Fall World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 28, Issue 2

Full Contents Now Available!

Industry Hot News

Industry Hot News (3280)

Planning, training and exercising are supposed to be continuous in the emergency management field. The question is, when are you done? When is good, good enough? At what time do you reach the point of diminishing returns?

For planning, it never seems to end. Once a plan is written, you have to train people to the plan and then exercise it with those people and outsiders too. In both training and exercising, you will find gaps in your plan document. This comes from having more eyeballs on the document, and then the act of exercising the plan will reveal areas that either were not addressed at all or are in need of revision.

...

http://www.emergencymgmt.com/training/When-Is-Good-Good-Enough-Emergency-Plans.html

Monday, 27 April 2015 00:00

It’s Getting More Dangerous Out There

Today’s threat landscape isn’t getting quieter. In fact, cyber criminals are getting smarter. The “same old same old” just won’t cut it when you’ve got to select an endpoint security solution for use in today’s increasingly toxic threat landscape.

The cold, hard truth is that today’s threat landscape isn’t getting quieter. In fact, cybercriminals are getting smarter. Just consider the three V’s--volume, velocity and variety--that characterize the current endpoint security environment:

...

http://mspmentor.net/blog/it-s-getting-more-dangerous-out-there

 

(TNS) — The most powerful earthquake to hit Nepal in more than eight decades roared across the impoverished mountain kingdom just before noon Saturday, killing more than 1,800 people, some as far away as India and Bangladesh, and devastating a crowded base camp at Mt. Everest.

Signature buildings collapsed in the ancient Old Katmandu quarter of the capital, including the Dharahara Tower, a 200-foot-tall structure built in 1832. Emergency response officials said at least 60 tourists were buried under rubble while visiting the popular site at the busiest time of day. Other historic buildings in Katmandu Valley’s UNESCO-designated heritage sites were also damaged or destroyed by the magnitude 7.8 temblor, including Patan Durbar Square.

“Responders are trying to dig people out,” said Prajana W. Pradham of the CARE relief agency. “This quake was so big.”

Officials said the death toll was likely to increase dramatically, perhaps to as many as 10,000, as emergency response crews reach more remote areas of the country of 28 million.

...

http://www.emergencymgmt.com/disaster/Nepal-Earthquake-Toll-Expected-to-Rise-Sharply.html

Monday, 27 April 2015 00:00

Nobody Puts Big Data in a Corner

It’s easy to type cast analytics. After all, it so easy fits in with BI that we tend to want to think about Big Data as a tool for business analysts, finance and IT leaders. But nobody puts Big Data in a corner, and a recent DC Velocity article shows why.

If you’re unfamiliar with the magazine/website, DC Velocity covers supply chain and logistics, and the piece is actually a republished CSCMP Supply Chain Quarterly journal article. The point of the article is to show how Big Data analytics can be useful to supply chain leaders, but it actually makes the case for why all managers should educate themselves on analytics.

“Without a full understanding of what the field of analytics is about, supply chain managers may be missing out on many opportunities—both for their companies and for themselves,” the article states.

...

http://www.itbusinessedge.com/blogs/integration/nobody-puts-big-data-in-a-corner.html

Wireless Emergency Alert (WEA) messages need to be longer, URLs should be included, message order must be changed and more outreach is needed, according to a new study conducted for the U.S. DHS.

The Comprehensive Testing of Imminent Threat Public Messages for Mobile Devices study used focus groups, interviews, post-incident surveys and experiments to thoroughly examine WEA messages. With $980,000 provided by the Commerce Department to DHS’ Science and Technology (S&T) Directorate, the study was conducted by the National Consortium for the Study of Terrorism and Responses to Terrorism (START) at the University of Maryland. The study’s principal investigator, Brooke Fisher Liu, said the empirical-based guidance “can potentially help alert originators improve how they currently craft and disseminate WEAs.” 

Denis Gusty, a program manager with DHS S&T, said he was not surprised by any of the research findings, but hopes stakeholders will read the report and make adjustments where appropriate by putting the information into practice. Suggested changes relative to message length and content are already under consideration by key stakeholders charged with making WEA recommendations to the FCC through the Communications Security, Reliability and Interoperability Council.

...

http://www.emergencymgmt.com/disaster/Longer-Messages-Needed-Wireless-Emergency-Alerts.html

Batteries are a common site at most data centers, but while they typically form the heart of emergency backup architectures, there are growing signs that they could emerge as primary, or at least co-primary, power sources as well.

This trend seems to be part and parcel to the steadily increasing use of hydro, solar and other renewables to power the data center, as well as the rise of low-power, modular infrastructure in cloud-facing, hyperscale facilities.

Microsoft, for one, has been experimenting with a number of battery technologies for a while now, ostensibly to lower operating costs of its Azure cloud. In one project, the company has come up with a new lithium ion design called the Local Energy Storage (LES) unit, according to tech journalist Timothy Prickett Morgan. The system features the normal Panasonic cell that powers microservers and other devices, but rather than hang it off the side of the server, Microsoft dropped it into the switched mode power supply in the Open Cloud Server architecture. In this way, power can go directly to existing circuits without additional wiring and components. This also removes the battery from the path between the power source and the motherboard, ultimately reducing the load on bulk capacitors in backup power systems. The batteries cost only a few dollars when purchased in bulk and are estimated to cut operating costs by about a quarter.

...

http://www.itbusinessedge.com/blogs/infrastructure/renewable-energy-is-driving-advanced-power-storage-solutions.html

We are in the midst of experiencing one of the most monumental shifts in the information technology age to date—an evolution from self-managed IT to IT as a service. With a public cloud services market estimated by Gartner to exceed $244 billion by 2017, service providers looking to capitalize on this tremendous opportunity must be focused on rapid time to market and deliver exceptional managed services to their customers.

However, like most of us, service providers of all types and sizes are being challenged to do more with less, to enable faster R&D cycles, and to accelerate customer acquisition growth while reducing overall spend. It is for these reasons that many MSPs have been looking to leverage VMware’s as-a-service offerings: When it makes sense for their business, partners can opt to buy--as a complement to what they’ve built--ready-to-run infrastructure and desktop services, and focus on delivering managed services on top.

...

http://mspmentor.net/blog/information-technologys-monumental-shift-it-service

Friday, 24 April 2015 00:00

Managing Cyber Risk in Health Care

When Anthem, the second largest insurance provider in the United States, revealed recently that its records had been compromised by hackers — resulting in the possible leaking of personal data of more than 80 million present and former customers — the incident became a much-needed wake-up call for the health care industry.

Unfortunately, Anthem is not the first company to experience a major data breach in the past 18 months. In 2014 alone, customer data, credit card information and intellectual property were stolen from Target, Home Depot, JPMorgan Chase, Sony Pictures and many others.  What recent history has taught us is that hackers are becoming more sophisticated, attacks are becoming more malicious and no industry or organization is invulnerable.

The public has moved on from asking, “How did this happen?” to asking, “Why does this keep happening?” The attention on privacy rights coupled with the growing costs of major data breaches are elevating the issue of managing the digital enterprise to the board level.

...

http://www.corporatecomplianceinsights.com/managing-cyber-risk-in-health-care/

By Gary Hinson and Dejan Kosutic

Most business continuity experts from an IT background are primarily, if not exclusively, concerned with establishing the ability to recover failed IT services after a serious incident or disaster. While disaster recovery is a necessary part of business continuity, this article promotes the strategic business value of resilience: a more proactive and holistic approach for preparing not only IT services, but also other business processes before an incident in order that an organization will survive incidents that would otherwise have taken it down, and so keep the business operating in some form during and following an incident. 

Introduction

According to the BSI Standard 100-4 (2009), “Business continuity management consists of a planned and organized procedure for sustainably increasing the resilience of (time-)critical business processes of an organization, reacting appropriately to events resulting in damages, and enabling the resumption of business activities as quickly as possible. The goal of business continuity management is to ensure that important business processes are only interrupted temporarily or not interrupted at all, even in critical situations, and to ensure the economic existence of the organization even after incurring serious damage.”

Is business continuity important enough to invest time, effort, and money into achieving it? Given that the alternative implies accepting the risk that the business will quite likely fold in a crisis, few in management would seriously argue against business continuity, but that still leaves the questions of how much to invest, and how to invest wisely. These are strategic issues: business continuity is a strategic concern.

...

http://www.continuitycentral.com/index.php/news/resilience-news/175-feature1306

As an emergency manager, one of the easiest questions to answer is: Why do we do what we do? Thoughts of preventing loss of life and protecting property for our families, neighbors and all members of our community and nation quickly spring to mind. A frequent follow-on question can be more complex: That sounds important, how do you make sure you get it done right?

As we answer this next question, we may recall the problems we solved: the time we found a flaw in our response plan that we quickly fixed, or the moments in the Emergency Operations Center when we relied on our team and our training to make the right decisions. Indeed, it is our ability to problem-solve effectively that keeps emergency management so dynamic. Whether we work in preparedness, mitigation, response or recovery, as we identify solutions to address the worst-of-the-worst that could happen (or has happened) to our communities, we act as agents of dynamic change.

This dynamism goes all the way to our core, as even our foundational structure and methodology have evolved significantly since the turn of the century. In recent years we have redefined our relationship with homeland security; we have learned our place under one National Incident Management System; the list could go on. This ongoing evolution, empowered by our willingness to identify our weaknesses and strengthen them, is a core reason why our community is so strong.

...

http://www.emergencymgmt.com/training/Dynamism-Projectizing-Evolution-for-Emergency-Management.html

(TNS) — Nearly half of all Americans — 150 million people — are threatened by possibly damaging shaking from earthquakes, scientists said Wednesday at a meeting of the Seismological Society of America.

That figure, from all 50 states and Puerto Rico, is a sharp jump from the figure in 1994, when the Federal Emergency Management Agency estimated just 75 million Americans in 39 states were at risk from earthquakes.

The authors of the study, which included the U.S. Geological Survey, said the sharp increase in exposure to quake damage was largely because of population increases in areas prone to earthquakes, particularly California, said William Leith, a coauthor and senior science advisor for earthquake and geologic hazards at the U.S. Geological Survey.

...

http://www.emergencymgmt.com/disaster/Nearly-Half-Americans-Threatened-Earthquakes-Study-Finds.html

(TNS)Using some of its strongest language to date, the Oklahoma Geological Survey said Tuesday the state's ongoing earthquake swarm is "very unlikely to represent a naturally occurring process."

The state survey said the suspected source of triggered earthquakes is the use of wastewater disposal wells that dump large amounts of water produced along with oil production.

"The observed seismicity of greatest concentration, namely in central and north-central Oklahoma, can be observed to follow the oil and gas plays characterized by large amounts of produced water," the report stated. "Seismicity rates are observed to increase after a time-delay as injection volumes increase within these plays. In north central and north-central Oklahoma, this time-delay can be weeks to a year or more."

...

http://www.emergencymgmt.com/disaster/Oklahoma-Geologists-Issue-Statement-Linking-Earthquakes-Drilling.html

If you are familiar with IT security testing for organisations, you have probably heard of the concept of a kill chain. This is a route by which an attacker can achieve a given goal (steal data or sabotage an IT installation, for instance). Kill chains as their name suggests are composed of several links or stages through which an attacker moves to home in on the target result. As efficiency as well as effectiveness is part of business continuity, why reinvent the wheel? The kill chain could provide insights here as well.

...

http://www.opscentre.com.au/blog/have-you-checked-out-your-business-continuity-kill-chain/

Thursday, 23 April 2015 00:00

Drones Should Be On Everybody’s Radar

One of the questions that underlie much of what is discussed in the telecommunications and IT world is whether the end game is a world of unemployed people. When will IBM Watson and other cognitive computing platforms evolve to the point that they make analysts unnecessary? When will robots become so sophisticated that all the nurses and home health care givers will be out of work? When will drones replace the neighborhood ice cream truck?

These are important questions, but ones that are not strictly limited to the IT/telecom realm. After all, engineers make the weapons. Politicians, legislators and administrators decide how to use them.

...

http://www.itbusinessedge.com/blogs/data-and-telecom/drones-should-be-on-everybodys-radar.html

An ‘alternate workspace’ (either at your own locations, or contracted through a 3rd party provider) can be a vital component of a viable Business Continuity strategy; but only if the strategy works as intended.

An earlier article discussed Alternate Site Logistics – transportation, access and accommodations.  But you’ll also need to make sure to build technical access into every BCP which may rely on an alternate site strategy.

Let’s assume in that hypothetical Alternate Workspace strategy the designated employees arrive safely and are granted access to their alternate workspace.

...

http://www.ebrp.net/access-credentials-at-your-alternate-workspace/

It ought to go without saying that a volunteer firefighter isn’t going to perpetrate a sex crime or rob a house when he’s supposed to be dousing the flames. Apparently it isn’t that obvious.

Last year New York Gov. Andrew Cuomo signed a law requiring background checks to ensure volunteer firefighters weren’t carrying sex offense convictions. It’s up to individual fire companies to decide whether a prospective volunteer is fit to serve, in spite of a past sex offense, but everyone gets screened.

In Rush County, Ind., volunteers for Community Emergency Response Teams (CERTs) must submit to an even broader check, one that encompasses all past criminal history.

...

http://www.emergencymgmt.com/training/Emergency-Managers-Debate-Background-Checks-for-Volunteers.html

(TNS) — If a hurricane is closing in on your neighborhood, the National Weather Service wants you to know what you will likely face.

So it is creating an interactive map on its homepage to tell you how your home in any particular storm could be affected by strong winds, torrential rains, storm surge or flooding.

"It communicates the local threat of each hurricane hazard," Pablo Santos, meteorologist in charge of the weather service's Miami office, said Tuesday. "It's meant to be realistic in terms of what to prepare for."

While the goal is to have it up and running by the June 1 start of hurricane season, Santos said it is still "under construction" and may not be available until the heart of the season in mid-August, or possibly even next year.

...

http://www.emergencymgmt.com/disaster/Interactive-Hurricane-Map-Detail-Local-Threats.html

Wednesday, 22 April 2015 00:00

The global cost of supply chain disruption

Rapid economic growth in emerging economies, labour disruptions, political instability and a disease outbreak in West Africa led to a rise in business losses in 2014 according to the latest Global Supply Chain Intelligence report from BSI Supply Chain Solutions. Globally over $23 billion was lost to cargo theft in 2014 from a variety of supply chain threats, while the four most economically damaging natural disasters caused a collective $32.8 billion of damage. Within Europe, trade interruption due to an array of strikes throughout the continent caused $1.5 billion of direct losses to business.

The scale of the problem was demonstrated in the Business Continuity Institute’s most recent Supply Chain Resilience report which revealed that over three quarters (76%) of respondents to a survey had experienced a supply chain disruption during the previous year and almost a quarter (23.6%) had reported cumulative losses in excess of €1 million during that time.

David Horlock, Managing Director, BSI APAC commented: “Companies are facing an increasingly wide range of challenges to their supply chain, from human rights issues to natural disasters. Such complexity creates black holes of risk for organizations, both directly affecting the bottom line but perhaps more seriously, hidden supply chain risk, damaging a company’s hard-earned reputation.”

Port congestion and strikes continued to severely affect business continuity across Asia Pacific, the west coast of the United States and Germany throughout 2014. Limited container storage space resulted in cargo discharge times of up to a week, increasing operational costs for companies shipping through Hong Kong by nearly $1 million per month. General strikes across Belgium caused $1billion of direct losses to business, while airline strikes in France and Germany cost $300 million and $198 million respectively.

While the report highlights cargo theft as a growing risk, it is still outweighed by the economic impact of natural disasters. 2014’s top four natural disasters caused a collective $32.8 billion of damage to businesses, with flooding across Pakistan and India making up a third of this figure. Three quarters (75%) of the top exporters across the Asia-Pacific region are rated high or severe for natural disaster risk.

http://www.thebci.org/index.php/about/news-room#/news/the-global-cost-of-supply-chain-disruption-114098

This week, I’m attending the 2015 RSA Conference where I’ve had the chance to mingle with security professionals and other security writers, as well as get to sit in on some interesting sessions. I was invited to attend a panel discussion hosted by Nok Nok Labs. The panel included Nok Nok’s CEO Philip Dunkelberger; Jon Oltsik, a security analyst at Enterprise Strategy Group; Rhonda MacLean, a former CISO with a number of companies including Bank of America and Boeing; and Giles Watkins, a partner in the cybersecurity practice at KPMG.

The discussion—with quite a bit of audience participation, I should add—revolved around the opening question posed by Oltsik: Why is it taking so long for industry to embrace security?

...

http://www.itbusinessedge.com/blogs/data-security/questioning-the-industrys-slow-response-to-improving-security.html

The words “rip and replace” are among the most feared in the IT lexicon—right up there with “denial of service” and “The CIO wants you in his office right now.”

But now that the enterprise is contemplating a data environment that will propel business into the 21st Century, some organizations are giving serious consideration to wholesale replacement of aging infrastructure. In an increasingly interconnected world, it has not gone unnoticed that many emerging markets are already building forward-leaning data environments atop gleaming new hardware platforms.

Indeed, says EuroCloud co-founder Phil Wainewright, those who don’t embrace some level of rip-and-replace will find themselves outclassed by rivals who do. When the pace of change is moving at hyperspeed, delay is the enemy—it not only limits your ability to compete, it makes the inevitable change that much harder as new systems and software become integrated with the old.

...

http://www.itbusinessedge.com/blogs/infrastructure/can-old-infrastructure-really-support-the-new-data-center.html

For the city of Long Beach, Calif., the challenge of emergency management is clear: A small number of people are making too many 911 calls for medical assistance.

It’s a problem Long Beach and cities across the nation struggle with as a minority of callers and care facilities — also known as “911 super-users” — congest phone lines and stretch emergency resources. Financially, it's a problem for providers, governments and even the callers themselves. Yet more pressing is the impact on first responders, where a minute's delay could determine life or death.

To deal with the problem, Long Beach officials partnered with the civic tech group Code for America to create AddressIQ, a Web app that combines fire, police and business licensing data to reduce calls from 911 super-users. The tool connects addresses to both the number and type of emergency dispatches. The information enables emergency workers to collaborate on high-usage locations and assist callers through education, social outreach, or — in worst cases — enforcement measures.

...

http://www.emergencymgmt.com/next-gen-911/Can-App-Reduce-Number-911-Super-Users.html

(TNS) — The woman won't look away from the dark huddle of uniforms standing behind a yellow police tape barrier that flaps back and forth in an occasional breeze. There, on the other side of this South Los Angeles parking lot, her brother is lying, still.

Two men in suits approach her. Their expressions signal bad news. Their words confirm it: Earlier in the night, her brother was shot in the head and killed.

Barbara de Lima, a grandmotherly figure with curly white hair, stands beside the family as they talk to the detectives. When a family member begins to cry, de Lima gives her a water bottle along with soothing words of comfort. The woman falls onto her, and de Lima cradles her head on her shoulder, calling her "honey."

...

http://www.emergencymgmt.com/health/Crisis-Response-Team-Los-Angeles-Comfort-Surviving-Victims.html

Mapping tool visualizes anticipated flood effects, aiding preparation for coastal storms

April 21, 2015

Charleston, South Carolina, was found to be one of the top ten U.S. cities in increased nuisance flooding, according to a June 2014 NOAA report. The Coastal Flood Exposure Mapper enables users to visualize these flood impacts and others in order to craft better resilience plans.". (Image: NOAA).

Charleston, South Carolina, was found to be one of the top ten U.S. cities in increased nuisance flooding, according to a June 2014 NOAA report. The Coastal Flood Exposure Mapper enables users to visualize these flood impacts and others in order to craft better resilience plans.". (Image: NOAA)

A NOAA flood exposure risk mapping tool that was developed in New York, New Jersey, Delaware and Pennsylvania has now been expanded to cover coastal areas along the entire U.S. East Coast and Gulf of Mexico. The Coastal Flood Exposure Mapper, a deliverable of President Obama’s Climate Action Plan, provides users with maps, data, and information to assess risks and vulnerabilities related to coastal flooding and hazards.

According to the 2010 U.S. Census Bureau population count, 39 percent of the U.S. population lives in counties subject to significant coastal flooding.

“Coastal populations are increasing, as is the potential for flood events,” said Jeffrey L. Payne, Ph.D., acting director of NOAA’s Office for Coastal Management. “Anything we can do to make people aware of their community’s vulnerability puts that community in a better position to act to save lives and property.”

With this NOAA tool, users select their location and the flood scenario of their choosing: Federal Emergency Management Agency flood designations, shallow coastal flooding associated with high tides, or flooding associated with sea level rise or storm surge. Flood maps are then overlaid with any of three exposure maps to show how floodwaters might impact area assets. All maps can be saved, printed, and shared.

  • The societal exposure map provides information on population density, poverty, the elderly, employees, and projected population growth. Communities can use this information for community planning and to determine how floodwaters might affect vulnerable or concentrated populations.

  • Roads, bridges, water, and sewer systems can be damaged by coastal flooding. Communities can use the mapper to assess infrastructure vulnerabilities and associated environmental and economic issues to determine what steps are needed to protect these assets.

  • The ecosystem exposure map provides data and information about natural areas and open spaces—including their proximity to development — to help communities identify which areas can be conserved for future flood protection benefits. Pollution sources are also identified to show where natural resources could be affected during a flood.

Coastal communities around the country are becoming more vulnerable to severe events and water inundation,” said Holly Bamford, Ph.D., acting assistant secretary of commerce for conservation and management. “According to the 2010 U.S. Census, the population of coastal communities is going to rise by 8 percent by 2020. Increased vulnerability plus increased population means communities are going to need accurate, reliable, and timely information to prepare for the future. Equipping our communities with information, products, services, and tools, like the Coastal Flood Exposure Mapper, allows them to become more resilient.”

This map tool was developed by the NOAA Office for Coastal Management.

NOAA’s mission is to understand and predict changes in the Earth's environment, from the depths of the ocean to the surface of the sun, and to conserve and manage our coastal and marine resources. Join us on FacebookTwitter, Instagram and our other social media channels.

Target (TGT) last week said it would pay MasterCard (MA) issuers up to $19 million pre-tax in alternative recovery payments related to the retailer's Dec. 2013 data breach. And as a result, Target and MasterCard top this week's list of IT security newsmakers, followed by the Data Security and Breach Notification Act of 2015, HSBC (HSBC) and Verizon (VZ).

What can managed service providers (MSPs) and their customers learn from these IT security newsmakers? Check out this week's list of IT security stories to watch to find out:

...

http://mspmentor.net/managed-security-services/042115/it-security-stories-watch-target-mastercard-reach-settlement

undefined

At the BCI Middle East Conference in May, to be held at the Oryx Rotana in Doha, Qatar, the Business Continuity Institute Qatar Forum will launch its Qatar Business Continuity Management Guideline. The guideline was a collaborative effort of a small Working Committee representing various organizations in Qatar, and the members are also active participants in the recently established BCI Qatar Forum. In developing the guideline, the BCI Qatar Forum was supported by the Directorate of laboratories and standardization within Qatar's Ministry of Environment.

This new guideline is designed to help all types of organizations operating in Qatar, whether business, charity or government, and regardless of sector, size, location or activity, to be better-prepared and more confident to handle business disruptions of any type.

Incidents take many forms, ranging from large-scale natural disasters or acts of terror to single technology-related failures, or utility services interruptions. Most incidents are small but some can have a significant impact on an organization, multiple organizations, or on the State of Qatar as a whole. This therefore makes business continuity management relevant at all times and at all levels. Complex inter-dependencies between organizations also make it important to ensure business continuity across the whole value chain, from receipt of goods and services from suppliers to delivery of products and services to customers, and to ensure there is an effective BCM information exchange with a range of stakeholders.

Based on the various international Standards in business continuity, and in particular ISO 22301, the guideline describes how to set up, implement and manage an effective Business Continuity Management System. The Guideline also provides guidance on interpreting ISO 22301 requirements, as well as local examples and templates to adapt and use.

"There is an increasing global awareness that organizations in the public and private sectors must know how to prepare for and respond to unexpected and disruptive events, to ensure business continuity and maintain their operations and the Qatar BCM Guideline will help all organizations in Qatar achieve this" said Abdullatif Ali Al-Yafei, Chairman of the Qatar BCM Guideline Working Committee.”

http://www.thebci.org/index.php/about/news-room#/news/bci-to-launch-qatar-business-continuity-management-guideline-113387

Social media gaffes know no corporate hierarchy.  With more and more execs using and being encouraged to use Social Media, the instant and public ramification of a gaffe, blunder, or exploit the stakes keep rising.  These can result in much more than embarrassment for the perpetrator and their company.  Ramifications and fallout can include spreading malware, mishandling the PII of high profile individuals, violating federal regulations, or triggering the scrutiny of regulatory bodies.

In February, Twitter CFO Anthony Noto’s account was hacked and some 698 spammy tweets were sent out from his account over an eight-minute period.

...

http://www.corporatecomplianceinsights.com/big-corporate-titles-big-social-media-mistakes/

As information, computing and data communications technologies evolve, business demand for data centre / center services grows simultaneously. That demand is split into two parts; public cloud, where computing is available on demand and delivered from data centres owned and operated by large US-based corporations, and commercial data centres. It’s vital that companies understand which method will prove most beneficial for their business.

As the hybrid cloud model’s popularity grows, so does the trend of businesses moving from in-house to a combination of external colocation and on-demand public cloud services. The flexibility of public cloud means choosing a provider is simple and if the cloud service provider does not meet business needs, moving is equally simple. This is not the case with colocation, where the choice of an external data centre requires care, thought and research. With this in mind, there are five key points companies should consider when looking for a safe, secure and reliable data centre to host their own critical equipment:

...

http://www.continuitycentral.com/index.php/news/technology/165-top-five-considerations-for-businesses-colocating-in-a-data-centre

When you do a test, you aim to pass it but when designing exercises, it’s best to fail them so you learn the maximum amount—especially what is wrong…

Testing business continuity plans is vital because, clearly, that’s the only way to ensure that a business continuity plan works in reality as well as on paper. However, as Peter Frielinghaus, Senior Advisor at ContinuitySA points out, validating the business continuity plan is itself a process more than an event: “That’s why the ISO 22301 standard requires exercising and testing of business continuity procedures to ensure they meet your objectives and are reliable,” says Mr. Frielinghaus. “To my mind, the exercising is where the most value lies because it helps the organization assess where it is and where it needs to improve, whereas a test simply delivers a pass or fail.”

“When you do a test, you aim to pass it but when designing exercises, it’s best to fail them so you learn the maximum amount — especially what is wrong.”

Exercises allow organizations to rehearse plans, verify information in plans and train all relevant personnel, including their deputies,
Frielinghaus notes. He goes on to say that aside from being robust, exercises need to be carefully constructed to be realistic in regard to likely threats and a company’s business.

“To give an extreme example, doing an exercise focused on tsunamic damage for a company that is based inland would reduce buy-in from employees,” he says. “It’s also good advice to begin gradually with fairly simple exercises, building up in complexity as the teams become more proficient and your sense of the organization’s actual level of business continuity maturity becomes more exact.”

Following this approach will enable the organization to confirm whether its business continuity capability reflects its scale and complexity; that its business continuity plan works; and that its business continuity management programme meets its policy objectives. Perhaps most important of all, Frielinghaus says, an ongoing programme of exercises would ensure that the organization’s business continuity capability is continually being improved.

As a guide, Frielinghaus says that over a 12-month cycle, the exercises should test whether the equipment required by the plan works, that procedures and plans are correct and dovetail with each other, and that procedures are manageable. In addition, the exercises should be designed to reveal whether the required recovery time objective for business process can be met, and whether the personnel involved have the skills, authority and experience needed.

Key elements for the success of any exercise are that every participant undertakes to document his or her experience and recommendations for review, and that problems are highlighted.

“Remember that the exercise is testing the plan and not the participants, and that it is not testing what caused the disruption in the first place, or the measures put in place to mitigate risks,” Frielinghaus concludes. “It’s particularly important to remember that an exercise is not a test, and thus that it’s preferable to fail in order to learn as much as possible.”

www.continuitysa.com

The UK Government’s Centre for the Protection of National Infrastructure (CPNI) has published a new document which gives advice on handling supply chain vulnerabilities.

‘Mitigating Security Risk in the National Infrastructure Supply Chain a Good Practice Guide For Employers’ recommends that organizations should view supply chain security risk as being an extension of existing arrangements to mitigate security risk within the organization itself. To achieve this a supply chain security risk mitigation implementation plan is required which includes:

  • Comprehensive mapping of all tiers of the upstream and downstream supply chains to the level of individual contracts.
  • Risk scoring each contract to link in to the organization’s existing security risk assessment.
  • Due diligence/accreditation/assurance of suppliers (and potential suppliers) and the adoption, through contracts, of proportionate and appropriate measures to mitigate risk.
  • Audit arrangements and compliance monitoring.
  • Contract exit arrangements.

Read the document (PDF).

A cyber attack could cost a business its investor backing, according to new research by KPMG. A survey of global institutional investors found that 79 percent of investors would be discouraged from investing in a business that has been hacked. The research surveyed 133 global institutional investors with USD$3+ trillion under management.

The survey also found that investors believe less than half of the boards of the companies that they currently invest in have adequate skills to manage cyber risk. Furthermore, they believe that 43 percent of board members have unacceptable skills and knowledge to manage innovation and risk in the digital world. This sentiment was mirrored in a recent KPMG survey of FTSE 350 businesses which found that 39 percent of boards and management agreed they were severely lacking in their understanding of this area.

Malcolm Marshall, global head of KPMG’s cyber security practice, comments:

“Investors see data breaches as a threat to a company’s material value and feel discouraged in investing in a business that has had its sensitive information compromised.”

“Following a number of high profile breaches, we are seeing global investors waking up to the issue of cyber security. The ripple effect of this has seen investor appetite for cyber businesses increase, with the survey revealing that 86 percent of investors see it as a growth area.

“There is an expectation from investors for businesses to increase their cyber capabilities from top to bottom, including the board. In a world where breaches are common, is reasonable to expect boards to have prepared themselves. My personal experience of working with organizations that have been breached is that businesses that are generally well run and understand risk, are better prepared for future risks. A serious breach brings the competence and team work of senior executives and the board into sharp focus. What we are seeing is companies struggling to demonstrate that they are taking cyber risk seriously to their existing and potential investor base. The inability to demonstrate that a business is doing so could make it a less attractive investment proposition.

“A good start would be for boards to elevate cyber higher up on the agenda and invest more time towards it. Our survey reveals that 86 percent of investors want to see an increase on the time boards spend on cyber compared to last year.”

Malcolm Marshall suggests that boards need to consider the following to be cyber secure:

  • Board directors need to understand and approach cyber security as a business risk issue, not just a problem for IT.
  • Directors need to understand the legal implications of cyber risks as they relate to their company’s specific circumstances.
  • Boards should have sufficient cyber security expertise, and discussions about cyber risk management should be given regular and adequate time on the boardroom agenda.
  • Directors should set the expectation that management will establish a firm wide cyber risk management framework that has adequate scope for staffing and budget.
  • Discussions of cyber risk should include identification of which risks to avoid, accept, mitigate, or transfer, as well as specific plans associated with each approach.

www.kpmg.co.uk

The Ebola crisis, also a pandemic because of cases in different countries, has hit the nation of Sierra Leone the hardest. National and international health teams have worked round the clock to contain the disease and prevent new outbreaks. Pharmaceuticals companies have ramped up efforts to develop new vaccines. Sierra Leone counts almost 12,000 people infected with the increases in both city and travelling populations major contributing factors. Recently, the Ebola response team in Sierra Leone tried a new tactic that was in stark contrast with previous measures. The tactic could be summed up in one word – Don’t!

...

http://www.opscentre.com.au/blog/when-the-best-response-to-a-pandemic-is-dont/

Tuesday, 21 April 2015 00:00

Six Ways MSPs Can Mitigate Shadow IT

The growing prevalence of ‘shadow IT’ is not expected to slow down this year. Having emerged over the last year or so, this threat will continue to be of concern for managed service providers (MSPs) that are looking to protect cloud data and maintain integrity in cloud-based file sharing.  In order to do, we discuss six steps for improving cloud security against shadow IT.

Shadow IT, as described to TechRadar by Perry Gale, VP of workflow at Nintex, “concerns the unauthorized use of hardware and software that is not supported by an organization’s central IT department. In many cases, the IT department has not approved the technology or doesn’t even know that employees are using it.”

...

http://mspmentor.net/infocenter-cloud-based-file-sharing/042015/six-ways-msps-can-mitigate-shadow-it

(TNS) — What’s gone wrong with the weather?

Ever since California began drying out four years ago, Noah Diffenbaugh and his crew of earth scientists at Stanford University have been working on that question. They’re on a mission, like detectives breaking down a psychological profile of a bad guy — only this hunt is done with calculators and computer models.

Their bad guy is the drought, one of the worst in California’s recorded history. And one of the most mysterious.

What’s most clearly known is this: A huge dome of stagnant air has spent much of the past four winters parked off the West Coast, driving the storm path far north of California. In years past, it would periodically slide south, letting in rain to the lowlands and snow to the mountains. Now, it hardly budges.

That’s where Diffenbaugh takes up the hunt. What has changed? Why did it change? And is that change permanent?

...

http://www.emergencymgmt.com/disaster/Scientists-Predict-Less-Rain-from-Here-on-Out.html

So when was the last time you found what you wanted in a document without having to dig through pages and pages of information? Do you find that so much of what is in the document doesn’t really need to be there? Is it irrelevant? Is it fluff material just so the volume of the document looks good? In many cases it turns out the document is basically built on the foundation of quantity over quality. That means most of the document – the stuff yo don’t need – is just fluff. Are your Business Continuity Plans (BCP) like that? I beat they are.

From document to document, there is repeated information that also has its own document to strat with. As an example, I recently came across a set of BCP plans with a client that held allot of the same Emergency Response information contained within the Emergency Response Plan itself. Why? It was fluff to the BCP – which was labeled a Business Recovery Plan (BRP) – and repeated information from other areas too. What’s the point?

...

https://stoneroad.wordpress.com/2015/04/20/bc-dr-plans-dont-worry-about-the-fluff/

undefined

In what is recognition of the high profile nature of the BCI Middle East Conference, His Excellency the Minister of Energy and Industry in Qatar – Dr Mohammed Bin Saleh Al-Sada – will open the conference and provide the welcome address.

Disruptive incidents can take many forms, whether it is a natural disaster or an IT failure, and it is essential that organizations have plans in place that make them able to respond to a disruption so that operations can continue. The growth of the Business Continuity Institute in the Middle East highlights that there is an increasing awareness in the region of the need for effective business continuity and the importance that the profession has in ensuring resiliency. His Excellency Dr Al-Sada's attendance at the BCI Middle East Conference demonstrates that this is a view also held at the highest level of government.

In confirming his intention to speak at the conference, H.E. Dr Al-Sada noted that: “The aim and objectives of the conference for providing a forum for sharing knowledge is timely and welcome to facilitate successful delivery of the goals incorporated in the Qatar National Vision 2030.”

H.E. Dr Al-Sada was appointed Minister of Energy and Industry 2011 having held the role of Minister of State for Energy & Industrial Affairs since 2007. In 2011 he was also named Managing Director and Chairman of the Board of Qatar Petroleum and has over 30 years of experience of service with the company having managed various corporate departments. He is also currently chairman at several companies including RasGas, Qatargas, Qatar Chemical Company, Qatar International Petroleum Marketing Company, Qatar Petroleum International and ASTAD Project Management, Industries Qatar, and Gulf International Services. He is also Vice-Chairman of the Board at Qatar Steel Company.

H.E. Dr Al-Sada is an active member of the Qatari community and has served as a member of several distinguished committees and organizations, including the Permanent Constitution Preparation Committee, and the National Committee for Human Rights. He is currently the Chairman of the Joint Advisory Board, Texas A & M University in Qatar, the Joint Overseas Board, College of the North Atlantic – Qatar, and a Member of the Board of Directors, Supreme Education Council.

A graduate from Qatar University with a Bachelor of Science degree in marine science and geology H.E. Dr Al-Sada also holds a PhD from the University of Manchester Institute of Science and Technology.

The BCI Middle East Conference will take place at the Oryx Rotana in Doha, Qatar on the 11th and 12th May and the theme is sustaining value through business continuity. A packed programme is already in place consisting of local and international speakers who will discuss a wide range of topics and enable delegates to explore global challenges while considering regional solutions. For further information on the conference or to book your place, visit www.thebci.org.

 

http://www.thebci.org/index.php/about/news-room#/news/his-excellency-the-minister-of-energy-and-industry-in-qatar-to-open-bci-middle-east-conference-113096?utm_source=rss

I was reminded today of him much the world has changed in my working life.

I am travelling in the USA and staying overnight at Monument Valley. The picture is taken from the porch of the cabin I am staying in.

I have no cell phone coverage, there is no TV in the cabin, but they do have WiFi and made sure they pointed out the password I would need to access.

Many aspects of life and society are changing. We need to be part of that wave of change – otherwise we get left behind.

That is why I am asking for your help. I need your help to complete a survey. The survey is seeking to understand “What Business Continuity might look like in 2020“.

...

http://blog.vrg.net.au/next-generation-bc/times-change-and-so-must-we/

The Commerce Department’s first Chief Data Officer has worked with open data about as long as it’s been around — which isn’t actually that long, if you think about it. Ian Kalin’s resume shows he started working with open data in 2012 as a Presidential Innovation Fellow for the U.S. Department of Energy.

Since then, he briefly (2 months) worked as an Adecco contractor with Google, followed by not quite two years as the director of opened data at Socrata, which helps businesses leverage open data. Previously, he worked about five years with supply chain data. I’m sure his time as a Navy counter-terrorism officer and his numerous other acclaims didn’t hurt either. His background is a good fit for what the Commerce Department needs as it pushes forward with open data. He also has spent his career as a leader, so he’s fully qualified for that “chief” part.

Still, I admit I was surprised simply because of what’s missing: A strong IT background. Somehow I expected a CDO would have some traditional tech experience, such as a DBA or a programmer.

...

http://www.itbusinessedge.com/blogs/integration/what-makes-a-good-chief-data-officer-candidate.html

Monday, 20 April 2015 00:00

Private Cloud Activity Picks Up Steam

It’s no surprise that the cloud is emerging as the dominant form of enterprise information technology as the decade unfolds, but exactly how this is playing out deserves a closer look.

According to IDC, the total revenues for cloud infrastructure – servers, storage and networking – topped $8 billion in the fourth quarter of 2014, a 14.4 percent gain over the same period a year ago and roughly 30 percent of the total IT spend. The growth was most pronounced in the private cloud segment, which exceeded 18.3 percent to hit $2.9 billion, compared to the public cloud which grew 12.3 percent to $5 billion. For the full year, total cloud spending grew 18.7 percent to $26.4 billion while private cloud came in at 20.7 percent growth to $10 billion and public cloud surged 17.5 percent to $16.4 billion.

What does all this mean? After a slow start, private cloud momentum is clearly on the upswing even as the bulk of cloud infrastructure remains in the public sphere. Going forward, I would expect continued spending on private infrastructure and then rapid uptake of hybrid solutions as the enterprise industry seeks to integrate its external resources with scale-out public platforms.

...

http://www.itbusinessedge.com/blogs/infrastructure/private-cloud-activity-picks-up-steam.html

Municipal open data has a new way to map itself.

Open data visualization startup Appallicious has announced plans to use its technology to map all varieties of open and internal data for cities.

The expanded features are part of a major refresh to the San Francisco company’s Disaster Assessment and Assistance Dashboard (DAAD) that maps local emergency and recovery resources in real-time. Through the dashboard, endorsed by FEMA, citizens can request assistance, first responders can update first aid locations, and local businesses can advertise recovery services – a significant boon to recuperating economies. Other features entail alerts, real-time incident reports, searchable and filtered resource management, and the ability to geo locate emergency tweets under specific hashtag categories.

...

http://www.emergencymgmt.com/disaster/Disaster-Dashboard-Nears-Public-Launch.html

One of the security industry reports most-cited in sales calls, vendor pitches and marketing collateral is at it again this year, with more ammunition for managed service providers selling security services. This year's Verizon Data Breach Investigation Report (DBIR) shows yet again how much opportunity there is in the MSP market for building out security practices and baking in added security value into general IT services.

An examination of statistics from real-world breaches investigated by Verizon's (VZ) forensics team, the DBIR most startlingly shows that in 60 percent of investigated incidents the attackers were able to compromise a target organization within minutes. Meanwhile, though many breach victims will publicly claim great sophistication in attacks involved with their particular breach, the truth is that the vast majority of the 80,000 incidents analyzed in the DBIR this year are attributable to just nine attack patterns.

...

http://mspmentor.net/managed-security-services/041715/verizon-data-breach-investigation-report-10-common-vulnerabilities-exposed

(TNS) — The measles outbreak that started in Disneyland and reached beyond U.S. borders, sparking a national debate on the merits of vaccinations, could be declared over Friday if no new cases are reported, state health officials said.

Since December, 134 confirmed measles cases have been reported by California residents. The latest was on March 2, according to the California Department of Public Health’s weekly update released last week.

Officials said 40 of those cases were confirmed to be Disneyland visitors and another 30 were people who came in close contact with a patient in their own home.

Nearly a dozen became infected in community areas like hospital emergency rooms. Experts don’t know where another 50 patients became infected but confirmed they were stricken with the same strain of the virus connected to the Disneyland outbreak.

...

http://www.emergencymgmt.com/health/Measles-Outbreak-Disneyland-may-be-Declared-Over.html

Theoretically MSPs have always been in a position to collect massive amounts of data that would enable them to add business value to the services they deliver. The problem is that the gap between that theory and the ability to actually deliver those insights has been nothing short of massive.

Now comes along HiveManager Next Generation, a cloud management service for wireless networks from Aerohive Networks that makes use of Hadoop to give MSPs access to a “data lake” that can be easily access primarily using REST application programming interfaces.

...

http://mspmentor.net/managed-services/041715/aerohive-networks-builds-data-lake-cloud

Friday, 17 April 2015 00:00

The Most Important Risk Management Task

A title of a column on the most important task of risk management is certain to get some mail. Here is what I think it is:

The most important task of risk management is providing insights and decision-making options to senior management and the board on a significant, pervasive risk or opportunity that they didn’t have previously, giving the organization a competitive advantage of acting timely before it’s too late.

While some may disagree with my point of view, I am confident most will agree that the potential for disruptive change in the marketplace makes the above task very important.

...

http://www.corporatecomplianceinsights.com/the-most-important-risk-management-task/

Friday, 17 April 2015 00:00

Survey looks at top emerging UK risks

Cyber risk; the prolonging of the Ebola pandemic; and more regulatory and legislative changes are the top three priority risks for UK insurers in 2015, according to an ORIC International and Institute of Risk Management (IRM) joint survey.

The survey not only identified the top emerging risks but looked at both common and innovative emerging risk practices. It asked for the views of ORIC International members, who make up over 70 percent of the UK insurance market, as well as IRM insurance professional members.

Emerging risk was defined by those surveyed as newly developing risks with potential to cause significant business impact that may not yet be sufficiently understood.

...

http://www.continuitycentral.com/news07600.html

NIST has announced the release of NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations.

Federal agencies are concerned about the risks associated with information and communications technology (ICT) products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the ICT supply chain.

Special Publication 800-161 provides guidance to federal agencies on identifying, assessing, and mitigating ICT supply chain risks at all levels of their organizations; as well as integrating ICT supply chain risk management (SCRM) into federal agency risk management activities by applying a multi-tiered, SCRM-specific approach, including guidance on assessing supply chain risk and applying mitigation activities. It also builds on existing practices from multiple disciplines and is intended to increase the ability of organizations to strategically manage ICT supply chain risks over the entire life cycle of systems, products, and services.

Read the document (PDF).

Ian J. Kalin, the new chief data officer for the Commerce Department, certainly seems to understand that data is the new oil. That makes sense, given his roots at a small energy startup company and his work with the U.S. Energy Data Initiative. Surely, if anyone can understand the value of data as fuel, it would be Kalin.

So when TechRepublic contributor Alex Howard asked him to compare an “infinitely replicable digital commodity” to a natural resource like oil, you’d expect nuance. His answer doesn’t disappoint:

...

http://www.itbusinessedge.com/blogs/integration/up-for-debate-the-pros-and-cons-of-monetizing-data-quality.html

(TNS) — If a hurricane were to prompt an evacuation in Georgia, Florida or South Carolina, emergency management officials want to make sure they are well acquainted with their colleagues in bordering states prior to starting the process.

“We want to make sure we are not exchanging business cards in the middle of a disaster,” said Clint Perkins, State Operations Center director for the Georgia Emergency Management Agency. “We want to reach out across state lines.”

He invited more than 50 emergency management personnel, state police officers and department of transportation officials from Florida, Georgia and South Carolina to the Golden Isles Career Academy on Tuesday and Wednesday for a two-day meeting to discuss state-to-state mutual aid in the event of an evacuation. It was the first such meeting since 2006 and a meeting Perkins said should happen more often.

...

http://www.emergencymgmt.com/training/Relationships-Key-Emergency-Management.html

Thursday, 16 April 2015 00:00

Cyberattacks Targeting Big Companies Up 40%

Five out of six companies with more than 2,500 employees were targeted in cyberattacks in 2014, representing a 40% increase last year, according to Symantec’s annual Internet Security Threat Report. But by no means does that imply big businesses are the primary target: 60% of all targeted attacks struck small- and medium-sized organizations.

The spear-fishing and fraudulent email scams deployed in these hacks have also become more effective. Overall, 14% less email was used to infiltrate an organization’s network, yet 2014 saw a 13% increase in attackers as the cause of a data breach, and the total number of breaches rose from 253 in 2013 to 312 in 2014. This notable increase in precision is a clear indication that companies are not updating their defenses to match current threats.

Fortifying against cyberbreach continues to demand even more concerted effort as malicious actors grow more sophisticated, introducing more and better malware to their campaigns. “While advanced targeted attacks may grab the headlines, non-targeted attacks still make up a majority of malware, which increased by 26% in 2014,” Symantec reported. More than 317 million new pieces of malware were created last year, meaning almost a million new threats were released daily.

...

http://www.riskmanagementmonitor.com/cyberattacks-targeting-big-companies-up-40/

With all the attention focused on California’s water woes, an observer might conclude that the Golden State’s drought is the exception. It isn’t. Forty states expect to see water shortages in at least some areas in the next decade, according to a government watchdog agency.

In a 2013 survey by the Government Accountability Office (GAO), state water managers from around the country said they expect freshwater shortages to continue into the next decade, even under what they described as “average” conditions. If those conditions change—whether because of rapid population growth, unusually low snowfall or rainfall, or accelerated economic growth—the situation could worsen.

“As far as other states, if they haven’t seen it in the past, it’s something they will see in the future,” said Ben Chou, a water policy analyst in the Los Angeles office of the Natural Resources Defense Council, an environmental group.

...

http://www.emergencymgmt.com/disaster/40-States-Expect-Water-Shortages-Next-Decade.html

(TNS) — The Federal Emergency Management Agency has reimbursed Hawaii County more than $1.6 million in costs incurred while preparing for the lava threat from Kilauea Volcano, but county officials are still hoping for another $10 million — and counting.

Although the threat appears over, county officials believe their lava-related costs will tally at least $15 million, and they're hoping FEMA will continue to reimburse 75 percent of it.

Among the county's big-ticket items were three roads that were rebuilt at a total cost of $14.3 million to provide residents of the Lower Puna District with an escape route should lava cross Highway 130, the main road in and out.

FEMA already has paid $1.1 million of the county's $2.1 million cost to rebuild Railroad Avenue. The money went to the state, which will distribute it to the county.

...

http://www.emergencymgmt.com/disaster/Preparing-Lava-Threat-Costs-Hawaiis-Big-Island-15-Million.html

(TNS) — In the aftermath of last year’s lethal Oso landslide, the state Legislature has unanimously authorized an expanded state program to map slide-prone slopes and other geologic hazards. Equally important, the state would make that information more accessible to policymakers and the public.

But that laudable move won’t mean much unless lawmakers take the next step and pony up the money to pay for the program.

The funds would pay for increased risk identification and analysis using lidar, an aerial scanning technique that can reveal previously hidden geologic hazards. So far, it has been used to map less than a quarter of the state.

...

http://www.emergencymgmt.com/disaster/Technology-Funds-Prevent-Another-Oso-Wash-Landslide.html

Thursday, 16 April 2015 00:00

Too Few Aware of Opioid Risk

I.I.I. chief actuary Jim Lynch brings us some surprising numbers on America’s addiction to opioids:

Americans are grossly misinformed about the dangers of opioid drugs, according to a recent survey by the National Safety Council (NSC).

Opioids are commonly prescribed painkillers like Vicodin, OxyContin and Percocet. The drugs are meant to mimic the nervous system actions of heroin and morphine and all too often lead to similar levels of addiction and suffering. More than 170,000 Americans have died from opioid overdoses this century, nearly triple the number of U.S. military deaths in Vietnam (see my earlier post).

I wrote about the epidemic in Contingencies magazine, focusing on the toll the drugs have taken in the workers compensation system.

...

http://www.iii.org/insuranceindustryblog/?p=4027

Most companies have a plan for disaster recovery of IT, real estate, and data – but what happens when you must respond to allegations of a violation of customer trust or compliance?  Does your organization know:

  • What steps to take?
  • Who needs to be involved in the decisions?
  • When to notify the board?
  • Who will conduct the investigation?
  • How transparent you will be with shareholders? Employees? The media?

While the facts of the incident will vary, the need to respond quickly― and thoughtfully―is a given. To make that response effective, an organization must understand the key steps it needs to take after a serious compliance breach and the most important issues it must consider. Only then, can compliance officers and others charged with compliance responsibilities create an effective, executable plan for recovering from major ethics and compliance lapses, breaches, and disasters.

...

http://www.corporatecomplianceinsights.com/disaster-recovery-planning-compliance-style/

As we brace for another season of tornadoes, hurricanes, forest fires, earthquakes and floods, all businesses should be asking, “Is our data protected should disaster strike?” Or more simply, “What happens if we lose our data?”

Sadly, despite the fact that significant portions of the country are at risk for severe weather and other natural disasters, not all businesses are thinking pragmatically about catastrophic data loss and downtime, which can lead to staggering financial losses and impact productivity, reputation, regulatory compliance, and ultimately the bottom line.

According to a global data protection study released in December, enterprises are losing as much as $1.7 trillion annually through data loss and unplanned downtime. Data loss is up 400% since 2012, and two-thirds of the 3,300 organizations surveyed had experienced data loss in the last 12 months. Researchers found that although a high percentage of organizations had disaster recovery plans in place, surprisingly few had implemented data protection practices and fewer than half employed remote, cloud-based data protection. Seventy-one percent of organizations were not fully confident in their ability to recover after a disruption.

...

http://www.riskmanagementmonitor.com/data-protection-in-the-cloud-planning-for-data-loss-and-downtime/

The hype cycle is such a common facet of IT technology that it’s become almost a sport to predict where on the satisfaction chart a particular development finds itself at any given moment.

The cloud has been riding the hype for nearly a decade now, and during that time numerous pundits have proclaimed various levels of enthusiasm and disillusionment within the enterprise community. Lately, however, the talk has shifted from the cloud itself to certain categories within the cloud, each of which seem to be following their own hype cycles.

NTT Communications’ recent Cloud Reality Check holds that IT executives are expressing deeper frustration with the public cloud, saying their deployments so far are failing to live up to the promises made when SLAs were signed. According to Len Padilla, VP of product strategy at NTT, a big part of the problem is the idea that the cloud provides a better way to support legacy applications and data rather than cloud-native functions. Once data executives realize that issues like compliance, security and availability are best handled through local infrastructure, disappointment sets in.

...

http://www.itbusinessedge.com/blogs/infrastructure/expectations-vs.-reality-what-the-cloud-is-really-about.html

Structured data is still king, but that may be in part because many organizations simply aren’t even trying to manage unstructured data, a just-released report by Dell reveals.

Dell commissioned Unisphere Research to query those who manage data at North American companies. The survey’s 300 respondents were primarily DBAs, with more than 60 percent coming from large organizations. The results are covered in “The Real World of the Database Administrator,” which Dell made available as a free download today.

Despite the press over Hadoop and unstructured data, DBAs say structured data is still the focus for most DBAs. More than two-thirds reported that structured data represented at least 75 percent of the data being managed. When it came to unstructured data, which can include everything from text such as email and social media content to machine logs, less than 12 percent said they believe the data’s growth rate exceeds 50 percent annually.

But that may be in part because many organizations simply aren’t keeping tabs on unstructured data. One-third of those surveyed said their organizations do not actively manage unstructured data or know how fast unstructured data is growing within their organizations.

...

http://www.itbusinessedge.com/blogs/integration/dbas-more-concerned-with-cloud-virtualization-than-big-data.html

iPhone, Target, Home Depot; with each security breach we hear of, alarms are going off in the minds of business owners who have their data in the cloud or are considering working with an MSP. Cloud-based file sharing comes with a unique set of IT security challenges and it’s more important than ever for you to prepare a comprehensive strategy for protecting data and make sure your clients know you are addressing every issue.

Your clients are right to be concerned about their data security. The consequences of not employing an effective strategy for sensitive data management can be severe and may take businesses years to recover from. As their MSP, your job is to make sure business owners know if you acknowledge these issues while planning your cloud strategy, making the move to cloud sharing can greatly increase your data security.

...

http://mspmentor.net/infocenter-cloud-based-file-sharing/041515/critical-issues-msps-must-address-cloud-security-strategy

(TNS) — As Mark McBride stood with tears in his eyes amid the rubble of Plaza Towers Elementary School, he vowed to do anything he could to protect the state’s schoolchildren.

With emergency workers everywhere, McBride, a legislator from Moore, knew that children were trapped inside the remains of the school — living or dead — after a direct hit from the massive tornado on May 20, 2013.

Within a day, he and colleague Jon Echols, a representative from Oklahoma City, had launched the nonpartisan Shelter Oklahoma Schools. Their non-partisan, multimillion-dollar effort aimed to help schools throughout the state bear the enormous cost of building storm shelters or safe rooms.

...

http://www.emergencymgmt.com/disaster/School-Shelter-Initiatives-Dwindle-Oklahoma.html

Build? Buy? Host? It’s not a new debate for managed service providers (MSPs) and IT service providers. MSPmentor research has found most providers have opted out of running their own data centers, with the exception of very large service providers. What’s more, many MSPs say if they were starting over today they’d start as a born-in-the-cloud company.

For another perspective on this question, MSPmentor recently caught up with executives from Venyu, a company known for its data centers, but also a provider of cloud computing, managed hosting, and other services. And guess what? They pretty much agree with what we’ve found. Here’s what they told us.

...

http://mspmentor.net/cloud-computing/041515/build-buy-another-perspective-data-center-ownership

undefined

The strategic markets of Philippines, China, Japan and Bangladesh are home to over half of the 100 cities most exposed to natural hazards, highlighting the potential risks to foreign business, supply chains and economic output in Asia from extreme weather events and seismic disasters, according to new research from global risk analytics company, Verisk Maplecroft.

The 5th annual Natural Hazards Risk Atlas (NHRA) assesses the natural hazard exposure of over 1,300 cities, selected for their importance as significant economic and population centres in the coming decade. Of the 100 cities with the greatest exposure to natural hazards, 21 are located in the Philippines, 16 in China, 11 in Japan and 8 in Bangladesh. The analysis considers the combined risk posed by tropical storms and cyclones, floods, earthquakes, tsunamis, severe storms, extra-tropical cyclones, wildfires, storm surges, volcanoes and landslides.

According to Verisk Maplecroft, natural hazards constitute one of the most severe disrupters of business and supply chain continuity, and also threaten economic output and growth in some of the world’s key cities, especially for those located in the emerging markets. Although adverse weather dropped from 4th to 7th place in the Business Continuity Institute's latest Horizon Scan report, it is still considered to be a concern by over half (52%) of the business continuity professionals who responded to a survey. Meanwhile, earthquake/tsunami is considered a concern by nearly a quarter (22%).

“As typhoon Haiyan in the Philippines and the tsunami in Japan showed us, natural hazard events can have far-reaching and long-lasting impacts on supply chains, business and economies,” states Dr Richard Hewston, Principal Environmental Analyst at Verisk Maplecroft. “Understanding how, where and why those risks manifest is an imperative in managing potential shocks.”

Natural hazard risk is compounded in the Philippines by poor institutional and societal capacity to manage, respond and recover from natural hazards events. In addition to assessing exposure, the Natural Hazards Risk Atlas also evaluates a country’s ability to manage and mitigate the impacts of natural hazard events, through the Socio-economic Resilience Index. While Japan, which ranks 178th out 198 countries for resilience, is classified as ‘low risk,’ the Philippines (80th), is considered ‘high risk’, in part due to entrenched corruption and high levels of poverty.

“With foreign investment continuing to flow into countries highly exposed to natural hazards, those which are unable to demonstrate robust resilience may lose an element of their competitiveness,” adds Hewston. “Company decision-making over sourcing locations or market entry is increasingly influenced by issues such as strength of infrastructure and institutional robustness.”

http://www.thebci.org/index.php/about/news-room#/news/risks-posed-by-natural-hazards-to-major-cities-across-the-world-112807

Wednesday, 15 April 2015 00:00

Value Is Elusive, Even To Agilists

Agile practitioners are often proud — and justifiably so — that when people are seriously adhering to the principles and practices, they keep the focus on value. They usually do a better job on average, I would argue from both first-hand experience and a fair amount of research, than the adherents of Waterfall methods. That’s not the same as saying that there’s room for improvement.

Value is a slippery concept. What’s valuable to you isn’t necessarily valuable to me. That statement extends to user stories, in which the “so that…” clause differs, depending on the persona identified in the “As a…” section that precedes it. We’re supposed to write stories that have some value for that persona, no matter how minimal it might be, but we often don’t show significant value until we’ve finished all the stories organized into an epic, theme, sprint, or release. (The attraction of creating an expense report, for example, is significantly less until you can update it when needed, too.) We prioritize the backlog from highest to lowest value stories for a variety of reasons, such as ensuring that if we run out of time before a planned release, we cut the lowest-value stories, which are coming conveniently last in the list. However, we know that life isn’t as simple as a single queue of neatly sequenced work items. Which is more valuable, the ability of a salesperson on the road to enter sales activity easily, or the report that tells the sales manager about the current state of the pipeline?

...

http://blog.cutter.com/2015/04/14/value-is-elusive-even-to-agilists/

WASHINGTON, D.C. – Today, the Federal Emergency Management Agency (FEMA) launched a new feature to its free app that will enable users to receive weather alerts from the National Weather Service for up to five locations across the nation. This new feature allows users to receive alerts on severe weather happening anywhere they select in the country, even if the phone is not located in the area, making it easy to follow severe weather that may be threatening family and friends.

“Emergency responders and disaster survivors are increasingly turning to mobile devices to prepare for, respond to and recover from disasters,” said Craig Fugate, FEMA administrator. “This new feature empowers individuals to assist and support family and friends before, during, and after a severe weather event.”

“Every minute counts when severe weather threatens and mobile apps are an essential way to immediately receive the life-saving warnings provided by NOAA’s National Weather Service,” said Kathryn Sullivan, Ph.D., NOAA administrator.  “These alerts are another tool in our toolbox as we work to build a ‘Weather Ready Nation’ – a nation that’s ready, responsive, and resilient to extreme weather events.”

According to a recent survey by Pew Research, 40 percent of Americans have used their smartphone to look up government services or information. Additionally, a majority of smartphone owners use their devices to keep up to date with breaking news, and to be informed about what is happening in their community.

The new weather alert feature adds to the app’s existing features to help Americans through emergencies. In addition to this upgrade, the app also provides a customizable checklist of emergency supplies, maps of open shelters and Disaster Recovery Centers, and tips on how to survive natural and manmade disasters. The FEMA app also offers a “Disaster Reporter” feature, where users can upload and share photos of disaster damage.

Some other key features of the app include:

  • Safety Tips: Tips on how to stay safe before, during, and after over 20 types of hazards, including floods, hurricanes, tornadoes and earthquakes
  • Disaster Reporter: Users can upload and share photos of damage and recovery efforts
  • Maps of Disaster Resources: Users can locate and receive driving directions to open shelters and disaster recovery centers
  • Apply for Assistance: The app provides easy access to apply for federal disaster assistance
  • Information in Spanish: The app defaults to Spanish-language content for smartphones that have Spanish set as their default language

The latest version of the FEMA app is available for free in the App Store for Apple devices and Google Play for Android devices.  Users who already have the app downloaded on their device should download the latest update for the weather alerts feature to take effect. The new weather alerts feature in the FEMA app does not replace Wireless Emergency Alerts (WEA) function available on many new smartphones. WEAs have a special tone and vibration and are sent for emergencies such as extreme weather, AMBER alerts, or Presidential Alerts.

To learn more about the FEMA app, visit: The FEMA App: Helping Your Family Weather the Storm.


Graphic with a brief summary of a few features in the FEMA app.A brief summary of a few features in the FEMA app.

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

https://www.fema.gov/news-release/2015/04/14/fema-launches-new-feature-mobile-app-empowering-users-follow-weather-alerts

The global data load is about to surge as Big Data and the Internet of Things threaten to turn every device on the planet into an information source. While it is easy to see the promise that such an environment can offer, is the enterprise turning a blind eye to some of the consequences?

The obvious one is the sheer load that we are contemplating and whether it is possible to build the infrastructure to support it. By some estimates, the global load is due to rise from today’s output of about 4 zettabytes per year to more than 44 zettabytes by 2020. That’s not the total amount of data under management, mind you, but the amount the world will generate in a single year. Compare this to the average annual growth of the data center market, currently estimated at about 11 percent per year, and it is clear trouble is brewing down the line.

The most immediate implication of the surging data load is where to store it all. As Seagate Technology’s Mark Whitby noted to Tech Radar recently, even the most optimistic estimates of storage capacity generation over the next few years would leave us about six ZB short by 2020, which is twice the data output of 2013. New technologies are showing promise in high-density storage – resistive random access memory (RRAM) and heat-assisted magnetic recording (HAMR), to name a few – but it is questionable whether they will be ready for production environments in time for the data deluge.

...

http://www.itbusinessedge.com/blogs/infrastructure/supply-and-demand-can-infrastructure-support-big-data.html

Wednesday, 15 April 2015 00:00

Key to Surviving a Tsunami? Fast Walking

(TNS) — A new analysis shows more than 100,000 people are at risk from a tsunami on the Northwest coast — but the outlook isn’t uniformly grim.

In many communities, residents should be able to make it to high ground in time simply by walking at a brisk pace.

Tsunami surges are expected to slam into some parts of the coast within 15 to 30 minutes of an earthquake on the Cascadia Subduction Zone, the offshore fault where two tectonic plates collide.

Published Monday in the Proceedings of the National Academy of Sciences, the analysis takes the most comprehensive look yet at the threat along the 700-mile-long coast of Washington, Oregon and Northern California — and finds surprising variability.

...

http://www.emergencymgmt.com/disaster/Key-to-Surviving-Tsunami-Fast-Walking.html

Wednesday, 15 April 2015 00:00

100 Year Event Losses vs. Insurer Estimates

A major hurricane or earthquake hitting a densely populated metropolitan area like Miami or Los Angeles will leave insurers facing losses that far exceed their estimated 100 year probable maximum loss (PML) due to highly concentrated property values, a new report suggests.

In its analysis, Karen Clark & Company (KCC) notes that the PMLs that the insurance industry has been using to manage risk and rating agencies and regulators have been using to monitor solvency can give a false sense of security.

For example, it says the 100 year hurricane making a direct hit on downtown Miami will cause over $250 billion insured losses today, twice the estimated 100 year PML.

...

http://www.iii.org/insuranceindustryblog/?p=4025

There is an old joke in sales that things would be great if it wasn’t for the customers. Of course, it is the customers that buy and that keep salespeople in a job. More generally, people accomplish tasks, do projects, have ideas and help to run businesses. Business continuity is inextricably bound up with people. They may be unpredictable as individuals, but display rather more predictable behaviour when grouped together. Predictive analytics has already been growing as a method of forecasting market conditions, economic trends and environmental developments. Increasingly, these techniques are also being applied in cases where people have a direct impact on business continuity.

...

http://www.opscentre.com.au/blog/the-growth-of-user-behaviour-analysis-in-business-continuity/

(TNS) — Add this to your smartphone’s many functions: In the near future it could help save lives by warning that a powerful, distant earthquake is about to shake the ground.

Earthquake scientists are proposing that “crowdsourcing” hundreds or even thousands of volunteers with their highly sensitive mobile phones could create a seismic early warning system to alert users of oncoming seismic shocks.

Seismologists in Menlo Park and UC Berkeley are testing the phones and foresee them as particularly useful in developing regions, like Southeast Asia and parts of Africa, that are prone to large and often devastating earthquakes but where more sophisticated warning systems don’t exist.

...

http://www.emergencymgmt.com/disaster/Cellphones-Earthquake-Early-Warning-Devices.html

What could be worse than stealing millions of personal records in a large data breach?

How about destructive cyberattacks against our vital infrastructure companies that run dams, power plants, transportation systems and other critical infrastructures around the globe?

Sadly, such cyberattacks are becoming much more common and causing more harm than previously reported.

A new, first-of-its-kind report was released just this week which reveals astonishing survey results from more than 500 security chiefs spread across 26 member countries in the Organization of American States (OAS). The official report was created in collaboration between OAS and Trend Micro, and you can get a copy of the full report at this website.

Here are some of the findings that I found very surprising – even somewhat shocking:

...

http://www.emergencymgmt.com/safety/Hacking-Critical-Infrastructure-Is-Accelerating.html

One of the more promising vertical markets for cloud adoption is healthcare. With the Health Insurance Portability and Accountability Act (HIPAA) regulations being updated to incorporate the modern information technology landscape, the demand for managed service providers (MSPs) to help secure the industry’s data storage and cloud-based file sharing will continue to grow.

A recent story from FierceGovernmentIT cited Joe Klosky, senior technical advisor at the U.S. Food and Drug Administration (FDA), who suggested that managing health data moving from system to system is “critical.”  FierceGovernmentIT also reported the complex mission government officials are experiencing as “the rapid growth of health data is helping federal agencies better chart the quality of care being provided and other nationwide trends, but it’s also presenting some privacy and security challenges.”

...

http://mspmentor.net/infocenter-cloud-based-file-sharing/041315/food-medicine-health-data-security-top-concern

Statement issued after the 5th meeting of the IHR Emergency Committee regarding the Ebola outbreak in West Africa.

The fifth meeting of the Emergency Committee convened by the WHO Director-General under the International Health Regulations (IHR) 2005 regarding the Ebola virus disease outbreak in West Africa was conducted with members and advisors of the Emergency Committee on Thursday, 9 April 2015.

The main issues considered were: ‘does the event continue to constitute a Public Health Emergency of International Concern’ and, if so, ‘should the current temporary recommendations be extended, revised, and/or new temporary recommendations issued.’

The Committee reviewed developments since the previous meeting on 20th January 2015, including the current epidemiological situation. The Committee noted that as a result of further improvements in EVD prevention and control activities across West Africa, including in the area of contact tracing, the overall risk of international spread appears to have further reduced since January with a decline in case incidence and geographic distribution in Liberia, Sierra Leone and Guinea. These three IHR States Parties provided updates and assessment of the Ebola outbreak, in terms of the epidemiological situation and the status and performance of exit screening and contact tracing.

The Committee recognized the progress achieved by all three countries and emphasized that there was no place for complacency, the primary goal remaining the interruption of transmission as rapidly as possible. The Committee reinforced the importance of community engagement in ‘getting to zero’. The Committee expressed its continued concern about the recent infection of health care workers and reaffirmed the importance of ensuring the rigourous application of appropriate infection prevention and control measures.

The Committee discussed the issue of probable sexual transmission of EVD, particularly the recent case who is likely to have been infected following sexual contact involving an Ebola survivor some months after his recovery. The Committee welcomed the ongoing programme of research underway in this area and urged its acceleration as a priority.

The Committee discussed the issue of inappropriate health measures that go beyond those in the temporary recommendations issued to date. The Committee was very concerned that additional health measures, such as quarantine of returning travellers, refusal of entry, cancellation of flights and border closures significantly interfere with international travel and transport and negatively impact both the response and recovery efforts. Although some countries are reported to have recently rescinded these additional health measures, and some regional airlines have resumed flights to affected countries, about 40 countries are still implementing additional measures and a number of airlines have not resumed flights to these countries.

The Committee concluded that the event continues to constitute a Public Health Emergency of International Concern and recommended that all previous temporary recommendations should be extended.

Source: World Health Organization

BATS Global Markets (BATS), a leading operator of exchanges and services for financial markets globally, has published details of a successful test of its business continuity processes.

As part of the test BATS took its company headquarters completely offline and operated from its Kansas City-area disaster recovery site instead. All of the 110 employees based at BATS’ global headquarters either reported to the DR site and conducted their daily routines from the secure and remote location or worked remotely. The BATS offices in the New York area, Chicago, London and Singapore continued normal operations.

In addition to the twice-yearly BCP test, BATS also tests its local Kansas City DR site each month. For one full day monthly since 2008, the company’s Operations, Technology, Regulatory and Surveillance teams in Kansas City have operated from the local DR site, with the primary headquarters remaining online.

BATS also maintains a DR site in Chicago that serves as a backup for its exchange technology infrastructure that is located in Secaucus, N.J.

www.bats.com

For months, federal law enforcement agencies and industry have been deadlocked on a highly contentious issue: Should tech companies be obliged to guarantee government access to encrypted data on smartphones and other digital devices, and is that even possible without compromising the security of law-abiding customers?

Recently, the head of the National Security Agency provided a rare hint of what some U.S. officials think might be a technical solution. Why not, suggested Adm. Michael S. Rogers, require technology companies to create a digital key that could open any smartphone or other locked device to obtain text messages or photos, but divide the key into pieces so that no one person or agency alone could decide to use it?

“I don’t want a back door,” Rogers, the director of the nation’s top electronic spy agency, said during a speech at Princeton University, using a tech industry term for covert measures to bypass device security. “I want a front door. And I want the front door to have multiple locks. Big locks.”

...

http://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.html

The demands placed upon Business Continuity (BC), Risk Management (RM), and Disaster Recovery (DR) professionals are increasing every day. As a result, organizations need to reassess their approach Business Continuity Management (BCM). If they don’t, they’ll get left behind, affected by continued adherence to outdated methods. The convergence of the BC and RM disciplines are ongoing.

Emerging regulations, frameworks, and standards place greater emphasis on risk management. As decision makers accept this evolution, Business Continuity increasingly becomes a subset of Risk Management. How the process is implemented—the value it brings a risk-based model—determines whether or not the process is sound.

...

http://www.strategicbcp.com/blog/playbook-converging-business-continuity-risk-management/

It might surprise you to learn that the vast majority of Big Data analytics takes place within on-premises infrastructure.

This makes the most logical sense, in fact, because despite what you hear about the rise of the cloud, most Big Data loads reside in the enterprise data center in the form of both structured and unstructured historical data. To lower costs, organizations are placing their analytics capabilities as close to that data as possible.

But this is likely to change relatively quickly.

According to Wikibon, spending on Big Data hit $27.3 billion last year and is expected to top $35 billion in 2015, which is impressive for a phenomenon that didn’t even have a formal name until about three years ago. The cloud, however, holds only about $1.3 billion of the market, dwarfed even by the “professional services” (read, consultants) category, which draws about $10.4 billion.

...

http://www.itbusinessedge.com/blogs/infrastructure/follow-the-data-analytics-is-heading-toward-the-cloud.html

(TNS) — Henri might have to wait.

Colorado State University researchers are predicting a below average 2015 Atlantic hurricane season, with seven named storms, leaving Henri, the possible eighth named storm, out of the alphabetical running.

Of the seven storms, three are expected to become hurricanes and one is forecast to reach major hurricane strength with winds of 111 mph or more, researchers reported in their annual forecast released Thursday.

The report comes with a caution: "It just takes that one storm to make it an active season," said Phil Klotzbach, the lead author of the report put out by CSU's Tropical Meteorology Project since 1984.

...

http://www.emergencymgmt.com/disaster/2015-Hurricane-Season-Expected-Less-Active-than-Average.html

Monday, 13 April 2015 00:00

Active Wildfire Season Likely

Nearly 37 percent of the United States and more than 98 percent of the state of California is in some form of drought, according to the latest U.S. Drought Monitor.

Its weekly update shows that more than 44 percent of California is now in a state of exceptional drought, with little relief in sight.

...

http://www.iii.org/insuranceindustryblog/?p=4022

Monday, 13 April 2015 00:00

5 Laws of IT Security

There are five laws of IT security.

1. There is no such thing as perfect security: Systems designed by humans are vulnerable to humans. Bugs exist. Mistakes are made. The things that make your computers useful--that is, communication, calculation and code execution--also make them exploitable. Information security is the management of risk. A good infosec design starts with a risk profile, and then matches solutions to the likely threat.

...

http://mspmentor.net/blog/5-laws-it-security

undefined

Norway, Switzerland, Netherlands and Ireland are considered the countries most resilient to supply chain disruption according to the 2015 FM Global Resilience Index. Australia has dropped out of the top 10 this year, moving from 4th place in 2014 to 14th place this year, one place behind New Zealand. Venezuela, meanwhile, is rooted to the foot of the index, but Guyana and Bolivia both rose out of the bottom 10, owing to significant improvements in commitment to natural hazard risk management in the region.

The FM Global Resilience Index highlights the risks that come with operating in various countries and quantifies all the vulnerabilities these countries have in a definitive ranking of supply chain resilience around the world.

Supply chain disruption is a major cause for concern among business continuity professionals with the Business Continuity Institute’s latest Horizon Scan report revealing that it is the fifth in the list of potential threats to organizations compared to 16th place the year before. This is no surprise as three quarters (76%) of respondents to the BCI’s latest Supply Chain Resilience survey claimed they had experienced at least one supply chain disruption during the previous year.

Ireland keeps its place in the top 10, moving up one place to 4th in the rankings, reflecting both its low exposure to natural hazards and the fruits of its austerity and fiscal regimes. For the third year running, the United Kingdom has held on to its 20th place. Its ranking reflects its resistance to oil shocks as its consumption of oil relative to GDP is comparatively low. The UK scores well on other key drivers such as perceptions of its control of corruption and the quality of local suppliers, but there is scope for improvement in risk quality, particularly as it relates to fire risk management. In addition, the risk of terrorism continues to threaten supply chain security.

The United States and China are each segmented into three separate regions because the geographic spread of these countries produces significantly disparate exposures to natural hazards. Region 3 of the US, which includes most of the central part of the country, ranks 10th. Region 1, encompassing much of the East Coast, ranks 16th and Region 2, primarily the West Coast, ranks 21st. China’s three regions rank 63rd (Region 3), 64th (Region 1), and 69th (Region 2). Beyond natural disaster risk, China's other challenges range from poor accountability and transparency, high levels of perceived corruption and growing security concerns to problems in its financial sector, especially with regard to the fragile position of its banks.

“Business leaders who don’t evaluate countries and supply chain resilience can suffer long-term consequences,” said Bret Ahnell, executive vice president, operations, FM Global. “If your supply chain fails, it can be difficult or impossible to get your market share, revenue and reputation back. The FM Global Resilience Index is designed to help business leaders stay in business by making informed decisions about where to place and maintain global supplier facilities.”

The top 10 countries, those most resilient to supply chain disruption, according to the report were:

1. Norway
2. Switzerland
3. Netherlands
4. Ireland
5. Luxembourg
6. Germany
7. Qatar
8. Canada
9. Finland
10. United States (central region)

The bottom 10 countries, those considered least resilient to supply chain disruption, were:

121. Tajikistan
122. Egypt
123. Pakistan
124. Jamaica
125. Honduras
126. Dominican Republic
127. Nicaragua
128. Mauritania
129. Kyrgyz Republic
130. Venezuela

The Index is compiled annually for FM Global by analytics and advisory firm Oxford Metrica. The Index is generated by combining three core factors of business resilience to supply chain disruption: economics, risk quality and qualities of the supply chain itself. The drivers of these factors include GDP per capita, political risk, vulnerability to oil shortages and price shocks, exposure to natural hazards, quality of natural hazard risk management, fire risk, control of corruption and the quality of infrastructure and local suppliers.

http://www.thebci.org/index.php/about/news-room#/news/definitive-ranking-of-supply-chain-resilience-around-the-world-112339

In 2014, the Federal Bureau of Investigation sent a private notice to healthcare organizations regarding the industry’s preparedness to fight cyber intrusions. The notice stated healthcare organizations are “not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely.”[1] Until recently, privacy and information security has not been a significant focus of the healthcare industry. That is changing. In 2013, it was estimated that North American healthcare organizations were expected to spend $34.5 billion in 2014 on information technology.[2] While there are numerous privacy and security risks in the healthcare space, two key areas for 2015 are enforcement by the Office for Civil Rights (OCR) through audits and investigations and the increase of bring-your-own-device workplaces.

...

http://www.corporatecomplianceinsights.com/healthcare-privacy-and-information-security-risk-forecast-for-2015/

Friday, 10 April 2015 00:00

The Heartbleed Anniversary

Has an entire year actually passed since the Heartbleed vulnerability was discovered? It seems like only yesterday that my social media news feeds were in pure panic mode. Chicken Little, the sky is falling! Or, in this case, the Internet is broken and our privacy is gone and everything we ever posted is going to be stolen!

The mass hysteria was unlike anything I’ve witnessed before or since in regards to IT security, and I’d be willing to bet if I asked 10 people about Heartbleed today, at least eight of them would have no memory of it. They’ve moved along to the next crisis, real or imagined.

So Heartbleed might be out of mind, but it isn’t out of our networks. And that’s the problem. A year later, 74 percent of Global 2000 companies are still vulnerable, according to a new study by Venafi. In August, a similar survey found that 76 percent of Global 2000 companies hadn’t fully addressed Heartbleed. I’m not a math whiz, but a 2 percent improvement over an eight-month period doesn’t sound positive. Plus, this just includes the 2,000 biggest companies in the world. I have my doubts that if large corporations are still struggling with Heartbleed, smaller companies are doing any better.

...

http://www.itbusinessedge.com/blogs/data-security/the-heartbleed-anniversary.html

(TNS) — Mine rescue entered the 21st century Wednesday with the successful test of a suite of technologies that will keep rescue teams in constant communication with the emergency command center, state and federal officials said.

“We think we're ready to rock and roll with the systems we've built,” said Joe Main, the assistant labor secretary in charge of the federal Mine Safety and Health Administration.

The MSHA, the Department of Environmental Protection, Consol Energy and the Homer City-based Special Medical Response Team ran a simulated emergency at Consol's Harvey Mine in West Finley to test the system.

...

http://www.emergencymgmt.com/disaster/Communication-System-Mine-Rescue-21st-Century.html

(TNS) — A Belfast-based epidemiologist and family physician who investigated infectious disease outbreaks for the Centers for Disease Control and Prevention said Monday that public hysteria and paranoia are not the answer when such crises emerge.

A case in point was the recent furor over Ebola. Maine made international headlines when Kaci Hickox, a nurse who until recently lived in Fort Kent, was quarantined after returning from treating Ebola patients in West Africa despite having no symptoms of the disease.

As Dr. Peter Millard sees it, there is a better way.

“We’re going to have epidemics. Epidemics are always going to be with us. We’re going to have a bad epidemic eventually and if we don’t pull together and use science as a basis for our response, we’re going to be in big trouble,” Millard said Monday evening during a lecture in Husson University’s Kominsky Auditorium.

...

http://www.emergencymgmt.com/health/Epidemiologist-Maine-Poorly-Prepared-Disease-Outbreaks.html

A new survey out this week offers good evidence as to why so many businesses today bungle their response to security compromises and breach discoveries.

The study of 170 businesses conducted by the Security for Business Innovation Council (SBIC) and RSA, The Security Division of EMC (EMC), shows the majority of businesses lack incident response plans and have no capabilities to correlate security-related  data from IT infrastructure, can't properly analyze live network forensic  and have no way to take advantage of industry-wide threat intelligence.

"Organizations are struggling to gain visibility into operational risk across the business," said Dave Martin, chief trust officer for RSA. "While many organizations may feel they have a good handle on their security, it is still rarely tied in to a larger operational risk strategy, which limits their visibility into their actual risk profile."

...

http://mspmentor.net/managed-security-services/rsa-study-small-business-needs-help-it-security

Emergency preparedness exercise scheduled for the Three Mile Island Nuclear Power Plant

PHILADELPHIA – The Federal Emergency Management Agency (FEMA) will evaluate a Biennial Radiological Emergency Preparedness Exercise at the Three Mile Island Nuclear Power Plant.  The exercise will occur during the week of April 13, 2015 to assess the ability of the Commonwealth of Pennsylvania to respond to an emergency at the nuclear facility.

“These drills are held every other year to evaluate government’s ability to protect public health and safety,” said MaryAnn Tierney, Regional Administrator for FEMA Region III.  “We will assess state and local emergency response capabilities within the 10-mile Emergency Planning Zone as well as the adjacent support jurisdictions within the Commonwealth of Pennsylvania.”

Within 90 days, FEMA will send its evaluation to the Nuclear Regulatory Commission (NRC) for use in licensing decisions.  The final report will be available to the public approximately 120 days after the exercise.

FEMA will present preliminary findings of the exercise in a public meeting at 11:00 a.m. on Friday, April 17, 2015 at the Hilton Garden Inn, 3943 Tecport Drive, Harrisburg, PA. Scheduled speakers include representatives from FEMA, NRC, and the Commonwealth of Pennsylvania.  

At the public meeting, FEMA may request that questions or comments be submitted in writing for review and response.  Written comments may also be submitted after the meeting by emailing FEMAR3NewsDesk@fema.dhs.gov or by mail to:

MaryAnn TierneyRegional AdministratorFEMA Region III615 Chestnut Street, 6th FloorPhiladelphia, PA 19106

FEMA created the Radiological Emergency Preparedness (REP) Program to (1) ensure the health and safety of citizens living around commercial nuclear power plants would be adequately protected in the event of a nuclear power plant accident and (2) inform and educate the public about radiological emergency preparedness.

REP Program responsibilities cover only “offsite” activities, that is, state and local government emergency planning and preparedness activities that take place beyond the nuclear power plant boundaries. Onsite activities continue to be the responsibility of the NRC.

Additional information on FEMA’s REP Program is available online at FEMA.gov/Radiological-Emergency-Preparedness-Program.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, the District of Columbia, Maryland, Pennsylvania, Pennsylvania and West Pennsylvania.  Stay informed of FEMA’s activities online: videos and podcasts are available at fema.gov/medialibrary and youtube.com/fema. Follow us on Twitter at twitter.com/femaregion3.

https://www.fema.gov/news-release/2015/04/09/fema-evaluate-readiness-pennsylvania

Even in today’s wired world, many organizations require access to original documents to deliver goods or services.  If yours is one of them, how you maintain continuity of access to those documents should be part of your Business Continuity Planning.

Original Documents

Even though we like to think we live in a paperless age, most of us don’t.  In paper-intense industries, access to original documentation may have both financial and regulatory implications. In many other businesses, those ‘original documents’ are fleeting: checks, authorizations, forms and others that are acted upon then discarded.  They are necessary only until converted or input.

Think of original documents as “paper data”.  Even with documents of only temporary importance, their loss (or loss of access to them) may be vital to the performance of our most critical functions or processes.  Why do we put emphasis on Recovery Point Objectives (RPO)?  Because we understand losing electronic data may imperil our business.  There is little difference with “paper data” waiting for conversion to electronic data.  If it’s gone (because of physical destruction) or elusive (because we can’t get postal deliveries, or we’ve been forced out of our office) we can’t fully function.

...

http://www.ebrp.net/original-documents-business-continuity-risk-or-liability/

DENTON, Texas – People living in parts of Arkansas, Louisiana, New Mexico, Oklahoma and Texas are urged to get ready now for potential severe weather that could strike over the next few days in the form of possible severe thunderstorms, hail, strong winds, flash flooding, tornadoes and wildfires.

The Federal Emergency Management Agency’s (FEMA) Region 6 office continues to monitor the situation and stands ready to support state and local partners as needed and requested in any affected areas.

“We encourage people to keep listening to their local and state officials for updated instructions and information. The safety of people is the first priority,” said FEMA Region 6 Administrator Tony Robinson. “We encourage people to have an individual or family emergency plan in place, practice that plan and put together an emergency kit.”

If you have severe weather in your area, you will likely want to become familiar with the terms used to identify a severe weather hazard including:

  • Watch: Meteorologists are monitoring an area or region for the formation of a specific type of threat (e.g. flooding, severe thunderstorms, or tornadoes); and
  • Warning: Specific life and property threatening conditions are occurring and imminent. Take appropriate safety precautions.

More tools and resources are available online to help you prepare for, respond to and recover from any type of disaster. Visit www.Ready.gov or the Spanish language site www.Listo.gov.

https://www.fema.gov/news-release/2015/04/08/get-ready-now-potential-severe-weather-wildfires

Risk is part of nearly every aspect of business. The daily practices for nearly every employee involve some mitigation of certain risks to keep the business moving forward.

Within many enterprises, risk management involves a person or team of individuals who attempt to consider future scenarios and extract possible business risks from them in order to identify areas of liability and possibilities for improvement and success—this is especially important in the area of project management

In the latest edition of the book, “Risk Management: Concepts and Guidance,” author Carl Pritchard, a certified expert in the project management field, identifies systems that project management professionals (PMPs) can apply to manage risks within ongoing projects. Pritchard then explains how to use these systems in the daily work of project management in accordance with the most recent Project Management Body of Knowledge (PMBOK).

...

http://www.itbusinessedge.com/blogs/it-tools/why-risk-management-is-just-as-important-as-project-management.html

ERMS had a great quarter! With an increased demand we have been busy. Busy training new customers and helping them implement their new system. Just how busy? VERY! Our quarterly sales results were almost 50% above target.

Some of our newest customers include: Canadian Red Cross, Desjardin, Intact Insurance, Simon Fraser University, Worker’s Compensation Board of Manitoba (WCB), British Columbia Emergency Management (EMBC), the City of Cambridge, Canadian Federal Government (Shared Services), Independence Bank, Jewish General Hospital, and many more.

Why the increased demand? We believe it’s because more and more organization are starting to understand the value and benefits of emergency and crisis mass communication solutions. Our new, and existing customers, benefit in many ways when they implement an emergency mass notification system (EMNS). Some of those benefits include:

...

http://www.ermscorp.com/blog/10-benefits-of-emergency-mass-notification-systems

Your client calls in a panic. Something’s gone wrong with a server, and the Web store is down. You get there fast, run to the server and determine that it has suffered a hard drive failure. You collect your thoughts, think carefully about the procedure for restoring this piece of equipment quickly, but you draw a blank. The clock is ticking. Downtime is piling up, and your client’s face is reddening with anger because she’s not sure you know what you’re doing. You don’t tell her, but you’re not sure you know, either.

This is the last situation you want to find yourself in. As your client’s frustration mounts, her patience thins, her wallet empties, and her trust in you erodes. There’s only one thing that can stop this from happening, and it goes beyond having a backup and recovery plan. You need to make sure your plans work effectively, and you can only do this by testing them. Remember, you’re not just testing a backup, you’re testing your own ability to recover so you don’t end up testing your client’s patience.

In order to make backup and recovery testing effective, there are some questions you will want to ask yourself. The following should help you gather information you need to create a testing strategy that’s a regular part of your process. This way, when the time comes you’re not just “kind of sure” you can recover—you’re absolutely positive.

...

http://mspmentor.net/blog/five-questions-ask-yourself-about-backup-and-recovery-testing

For extended analysis of regional temperature and precipitation patterns,as well as extreme events, please see our full report that will be released on April 10th.


Significant U.S. Climate Events for March 2015
Significant climate events for March 2015

March was 12th warmest on record for the Contiguous United States

First quarter 2015: Record warmth in the West and cold in the Northeast, dire drought conditions in the West

The March contiguous U.S. average temperature was 45.4°F, 3.9°F above the 20th century average — the warmest March since 2012. Near-record warmth spanned the Great Plains to the West Coast and parts of the Southeast, while the Northeast was cooler than average. The March Lower 48 precipitation total was 2.08 inches, 0.43 inch below average, tying as the 19th driest March on record. Below-average precipitation was widespread across the northern tier states and the Southeast, with above-average precipitation in the Southern Plains and Ohio Valley.

This analysis of U.S. temperature and precipitation is based on data back to January 1895, resulting in 121 years of data.

March

Winter 2015 Statewide Temperature Ranks Map
Winter 2015 Statewide Precipitation Ranks Map
March 2015 Statewide Temperature (top)
and Precipitation (bottom) ranks
  • Fifteen states across the Southeast, Northern Plains, and West had a March temperature that was much above average, while five states in the Northeast had a March temperature that was much below average. No state was record warm or cold.
  • Below-average precipitation was observed along both the East and West Coasts, connected by drier-than-average states across the northern tier. Twelve states had a March precipitation total that was much below average. Above-average precipitation accumulated from the Southern Plains into the Ohio Valley; Arkansas and Texas were both much wetter than average. No state was record dry or wet.
  • According to the March 31st U.S. Drought Monitor report, 36.8 percent of the contiguous U.S. was in drought, up from 31.9 percent at the beginning of March. Drought conditions worsened across parts of the Central Rockies as well as the Central and Northern Plains and the Upper Midwest where spring drought could impact the upcoming growing season. Drought remained entrenched in the West, where mountain snowpack was record low for many locations in the Cascade and Sierra Nevada Mountains. Abnormally dry conditions developed in parts of the Southeast and Northeast. Drought improved in the Southern Plains and the Mid- to Lower-Mississippi River Valley.

U.S. climate highlights: Year-to-date (January-March)

January-March 2015 Statewide Temperature Ranks Map
January-March 2015 Statewide Precipitation Ranks Map
March 2015 Statewide Temperature (top)
and Precipitation (bottom) ranks
    • The year-to-date contiguous U.S. average temperature was 37.2°F, 2.0°F above the 20th century average, and the 24th warmest January-March on record. Record warmth engulfed much of the West, where seven states were record warm, and an additional five states, including Alaska, had temperatures that were much above average. California's year-to-date temperature of 53.0°F was 7.5°F above average and bested the previous record set just last year by 1.8°F.
    • Below-average January-March temperatures were observed across the South, the Midwest, and Northeast where 16 states had a much cooler-than-average January-March period. New York and Vermont were both record cold for the year-to-date. The New York year-to-date temperature was 16.9°F, 6.8°F below average, dropping below the previous record of 17.4°F set in 1912. The Vermont January-March temperature was 13.3°F, 6.4°F below average, tying the same period in 1923.
    • The year-to-date contiguous U.S. precipitation total was 5.66 inches, 1.30 inches below the 20th century average, and the seventh driest January-March on record. This was the driest first three months of a year since 1988. Below-average precipitation was observed across the West and much of the northern half of the nation. Twelve states had much below average precipitation during the first three months of 2015. South Dakota had its driest January-March on record with a precipitation total of 0.85 inch, 1.21 inches below average. Above-average precipitation was observed across the Southern Rockies and Plains.
    • The U.S. Climate Extremes Index (USCEI) for the year-to-date was nine percent above average and the 11th highest value on record. The warm West and cold East temperature pattern during January-March contributed to the much above average USCEI, with the components that measure both warm and cold daytime and nighttime temperatures being much above average. The USCEI is an index that tracks extremes (falling in the upper or lower 10 percent of the record) in temperature, precipitation, and drought across the contiguous U.S.

Note: NOAA's National Centers for Environmental Information (NCEI) is the merger of the National Climatic Data Center, National Geophysical Data Center, and National Oceanographic Data Center as approved in the Consolidated and Further Continuing Appropriations Act, 2015, Public Law 113-235. From the depths of the ocean to the surface of the sun and from million-year-old sediment records to near real-time satellite images, NCEI is the Nation's leading authority for environmental information and data. For more information go to http://www.ncdc.noaa.gov/news/coming-soon-national-centers-environmental-information

For extended analysis of regional temperature and precipitation patterns, as well as extreme events, please see our full report that will be released on April 10th.

http://www.ncdc.noaa.gov/sotc/summary-info/national/2015/3

(TNS) — Gov. Mary Fallin expressed disappointment on Monday that federal assistance was denied to help individuals and businesses in Tulsa and Cleveland counties that were hit by March tornadoes. On April 1, the governor asked for a major disaster declaration for the state based on damages by tornadoes, straight-line winds and flooding March 25-26 in Cleveland and Tulsa counties.

Tornadoes resulted in four deaths with 26 people suffering injuries that required treatment at area hospitals, according to a state press release.

Damage assessments estimated that 1,047 homes and businesses were damaged in the tornadoes, severe storms, straight-line winds and flooding that occurred March 25.

...

http://www.emergencymgmt.com/disaster/Moore-Okla-Infrastructure-Recovery-Plan-Tornadoes.html

While I mostly talk to company, agency or organization leaders about crisis communication and reputation management, sometimes the reputation in question belongs to an individual.  You don’t have to be a celebrity to have potential for reputation disaster.  Individuals whose name is attached to the business or profession they are in, in other words where their name is also a brand, are particularly susceptible. Search engines and the long memory of the internet make the problem so much greater. Yesterday’s newspaper is already in the garbage and yesterday’s TV report is already in the ether along with all past reports, but on the Internet they are retained presumably for ever, and always accessible at the touch of a Google button.

A recent conversation reminded me of how the Internet has changed reputation management and how it therefore changes the response. The really big question when dealing with media coverage of bad news about a brand (personal, corporate or otherwise) is whether or not to respond, and if so, how far and wide to push the response. The basic rule is: don’t make it worse. You can make it worse by bringing the bad reports to the attention of others who might otherwise have missed the 11 pm news. Maybe it will all just go away. Or, not.

...

http://ww2.crisisblogger.com/2015/04/the-three-basic-crisis-communication-strategies/

Thursday, 09 April 2015 00:00

A SaaS Ecosystem Overview for MSPs

When Datto acquired Backupify last year, we did so because we knew the technology landscape was shifting for MSPs. Data on-premise isn’t going away, but it isn’t the only place data exists. As more data is moved to the cloud, and to SaaS apps in particular, we realized that to build a Total Data Protection platform we needed expertise in SaaS data protection.  

As a result of the acquisition, Datto now has more than 2 million Google Apps end users protected, and is scheduled to launch an Microsoft Office 365 backup at our partner conference in June. Building these products required us to get deeply embedded in both the Microsoft and Google ecosystems. We now know both companies well, know their key partners, and know the technical road maps of both organizations. So for those MSPs who may be considering whether to invest time in one of these products, here is our view from the trenches about the things you should consider.

...

http://mspmentor.net/blog/saas-ecosystem-overview-msps

group of people and PrepareAthon logo

Are you and your family prepared to face a disaster? What about your neighborhood?  Do you know your neighbors’ emergency plan or how you can help each other during an emergency? April kicks-off America’s PrepareAthon!—a nationwide campaign to increase emergency preparedness and community resilience.  Throughout the month local, state, and federal groups will take the pledge to help improve their preparedness.  All of these activities will lead up to PrepareAthon’s national day of action on April 30, 2015.

So what can you do?

You don’t have to be an expert in emergency preparedness, or the leader of a large community group to take part in America’s PrepareAthon! Learn more about what you can do in your neighborhood or community to become more personally prepared and help build your community’s resilience.

In your Neighborhood.

group of youth with medical supplies practicing first aid.

Youth volunteers performing an emergency response exercise.

If you haven’t taken the time to talk to your neighbors about emergency preparedness, or even just met them, take the PrepareAthon! pledge and make a plan to include your neighbors in your emergency planning. Often the first people on scene after a disaster are not first responders (EMS, police, firefighter, etc.), but rather the people who are closest to where the emergency took place. When a disaster occurs in your community you will most likely have to rely on those around you, especially if the scale of the disaster makes it hard for first responder to get to the scene.

Do not wait for a disaster to occur to meet your neighbors or learn about your community’s preparedness plans. Reach out to people in your  neighborhood and discuss their emergency plans. If you have any medical or physical needs, such as limited mobility or dependence on medication or medical devices, talk to your neighbors about the assistance you may need in a disaster. Likewise, find out about the unique needs of those who live around you. Reach out to elderly neighbors and offer your assistance from shoveling snow to checking on them during a heat wave. No matter what the disaster or emergency, forming relationships with those around you can help improve resilience after a disaster occurs.

In your Community.

Beyond your neighborhood, getting involved in community preparedness groups and emergency response exercises can help improve your own personal preparedness and also your community’s ability to respond to emergencies and natural disasters. Strong community resilience requires people to come together and participate in planning and training before a disaster occurs. A good place to start when looking to become more involved in your community’s preparedness is with groups focused on emergency preparedness, such as your local Community Emergency Response Team (CERT), Medical Reserve Corps, or American Red Cross chapter. You may also consider getting a community group you are already involved in talking about emergency preparedness. Faith-based organizations, schools, or even your workplace are good places to start a conversation about emergency preparedness.

Take the Pledge.

Whether it is meeting your neighbors, joining a local emergency preparedness group, or starting an emergency preparedness initiative within one of your community organizations, make sure to register your efforts with America’s PrepareAthon! Help move your individual community and our entire nation closer to being prepared for any emergency or disaster that comes our way.

http://blogs.cdc.gov/publichealthmatters/2015/04/take-the-pledge-to-improve-your-communitys-preparedness/

Planning Meetings: The Risk Management Plan

This new edition of "Risk Management: Concepts and Guidance" supplies a look at risk in light of current information, yet remains grounded in the history of risk practice. Taking a holistic approach, it examines risk as a blend of environmental, programmatic, and situational concerns. Supplying comprehensive coverage of risk management tools, practices, and protocols, the book presents powerful techniques that can enhance organizational risk identification, assessment, and management—all within the project and program environments.

Updated to reflect the Project Management Institute’s "A Guide to the Project Management Body of Knowledge (PMBOK® Guide), Fifth Edition," this edition is an ideal resource for those seeking Project Management Professional and Risk Management Professional certification.

...

http://www.itbusinessedge.com/itdownloads/it-project-management/risk-management-concepts-and-guidance-fifth-edition.html

(TNS) -- A downed power transmission line in southern Maryland caused a momentary loss of power that led to "widespread outages" in the nation's capital Tuesday afternoon, according to officials.

Previously, District of Columbia emergency management officials had said a reported explosion at a southern Maryland power plant may have been the cause.

A large number of outages were reported throughout the district about 1 p.m., including at the White House, Capitol and State Department headquarters.

According to Sean Kelly, a spokesman for Potomac Electric Power Co., just before 1 p.m., there was a momentary dip in voltage caused by a downed transmission line at a substation in southern Maryland, which is connected to a power plant there.

...

http://www.emergencymgmt.com/safety/White-House-Washington-Lose-Power.html

With the expansion of large multinational corporations into developing countries such as Russia, Brazil, India, Mexico and China, a proliferation of global regulatory enforcement actions, including anti-bribery and anti-corruption, has risen. Recently, HP Russia paid more than $108 million in fines for Foreign Corrupt Practices Act (FCPA) violations that occurred when its subsidiaries in three different countries, Russia, Poland and Mexico, made improper payments to government officials to obtain or retain lucrative public contracts.

Executives, including general counsel, compliance and risk officers, are smart to plan in advance for potential regulatory investigations. The disclosure, or production, of information that might be relevant to the allegations from the requesting regulatory bodies–part of the electronic discovery in the legal realm–is complex, costly and time-consuming in today’s world of information. It involves the identification, acquisition and review of information and communications from a myriad of sources, including day-to-day operations, financials, communications with foreign and government officials, employees and third party representatives, system data reporting, travel and entertainment expenditures, payment data, chat messaging, social media posts, and the like. All of this information is subject to scrutiny by legal counsel and the requesting regulatory body to determine whether there was any wrongdoing.

When some information is in one or more foreign languages, the document review process can become significantly more unwieldy and inefficient. Understanding and implementing best practices is critical for making the process easier.

...

http://www.corporatecomplianceinsights.com/assuring-regulatory-compliance-doesnt-get-lost-in-translation/

The International Organization of Securities Commissions (IOSCO) has published two consultation reports aimed at further enhancing the ability of financial markets and intermediaries to manage risks, withstand catastrophic events, and swiftly resume their services in the event of disruption.

The consultation report ‘Mechanisms for Trading Venues to Effectively Manage Electronic Trading Risks and Plans for Business Continuity’ provides a comprehensive overview of the steps trading venues need to take to manage the risks associated with electronic trading and the ways they plan for and manage disruptions through business continuity plans. As technology continues to evolve, trading venues will need to continuously adapt to these changes.

The report provides recommendations to help regulators ensure that trading venues are able to manage effectively a broad range of evolving risks. It also proposes sound practices that should be considered by trading venues when developing and implementing risk mitigation mechanisms and business continuity plans aimed at safeguarding the integrity, resiliency and reliability of their critical systems.

IOSCO´s second consultation report, ‘Market Intermediary Business Continuity and Recovery Planning’, proposes standards and sound practices that regulators could consider as part of their oversight of the business continuity and recovery planning by market intermediaries. These sound practices may also prove useful to intermediaries who are developing and implementing business continuity plans.

The two consultation reports draw on the results of surveys of IOSCO members and stakeholders, and feedback from roundtables organized with industry participants.

A key objective of the reports is to address possible weaknesses or gaps in the business continuity plans and recovery strategies of trading venues and market intermediaries.

Comments should be submitted on or before Saturday 6th June 2015.

Read the documents:

www.iosco.org

Venafi has published new research reevaluating the risk of attacks that exploit incomplete Heartbleed remediation in Global 2000 organizations.

Using Venafi TrustNet, a cloud-based certificate reputation service designed to protect enterprises from the growing threat of attacks that misuse cryptographic keys and digital certificates, Venafi Labs found that 84 percent of Forbes Global 2000 organizations’ external servers remain vulnerable to cyber attacks due to Heartbleed. This leaves these organizations open to reputational damage and widespread intellectual property loss.

When the Heartbleed vulnerability was discovered in April 2014, many organizations scrambled to patch the bug, but failed to take all of the necessary steps to fully remediate their servers and networks. But despite significant guidance from Gartner and other industry experts, the majority have failed to take the necessary steps to fully remediate their servers and networks.

“A year after Heartbleed revealed massive vulnerabilities in the foundation for global trust online, a major alarm needs to be sounded for this huge percentage of the world’s largest and most valuable businesses who are still exposed to attacks,” said Jeff Hudson, CEO, Venafi. “Given the danger that these vulnerabilities pose to their business, remediating risks and securing and protecting keys and certificates needs to be a top priority not only for the IT team alone, but for the CEO, BOD, and CISO.”

Download the Venafi Heartbleed +1 Year Analysis (PDF) at:
https://www.venafi.com/HeartsBleed/

Wednesday, 08 April 2015 00:00

Containers Poised to Remake the Enterprise

Like virtualization, it seems that containers are going to work their way into the enterprise by stealth – that is, whether the people in charge of technology and infrastructure want them or not.

Part of this is due to the advent of the cloud. The more the enterprise offloads data and applications to third-party infrastructure, the less it has to say about the make-up and configuration of that infrastructure. But part is due to the fact that, like virtualization, containers are making their way into leading data platforms where they will exert their influence through standard upgrade and refresh cycles.

A case in point is container management firm CoreOS’s decision to integrate Google’s Kubernetes cluster management system into its new Tectonic platform. According to ZDnet’s Steven J. Vaughn-Nichols, this will enable the enterprise to manage Linux containers within their data centers in scale-out cloud fashion and by extension foster compatibility with existing Google applications that are almost universally housed on containers managed by Kubernetes. As the enterprise gravitates toward private clouds, particularly Linux-based clouds, an integrated container stack will be crucial for the delivery of applications and microservices to a diverse workforce. Other Linux developers such as Mirantis and Mesosphere are also working to integrate Kubernetes into the platforms.

...

http://www.itbusinessedge.com/blogs/infrastructure/containers-poised-to-remake-the-enterprise.html

Risk professionals aren’t prepared for the age of the customer. Empowered consumers and changing market dynamics are upending longstanding business models and lines of operation, but risk professionals largely stand pat, and continue to neglect risks related to their organizations’ most critical asset – company reputation. Yesterday we published a report on "Brand Resilience" that will hopefully help you change that legacy risk mentality.

...

http://blogs.forrester.com/nick_hayes/15-04-07-brand_resilience_risk_pros_key_role_in_protecting_company_reputation

(TNS) — The National Oceanic and Atmospheric Administration is testing a new feature that lets people get a look at what kind of damage and storm surges are possible, and using Charleston, S.C., for the preliminary model.

The Experimental Storm Surge Simulator shows a street-level view of where water could rise in a storm surge.

"Surveys of the public show there is still a consistent misunderstanding of what the storm surge is, and how deadly it can be," reads the introduction to the app. "In part this is due to the challenge scientists encounter in trying to simplify the complex physics of hurricanes for the public, and in part this is due to poor misunderstanding of flood zone maps that represent the flooding scenario as it might be viewed from above."

...

http://www.emergencymgmt.com/disaster/New-Interactive-Storm-Surge-Map-Potential-Flood-Risks.html

(TNS) — Haunted by the public health community's failure to prevent or contain Ebola, a top Houston expert is spearheading a government-sponsored effort to prepare North Africa and the Middle East so that the region doesn't spawn the next infectious disease epidemic.

Dr. Peter Hotez, named a U.S. science envoy in December, fears the next virulent outbreak of a neglected tropical disease or emerging infection could strike ISIS-occupied territories in Syria, Iraq, Yemen or Libya, all of which fit the historical mold for such a disaster. He is working to identify institutions in the region that could send scientists to train in Houston, then ramp up back at home to produce vaccines in time to prevent an epidemic.

"We can't wait for catastrophic epidemics to happen and only then start making vaccines," said Hotez, an infectious disease specialist at Baylor College of Medicine and Texas Children's Hospital. "We need to start anticipating the next threat."

...

http://www.emergencymgmt.com/health/Scientist-Plan-Prevent-Next-Disease-Outbreak.html

(TNS) — So many earthquakes rumble through south-central Kansas these days that the Harper County Herald charts them in each week’s edition the way some papers run baseball box scores.

They run on page 12. Right next to the oil and gas industry news as a not-so-subtle reminder that there’s a likely connection between the quakes and an upswing in drilling operations.

“For a while there, every day, several times a day it was shaking,” said Herald editor-in-chief Kate Catlin.

...

http://www.emergencymgmt.com/disaster/Have-New-Fracking-Rules-Reduced-Kansas-Earthquakes.html

While many companies would like to adopt cloud services, many still resist over concerns about data security. Here's how managed service providers (MSPs) can overcome the two main objections to cloud computing and cloud-based file sharing in 2015.

As a recent article from CloudWedge says, “The most cited barrier to entry for cloud into the enterprise continues to be the security concerns involved with an infrastructure overhaul.” The problem with that lingering concern is that the enduring lack of education is hindering the market for MSPs. Yet, this knowledge also presents an opportunity.

What these hesitant or resistant organizations really fear is the unknown. And, what they don’t know is what adopting the cloud will mean for their most valuable, most highly-protected data.

...

http://mspmentor.net/infocenter-cloud-based-file-sharing/040715/two-biggest-cloud-security-concerns-2015

Concepts and fashions in business come and go. And sometimes they come back again with a new look or a different name. The origin of the DevOps name is simple to guess. It’s a combination of development and operations. The advantages cited of using a DevOps approach include a lower failure rate of software releases, a faster time to fix, and a faster time to recover if a new release crashes your server. DevOps is currently a buzzword in IT circles, but despite an inception date of 2008, just how new is it?

...

http://www.opscentre.com.au/blog/devops-and-the-swing-of-the-business-continuity-pendulum/

The data experts are still sounding the warning bell about data lakes, prognosticating a list of problems that data lakes will cause you.

Meanwhile, word on the street is that enterprises are building data lakes anyway, because everyone else thinks it’s a great idea. This means that many enterprises are now stuck looking for ways out of the prognosticated problems.

It’s going to get interesting for the rest of us—and possibly very expensive for some.

Gartner Director of Public Relations Christy Pettey revisited the problems of data lakes, drawing on Research Director Nick Heudecker’s presentation at the Business Intelligence & Analytics Summit. Pettey’s article identifies the three main problem areas with data lakes:

...

http://www.itbusinessedge.com/blogs/integration/still-up-for-debate-problems-and-benefits-of-enterprise-data-lakes.html

If your system has been hacked, what would your first reaction be?

Speaking for myself, I think I would want to know who did it and figure out how it was done. That’s my personality, to learn the who, what, and why of a situation first, and then focus on the damage control. I suspect that this is human nature for a lot of people, too.

On the other hand, when I asked that question to a security professional during an informal conversation, his response was this: Find out what information was hacked and determine whether the FBI needs to be involved immediately. You have to figure the data had already been compromised, he said, so you’ve got to work on minimizing the damage.

According to Edward J. McAndrew, assistant United States attorney and cybercrime coordinator with the U.S. Attorney’s Office in the District of Delaware, and Anthony DiBello, director of strategic partnerships for Guidance Software, the security professional I spoke with is on the right track. When a hack happens, it is important to resist human nature regarding the hacker (at least immediately). Instead, you want to focus on mitigating damage and data loss and providing information to law enforcement so the cops can identify and take action against the bad guys.

...

http://www.itbusinessedge.com/blogs/data-security/first-step-after-youve-been-hacked-call-the-feds.html

The cloud has given business units within the enterprise a chance to do an end-run around IT when they need quick resources to complete a given task.

The CIO is rightly concerned about this, given the security and governance issues that such free-wheeling activity promotes. But in the front office, the end results of greater productivity and lower costs are hard to resist, particularly once the appropriate agreements are struck with cloud providers that enable broad protection and availability measures for data placed on third-party infrastructure.

It stands to reason, then, that many providers are positioning their services away from the technical elements of the enterprise and more toward the people who actually stand to benefit – the line-of-business managers who are under increasing pressure to get the job done no matter what. This is why we are seeing the rise of cloud services tailored toward key functions, such as marketing, as opposed to generic server and storage resources.

...

http://www.itbusinessedge.com/blogs/infrastructure/reorganizing-the-business-a-cloud-for-every-purpose.html

The role of the IT manager ain’t what it used to be. There was a time when responsibilities primarily included building a software stack, managing the company’s infrastructure, and operating company-owned equipment. With the rapid adoption of cloud technology, including cloud-based file sharing, those roles and responsibilities have changed dramatically – and it’s critical for MSPs to understand this shift.

IT managers now fill more of a relationship manager role and are ideally viewed as partners by business leaders and department heads. MSPs looking to provide cloud services to clients need to understand this shift in roles in order to work – and be successful with – the new IT department.

Russ Banham from Forbes recently outlined some of the things IT pros are doing now instead of managing infrastructure. Here are a few things IT managers are doing now that MSPs should be prepared for:

...

http://mspmentor.net/infocenter-cloud-based-file-sharing/040615/msps-what-you-need-know-about-new-look-it-department

World Backup Day 2015 gave managed services providers (MSPs) a great opportunity to educate their customers about the importance of backing up personal data.

And even though this year's event has come and gone, MSPs don't have to wait until 2016 to teach customers about the value of data protection.

For example, a new survey from data backup and disaster recovery (BDR) solutions provider Kroll Ontrack revealed 61 percent of data recovery customers had a backup solution in place at the time of data loss.

...

http://mspmentor.net/backup-and-disaster-recovery/040615/mspbanter-how-can-msps-help-their-customers-avoid-data-loss

(TNS) — Critics call it “sharpening the pencil.”

Since the Diablo Canyon nuclear power plant opened on a rocky stretch of California coast in 1985, researchers have discovered three nearby fault lines capable of stronger quakes than the one that struck Napa last year.

And yet the plant’s owner, Pacific Gas and Electric Co., insists that Diablo isn’t in greater danger than previously thought. If anything, it’s in less.

PG&E has, at several times in Diablo’s complicated history, changed the way the company assesses the amount of shaking nearby faults can produce, as well as the plant’s ability to survive big quakes.

...

http://www.emergencymgmt.com/disaster/PGE-Minimizes-Quake-Risks-Nuclear-Plant-Critics-Say.html

Monday, 06 April 2015 00:00

The Risky Side of Unmanaged Spreadsheets

For years enterprises have attempted to move away from spreadsheets in favor of enterprise resource planning (ERP) systems, accounting systems and various other software systems and applications. Yet, no matter how hard organizations try, it seems spreadsheets will not go away.

Besides being easy to use and accessible, people are comfortable working with spreadsheets. When they have a job to do, spreadsheets are there—not waiting for IT. Yet when left unmanaged, the risks associated with spreadsheets can prove costly, resulting in bad business decisions, regulatory penalties, and even lawsuits. In some instances, unmanaged spreadsheets are costing organizations millions of dollars.

For example, last October a spreadsheet mistake cost Tibco shareholders $100 million during a sale to Vista Equity Partners. Goldman, Tibco’s adviser, used a spreadsheet that overstated the company’s share count in the deal. This error led to a miscalculation of Tibco’s equity value, a $100 million savings for Vista and a slightly lower payment to Tibco’s shareholders.

...

http://www.riskmanagementmonitor.com/the-risky-side-of-unmanaged-spreadsheets/

Monday, 06 April 2015 00:00

Being Better at Resilient Thinking

Last week we began the first workshop in our MSc Organisational Resilience from the module that has a specific focus on Security Management.  We covered the usual discussions about crime theory and motivational influence before going on to discuss the scope and parameters of security.  So far so routine: vanilla security management ideas.  Then we began to move onto the more interesting and challenging elements of the workshop, where the contextualised approach was developed.  Where does security management ‘fit’ with other resilience disciplines; and what does the critically evaluative approach that we undertake at postgrad level reveal about security’s true profile and organisational relevance?

It is context that is important and that is something that we can develop and analyse extremely well. How?  Because our students and tutors are multi-disciplinary.  If you undertake a security management course and staff it with criminologists; and all of your students are from a security, military or law enforcement background; you get bias.  Bias is not something that we are too fond of as it tends to skew research and its outcomes.  So with, for example, business continuity and emergency and crisis management specialists within our group, we have the opportunity to challenge the rigidity of thought that some see as the underlying trait of many security people.  We have covered the theories of crime and we will not cover the processes of security (and its multiple sub activities) in any more detail from now on.  However, we will look at the development of ideas, thoughts and research into security management in the organisation and its resilience; dismantling the behaviours and attitudinal approaches that restrict organisational capability from much wider viewpoints.

...

https://buckssecurity.wordpress.com/2015/04/05/being-better-at-resilient-thinking/

Monday, 06 April 2015 00:00

The Digital Juggernaut We Call the Cloud

Everyone knew the cloud was going to be big when the term first appeared in tech circles five or so years ago. But the speed at which it is taking over data infrastructure and the enthusiasm it has generated in the enterprise are surprising nonetheless.

As a rule, the enterprise does not alter the fundamentals of its data infrastructure lightly – even the transition from one core switch or centralized server or storage platform to another is a study in careful planning, particularly when a change in product lines or vendors is on the table. So when word came down that organizations could remove virtual architectures to entirely new resource sets that are not even controlled by the enterprise, there was every reason to think that maybe this would happen, someday.

But someday seems to be approaching at lightning speed if the latest research is to be believed. Goldman Sachs recently projected that spending on cloud computing and infrastructure will jump from today’s $16 billion – which is already a three-fold increase from the beginning of the decade – to more than $43 billion by 2018. And according to CenturyLink, 2020 will unfold with upwards of 70 percent of IT infrastructure residing in the cloud, nearly the opposite of what it is today. And reports coming in from the field indicate that most organizations expect to see improved service in the cloud compared to legacy infrastructure, as well as lower costs.

...

http://www.itbusinessedge.com/blogs/infrastructure/the-digital-juggernaut-we-call-the-cloud.html

Monday, 06 April 2015 00:00

Terrorism Risk and Economic Stability

The April 2013 Boston bombing may have marked the first successful terrorist attack on U.S. soil since the September 11, 2001 tragedy, but terrorism on a global scale is increasing.

Yesterday’s attack by the Al-Shabaab terror group at a university in Kenya and a recent attack by gunmen targeting foreign tourists at the Bardo museum in Tunisia point to the persistent nature of the terrorist threat.

Groups connected with Al Qaeda and the Islamic State committed close to 200 attacks per year between 2007 and 2010, a number that grew by more than 200 percent, to about 600 attacks in 2013, according to the Global Terrorism Database at the University of Maryland.

...

http://www.iii.org/insuranceindustryblog/?p=4011

New survey results suggest some communities are much better prepared for emergencies than others.

The Census Bureau and U.S. Department of Housing and Urban Development released data this week showing the extent to which Americans in different parts of the country have taken measures to prepare for natural disasters or other emergencies. Disaster preparedness questions were a new addition to the 2013 American Housing Survey, intended to assist policymakers and emergency responders with planning.

Nationwide, just over half of households had prepared an emergency evacuation kit. Only a third had communication plans in place, while 37 percent had established emergency meeting locations.

...

http://www.emergencymgmt.com/disaster/How-Prepared-Is-Your-Community-Emergency.html

Recently, President Obama issued an executive order to address cyberspying and other maliciously intended cyber activities conducted by hackers and spies in foreign countries. The order will assess penalties for overseas cyberspying and those that knowingly benefit from the act. In an email message to me, Greg Foss, senior security researcher with LogRhythm, called it an “interesting move,” adding:

This is primarily because attribution within the information security space is not nearly as easy as it sounds. It is trivial for hackers to pivot through other countries and misplace blame in order to create the illusion that an attack originated from a specific location. Malware can and will be created that contains false data, to shift culpability.

...

http://www.itbusinessedge.com/blogs/data-security/dealing-with-cybercriminals-should-it-be-the-government-or-it-security-pros.html

(TNS) — After nearly seven years without a large hurricane threatening the entire Gulf Coast from Texas to Florida, emergency planners say they're having a difficult time getting residents to prepare for the upcoming season.

"It's human nature," said Rick Knabb, director of the National Hurricane Center. When hurricanes don't happen, people forget about them.

This week the country's leading emergency managers and hurricane officials are meeting in Austin at the annual National Hurricane Conference, and this year the buzz has been about the recent lull in Gulf of Mexico activity and how that has made preparations for the season, which begins June 1, more difficult.

...

http://www.emergencymgmt.com/disaster/Hurricane-Experts-Worry-Complacency-Ahead-Season.html

If the title of this post makes you go cross-eyed, don’t worry. All will become clear. Let’s explain. Active/active IT configurations consist of computer servers that are connected in a network and that share a common database. The ‘active/active’ part refers to the capability to handle server failure. First, if one server fails, it does not affect the other servers. Second, users on a server that fails are then rapidly switched to another server that works. The database that the servers use is also replicated so that there is always one copy available. Now for the other two acronyms: HA stands for high availability; DR (of course) for disaster recovery. It is DR that is more affected in this case.

...

http://www.opscentre.com.au/blog/activeactive-it-configurations-and-how-ha-and-dr-work-together/

There are many products and services on the market today designed to help notify the right people with (hopefully) the right messages in the event of disruption of day-to-day operations.

ProACT

Yet we in Business Continuity (and Emergency Management, Crisis Management and ITDR) spend little time, money or effort streamlining how we receive intelligence about events that could potentially disrupt our businesses.  Why all the emphasis on outgoing information yet so little on incoming intelligence?

We already know what kind of intelligence we should be anticipating.  After all, successful Business Continuity Management and Risk Management uncover knowledge of events that may negatively impact day-to-day operations.   And there are many readily available sources which can alert us to those potential, impending or current events for both personal and business use.

...

http://www.ebrp.net/how-can-we-harness-situational-intelligence/

During the first quarter of 2015 Continuity Central conducted an online survey asking business continuity professionals about their expectations for the rest of 2015.

239 responses were received, with the majority (82.8 percent) being from large organizations (companies with more than 250 employees). The highest percentage of respondents were from the United States (35.6 percent), followed by the UK (24.7 percent). Significant numbers of responses were also received from Australia and New Zealand (6.7 percent), Canada (5.9 percent) and India (4 percent).

...

http://www.continuitycentral.com/feature1300.html

BSI has published a white paper that explores the role of metrics in the ISO 22301 business continuity standard and aims to help people understand the standard’s BCM measurement requirements.

The executive summary of the 'Measurement matters: the role of metrics in ISO 22301' white paper states that ISO 22301 recognizes the importance of having accurate performance information, laying down requirements for ‘monitoring, measurement, analysis and evaluation’. However, the emphasis on monitoring performance, measurement and metrics in ISO 22301 has caused confusion in some organizations. This whitepaper clarifies the requirements around measurement in ISO 22301. In addition three BSI clients describe how they have approached these requirements.

Read the white paper (PDF).

On this day we celebrate the greatest upset in the history of the NCAA Basketball Tournament, when Villanova beat Georgetown for the 1985 national championship. Georgetown was the defending national champion and had beaten Villanova at each of their regular season meetings. In the final the Wildcats shot an amazing 79% from the field, hitting 22 of 28 shots plus 22 of 27 free throws. Wildcats forward Dwayne McCain, the leading scorer, had 17 points and 3 assists. The Wildcats’ 6’ 9” center Ed Pinckney outscored 7’ Hoyas’ center, Patrick Ewing, 16 points to 14 and 6 rebounds to 5 and was named MVP of the Final Four. It was one of the greatest basketball games I have ever seen and certainly one for the ages.

I thought about this game when I read an article in the most recent issue of Supply Chain Management Review by Jennifer Blackhurst, Pam Manhart and Emily Kohnke, entitled “The Five Key Components for SUPPLY CHAIN”. In their article the authors asked “what does it take to create meaningful innovation across supply chain partners?” Their findings were “Our researchers identify five components that are common to the most successful supply chain innovation partnerships.” The reason innovation in the Supply Chain is so important is that it is an area where companies cannot only affect costs but can move to gain a competitive advantage. To do so companies need to see their Supply Chain third parties as partners and not simply as entities to be squeezed for costs savings. By doing so, companies can use the Supply Chain in “not only new product development but also [in] process improvements”.

...

https://tfoxlaw.wordpress.com/2015/04/01/supply-chain-as-a-source-of-compliance-innovation/

Confusion surrounds the topic of how to bring some sense of order to Big Data. Depending on the day, the discussion might come down to data quality, data governance or master data management.

Here’s a hint: One of these is much less necessary than the others. You should always understand the quality of your data — big or otherwise. And it’s just basic legal smarts to create governance rules about data lest you fall afoul of regulatory compliance.

But when it comes to master data management and Big Data, you may be better off leaving each to its own. If you’re not clear on why, I recommend this post by veteran integration technologist Kumar Gauraw, who takes you through his thought process on why MDM and Hadoop don’t match.

...

http://www.itbusinessedge.com/blogs/integration/the-pros-and-cons-of-combining-master-data-management-with-big-data.html

As I’ve mentioned often in the past, the enterprise is not transitioning to the cloud, but many clouds. And with the advanced automation systems hitting the channel, it will soon be a relatively simple matter to deploy workloads to the appropriate cloud with little or no oversight from users or IT managers.

But how do you determine which cloud is the right cloud? And how exactly will all these clouds work together to produce at least the semblance of an integrated data environment?

According to EMC’s Peter Cutts, the either/or debate surrounding public and private clouds is over. Enterprises that have chosen both, in fact, are likely to see significant advantages over those who restrict themselves to pure-play infrastructure. The public cloud’s scalability cannot be denied, of course, but neither can the security, governance and performance of private infrastructure. In a hybrid scenario, the enterprise has the ultimate in flexibility when it comes to compiling the optimal resources for the business objective at hand.

...

http://www.itbusinessedge.com/blogs/infrastructure/turning-the-cloud-into-your-cloud.html

Businesses are more dependent on their supply chains than ever, with supply chain disruption one of the leading causes of business instability. To thrive, companies need to be resilient, and part of that is their location and the location of suppliers. According to FM Global’s 2015 FM Global Resilience Index, Norway tops the list of resilient countries, with Switzerland in second place.

The study’s purpose is to help companies evaluate and manage their supply chain risk by ranking 130 countries and regions in terms of their business resilience to supply chain disruption. Data is based on: economic strength, risk quality (mostly related to natural hazard exposure and risk management) and supply chain factors (including corruption, infrastructure and local supplier quality).

...

http://www.riskmanagementmonitor.com/study-lists-most-and-least-resilient-countries/

undefined

Business continuity is not just for businesses – public sector organizations and third sector organizations are perhaps just as likely to be affected by a disruptive event as any private sector organization. So are non-profits doing enough to protect the way they operate?

Business continuity challenges within the non-profit sector’ is the subject of the latest edition of the Business Continuity Institute's Working Paper Series. In this edition, Rina Bhakta CBCI discusses how there is a lack of shared knowledge on the way business continuity works in the non-profit sector. She argues that while there are various standards and benchmarking from other industries, it can be difficult to relate it to non-profits because a lot of it is not applicable.

Rina notes that the main challenge is that any programme adopted is usually based on best practice. Although the Charity Commission in the United Kingdom outlines the requirements of risk management, the section on business continuity is limited. It then becomes difficult in influencing appropriate buy-in and commitment when such aspects are not enforced by regulation.

In 'business continuity challenges within the non-profit sector', Rina talks through the six stages of the business continuity management lifecycle and provides case studies to highlight how each stage would apply to a non-profit organization. To read the full document, click here.

There isn’t a week that goes by without some headline news on a data security issue. Whether it’s data theft, operating system and browser vulnerabilities, or malware threats, today’s small to midsize businesses face dangers from every corner. Unfortunately, most SMBs don’t understand the impact these threats can have until it’s too late. Many also don’t realize it takes more than a simple anti-virus solution to get the job done. Yet SMBs don’t have the time or the expertise to install and manage the level of security software that is necessary to protect against modern security threats. How can managed service providers help?

The SMB market is highly dependent on managed service providers (MSPs) to deliver managed security services to protect corporate assets. It’s an opportunity that’s there for the taking, but to be successful MSPs need to take a multipronged approach--one that encompasses vulnerability assessment, Windows and third-party patch management, anti-malware, content control and filtering. Endpoint security, along with policy management and enforcement, is also an important part of the mix for maximizing SMB protection.

...

http://mspmentor.net/blog/building-business-case-security-service

Tuesday, 31 March 2015 00:00

Why security need not stifle agility

Many CIOs are struggling to realise the full benefits of their increasingly virtualized IT estates, largely due to the strains of staying secure. But Reuven Harrison says it doesn’t have to be this way...

Over the past decade, businesses have been virtualizing ever more of their IT architecture. At first, CIOs were primarily attracted by the huge efficiency improvements and reduced need for capital expenditure. But as cloud computing has evolved and matured, firms are increasingly eying the main prize: the potential to attain unparalleled levels of business agility.

Being able to deploy resources such as servers, storage and connectivity on demand, and scale them up (and down) at will, has resulted in IT departments shifting more and more systems and applications over to private and (to a lesser extent) public clouds. And as firms move inexorably towards a fully software-defined environment – where systems are not only virtualized, but every part of them can be managed, monitored, configured, optimised and secured centrally and automatically – virtual nirvana seems tantalisingly close.

...

http://www.continuitycentral.com/feature1299.html

With the growing reliance on digital business processes in most companies today, the IT department has more responsibility than ever. But, according to new research, businesses are disrupted within the first few minutes of an IT outage and poor communications management means finding the right person to investigate the issue can take as long as, or longer than resolving it.

Forty-five percent of IT professionals reported that their business is impacted if IT is down just 15 minutes or less, and 17 percent said disruption occurs the instant an IT outage develops, according to research by Dimensional Research for a new report, the ‘Business Impact of IT Incident Communications: A Global Survey of IT Professionals.’ The report was commissioned by xMatters, inc.

...

http://www.continuitycentral.com/news07582.html

As the old adage goes, “Time is money,” and in the interest of saving money, we must not waste time. This is especially true when it comes to disaster preparedness and recovery—an area where many companies continue to fall short, as evidenced by the Disaster Recovery Preparedness Council’s 2014 Disaster Preparedness Benchmark Survey.

As part of the study--which surveyed companies of all sizes, from a broad range of industries across the globe--the Disaster Recovery Preparedness Council found that three out of four companies worldwide are at risk for failing to adequately prepare for disaster. Furthermore, the council found that incidents and costs of outages associated with disaster remain a major challenge for many organizations.

...

http://mspmentor.net/blog/value-time-business-continuity-and-disaster-recovery

Tuesday, 31 March 2015 00:00

Elite Eight Flash Data Storage Tips

The NCAA basketball tournament takes hundreds of good college teams from around the country and boils them down to 64  qualifiers, a round of 32, a Sweet Sixteen, an Elite Eight, Final Four and then two finalists who fight it out for the glory.

Similarly, we have whittled down the many flash storage tips from a multitude of sources into a handful. A couple of weeks back, we provided some tips focused on how to maximize flash performance. But so hot is the flash arena that we are now following it up with an Elite Eight among flash storage tips, these ones focused on product selection.

...

http://www.enterprisestorageforum.com/storage-hardware/elite-eight-flash-data-storage-tips.html

Amid all the time, attention and money devoted to upgrading and improving enterprise infrastructure, we should keep in mind that it is still just a means to an end. While the specifics may vary, that end is generally considered to be improved productivity, streamlined infrastructure and a more vibrant, dynamic user experience.

But none of this is going to happen without a complete renovation of data center infrastructure and, by extension, the mindset that governs not only design and architecture but human interaction with the digital ecosystem.

To Hiroshige Sugihara, president and CEO of Oracle Japan, this can be summed up in a single word, which unfortunately defies English translation. But generally speaking, it refers to the rejection of conceptual categorization that often prevents us from seeing the big picture – kind of like failing to see the forest through the trees. In the enterprise, this often leads to the one-to-one thinking that lumps together applications and hardware and ultimately produces the silo-based infrastructure that hampers interactivity and innovation. In the new century, the enterprise will need to base strategies on results, rather than what resources must be brought to bear on particular data sets.

...

http://www.itbusinessedge.com/blogs/infrastructure/rethinking-the-enterprise-in-the-new-digital-age.html

Wi-Fi has serious security issues. As my colleague Carl Weinschenk wrote last year in a blog post discussing the vulnerability problems of Wi-Fi, particularly in the age of BYOD and working from anywhere, “… the world outside the firewall simply isn’t as secure as the world within.”

If we needed a reminder about the insecure world outside of the firewall, we got it last week with the news of a vulnerability discovered in hotel Wi-Fi. The flaw was discovered in ANTLabs InnGate devices, which provide in-room access for hotel guests, as well as the type of temporary Wi-Fi connections used in other public places such as convention centers. As explained by Wired:

The vulnerability, which was discovered by the security firm Cylance, gives attackers direct access to the root file system of the ANTlabs devices and would allow them to copy configuration and other files from the devices’ file system or, more significantly, write any other file to them, including ones that could be used to infect the computers of Wi-Fi users.

...

http://www.itbusinessedge.com/blogs/data-security/hotel-wi-fi-vulnerability-a-reminder-about-security-risks-on-the-road.html

Tuesday, 31 March 2015 00:00

The Rising Cost of 911 Emergency Service

(TNS) — It's one of the few things that just about everyone seems to agree government should be doing.

But there's less consensus when it comes to figuring out how to pay the bill for making sure a call to 911 results in emergency responders rushing to help.

Pennsylvania's decades-old system for funding emergency call centers — a fee on monthly phone bills — hasn't been generating enough money to keep up with operating costs. And that's left local tax dollars plugging the gap.

This year, Berks County expects to put $2.53 million in county taxes and $2.97 million in fees it collects from municipal governments toward 911 center operations.

"This has become an enormous issue," said Christian Y. Leinbach, Berks County commissioners chairman.

...

http://www.emergencymgmt.com/next-gen-911/Rising-Cost-911-Emergency-Service.html

You’d think master data management would be an easy sell in a world where everyone wants an accurate “360-degree” view of the customer. And certainly, that’s a leading driver of adoption.

Yet it’s not always enough to make a winning business case, according to a recent Computing survey of IT decision makers.

The UK tech site interviewed 150 IT decision makers about MDM. The survey found that 38 percent were either currently scoping a project or implementing a project, while another 29 percent had already implemented MDM successfully.

The most-cited factors driving MDM were improving customer experience (60 percent) and improving the quality of strategic decision making. Despite these key business drivers for MDM, IT leaders still struggled to make the MDM business case. When asked about the primary challenges in obtaining funding for customer data management projects, the respondents said:

...

http://www.itbusinessedge.com/blogs/integration/proving-mdms-business-case-still-a-challenge-says-survey.html

The sector continues to advance in its adoption of security services. As reported on MSPmentor, this is a rapidly expanding market, with continued opportunity for solution providers. With a fast-growing segment of the market being mid-sized businesses, this seems like a ripe opportunity to deliver services.

According to Gartner (and as quoted in the most recent CompTIA security report), the global security market was expected to reach $71.1 billion dollars by the end of 2014. So this is big business. Interestingly, based on analysis of data on successful attacks, many stats indicate that security should at least be a solvable problem for mid-sized businesses:

...

http://mspmentor.net/blog/perpetually-valuable-msp-offering-security-services

Tuesday, 31 March 2015 00:00

Myth Or Reality: The Chief Data Officer

S&R pros, is there a Chief Data Officer (CDO) in your organization? Do you work with them? Previously, John and I wrote about the CDO role and how we believe that CDOs will help to drive security policy in the future because they can 1) directly tie business value to data assets, 2) have a deep understanding of data identity and purpose, and 3) possess a great incentive to protect the company’s data (it’s a strategic business asset after all!). Colleagues like Gene have also written about the CDO and the importance of the CDO in data management.

...

http://blogs.forrester.com/heidi_shey/15-03-30-myth_or_reality_the_chief_data_officer

So things didn’t go as well as you planned; either your project implementation didn’t go the way you wanted – without any hiccups – or your organization didn’t respond the way you’d expected them to when the proverbial hit the fan. Well, get used to it. That’s the way things go. You always plan for the worst and hope for the best and having a project management background as well as my BCM/DR background, things don’t always go as planned no matter how hard you try. However, if something does go wrong, it’s a good idea to learn from it.

With most post-activities – either project implementations or responses to disasters and crises, there is usually one activity that’s always held; the Lessons Learned or Post Incident Review.

During these sessions, which I’m sure you’re familiar with, the focus always tends to be what went wrong and people trying to find the faults but most importantly, the person or area for where to lay the blame and shame them for their error. Well, to some degree that’s OK; you want to find the cause and find out what went wrong to cause the problem but it shouldn’t be to lay blame or just to focus on the negative. Often, these Lessons Learned meetings tend to be sessions where people can vent their frustration due to how inconvenienced they became as a result of the situation. Again, focusing on the negative. But that’s not all you should be addressing.

...

https://stoneroad.wordpress.com/2015/03/28/bcm-dr-learn-from-what-goes-right-as-well-as-what-goes-wrong/

Tuesday, 31 March 2015 00:00

Think Holistically When Managing Risk

We often hear references to a holistic view of risk. “Holistic” is a term used in risk management to emphasize the importance of understanding the interrelationships among individual risks (or groups of related risks) and the coordinated approach that an organization’s operating units and functions undertake to manage risk. A holistic approach to risk management is, by definition, one that is not fragmented into functions and departments, but rather is organized with the intention of optimizing risk management performance.

A silo approach to managing risk is dangerous in today’s rapidly changing environment. Organizations can face change with greater confidence with an enterprise-wide perspective. That is why an enterprise risk management (ERM) approach is intended to be holistic in its perspective toward risk and how it is managed. While the goal of thinking holistically is laudable, the question arises as to what it means from a practical standpoint.

...

http://www.corporatecomplianceinsights.com/think-holistically-when-managing-risk/

Tuesday, 31 March 2015 00:00

Rethinking risk and uncertainty

Geary W. Sikich introduces ‘risk absorption capacity’, ‘risk saturation point’, ‘risk deflection’ and ‘risk explosion’ and explains their usefulness to risk managers.

Introduction

What is risk? Think about it before you leap to answer. Do we really know and understand risk? Some facts to consider:

  • Risk is not static, it is fluid.
  • Risk probes for weaknesses to exploit.
  • Risk, therefore, can only be temporarily mitigated and never really eliminated.
  • Over time risk mitigation degrades and loses effectiveness as risk mutates, creating new risk realities.

Risk management requires that you constantly monitor recognized risks and continue to scan for new risks. This process cannot be accomplished with a ‘one and done’ mindset. Risk needs to be looked at in three dimensions and perhaps even four dimensions to begin to understand the ‘touchpoints’; the aggregation of risk; and its potential to cascade, conflate and/or come to a confluence.

...

http://www.continuitycentral.com/feature1296.html

undefined

With 81% of large UK businesses and 60% of small companies suffering a cyber security breach in the last year, a new report published by the UK Government and Marsh entitled UK Cyber Security: The Role of Insurance in Managing and Mitigating the Risk has highlighted the exposure of firms to cyber attacks among their suppliers.

Cyber threats are estimated to cost the UK economy billions of pounds each year with the cost of cyber attacks nearly doubling between 2013 and 2014. The report found that, while larger firms have taken some action to make themselves more cyber-secure, they face an escalating threat as they become more reliant on online distribution channels and as attackers grow more sophisticated. The report issues a call to arms for insurers and insurance brokers to simplify and raise awareness of their cyber insurance offering and ensure that firms understand the extent of their coverage against cyber attack.

The cyber threat is also a very real for business continuity professionals with the Business Continuity Institute’s latest Horizon Scan report highlighting that cyber attacks are now perceived to be the number one threat to organizations. 82% of respondents to a survey expressed either concern or extreme concern at the prospect of this threat materialising.

The report recommends that organizations stop viewing cyber largely as an IT issue and focus on it as a key commercial risk affecting all parts of their operations, and that they examine the different forms of cyber attacks they face, to stress-test themselves against them and to put in place business-wide recovery plans.

The report also notes a significant gap in awareness around the use of insurance with around half of firms interviewed being unaware that insurance was available for cyber risk. Other surveys suggest that despite the growing concern among UK companies about the threat of cyber attacks, less than 10% of UK companies have cyber insurance protection even though 52% of CEOs believe that their companies have some form of coverage in place.

Francis Maude, Minister for the Cabinet Office and Paymaster General, said: “Insurance is not a substitute for good cyber security but is an important addition to a company’s overall risk management. Insurers can help guide and incentivise significant improvements in cyber security practice across industry by asking the right questions of their customers on how they handle cyber threats”.

Mark Weil, CEO of Marsh UK and Ireland, added: “While critical infrastructure in regulated sectors, such as banks and utility firms, are used to this kind of risk, most firms are not and their risk management practices are geared around lower-level, slower moving risks. Companies will need to upgrade their risk management substantially to cope with the growing threat of cyber attack, including introducing disciplines such as stress-testing, and creating a joined-up recovery plan that brings together financial, operational, and reputational responses.”

http://www.thebci.org/index.php/about/news-room#/news/the-role-of-insurance-in-managing-and-mitigating-the-risk-110572

undefined

Research conducted by Corporate Research Forum, in conjunction with KPMG, has highlighted that UK businesses are not planning how to manage and deploy human capital.

The results of the research show that few businesses have comprehensive workforce strategies, with the majority taking a piecemeal approach to planning human capital. Only 15% of organizations polled said there is a clear link between their workforce planning and their overall strategic business plan, showing that where workforce plans exist, they often do so in isolation.

Research conducted by the Business Continuity Institute has shown that workforce planning is also a concern for business continuity professionals with the results of a recent survey conducted for the the annual Horizon Scan report revealing that a third of respondents consider availability of talents/key skills to be a concern for organizations, while nearly two-thirds consider loss of key employee as an issue that organizations need to be aware of.

Organizations tend to react to workforce challenges, rather than plan for them. An alarming 47% of those surveyed by CRF said that recruitment forecasts for the next 12 months have not been undertaken in their organisations. This reluctance to identify workforce risks leads to poor succession planning, insufficient anticipation of recruitment needs and a lack of understanding of future skill requirements.

David Knight, Associate Partner at KPMG comments: “One of the biggest issues that business will face in the coming years is the management of human capital. Poor planning can make it difficult to adapt to changing market conditions, as well as retain talent in competitive industries. The ability to forecast skills requirements, pre-empt workforce risks and deploy resources efficiently will underpin financial success for organisations in future.

Mike Haffenden, from Corporate Research Forum’s, comments: “In today‘s world of ever-increasing complexity, it is even more important to prepare for an uncertain future armed with a flexible plan, rather than simply reacting to unforeseen events. Adopting a strategic approach to workforce planning will leave organisations better prepared to deal with a dynamic and fast-changing environment.”

http://www.thebci.org/index.php/about/news-room#/news/uk-businesses-not-sufficiently-prepared-for-future-workforce-challenges-110565

Tuesday, 31 March 2015 00:00

Prepare Now for Spring Thaw Flooding

After a harsh, cold winter, the clear, sunny skies and rising temperatures of spring are much appreciated. Businesses, however, also need to be ready for the possibility of flooding that may result from heavy rains combined with melting ice and snow.

The National Oceanic and Atmospheric Administration (NOAA) notes that flooding causes more damage in the United States than any other weather-related event. On average, flooding causes $8 billion in damages and 89 fatalities annually. Warming weather also often brings ice jams along rivers, streams and creeks, which can cause further flooding.

“In addition to the threat of floods that occur when severe weather hits, snow and ice have been piling up in many areas of the U.S. this winter,” Bill Boyd, senior vice president with CNA Risk Control, said in a statement. “When temperatures rapidly increase, so does the rate at which snow and ice melt…” which can create serious problems for those heavily affected this winter. “As spring temperatures begin to rise, it’s imperative for businesses to create emergency plans for flooding, which could cause costly property damage or disrupt operations,” he said.

...

http://www.riskmanagementmonitor.com/prepare-now-for-spring-thaw-flooding/

Could the age of the virtual desktop finally have arrived? Rising demand for virtual desktops could create new opportunities for managed service providers (MSPs) over the next few years, according to a new survey from managed service provider Evolve IP.

Nearly 37 percent of organizations said they have implemented or tested some level of virtual desktops, while almost 33 percent noted that they plan on doing so in the next three years, according to the study, 2015 Evolve IP State Of The Desktop.

The survey also showed that nearly 98 percent of virtual desktop users are "very pleased" with the technology.

...

http://mspmentor.net/mobile-device-management/032415/evolve-ip-most-virtual-desktop-users-very-pleased

undefined

At the DRJ Spring World Conference in Orlando, FL on Tuesday 24th March, the Business Continuity Institute recognized the outstanding contribution made by a select group of individuals and organizations from across the continent as they presented their annual BCI North America Awards.

The BCI Awards consist of eight categories – seven of which are decided by a panel of judges with the winner of the final category (Industry Personality of the Year) being voted upon by BCI members from all over the United States and Canada. The number of nominations for each category was high, as was the standard of the nominations, leaving the judges with a difficult job to do in choosing the winners. But choose they must, and those who went home celebrating were:

Continuity and Resilience Consultant of the Year 2015
Roberta Atabaigi MBCI of KPMG

Continuity and Resilience Professional (Private) of the Year 2015
Cheryl Hirst of Erie Insurance Group

Continuity and Resilience Newcomer of the Year 2015
Garrett Hatfield of MetLife

Continuity and Resilience Team of the Year 2015
ETS Enterprise Resiliency Department Educational Testing Service

Continuity and Resilience Provider of the Year 2015
Strategic BCP

Continuity and Resilience Innovation of the Year 2015
Send Word Now

Most Effective Recovery of the Year 2015
Walgreens

Industry Personality of the Year 2015
Christopher Duffy

Brian Zawada FBCI, Chairman of the US Chapter of the BCI; said: “Congratulations to all the winners who have shown themselves to be an asset to the profession. The high caliber of entries to these awards demonstrates the capability that exists within the business continuity and resilience industry, meaning that many C-Suite executives need not worry about whether their organization can manage a crisis, they can worry about other things instead.

The BCI North America Awards are one of seven regional held by the BCI and which culminate in the annual Global Awards held in November during the Institute’s annual conference in London, England. All winners in the BCI North America Awards are automatically entered into the Global Awards.

undefined

A new report by the Business Continuity Institute, supported by certification body NQA, has shown that 6 out of 10 organizations adopt ISO 22301, the international standard for business continuity management. Organizations with strong top management commitment to standardising business continuity practice are four times more likely to adopt ISO 22301 than those who do not.

There are many reasons why an organization would want to embrace ISO 22301, most notably it provides assurance of continued service with 61% of respondents identifying this as a significant reason. By certifying to the Standard, organizations can provide reassurance to their stakeholders that, in the event of a crisis, it will still be able to function. Other reasons include:

  • Reputation and brand management (48%)
  • Reduced risk of business interruption (48%)
  • Greater resilience against disruption (45%)
  • Quicker recovery from interruption (44%)

There are of course barriers that prevent such commitment and those identified were resource constraints (25%), complexity of implementation (19%) and top management buy-in (18%). It is perhaps encouraging that these barriers each had relatively low percentages suggesting that the barriers aren’t that widespread.

If reassurance is one of the primary reasons to commit to the Standard then one can only wonder why many organizations don’t expect the same of their suppliers as supply chains can only be as strong as their weakest link. It could be considered alarming that 82% or respondents stated that their organization does not seek certification to the Standard from their suppliers.

Deborah Higgins MBCI, Head of Learning an Development at the Business Continuity Institute, commented: “It is encouraging that uptake is beginning to increase as organizations recognise the value investing in an effective business continuity programme, however there is still a lot of work to be done, most notably when it comes to persuading other organizations within the supply chain to also adopt ISO 22301.”

Kevan Parker, Head of NQA, stated “ISO 22301 provides an excellent framework for building organizational resilience and the benefits of adoption are becoming increasingly recognised. This is very positive but, as highlighted, a supply chain is only as strong as the weakest link; it is a responsibility of those with ISO 22301 certification to lead their peers towards adoption and elevate organizational resilience to total supply chain resilience.”

Fifteen or twenty years ago, when you thought about record retention and electronic communications, “electronic mail” or, email, was the only thing to worry about. Back then, firms and the regulators scrambled to interpret how to apply existing rules pertaining to communications to the new modality of email. Nowadays, email is just a one piece of a more complex communications landscape. Companies are deploying new forms of communication and the pace is only accelerating. Your firm might be using Unified Communications platforms like Microsoft Lync and IBM Sametime, collaboration tools like Chatter, IBM Connections, or Jive, or IM networks such as corporate Lync IM or perhaps public-facing such as Yahoo! Messenger.  Your firm may even be using community networks geared towards specific industries such as Reuters and Bloomberg , widely used in the financial services sector, or ICE within the energy markets.  And, of course, your regulated users, such as financial advisors, may also be clamoring to use social networking sites such as Facebook, LinkedIn, Twitter, YouTube, Google+, Pinterest, Instagram to prospect and conduct business.

...

http://www.corporatecomplianceinsights.com/electronically-stored-information-esi-just-email-anymore/

How often have you heard the expression ‘no pain, no gain’? These four words sum up the idea that if you are to receive benefits, then you must suffer (or at least make an effort). Alternatively, you could take it to mean that if you don’t make an effort, you can’t expect benefits. An example in the domain of disaster recovery might be ‘if you skip regular data backups (no effort), you’ll fail when your hard disk crashes (no benefit)’. The problem comes when people use chop logic to infer from ‘no pain, no gain’ that ‘if pain, then gain’ is true as well.

...

http://www.opscentre.com.au/blog/disaster-recovery-and-the-pitfalls-of-no-pain-no-gain/

Unstructured data received a boost from Big Data technologies such as Hadoop. Finally, organizations had an in-road to an estimated 70 to 80 percent of data that was largely unusable.

But Big Data isn’t the last work when it comes to leveraging unstructured data. A recent Baseline Magazine piece outlines the options for obtaining new business insights by combining structured data with unstructured data.

Blueocean Market Intelligence’s Senior VP of Analytics, Durjoy Patranabish, and Shreya Sharma, analytics consultant, collaborated to write the article. The consultancy focuses on solutions in marketing, life sciences, digital and, of course, Big Data. The resources section of Blueocean’s site is worth exploring in its own right since it includes quite a few papers, studies and webinars.

...

http://www.itbusinessedge.com/blogs/integration/five-emerging-ways-to-analyze-unstructured-data.html

Even though the U.S. government has broadened its pursuit against corruption, only about 9% of organizations see Foreign Corrupt Practices Act monitoring as a top concern, according to “Bribery and Corruption: The Essential Guide to Managing the Risks” by ACL.

Many companies have policies against corruption, but it still exists. Although remaining competitive can be difficult in some parts of the world that see payments, gifts and consulting fees as part of doing business, companies need to identify these risks and manage them across the organization. There is much is at stake, as penalties are rising and more companies globally are being fined, the study found.

According to ACL, if a formalized ERM process exists within an organization, then the anti-bribery and anti-corruption (ABAC) risk assessment process should ideally be carried out within that ERM framework. In some organizations, however, the overall risk management process is fragmented, meaning that the risks of bribery and corruption are considered in relative isolation. Whichever approach is taken within an organization, the process of defining the risks should involve individuals with sufficient knowledge of the regulations and ways the business actually works.

...

http://www.riskmanagementmonitor.com/enterprise-risk-management-needed-in-battle-against-corruption/

(TNS) — The man wasn’t any sicker at first than many of the other patients who arrive at University of Kansas Hospital, infectious disease specialist Dana Hawkinson recalls.

But he went downhill fast. Fever spiking, kidneys failing, breath so short he needed supplemental oxygen.

He had been bitten by ticks while working outdoors, so he probably had one of the many diseases commonly spread by bug bites in the Midwest, Hawkinson figured. But the tests the doctor ran — for ehrlichiosis, Rocky Mountain spotted fever, Lyme disease, West Nile virus — all turned up negative.

...

http://www.emergencymgmt.com/health/Are-Viruses-on-the-Rise.html

One year has passed since the declaration of what became the largest Ebola outbreak in history, with more than 10,000 deaths.

The virus escaped control as countries and global agencies failed to acknowledge and contend with the magnitude of its spread. Treatment centers were overwhelmed. Sick people died on city streets, and new cases multiplied inside health care facilities, killing a significant proportion of the already inadequate health work force of the three most affected countries — Liberia, Sierra Leone and Guinea.

However, after two American aid workers and a traveler to Nigeria fell ill last summer, setting off a panic, a huge global initiative to combat Ebola swung into place. The effort has been messy, inefficient and expensive, often lagging the epidemic’s twists in tragic ways.

But the effort has also established expertise that may be built upon to prevent similar tragedies in the future — and shown personal and institutional bravery.

...

http://www.nytimes.com/2015/03/23/world/one-year-later-ebola-outbreak-offers-lessons-for-next-epidemic.html

Every company also needs to be a data company,” Leo Mirani, a reporter for the London-based Quartz, warned last fall.

I love that line, and once agreed. But in the past few months, I’ve had cause to rethink that premise and have decided that it’s not true for two reasons.

First, it ignores the ugly truth that not every company can be a data company. Everyone loves a success story, especially start-ups and vendors, so you don’t often hear about the failures. Companies that waste time and money trying to squeeze value from Big Data or other data projects don’t hire PR firms to put out press releases. But these stories exist, lurking in the subtext of data company success stories.

This GreenTechMedia story on utility data analytics is a good example. It’s a success story about start-up utility data analytics companies, but lurking among the unfathomably large market numbers and tech descriptions, our second story emerges:

...

http://www.itbusinessedge.com/blogs/integration/two-reasons-not-every-business-needs-to-be-a-data-company.html

Tuesday, 31 March 2015 00:00

Bringing Scale to the Private Cloud

Despite some early difficulties configuring and deploying private clouds, the enterprise is still gung ho for them as a way to have a little piece of the cloud close to home for the most critical data.

But the knock on private clouds is undeniable: Unless you are willing to set up a vast array of modular infrastructure, private resources simply do not scale as well as public ones. And if a cloud can’t scale, is it really of much use?

To the first point, a private cloud may not offer “unlimited scalability” the way AWS does, but there are still plenty of ways that scalability can be architected into local resources to provide a decently large data environment. Infoblox is current working on private cloud scalability from the networking side, offering the new Cloud Network Automation stack for its NIOS 7.0 operating system. The idea is to provide a single management console for VMware, Microsoft, OpenStack and other platforms as they make the transition from pilot programs to full, multiplatform production environments. The system relies on an advanced GUI and a scalable virtual appliance architecture that handles the management of IP addresses and DNS/DHCP services, all backed by specialized adapters that enable consistent operation across multi-vendor platforms.

...

http://www.itbusinessedge.com/blogs/infrastructure/bringing-scale-to-the-private-cloud.html

When it comes to damaging cyberattacks, a horror movie cliche may offer a valuable warning: the call is coming from inside the building.

According to PwC’s 2014 U.S. State of Cybercrime Survey, almost a third of respondents said insider crimes are more costly or damaging than those committed by external adversaries, yet overall, only 49% have implemented a plan to deal with internal threats. Development of a formal insider risk-management strategy seems overdue, as 28% of survey respondents detected insider incidents in the past year.

In the recent report “Managing Insider Threats,” PwC found the most common motives and impacts of insider cybercrimes are:

...

http://www.riskmanagementmonitor.com/insider-threats-missing-from-most-cybersecurity-plans/

ScaleArc has released the results of a new survey into 'The State of Application Uptime in Database Environments'. The 451 Research survey solicited responses from more than 200 enterprises of varying size, across a wide range of vertical markets, to learn more about the impact that an organization's underlying database infrastructure has on application availability.

Specifically, respondents were asked about their database infrastructure and its effect on both planned and unplanned downtime. The survey reveals key insights into the IT decision-making process, including the risks organizations are willing to take when choosing between application availability and security.

Commenting on the survey, Matt Aslett, research director at 451 Research said: "As enterprises struggle to improve application availability, understanding how the database affects application uptime is critical. The survey results indicate that enterprises cannot afford to maintain the status quo when it comes to database availability. Having your most critical applications be offline for 20 minutes to three hours, more than once a month, should not be acceptable to any enterprise today."

Key insights from the survey include:

  • Database failover takes down the applications: for the majority of organizations, users see application errors for the duration of an unplanned outage. Failover is manual in most cases, and applications have to be restarted 62 percent of the time.
  • Database outages are too frequent and too long: too frequently, the database is the source of unplanned downtime. A surprising 65 percent of all enterprises surveyed experience between 20 minutes and 3 hours of downtime, on average, for their most critical applications.
  • Database maintenance crushes resources: more than 70 percent of respondents reported that they performed maintenance updates on a weekly or monthly basis. Those surveyed also indicated that key development resources are pulled in to assist with maintenance tasks 50 percent of the time.
  • Deferred ‘security patching’ is rampant, placing enterprises at risk: more than 60 percent of respondents postponed critical security patches because of concerns over application downtime.

For the full survey report, please click here (registration required).

If an organization’s backup system was designed before data volumes began to grow exponentially – or before IT infrastructures became highly virtualized – the company may find itself in a tight spot. Modernization is the key, and Logicalis US has identified six benefits CIOs can realize by updating their organization’s data storage and backup infrastructure.

"Working with an outdated backup system can create significant challenges in IT service levels,” says Bill Mansfield, solution architect, Logicalis US. “One sign it’s time to modernize your storage and backup/recovery infrastructure is when it’s too difficult to manage - you have to add staff to manage different backup products for physical and virtual servers, or you have to constantly fight fires to keep backups working. Another sign is when it’s just not working anymore. You can’t meet backup windows or recovery objectives because your backup techniques or storage are outdated, or your virtual environment’s performance degrades during routine backup operations. These are warning signs that you are working too hard to maintain an infrastructure that isn’t up to par, and that you could experience a significant loss if a disaster were to occur.”

...

http://www.continuitycentral.com/news07571.html

Tuesday, 31 March 2015 00:00

Survey highlights DDoS impacts

DDoS attacks are now one of the most common and affordable cyberweapons. They are used by unscrupulous competitors, sinister extortionists or just everyday cyber-vandals. More and more companies, regardless of their size or business, are encountering this threat. And, according to the results of a survey conducted by Kaspersky Lab and B2B International, the majority of companies believe that revenue and reputation losses are the most damaging consequences of a DDoS attack.

According to the figures, companies regard lost business opportunities – the loss of contracts or on-going operations that generate guaranteed income – as the most frightening consequence of a DDoS attack. 26 percent of companies that encountered DDoS attacks regarded this as the biggest risk.

Reputational risks (23 percent) were viewed as the next most frightening consequence, likely to be since a negative customer or partner experience can drive away future contracts or sales. Losing current customers who could not access the anticipated service due to a DDoS attack was in third place: named by 19 percent of respondents. Technical issues were at the bottom of the pile: 17 percent of respondents identified a need to deploy back-up systems that would keep operations online as the most undesirable consequence, followed by the costs of fighting the attack and restoring services.

The research also revealed that respondents from companies in different fields take different views of the consequences of DDoS attacks. For example, industrial and telecoms companies, as well as e-commerce and utilities and energy organizations, tend to rate reputational risks ahead of lost business opportunities. In the construction and engineering sector there is more concern about the cost of setting up back-up systems, perhaps because larger companies face higher expenditure on this kind of system.

DDoS attacks on company resources are becoming a costly problem but only 37 percent of the organizations surveyed said they currently have measures in place to protect against them.

“People who have not yet faced a particular threat often tend to underestimate it while those who have already experienced it understand which consequences might be the most damaging for them. However, it makes little sense to wait until the worst happens before acting – this can cost companies a lot, and not only in financial terms. That is why it is important to evaluate all possible risks in advance and take appropriate measures to protect against DDoS attacks”, said Evgeny Vigovsky, Head of Kaspersky DDoS Protection, Kaspersky Lab.

www.kaspersky.co.uk

In 2010, Google’s then-CEO Eric Schmidt gave a presentation at the annual Techonomy conference. He told attendees about Android’s incredibly phenomenal growth rate, but the real bombshell he shared was an interesting fact about data management.

From the beginning of human history--cave paintings until 2003--human beings created 2 exabytes of data. Total. That’s all the symphonies, all the movies, all the books--everything. Now we are replicating that every two days. That’s “Big Data.”

Even more staggering, about 80% of all the data we’ve ever created was generated in the past two years, and 90% of that is file, or unstructured, data. With data volumes expected to double every two years over the next decade, many IT leaders are feeling the pain of an infrastructure that isn’t scaling for capacity and performance.

...

http://mspmentor.net/blog/how-modern-smbs-can-ride-big-data-wave

No drought relief in sight for California, Nevada or Oregon this spring

U.S. Spring Flood Risk Map for 2015. (Credit: NOAA)

U.S. Spring Flood Risk Map for 2015. (Credit: NOAA)

According to NOAA’s Spring Outlook released today, rivers in western New York and eastern New England have the greatest risk of spring flooding in part because of heavy snowpack coupled with possible spring rain. Meanwhile, widespread drought conditions are expected to persist in California, Nevada, and Oregon this spring as the dry season begins.

“Periods of record warmth in the West and not enough precipitation during the rainy season cut short drought-relief in California this winter and prospects for above average temperatures this spring may make the situation worse,” said Jon Gottschalck, chief, Operational Prediction Branch, NOAA’s Climate Prediction Center.

NOAA’s Spring Outlook identifies areas at risk of spring flooding and expectations for temperature, precipitation and drought from April through June. The Spring Outlook provides emergency managers, water managers, state and local officials, and the public with valuable information so they will be prepared to take action to protect life and property.


Spring Outlook 2015. (Credit: NOAA)

Spring Flood Risk

Record snowfall and unusually cold temperatures in February through early March retained a significant snowpack across eastern New England and western New York raising flood concerns. Significant river ice across northern New York and northern New England increase the risk of flooding related to ice jams and ice jam breakups. Rivers in these areas are expected to exceed moderate flood levels this spring if there is quick warm up with heavy rainfall.

There is a 50 percent chance of exceeding moderate flood levels in small streams and rivers in the lower Missouri River basin in Missouri and eastern Kansas which typically experience minor to moderate flooding during the spring. This flood potential will be driven by rain and thunderstorms.

Moderate flooding has occurred in portions of the Ohio River basin, including the Tennessee and Cumberland rivers from melting snow and recent heavy rains. This has primed soils and streams for flooding to persist in Kentucky, southern Illinois, and southwest Indiana with the typical heavy spring rains seen in this area.

Minor river flooding is possible from the Gulf Coast through the Ohio River Valley and into the Southeast from Texas eastward and up the coast to Virginia. The upper Midwest eastward to Michigan has a low risk of flooding thanks to below normal snowfall this winter. Though, heavy rainfall at any time can lead to flooding, even in areas where overall risk is considered low.

Drought Outlook

El Niño finally arrived in February, but forecasters say it’s too weak and too late in the rainy season to provide much relief for California which will soon reach its fourth year in drought.

Drought is expected to persist in California, Nevada, and Oregon through June with the onset of the dry season in April. Drought is also forecast to develop in remaining areas of Oregon and western Washington. Drought is also likely to continue in parts of the southern Plains.

Forecasters say drought improvement or removal is favored for some areas in the Southwest, southern Rockies, southern Plains, and Gulf Coast while drought development is more likely in parts of the northern Plains, upper Mississippi Valley and western Great Lakes where recent dryness and an outlook of favored below average precipitation exist.

Current water supply forecasts and outlooks in the western U.S. range from near normal in the Pacific Northwest, northern Rockies, and Upper Colorado, to, much below normal in California, the southern Rockies, and portions of the Great Basin.

If the drought persists as predicted in the Far West, it will likely result in an active wildfire season, continued stress on crops due to low reservoir levels, and an expansion of water conservation measures. More information about drought can be found at www.drought.gov.

Temperature and Precipitation Outlook

Above-average temperatures are favored this spring across the Far West, northern Rockies, and northern Plains eastward to include parts of the western Great Lakes, and for all of Alaska. Below normal temperatures are most likely this spring for Texas and nearby areas of New Mexico, Colorado, Kansas, and Oklahoma.

For precipitation, odds favor drier than average conditions for parts of the northern Plains, upper Mississippi Valley, western Great Lakes, and Pacific Northwest. Above average precipitation is most likely for parts of the Southwest, southern and central Rockies, Texas, Southeast, and east central Alaska. Hawaii is favored to be warmer than average with eastern areas most likely wetter than average this spring.

Now is the time to become weather-ready during NOAA’s Spring Weather Safety Campaign which runs from March to June and offers information on hazardous spring weather -- tornadoes, floods, thunderstorm winds, hail, lightning, heat, wildfires, and rip currents -- and tips on how to stay safe.

NOAA’s mission is to understand and predict changes in the Earth's environment, from the depths of the ocean to the surface of the sun, and to conserve and manage our coastal and marine resources. Join us on FacebookTwitter, Instagram and our other social media channels.

http://www.noaanews.noaa.gov/stories2015/20150319-risk-of-moderate-flooding-for-parts-of-central-and-eastern-united-states.html

Zetta.net's "The State of Backup Survey" of 425 IT professionals revealed nearly 97 percent of respondents said they currently are using some form of disaster recovery (DR). Additionally, 31 percent said they plan to leverage a new DR method in the future, and more than half of these respondents intend to use cloud-based DR solutions. Here's everything you need to know about Zetta.net's new survey.

New research from Zetta.net showed that the demand for cloud-based backup and disaster recovery (BDR) solutions from managed service providers (MSPs) could increase soon.

Zetta.net's The State of Backup Survey of 425 IT professionals revealed nearly 97 percent of respondents said they currently are using some form of DR. Additionally, 31 percent said they plan to leverage a new DR method in the future, and more than half of these respondents intend to use cloud-based DR solutions.

...

http://mspmentor.net/backup-and-disaster-recovery/031915/zettanet-most-it-pros-are-using-dr-solutions

Think you know it all when it comes to business continuity? That’s great. Think you can store all that knowledge? Think again. The way most information technology has developed, it’s great for storing information (bunches of related data), but not so hot for knowledge (insights and deeper relationships). There is no shortage of information to define business continuity, list its component parts, describe planning methodologies and offer case studies. You can access that information, transfer it and store it on your PC or mobile computing device. The problem is in storing your understanding of that material, and the model you develop to see them as a connected whole.

...

http://www.opscentre.com.au/blog/the-problem-of-storing-everything-you-know-about-business-continuity/

Premera Blue Cross, a health insurer based in the Seattle suburbs, announced Tuesday it was the victim of a cyberattack that may have exposed the personal data of 11 million customers — including medical information.

The company said it discovered the attack on Jan. 29 but that hackers initially penetrated their security system May 5, 2014. The attack affected customers of Premera, which operates primarily in Washington, Premera's Alaskan branch as well as its affiliated brands Vivacity and Connexion Insurance Solutions, according to a Web site created by the company for customers. "Members of other Blue Cross Blue Shield plans who have sought treatment in Washington or Alaska may be affected," according to the site.

The company said its investigation has not determined if data was removed from their systems. But the information attackers had access to may have included names, street addresses, e-mail addresses, telephone numbers, dates of birth, Social Security numbers, member identification numbers, medical claims information and bank account information, according to the company's Web site. The company said it does not store credit card information.

...

http://www.washingtonpost.com/blogs/the-switch/wp/2015/03/17/cyberattack-at-health-insurer-exposed-data-on-11-million-customers-including-medical-information

It seems like the breach cycle goes in full circles.

When data breaches began to make the news, the health care industry was hardest hit. Eventually, attacks against the health care industry, while they didn’t disappear, moved off the headlines in order to make room for breaches against the financial industry and retail and entertainment. But then came the Anthem breach, and now the announcement that Premera Blue Cross was hacked, with possibly millions of customers’ medical data exposed. I wouldn’t be surprised if we saw a flurry of news on health care-related attacks in the coming months, either.

The reasons are simple. First, health care organizations hold so much data that is valuable on the black market. You are looking at names, birthdates, addresses, Social Security numbers, insurance numbers, medical records and more.

...

http://www.itbusinessedge.com/blogs/data-security/health-care-industry-returns-as-a-prime-data-breach-target.html

Tuesday, 31 March 2015 00:00

Making a Norovirus Vaccine a Reality

Have you ever experienced severe diarrhea or vomiting? If you have, it’s likely you had norovirus. If you haven’t, chances are you will sometime in your life. Norovirus is a very contagious virus that anyone can get from contaminated food or surfaces, or from an infected person. It is the most common cause of diarrhea and vomiting (also known as gastroenteritis) and is often referred to as food poisoning or stomach flu. In the United States, a person is likely to get norovirus about 5 times during their life.

Norovirus has always caused a considerable portion of gastroenteritis among all age groups. However, improved diagnostic testing and gains in the prevention of other gastroenteritis viruses, like rotavirus, are beginning to unmask the full impact of norovirus

For most people, norovirus causes diarrhea and vomiting which lasts a few days but, the symptoms can be serious for some people, especially young children and older adults. Each year in the United States, norovirus causes 19 to 21 million illnesses and contributes to 56,000 to 71,000 hospitalizations and 570 to 800 deaths.

Protect Yourself and Others from Norovirus.

While there is hope for a norovirus vaccine in the future, there are steps you can take now to prevent norovirus.

Additionally, norovirus is increasingly being recognized as a major cause of diarrheal disease around the globe, accounting for nearly 20% of all diarrheal cases. In developing countries, it is associated with approximately 50,000 to 100,000 child deaths every year. Because it is so infectious, hand washing and improvements in sanitation and hygiene can only go so far in preventing people from getting infected and sick with norovirus.

This is why efforts to develop a vaccine are so important and why in February 2015 the Bill and Melinda Gates Foundation, CDC Foundation, and CDC brought together norovirus experts from around the world to discuss how to make the norovirus vaccine a reality. Participants were from 17 countries on 6 continents and included representatives from academia, industry, government, and private charitable foundations.

Important questions remain regarding how humans develop immunity to norovirus, how long immunity lasts, and whether immunity to one norovirus strain protects against infection from other strains. There are also relevant questions as to how a norovirus vaccine would be used to prevent the most disease and protect those at highest risk for severe illness. These are all critical questions for a vaccine, and this meeting was a step toward finding answers to these questions and making a norovirus vaccine a reality.

For more information on norovirus visit CDC’s webpage: http://www.cdc.gov/norovirus/.

We all know that we need to exercise our business continuity plans, it’s the only way to find out whether they will work. Of course that’s with the exception of a live incident, but during a disaster is never a good time to find out your plan doesn’t work. But what type of exercises should you run, how often should you run them, how to you plan them and how do you assess them?

These are all important questions and are all vital to ensuring that you have an effective business continuity programme in place, one that will provide reassurance to top management that, in the event of a crisis, the organization will be able to deal with it.

This is why the Business Continuity Institute has published a new guide that will assist those who have responsibility for business continuity to manage their exercise programme. ‘The BCI guide to… exercising your business continuity planexplains what the main types of exercises are and in what situation it would be appropriate to use them. It explains how to plan an exercise and what needs to be considered when doing so, from the setting of objectives to conducting a debrief and establishing whether those objectives have been met.

Following feedback from those working in the industry, testing and exercising was chosen as the theme for Business Continuity Awareness Week and the BCI is keen to highlight just how important it is to effective business continuity. A recent study showed that nearly half of respondents to a survey had not tested their plans over the previous year and half of those had no plans to do so over the next twelve months. This guide is intended to make it easier for people to develop an exercise programme and demonstrate that it does not have to be an onerous task to do so.

To download your free copy of the guide, click here. Visit the BCAW website for further guidance and tips on how to develop an exercise programme.

Tuesday, 31 March 2015 00:00

How to Fight the Next Epidemic

SEATTLE — The Ebola epidemic in West Africa has killed more than 10,000 people. If anything good can come from this continuing tragedy, it is that Ebola can awaken the world to a sobering fact: We are simply not prepared to deal with a global epidemic.

Of all the things that could kill more than 10 million people around the world in the coming years, by far the most likely is an epidemic. But it almost certainly won’t be Ebola. As awful as it is, Ebola spreads only through physical contact, and by the time patients can infect other people, they are already showing symptoms of the disease, which makes them relatively easy to identify.

...

http://www.nytimes.com/2015/03/18/opinion/bill-gates-the-ebola-crisis-was-terrible-but-next-time-could-be-much-worse.html

By Gabriel Gambill

You would be pretty worried if you didn’t have fire safety and evacuation plans in your office, so why would you not put the same contingency strategy in place for your data?

Too many businesses don't have a disaster recovery plan, so my advice is to sit down and consider it pronto. Disaster recovery as a service (DraaS) or cloud-based DR strategies are now making data recovery plans far less complicated and highly efficient for businesses. But despite being able to re-think their DR plans in the cloud and make them so much easier, companies are still lax about testing the plan on a regular basis.

To put it into context, perhaps it’s best to start by defining what a disaster could be. When we say ‘disaster’ often we mean something that is out of our hands. Floods, hurricanes power cuts and earthquakes all spring to mind. However a disaster could be something as mundane as a software update or a simple human error. They're often not as newsworthy as a natural disaster but have just as much impact on an organization’s ability to operate.

...

http://www.continuitycentral.com/feature1294.html

Wednesday, 18 March 2015 00:00

Haulers of Crude Finding Coverage Scarce

HOUSTON—The recent spike in oil and natural gas production has led trucking companies to grow so quickly that they sometimes scramble to find qualified drivers. This has meant tightening coverage with a limited number of carriers and a market in “disarray,” Anthony Dorn, a broker with Sloan Mason Insurance Services said today at the IRMI Energy Risk and Insurance Conference.

“Carriers have taken a bath on construction risks,” he said. “Only nine carriers will write crude hauling.”

He added that there is a “huge need for risk management in trucking right now. A lot of these are fly-by-night companies. They are running with drivers that have no experience, they are getting violations from the DOT left and right for not having licenses and adequate brakes on their trucks and they are running on dirt roads that aren’t made for 100,000 pound units,” Dorn said. “It’s a very risky place for underwriters. If we don’t do something as agents and as risk managers there will be fewer carriers.”

...

http://www.riskmanagementmonitor.com/haulers-of-crude-finding-coverage-scarce/

Wednesday, 18 March 2015 00:00

Top Tips for Implementing Data Storage Tape

How things change. For years, even decades, people have been getting rid of tape. They bought into the idea that disk was the way to go and that tape was “old hat.”

But the realities of a Big Data world and the advances in tape technology, density, reliability and usability have brought the realization to many that they shouldn’t have been so hasty. And that’s showing up in the raw numbers. According to the Active Archive Alliance, nearly 250 million Linear Tape Open (LTO) tape cartridges have been shipped since the format’s inception. That’s more than 100,000 PB of data on LTO.

Tape, then, is returning to some organizations that dumped it a while back. Its role is steadily being expanded in others who remained faithful, and it now serves as the backbone data repository for many of the major cloud data providers.

...

http://www.enterprisestorageforum.com/storage-technology/top-tips-for-on-implementing-data-storage-tape.html

Keeping up with and fending off cybersecurity threats is a daily topic for all organizations, but for health care providers and systems, failure in that regard can result in much more dire results than a financial or reputational loss. It can result in bodily harm or death. It’s possible that you could draw a line to such severe consequences in other industries and lines of work, but for the health care industry, that added layer of urgency is always present in cybersecurity protections.

A large research project devoted to determining how best to protect patient health while maximizing use of digital tools and resources, named IMMUNE-SECURE, got a boost in attention from health care IT organizations and other technologists with the announcement today that Dr. Larry Ponemon, well-known in IT circles for his work through the Ponemon Institute, has joined the advisory board for the project.

...

http://www.itbusinessedge.com/blogs/governance-and-risk/cybersecurity-project-targets-better-patient-health.html

The growing proliferation of mobile devices continues to make business faster, more agile, and more efficient. However, a recent study suggests U.S. workers remain concerned about the security of their mobile devices when it comes to cloud-based file sharing.

According to a recent study, 73 percent of the 1,000 U.S. employees surveyed said that they preferred to use email over file-sharing services, up 4 percent from the 69 percent in the previous year's survey. Those who made use of file-sharing services dropped to 47 percent, down from 52 percent in 2013.

...

http://mspmentor.net/infocenter-cloud-based-file-sharing/031715/study-workforce-wary-mobile-file-sharing-security

Panda Security accidentally flagged itself as malware last week, causing some user files to be quarantined.

And as a result, the antivirus software company topped this week's list of IT security newsmakers to watch, followed by BitglassTrustwave and Software Advice.

What can managed service providers (MSPs) and their customers learn from these IT security newsmakers? Check out this week's list of IT security stories to watch to find out:

...

http://mspmentor.net/managed-security-services/031715/it-security-stories-watch-panda-security-flags-itself-malware

WASHINGTON—The U.S. Department of Homeland Security’s Federal Emergency Management Agency (FEMA), in coordination with state and tribal emergency managers and state broadcasting associations, will conduct a test of the Emergency Alert System (EAS) on Wednesday, March 18, 2015 in Kentucky, Michigan, Ohio, and Tennessee. The test will begin at 2:30 p.m. Eastern Daylight Time (EDT) and will last approximately one minute. 

“The goal of the test is to assess the operational readiness and effectiveness of the EAS to deliver a national emergency test message to radio, television and cable providers who broadcast lifesaving alerts and emergency information to the public,” said Damon Penn, Assistant Administrator of FEMA’s National Continuity Programs. “The only way to demonstrate the resilience of the system’s infrastructure is through comprehensive testing to ensure that members of tribes, and the residents of Kentucky, Michigan, Ohio, and Tennessee, receive alerts when an emergency occurs.”

The test will be seen and heard over radio and television in Kentucky, Michigan, Ohio, and Tennessee, similar to regular monthly testing of the EAS conducted by state officials and broadcasters. The test message will be nearly identical to the regular monthly tests of the EAS normally heard by public. Only the word “national” will be added to the test message: “This is a national test of the Emergency Alert System. This is only a test...” 

The test is designed to have limited impact on the public, with only minor disruptions of radio and television programs that normally occur when broadcasters regularly test EAS in their area. Broadcasters and cable operators’ participation in the test is completely voluntary. There is no Federal Communications Commission regulatory liability for stations that choose not to participate.

In 2007, FEMA began modernizing the nation’s public alert and warning system by integrating new technologies into existing alert systems. The new system is known to broadcasters and local alerting officials as the Integrated Public Alert and Warning System or IPAWS. IPAWS connects public safety officials, such as emergency managers, police and fire departments, to multiple communications channels to send alerts to warn when a disaster happens. For more information, please visit www.fema.gov/media-library/assets/documents/31814.

https://www.fema.gov/news-release/2015/03/17/fema-state-broadcasters-and-emergency-managers-conduct-test-four-states

(TNS) — Many of those who lived through last August’s 6.0 magnitude South Napa Earthquake suffered mental health issues as a result, with about a quarter of those at risk for PTSD, according to a newly released survey, Napa County officials announced.

The California Department of Public Health recently released the final results of the door-to-door survey of Napa and American Canyon households conducted September 16-18. The Community Assessment for Public Health Emergency Response final report was based on the survey that asked questions about residents’ experiences during and after the temblor to assess the extent of injuries, chronic disease exacerbation and mental health issues associated with the earthquake, and the degree of disaster preparedness of these communities.

Mental health issues were extremely common among residents of both cities, with about 79 percent of Napa households and 73 percent of American Canyon households reporting a traumatic experience or mental health stressor during or since the earthquake.

...

http://www.emergencymgmt.com/disaster/One-Quarter-People-Experienced-California-Quake-Risk-PTSD.html

This is a tale from the mists of time; from days of yore when it was difficult to get people interested in business continuity management and even more difficult to secure their involvement in exercises and tests (OK, in fairness, that could have been this week, but just indulge me for a moment).

Some of you may have heard me tell this story before, but recounting ancient tales didn’t do Hans Christian Anderson (or my Dad) any harm and, in any case, I’m a big fan of recycling.

Having been asked to contribute something on exercising and testing to this year’s Business Continuity Awareness Week Flashblog, and despite conforming in terms of using the snappy title demanded of all the contributors, I really couldn’t bring myself to write about strategy or methodology or process or the difference between a test, exercise, rehearsal, etc, etc, etc. So I’ll leave that to those whose boats are floated by that sort of thing and tell you my favourite exercising story instead.

...

http://www.acumen-bcp.co.uk/blog/?p=3085

Tuesday, 17 March 2015 00:00

A Slow Start Does Not A Season Make

While certain parts of the country hold tornado drills and others test tornado preparedness systems, weather experts are pondering the slow start to tornado season.

Capital Weather Gang cites a weather.com report that not a single tornado has been reported to the National Weather Service in March, typically the first month of severe weather season in the Plains and Southeast.

The only other year since 1950 that there have been zero tornado reports in the first half of March was 1969, according to the Weather Channel’s severe weather expert Dr. Greg Forbes.

Per Dr. Forbes’ report from January 1 to March 12, only 27 tornadoes had been documented across the nation – the slowest start to the year since the 21 tornadoes recorded through March 12, 2003.

...

http://www.iii.org/insuranceindustryblog/?p=3991

Training, testing and exercising are methods by which we are able to validate our plans.  Validation is designed to confirm that plans will work and that the organisation will be able to remain resilient, and plans without exercised and trained key and supporting personnel to execute them are pointless.  It is essential for success that the processes in plans are tested and practiced to ensure that when pressure is applied, an incident has occurred and impacts are felt, the organisation can meet its BCM objectives and targets.  So, our testing needs to be rigorous, but balanced, to ensure that it goes far enough – but not too far.

It’s really good practice to take the approach that the plans themselves should be tested and exercised incrementally to ensure that overload of subjects and excessive disruption to routine operations and procedures is avoided. When exercised, all plans will have failings exposed or areas for refinement identified. The resulting confidence and capability of the personnel tested should provide realisable benefits – particularly if a real incident is experienced.  Documents such as the the BCI’s GPG 2013 identify some of the activities that may need to be exercised and the effective programme will ensure that it encompasses these and the associated aims as minima. As with the other processes and professional practices, the effective BCM practitioner will need to go beyond the initial lists and consider carefully what is required and to what level.

...

https://buckssecurity.wordpress.com/2015/03/17/why-testing-and-exercising-are-essential-for-an-effective-business-continuity-programme/

Do you like being taken out of your comfort zone? Having some of your professional weaknesses highlighted and reported on? Finding out that your organisation isn’t perhaps as well-prepared for a disruption as you’d hoped? No??...I didn’t think so. I suppose the idea of taking part in an exercise presents all of the above as a possibility. So why ever would you want to put yourself through it?

Because…if done right it can be a positive and valuable learning experience for the business and you!

...

http://blueyedbc.blogspot.com/2015/03/why-testing-and-exercising-are.html

By Harriet Wood

In the 2014 Supply Chain Resilience Report published by the BCI 76 percent of respondents reported at least one disruption within their supply chain.

For all of us supply chain failure is a major issue. Within the brewing and pub industries the list and variety of suppliers seems endless. Butchers, bakers and beer bottle makers combine with engineering and IT businesses to create a mind-boggling range of possible disruptions.

For years we had worked hard to write, review and exercise our own plans but around five years ago we realised the need to extend our exercise program out to key suppliers. We quickly established that ‘key suppliers’ could not be identified simply by asking Purchasing for the names of the highest value contracts. We approached our business – and led by the Director of Supply Chain – they came back to us with the names of three suppliers. They were essential to our business, could not easily be replaced and I would never have guessed any of them were so critical!

...

http://www.continuitycentral.com/feature1291.html

BSI, the business standards company, has published a list of tips to help those new to the business continuity profession. The BSI's top ten tips for business continuity planning are:

1. Identify critical business functions: once critical business functions have been identified, it is possible to apply a methodical approach to the threats that are posed to them and implement the most effective plans.

2. Remember the seven 'P's needed to keep your business operational: providers, performance, processes, people, premises, profile (your brand) and preparation.

3. Understand and track past incidents with suppliers: obtain country-level intelligence so you understand what factors may cause a supply chain disruption e.g. working conditions, natural disasters, and political unrest.

4. Assess and understand vulnerabilities and weak points: conduct risk assessments to evaluate supplier capabilities to effectively adhere to your business continuity plans and requirements.

5. Agree and document your plans: these should never just be hidden away in the mind of the managing director. Assess your critical suppliers to make sure their business continuity plans fit with your objectives and are defined within your contract.

6. Make sure plans are communicated to key staff and suppliers: equally, share them with other key stakeholders to boost their confidence in your ability to maintain business as usual. This is particularly important for small businesses or those working with suppliers / buyers for the first time.

7. Try your plans out in mock scenarios: if possible include suppliers in your exercises and remember to test them not only in scenarios where there may be a physical risk, such as poor weather conditions making premises inaccessible, but people risks such as supply chain challenges and boardroom departures.

8. Expect the unexpected: while lean and efficient supply chains make good economic sense, unexpected events can have a significant impact on the operations and reputation of businesses.

9. Make sure your continuity plans are nimble and can evolve quickly: if your plans look the same as they did 10 years ago, then they probably won't meet current requirements. Organizations engaged in business continuity management will be actively learning from their internal audits, tests, management reviews and even from incidents themselves.

10. Make sure you're not just box-ticking: plans which get the tick against the 'to do' list but don't actually reflect the organization's strategy and objectives can lack credibility and are unlikely to succeed in the long-term. Instead, make sure your plans allow you to get back up and running in a way that aligns with your organization's objectives.

www.bsi-supplychainsolutions.com

Over the past year, Phoenix has found that customers using disaster recovery as a service (DRaaS) such as cloud backup & recovery, virtual disaster recovery or data replication services, all undertook rehearsals of their plans last year, highlighting that customers find it easier to test with DRaaS in place than customers who have traditional business continuity services, where Phoenix has seen only 40 percent of its customers testing.

Phoenix has found that DRaaS makes it much easier for customers to test because the data is with the same provider and the logistical issues usually found around testing, such as tape transportation and getting IT staff to the recovery centre, are removed. Furthermore, as it’s disaster recovery as a service, the service provider can initiate the recovery so customers are able to remotely access the recovered infrastructure to ensure that everything they needed to recover, has been recovered. The ‘live’ service element of DRaaS ensures a regular flow of communication which in turn increases awareness of testing.

Recent figures published by Phoenix show that just 45 percent of customers in total, tested last year with only 12 percent testing more than once. With environmental and hardware failures the most common reasons why customers put Phoenix on standby to use its disaster recovery services, the company is urging organisations to test their plans at least once a year to protect themselves against unforeseen but commonplace disruptions.

During Business Continuity Awareness Week (16th - 20th March 2015) Phoenix is offering tours of its facilities: to register log-on to: http://www.phoenix.co.uk/bc-open-day-registration-form/

Tuesday, 17 March 2015 00:00

Pros and Cons of Virtual Tape Libraries

Tape data storage just keeps on going. It’s almost like the steam punk of IT, a branch off into a different universe where everybody reads with bigger candles instead electric light bulbs. But it works. In fact, it works well enough for the largest IT vendors to continue pushing the envelope on data storage density on tape and storage and recovery speeds too. However, tape is not disk. You cannot ‘dip into’ tape in the same way you can randomly access a hard drive. And so, for backup and recovery in particular, the virtual tape library was invented to offer advantages of tape and disk altogether. Nevertheless, there are both pros and cons to consider.

...

http://www.opscentre.com.au/blog/pros-and-cons-of-virtual-tape-libraries/

The cloud wants enterprise data, and so far it has been fairly adept at gathering the low-hanging fruit: mostly bulk storage, archives, B&R, low-level database workloads and other non-critical stuff.

But the real money is in the advanced applications – the kind of data that organizations will pay a premium to support because it brings the highest value to emerging business models. This is a conundrum, however, because that high value also causes the enterprise to keep critical data close to the vest, which means cloud providers need to go the extra mile to win enterprise trust. And for the most part, that has not happened yet.

This is a shame because in terms of both security and uptime, the cloud is at least on par with the typical enterprise and in certain key metrics is actually superior. Cloud tracking site cloudharmony.com offers service status data for many of the top cloud providers going back at least a year, and its latest chart shows many services delivering four- or even five-nines availability. That puts outages at providers like Amazon EC2 and Google Cloud Service at mere minutes per year, while even three-nines performers confine their downtime to a few hours at most. A perfect record? Not by a longshot, but certainly no worse than the vast majority of enterprises out there.

...

http://www.itbusinessedge.com/blogs/infrastructure/can-the-cloud-clear-the-mission-critical-hurdle.html

Tuesday, 17 March 2015 00:00

Forecasting Floods Rises to the Challenge

(TNS) — In 2015, the hydrologists tasked with forecasting how high the Minnesota River will rise have supercomputers, advanced radar systems and satellites.

In 1965, they had slide rules, rain gauges and grave diggers.

Pedro Restrepo, the 65-year-old hydrologist in charge at the North Central River Forecast Center in Chanhassen, can relate to the tools available 50 years ago even as he uses the technology of today. When he first started working in hydrology in the 1970s, the instruments being used were much the same as in 1965.

"I still have my slide rule," Restrepo said, producing from his office the well-worn tool used by engineers and scientists to do calculations before the invention of the calculator.

...

http://www.emergencymgmt.com/disaster/Forecasting-Floods-Rises-to-the-Challenge.html

Despite numerous emergencies making headlines last year and major events impacting communities in Oso, Wash.; Napa, Calif.; and Detroit, 2014 was considered a relatively quiet year in terms of federally declared disasters.

After years of hearing about how the number of disaster declarations has been rising, 2014 had the lowest number of declared disasters and fire assistance grants in at least 14 years. FEMA reported that 45 major disaster declarations were made by the president in 2014. And six emergency declarations, which are issued in advance of an event, were declared. The highest number of emergency declarations was in 2005 with 68 events.

In addition, the agency provided 33 fire management grants, a lower than average number. It was “a higher number compared to 2013 (28) but far fewer than the 118 provided in 2011, or the 86 provided in 2006,” according to a FEMA blog post.

...

http://www.emergencymgmt.com/disaster/2014-Lowest-Number-of-Disaster-Declarations-14-Years.html

Monday, 16 March 2015 00:00

Are UK business disruptions on the rise?

Sungard Availability Services has released its 2014 UK invocation figures, which show the highest number of incidents since 2009.

Overall incidents of downtime, in which staff are unable to work from their usual office or access business critical systems, rose by over one third (38 percent) compared to 2013, leading to concerns that organizations are failing to sufficiently invest in availability and business continuity strategies and solutions.

While workplace related disruptions, in which the office environment is rendered inaccessible have remained fairly stable – with only a minor increase in 2014 – disruptions due to technology failures have more than doubled, increasing by 140 percent. Sungard AS’ 2014 invocation statistics show that hardware has been the main issue, causing a fifth of all problems (21 percent). The year-on-year spike in technology-related incidents, also including power and communications, is particularly worrying, suggesting that while many organizations are now entirely dependent on their IT systems, they are struggling to maintain them.

...

http://www.continuitycentral.com/news07561.html

Monday, 16 March 2015 00:00

Downtime costs under the spotlight

A new industry survey has found that of those who responded the largest group (37 percent) estimated that the cost-per-minute of downtime in their organization fell into the £10,000 - £20,000 bracket.

With 80 percent of those questioned giving their recovery time objectives as two hours or greater, the results mean that the potential losses to UK businesses are high.

The study, conducted by Timico, gave a comprehensive insight into the disaster recovery habits of IT managers in the UK, and revealed a distinct lack of awareness, despite the predicted cost of outages.

The survey revealed that almost a quarter (24 percent) of IT managers acknowledged having an outage within the past month but despite that, over 70 percent admitted to never having worked out the cost of the resulting downtime.

The research also found that over 60 percent of SMEs had not yet rolled out any form of cloud-based back up within their business. Moving to the cloud can negate the need for dual site replication, an option still favoured by 18 percent of those businesses questioned. Shockingly, despite the risks, a minority of respondents even admitted to never backing up their data.

http://www.timico.co.uk/draas

The potential value in the Internet of Things (IoT) is bringing to a fever pitch the focus on data as one of the enterprise’s most valuable assets. Clearly, those who carefully collect, transform, analyze, model and report on IoT data are seeing their influence rise. As much of this work is settling around the data scientist role, I talked with Don DeLoach, CEO of Infobright, provider of an analytics database platform, about what data scientists are being asked to do now, and how those responsibilities around IoT data might change in the near future.

DeLoach says it’s definitely early days when you look at what data scientists are being asked to examine:

“Look at the progress of the Internet of Things. Most, probably 95 percent, of the focus is on the closed loop message response systems that make up the use cases: service models for capital equipment, focus on specific silos, alerting to problems, not having to send service professionals out when they’re not needed, or information like temperatures in machines, or lighting levels that are appropriate for time or conditions. It’s grabbing a message off a sensor, and then determining whether an action is needed. We’re at an early stage.”

...

http://www.itbusinessedge.com/blogs/charting-your-it-career/internet-of-things-means-everyone-wants-a-data-scientist.html

Who needs a data scientist when you can have a robot analyze your data? No, seriously, that’s an actual question enterprises may be asking if this Computerworld article on artificial intelligence is right.

Technically, I guess artificial intelligence isn’t a robot until you add a body, but the question still stands: Can artificial intelligence solve the data deluge better than humans? AI experts certainly think so.

"The notion that a human analyst can look at all of this data unaided becomes more and more implausible," Oren Etzioni, CEO of the Allen Institute for Artificial Intelligence, told senior reporter Sharon Gaudin.  "You can't have a person sitting there watching Twitter to protect your brand. … You need A.I. tools."

The obvious use case is with security, where humans are already failing to keep up with the ever-changing threat. Algorithms can “learn” from the data and flag deviations.

...

http://www.itbusinessedge.com/blogs/integration/will-artificial-intelligence-replace-the-data-scientist.html

Cloud computing and modular infrastructure are working hand-in-hand to remove the hassles of physical infrastructure from the enterprise’s list of concerns.

If it all goes as planned, the loss of any one server, storage or networking component will cease to be the service-killing event that drives IT into a state of near-insanity. If a piece goes down, an automation system simply reroutes traffic to another module and a replacement device is swapped in at IT’s leisure, perhaps by a robotic arm.

But that does not mean IT is on easy street. Rather, responsibility for the smooth flow of data simply travels up the stack, to the application and service layers, to be precise. And exactly how the enterprise prepares for data management on that level will go a long way toward determining how well the bosses in the executive suite can fulfill their business models.

...

http://www.itbusinessedge.com/blogs/infrastructure/its-next-big-challenge-service-level-management.html

(Tribune News Service) -- New York state's top bank regulator told a University at Albany audience on Thursday that one of the greatest threats to the economy today is a "cyber 9/11" attack that causes widespread panic in financial markets.

Benjamin Lawsky, who as superintendent of the state Department of Financial Services oversees 3,800 banks and insurance companies, said that trying to stop cyberattacks on the state's financial system — from data breaches to cyberterrorism — is his biggest concern.

"It's the one issue that I personally work on every single day," Lawsky said at UAlbany's Business School, where he delivered the first-ever Massry Lecture. "What should we do to prevent these nightmare scenarios?"

Although Lawsky doesn't have criminal prosecution powers, his office has been aggressive in negotiating civil penalties with banks that have been investigated for wrongdoing in New York state. On Thursday, just an hour before his UAlbany speech, his office announced a $1.45 billion fine for Commerzbank of Germany — of which $610 million will go to New York state.

...

http://www.emergencymgmt.com/safety/New-York-Bank-Cyber-911-Attack-Could-Happen.html

(TNS) — Aiming to minimize the number of victims, the Japanese government is hurrying to establish a network of undersea cables to monitor the occurrence of tsunami on the floor of the Pacific Ocean, where a huge earthquake is expected to take place.

The cables connect tsunami gauges and other observation devices for that purpose.

On seabeds stretching from off Hokkaido to off Chiba Prefecture, the National Research Institute for Earth Science and Disaster Prevention (NIED) is installing tsunami gauges and other devices in 150 locations. The total length of the undersea cables will be 5,700 kilometers.

“There is no precedent anywhere in the world for such a large-scale tsunami observation network," NIED President Yoshimitsu Okada said. “Completion is scheduled for fiscal 2015. After that, it will be possible to detect tsunami waves 20 minutes earlier than we do now."

...

http://www.emergencymgmt.com/disaster/New-System-Japan-Warn-Tsunami-20-Minutes-Faster.html

MSPs who offer cloud-based file sharing have a full time job. It isn’t enough to simply sell and set up cloud services for your client – you then need to monitor them.

Surprisingly, 44 percent of corporate data stored in the cloud environment is not managed or controlled by the IT department.

While you could try to make it easier for customers to monitor the cloud sharing you set up, there are advantages to being the one to handle this task. For one, you obviously want to make sure that the file sharing system you set up is working properly. You also want to be able to tell when your client may need additional functions or storage based on their use. Finally, your clients care about it, so being the one to offer it will increase your value to them.

Here are four things your clients care about, and things you should be actively monitoring:

...

http://mspmentor.net/infocenter-cloud-based-file-sharing/031315/msps-4-key-considerations-monitoring-cloud-based-file-sharing

Many information security professionals are looking for help with security and may very well partner with managed security service providers (MSSPs) this year. That's according to a new report from Trustwave. Here are the details.

The 2015 Security Pressures Report revealed that most businesses expect the pressure to secure their organizations against cyber threats will increase in 2015. Also, 78 percent of information security professionals said they are likely or plan to partner with an MSSP to protect their organizations.

...

http://mspmentor.net/managed-security-services/031315/trustwave-78-it-pros-expect-partner-mssp

According to the Occupational Health and Safety Administration, 4.1 million U.S. employees experience work-related injuries or illnesses each year and 1.12 million of those employees lose work days as a result. With the average employee missing eight days per injury, even a minor injury can create a domino effect in your company.

When employees experience illness or injury, it often impacts their ability to perform their jobs, especially in occupations that are more labor intensive. As soon as your worker is able, it is in everyone’s best interest to return him or her to work in some capacity. Oftentimes, this is done through formalized return to work programs. Return to work programs are extremely effective because they provide benefits to not only the employee, but also your company.

...

http://www.riskmanagementmonitor.com/top-10-benefits-of-return-to-work-programs/

Friday, 13 March 2015 00:00

BCM & DR: When to Use Software

Often, when an organization initiates its Business Continuity Management (BCM) / Disaster Recovery (DR) program, it a pretty manual process: documents, power points and spreadsheets abound. They look good and they serve a purposes but when the program needs to mature and grow, the manual maintenance and monitoring processes just can’t keep up properly. Suddenly, the person responsible – use is usually only assigned to BCM/DR part time – can’t keep up and things begin to fall apart. It’s time for some help to automate the BCM process to keep it current and maintainable (not just the plans being maintained).

So where do you start and what needs to be considered when determining what software is best for you? Here are some helpful tips to consider when you get to that point.

...

https://stoneroad.wordpress.com/2015/03/12/bcm-dr-when-to-use-software/

Often, when an organization initiates its Business Continuity Management (BCM) / Disaster Recovery (DR) program, it a pretty manual process: documents, power points and spreadsheets abound. They look good and they serve a purposes but when the program needs to mature and grow, the manual maintenance and monitoring processes just can’t keep up properly. Suddenly, the person responsible – use is usually only assigned to BCM/DR part time – can’t keep up and things begin to fall apart. It’s time for some help to automate the BCM process to keep it current and maintainable (not just the plans being maintained).

So where do you start and what needs to be considered when determining what software is best for you? Here are some helpful tips to consider when you get to that point.

If you are the IT person who handles security for your company, where do you feel the most pressure when it comes to protecting business interests and consumer privacy? The folks at Trustwave sought to discover what was causing the most stress and concerns for IT and security professionals, and they just released their findings in the 2015 Security Pressures Report.

It’s an interesting perspective to study. All professionals are under pressure to perform well in their job duties, but as more companies reveal disastrous breaches and security breakdowns, IT security pros are really in the spotlight right now, with minimal room for failure. In fact, as the study stated in the introduction:

Few white-collar professions face as much mounting pressure as the information security trade. It is a discipline that, due to the widely publicized data breach epidemic, has suddenly crept out from behind the shadows of the mysterious, isolated and technical — and into the public and business mainstream.

- See more at: http://www.itbusinessedge.com/blogs/data-security/stress-levels-on-the-rise-for-security-professionals.html#sthash.Txh7nrOk.dpuf

If you are the IT person who handles security for your company, where do you feel the most pressure when it comes to protecting business interests and consumer privacy? The folks at Trustwave sought to discover what was causing the most stress and concerns for IT and security professionals, and they just released their findings in the 2015 Security Pressures Report.

It’s an interesting perspective to study. All professionals are under pressure to perform well in their job duties, but as more companies reveal disastrous breaches and security breakdowns, IT security pros are really in the spotlight right now, with minimal room for failure. In fact, as the study stated in the introduction:

Few white-collar professions face as much mounting pressure as the information security trade. It is a discipline that, due to the widely publicized data breach epidemic, has suddenly crept out from behind the shadows of the mysterious, isolated and technical — and into the public and business mainstream.

- See more at: http://www.itbusinessedge.com/blogs/data-security/stress-levels-on-the-rise-for-security-professionals.html#sthash.Txh7nrOk.dpuf

(TNS) — A new report from the U.S. Geological Survey shows it is increasingly likely a magnitude 8.0 or greater earthquake will hit California, but that "doesn’t change the bottom line” for the state’s emergency management workers, an agency official says.

Lucy Jones, a USGS seismologist and Mayor Eric Garcetti’s adviser on earthquakes, tweeted Tuesday about the randomness of big quakes.

"This new science doesn't change the bottom line for emergency managers," she wrote. "Which one happens in our lifetimes is a random subset."

The tweet was in response to a question posed to Jones about the practical takeaway for those trying to prepare the state for just such a disaster.

...

http://www.emergencymgmt.com/disaster/Risk-8-Earthquake-California-Leaps.html

Accessing analytics of any type has always been a complex endeavor. But starting this week, Ryft Systems wants to make real-time analytics running on a 1u server built using field programmable gate arrays (FPGAs) a single application programming interface (API) call away.

Pat McGarry, vice president of engineering for Ryft Systems, says that by deploying a dedicated Ryft ONE server that runs a “Linux-like” operating system to process analytics IT organizations can once and for all eliminate I/O bottlenecks.

The biggest challenge with Big Data, says McGarry, is not so much the size of that data that needs to processed at any given time, but rather the velocity at which that data needs to be processed. Rather than relying on a general-purpose processor, McGarry says that Ryft has combined FPGAs with up to 40 solid-state disk drives that can process up to 48TB of data at a rate of 10 gigabytes per second.

...

http://www.itbusinessedge.com/blogs/it-unmasked/ryft-systems-puts-real-time-analytics-of-big-data-an-api-call-away.html

Let’s start with the notion that nobody is perfect. I know, that will drive the perfectionists up a wall, but it is true. No person, no organization, no company is perfect. This means we will all make mistakes. So why not plan for it.

Plan for it! Yes. We all know that someday there will be a screw up, a goof, or God forbid an intentional negative act. For example, consider the recent experience of a Comcast customer.  Lisa wanted to find a way to save money, so she decided that the family could do without the cable portion of the family bill. The Comcast customer service representative was not happy with this request, tried to retain her, and when she still refused Lisa got her next Comcast bill addressed to –  “Asshole Brown”. Needless to say Lisa was upset about trying to get the name changed back to her real name. Even that task was not easy.

So here we go. Like I said,  no one is perfect and in this case Comcast certainly deserves a black eye.

...

http://www.corporatecomplianceinsights.com/when-it-hits-the-fan-how-to-rebound-from-a-business-disaster/

CompTIA's new "Enabling SMBs with Technology" study revealed many small- and medium-sized businesses (SMBs) want innovative technology partners, and a lack of innovative technology solutions is one of the primary reasons why some of these companies choose to switch IT firms.

CompTIA reported that more than 70 percent of SMBs said they have used an outside IT firm at least occasionally over the past 12 months. Also, 46 percent of SMBs noted that they look to outside IT firms when they need greater expertise and new options, which could create new opportunities for innovative managed service providers (MSPs).

"For an MSP to be innovative, it must focus on business results at a broad scale and proactively determine the best technology solution," Seth Robinson, CompTIA's senior director of technology analysis, told MSPmentor.

...

http://mspmentor.net/managed-services/031215/what-does-it-take-be-innovative-msp-comptia-explains

By James Stevenson

The first few exercises I ran were pretty nerve wracking. Would the plans work? Would the team play nicely or start throwing stuff? Would they realise I was new to this?

Since then I’ve been fortunate to work with many different groups around the world facilitating exercises, coaching and training new business continuity managers to design and run their own successful exercises.
It’s not rocket science but there is a skill to setting up and running a great exercise.

To help with this, the ten steps below are packed full of tips and suggestions to develop this skill, run great exercises and maximise your business continuity programme:

...

http://www.continuitycentral.com/feature1290.html

Page 1 of 16