Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Bonus Journal

Volume 29, Issue 5

Full Contents Now Available!

Rather than working to cure the IT security disease, too many companies are focused simply on treating the symptoms by adding layer after layer of security complexity. To get to the root of the malady, what they need to be focused on instead are data analytics, machine learning, and an understanding of individuals’ roles.

That was my key takeaway from a recent interview with Stan Black, chief security officer at Citrix Systems, who said that conclusion had been reinforced by the findings of a newly released IT security survey, commissioned by Citrix and conducted by the Ponemon Institute. Black addressed the layering phenomenon in the context of what he sees as the role of public cloud:



Months ahead of the 2017 presidential inauguration, security officials have been in high gear and pulling out all the stops to make the event a safe one. No other presidential inauguration has garnered so much debate, spurring officials to take this year’s inauguration to another level when it comes to security.

Among the precautions taken are what the Washington Post calls, “A virtual fortress of roadblocks, fences and armed police.” What does this entail?



Crowd safety is important to understand before heading out to a large public event.  This weekend there will be many events and marches.  Before you head out to any of them, know a bit about crowd safety before you go. First some basic concepts about crowds:

  • Reaching critical crowd density is a main characteristic of crowd disaster and is approached when the floor space per (standing) person is reduced to about 1.5 square feet or less.
  • At 5 sq. ft. per person, the maximum capacity of a corridor or walkway is attained, (i.e. exiting a stadium or theatre); at approximately 3 sq. ft. per person, involuntary contact and brushing against others occurs.
    • This is a behavioral threshold generally avoided by the public, except in crowded elevators and buses.
    • Below 2 sq. ft. per person, potentially dangerous crowd forces and psychological pressures may to develop.



The Business Continuity Institute

Two-thirds (66%) of financial executives in the US say their organization has been harmed by equipment failure during the last five years, 6 out of ten (60%) have been impaired by data breaches or cyber attacks, while more than half (52%) have had their operations affected by natural disasters. Yet the majority (54%) say their organizations have not developed or tested any formal loss recovery plans. This is according to a new study commissioned by FM Global.

Finance’s role in operational risk management: CFO research on building a resilient company also revealed a low level of preparedness for operational risk events as only a third (34%) of financial executives believe their organization was very well prepared to recover from an equipment failure. Just a third (33%) felt they were very well prepared to recover from a natural disaster, while merely a quarter (24%) were very well prepared to recover from a data breach/cyber attack.

It’s surprising the number of companies that have been harmed by operational risk events, coupled with the relatively low number of companies that feel they are very well prepared for a disruption event,” said Eric Jones, operations vice president and global manager of business risk consulting, FM Global. “The findings reveal the opportunity for financial executives to implement stronger plans with increased data, to help move resilience forward within their organizations.

There is also an increasing perception of risk as over two-thirds (70%) of financial executives are concerned that their revenues or earnings will become more vulnerable to operational risk over the next two years, and nearly 6 out of ten (60%) say the need to manage operational risks will make it more difficult to meet revenue and earnings targets over the next two years.

Some of these findings echo the results of the latest Horizon Scan Report published by the Business Continuity Institute which features cyber attacks, data breaches and IT/telecommunications failures as the top three concerns for business continuity professionals. Adverse weather features high on the list in eighth place, although other natural disasters such as earthquakes and tsunamis are not quite as concerning.

Overall, the study found a need for improved resiliency with 86% of respondents say their companies will need to be more resilient in the future.