise assets for comprehensive risk assessments and analysis. MetricStream's cutting-edge predictive security and risk analytics engine leverages the statistical modeling and analysis tool, "R," and filtering and correlation framework, MapReduce, to sort through these Big Data sets, and support threat scenario and risk modeling, enabling the management team to make strategic, data-driven decisions.

Real-time threat intelligence from social media and information security monitoring: MetricStream's social media GRC engine utilizes advanced natural language processing capabilities to analyze social media conversations, facilitate risk evaluations, and trigger issue remediation workflows. The solution also monitors IT infrastructure performance, user activity, and sensitive data flows, enabling pattern anomalies to be detected, analyzed, and remediated early.

Enhanced monitoring of virtualized assets in the cloud: The solution's enhanced and comprehensive monitoring capabilities enables improved security configuration assessments, continuous controls monitoring, risk management, and threat and vulnerability tracking assets across the vast and complex virtualized IT environment. In doing so, it helps organizations quickly detect new and emerging security risks, and maintain consistent compliance with external regulations and internal policy requirements.

Vendor risk management: The solution provides advanced capabilities to assess, identify, manage, and monitor vendor risks across both traditional and cloud based vendors. It also streamlines and standardizes vendor risk scoring and reporting, and provides an integrated vendor risk profile at the enterprise level which, in turn, helps management proactively identify those high-risk vendors which require additional resources and oversight.

New integrations with NIST, CERT, and support for SCAP standards: The MetricStream solution provides updates on new security threats and guidelines through its integration with automated feeds from NIST and CERT. It also provides support for NIST SCAP standards, vendor hardening guidelines, and security configuration baselines. Additional integrations with various third-party threat and vulnerability management tools, threat advisories, and cyber threat monitoring solutions help organizations gain complete visibility into their enterprise-wide IT risk and compliance posture.

Quarterly releases/ updates of IT GRC content: The MetricStream solution includes the latest release of the Unified Compliance Framework which simplifies IT compliance, and reduces resources and costs by standardizing a common set of controls across all regulations and policies. The solution also includes licenses to SIG 2013 and AUP 2103 from Shared Assessments, which provides the world's most comprehensive standards for vendor risk evaluation. The SIG and AUP, which are based on multiple industry standards, enable objective and consistent evaluations of third-party IT risks and controls.

"Organizations today want a solution that can not only support and enable all IT GRC activities, but also scale across the enterprise, integrating security and threat data, and providing actionable intelligence to support decision-making," said Vasant Balasubramanian, Vice President of Product Management at MetricStream. "MetricStream's new and enhanced IT GRC solution provides the oversight, agility, speed, and flexibility to meet these requirements so that organizations can thrive amidst our increasingly complex and dynamic IT security and threat environments."

About MetricStream

MetricStream is a market leader in Enterprise-wide Governance, Risk, Compliance (GRC) and Quality Management Solutions for global corporations. MetricStream solutions are used by leading corporations such as UBS, P&G, Constellation Energy, Pfizer, Philips, BAE Systems, Twitter, SanDisk, Cummins and Sonic Automotive in diverse industries such as Financial Services, Healthcare, Life Sciences, Energy and Utilities, Food, Retail, CPG, Government, Hi-tech and Manufacturing to manage their risk management programs, quality processes, regulatory and industry-mandated compliance and corporate governance initiatives, as well as several million compliance professionals worldwide via the www.ComplianceOnline.com portal. MetricStream is headquartered in Palo Alto, California and can be reached at www.metricstream.com.

Oracle Recognizes MindStream for Expertise in Consulting and Managed Services for Oracle Hyperion

BOSTON – MindStream Analytics, a leading consulting firm focused on helping clients improve business understanding and decision making, today announced that it has achieved Platinum partner status in Oracle PartnerNetwork (OPN). By attaining Platinum level membership, Oracle has recognized MindStream for its in-depth expertise and excellence in delivering services for Oracle Hyperion and for uniquely addressing the challenges of joint customers.

"Oracle Platinum Partner status is awarded to companies that have proven leadership in showcasing the depth and breadth of a company's expertise," says Senior Partner Alex Ladd. "We are extremely honored to obtain the status and have Oracle recognize MindStream in the Oracle Hyperion and Oracle Business Intelligence Enterprise Edition space for service quality, performance, innovation, and total client focus."

MindStream Analytics has established its depth and breadth of services across Oracle Essbase, Oracle Hyperion Planning Suite, Oracle Hyperion Financial Management, and Oracle Business Intelligence Enterprise Edition.

With its Platinum status, MindStream Analytics receives the high level of engagement, commitment and benefits available to OPN partners. Platinum members receive dedicated virtual account management support to build joint development plans and help broaden Specialization areas and revenue opportunities. Additional benefits include priority placement in the OPN Solutions Catalog, one free application integration validated by Oracle, joint marketing and sales opportunities, discounted training and more. For more information about the benefits of becoming an OPN Platinum level partner, please visit: http://www.oracle.com/us/partnerships/index.htm

For more information on MindStream Analytics, please visit www.MindStreamAnalytics.com.

MindStream Analytics is a consulting and managed services firm dedicated to helping clients enable better decision making. With over a decade of experience in the analytics and Enterprise Performance Management space, MindStream offers customers business intelligence and analytic tool selection, predictive modeling development, real-time streaming analytics, Profitability Costing models, EPM design and delivery optimization, and best practices for financial planning. MindStream guides its customers to a solution that enhances business modeling enabling better analysis and insight into their data. We believe that the power of technology combined with best practices will give customers the ability to make fact-based decisions. Join us on our social media pages for latest news and updates, upcoming events, and free webinars.

About Oracle PartnerNetwork
Oracle PartnerNetwork (OPN) Specialized is the latest version of Oracle's partner program that provides partners with tools to better develop, sell and implement Oracle solutions. OPN Specialized offers resources to train and support specialized knowledge of Oracle products and solutions and has evolved to recognize Oracle's growing product portfolio, partner base and business opportunity. Key to the latest enhancements to OPN is the ability for partners to differentiate through Specializations. Specializations are achieved through competency development, business results, expertise and proven success. To find out more visit http://www.oracle.com/partners.

How to keep your IT systems working when the worst happens, by IT consultant John Dryden


IT is the life blood of any modern charity, linking its head, heart and essential organs. If it stops flowing, things will instantly seize up.

This is especially true for international charities, for whom email is the most practical way to communicate with far-flung colleagues. Where staff are operating in different time zones and remote locations across the developing world, it can sometimes be the only way to communicate regularly.

For example, an international medical charity we work with has 1,400 staff spread across the globe. On an average day its London-based team send and receive more than 11,000 emails – some of them involving life-or-death medical decisions.



Most small and medium-sized enterprises (SMEs) are experiencing difficulties with data backup and recovery, a study has shown.

A poll of 500 SMEs in Europe and the US shows that 85% are experiencing cost-related challenges with backup and recovery, 83% with lack of capabilities and 80% with complexity.

Other problems include high ongoing management costs (51%), expensive licensing models (48%) and backups either requiring or using too much storage (44%).

This means there is a maximum of 15% of SMEs that currently have no issues with data protection, said backup, replication and virtualisation management firm Veeam Software, which commissioned the survey.



Preliminary results from a joint CII, London School of Economics and University of Plymouth research project on how financial organisations approach risk culture, revealed that firms were becoming increasingly conservative and it could damage their profitability.

The research project was designed to deliver practical guidance for firms to improve the cultures and behaviours associated with risk-taking and control activities.

Interviews were carried out at nine financial institutions with risk management professionals and the study also included the findings from a survey of 2258 CII members.



As the security industry continues to grapple with a shortage in skilled professionals, particularly within very specific niches like application security, the state of security professional development continues to keep the industry locked up in a number of hotly contested debates. Beyond the most obvious argument over the value of security certifications, some security pundits have stepped up to argue about a more fundamental impediment to rising the tide for all boats in the industry: the cost of paid training.

"Mathematically it's easily demonstrable that organizations can't afford to send all of their employees to a class when you're talking classes that typically are around $1,000 a day," says Xeno Kovah, lead infosec engineer at The Mitre Corporation. "It's just not possible to take a group of 50 people out of your company, if you have a large one, and pay the amounts of money that are being asked to sufficiently bootstrap your employees."



Dozens of government agencies have no idea whether their websites or public kiosks are a security risk.

The widespread failing has been revealed in a review of 70 government departments and ministries that was able to identify 12 systems at risk because of insecure passwords, potential access by unauthorised users or being connected to internal networks. However, there was no evidence of privacy breaches.


KPMG investigated 215 publicly accessible computer systems and found 73% lacked formal security standards and had no formal risk management processes.

The offenders included the Ministries of Social Development, Education and Justice, as well as the Earthquake Commission and the MidCentral District Health Board.



Why would you need a Policy once you have Business impact analysis, Business continuity strategy and Business continuity plan? This is probably a question many experienced business continuity/disaster recovery practitioners are asking themselves, so here’s why ISO 22301 (a leading business continuity management standard) says it’s mandatory.

Main purpose

The main purpose of Business continuity policy is that the top management defines what it wants to achieve with business continuity. Now why would that be important? Because in many cases the executives have no idea how business continuity can help their organization, which means they won’t be particularly interested in supporting the business continuity effort in their company.