Disaster Recovery Journal

Modern risk management problems
The modern risk management is currently going through an ideological crisis showing the following symptoms:

• failure to understand the nature of the majority of risks, eclecticism of methods and concepts, in both technologies and standards of risk management,
• disregard of the interaction between operational risk, credit risk and market risk, lack of continuity in management processes, lack of common rating scales for the assessment of various risks,
• inadequate tools for operational risk assessment,
• the virtual absence of portfolio approach to operational risk management,
• difficulties with forecasting stress and crisis scenarios generation, difficulties with explaining the nature of chaotic market processes,
• the problem of the recently increased relevance of some previously uncommon factors, of which the following ones are thought by the author to be most important : cyber-terrorism and industrial terrorism, influence of social networks, High Frequency Trading (HFT), threat of antibiotic resistance.

http://www.ferma.eu/2013/04/future-of-risk-management-and-the-global-risk-factor-theory-possible-perspectives/

When a bad CEO goes down, the CIO often goes down with him. The way to save yourself, and your company, is to invest in the analytics technology that gives the CEO the data necessary to make smart business decisions. It doesn't hurt that it also shows why the CIO is more valuable to the CEO than other C-level executives.

http://www.cio.com/article/731992/How_a_CIO_Can_Save_an_Incompetent_CEO

Of the grand total, six H7N9 patients have been discharged from hospitals after receiving treatment, and the other 64 patients are being treated in designated hospitals. Today on the CDC Clinician call they described the majority of cases as experiencing severe disease with respiratory failure and acute respiratory distress syndrome (ARDS) as a hallmark.

http://emssolutionsinc.wordpress.com/2013/04/18/h7n9-87-cases-17-deaths-cdc-clinician-call-today-advises-get-your-pandemic-plan-in-order/

You can’t say you have business continuity or IT disaster recovery capabilities unless you know they work. And the only way to guarantee your capabilities are real is to test them. Many organizations avoid “testing” because of the “pass or fail” implications, and choose to use terms like “exercise” to soften and sometimes, lower expectations. However, when organizations do this, they are missing a great opportunity to realize the value of their BC/DR investment, and improve their capabilities.

http://blog.datalink.com/for-business-continuity-and-disaster-recovery-know-what-you-dont-know/

POTUS claims the bombs in Boston are an act of terrorism. ( http://blogs.wsj.com/law/2013/04/17/certifying-an-act-of-terror/)

The insurance companies say “Not so.”

It’s not “terrorism,” the insurers claim, until the Secretary of the Treasury, the Secretary of State, AND the U.S. Attorney General together agree that an event is “terrorism.”

http://johnglennmbci.blogspot.com/2013/04/erm-bc-coop-when-terrorism-isnt.html

A mammoth fertilizer plant explosion late last night leveled much of a town called West in Texas. Reports list at least five and up to 15 dead and more than 160 injured. Several blocks of the small town near Waco have been wiped off the map by a blast that registered on the Richter scale. “Homes have been destroyed. Part of that community is gone,”  said Sgt. William Patrick Swanton, a local police officer, at a press conference.

http://www.riskmanagementmonitor.com/west-texas-devastated-by-fertilizer-plant-explosion/

While insured property losses from the Boston Marathon bombing are small, the insurance of sports events is likely to be impacted, according to catastrophe modeling firm RMS.

Dr. Gordon Woo, catastrophist at RMS noted that the shortage of terrorism insurance cover in the years after 9/11 had led to the securitization of the cancellation risk of the 2006 FIFA World Cup.

http://www.iii.org/insuranceindustryblog/?p=3223

Having seen an uptick on volatility as measured by the VIX in the last few days, I find that this is a good time to talk about a phenomenon many people do not know. Volatility tends to be persistent, with low volatility leading to more low volatility, and high volatility leading to more high volatility. But more interesting still, volatility can feed on itself, with increases in volatility leading to further increases in volatility and decreases in volatility leading to further decreases in volatility. And there is a simple reason for this, which I will explain in this article.

http://seekingalpha.com/article/1350161-how-volatility-feeds-on-itself

Choosing the right talent for one of the most challenging jobs in the cyber economy can be a tough job, but what kind of CISO should you be looking to recruit to lead your organization? Amar Singh provides his model CISO for your consideration

Cyberspace is now the primary medium for revenue generation for most online-savvy organizations, and it is responsible for billions of dollars of commerce and revenue growth. A significant majority of goods and services are being bought and sold on the internet, across the globe. Whereas, earlier, e-commerce was only prolific in the West, today China and other nations in Africa and Asia are also seeing significant commerce in cyberspace. 

Your Disaster Recovery Plan has a Recovery Time Objective (RTO) – or, perhaps multiple RTO’s for each Application or Service being recovered).  Your Business Continuity Plans have RTO’s for the underlying functions or business processes they are designed to recover.

But do these RTO’s really mean the same thing?  Probably not; and if your Business Continuity Recovery Teams don’t understand that difference, they may be in for a very rude surprise when a disruption occurs.

http://ebrp.net/when-does-your-clock-start-the-business-continuity-rto-conundrum/