• PROTECT AND ENHANCE THE VALUE OF YOUR ENTERPRISE

    FREE CUSTOMIZED DEMO

    The Continuity Logic customized demo provides an opportunity for qualifying organizations to evaluate Frontline Live 5™, with their plans, desired controls, policies, and procedures. This first-of-its-kind system for both business continuity and many other areas of Governance, Operational Risk and Compliance (GRC) is powerful, but often best viewed with some of your familiar plans, data and templates.

    LEARN MORE ABOUT FRONTLINE LIVE 5

Fall World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 28, Issue 3

Full Contents Now Available!

Industry Hot News

Industry Hot News (3712)

Cloud adoption and cloud-based file sharing are becoming increasingly popular among the general public and private use of cloud services within organizations is causing concern among CIOs. Unfortunately, IT organizations are having a hard time keeping up. According to an article from Business Cloud News, a recent survey conducted by Fruition Partners of 100 UK CIOs found that 84 percent believe cloud adoption reduces their organization’s control over IT.

However, it isn’t the cloud itself that is causing organizations to feel a lack of control. The cause of most CIOs anxiety comes from Shadow IT.

...

http://mspmentor.net/infocenter-cloud-based-file-sharing/080315/msps-survey-finds-cios-concerned-about-cloud-control

The hackers responsible for the Anthem and U.S. Office of Personnel Management (OPM) data breaches recently may have attacked United Airlines as well.

And as a result, United tops this week's list of IT security news makers to watch, followed by the University of Connecticut (UConn), Franciscan St. Francis Health and the HAMMERTOSS malware.

What can managed service providers (MSPs) and their customers learn from these IT security news makers? Check out this week's list of IT security stories to watch to find out:

...

http://mspmentor.net/managed-security-services/080315/it-security-stories-watch-was-united-airlines-breached

Technology is not enough in the fight against cybercrime, effective cybersecurity measures require policy and process changes as well.

That’s the takeaway from an analysis of cyber-risk spending included in the 2015 U.S. State of Cybercrime Survey recently released by PwC.

While cybersecurity budgets are on the rise, companies are mostly reliant on technology solutions to fend off digital adversaries and manage risks.

Among the 500 U.S. executives, security experts and others from public and private sectors responding to the survey, almost half (47 percent) said adding new technologies is a spending priority, higher than all other options.

...

http://www.iii.org/insuranceindustryblog/?p=4134

For those MSPs contemplating the build-versus-buy question with regards to offering backup and disaster recovery (DR) as a service, be careful when it comes to the purchase and management of storage. Get it wrong and you could end up with a money pit.

A useful analogy is the home. Suppose a couple is looking at whether to buy a house or build their own dream house. The latter option would require buying a parcel of land, working out the plans, obtaining the necessary city permits and going to Home Depot repeatedly for an endless list of materials. With the basic elements on site, now comes the hard part. Digging the trenches, cutting the steel rebar to erect the framework in which to pour the concrete, then adding the walls, doors, windows, plumbing, electrical and many more details--any one of which could trip up the home owners and add time to the project.

Like the distraught home buyers who end up looking like they are in a remake of Tom Hanks’ “Money Pit” movie, many such projects run way over budget and are delayed by many months, if not years. Only if the homeowner has a broad do-it-yourself (DIY) skillset, or has generous contractor friends, does this method have any possibility of success.

...

http://mspmentor.net/blog/private-vs-public-cloud-avoiding-money-pit-storage-capacity

FEMA is requesting stakeholder feedback on working drafts of four of the five Federal Interagency Operational Plans (FIOPs):  Protection, Mitigation, Response, and Recovery. The Prevention FIOP is Unclassified and For Official Use Only (FOUO)/Law Enforcement Sensitive (LES), Restricted Access and therefore available to appropriate personnel through separate and secure communication means. The FIOPs describe how the Federal government aligns resources and delivers core capabilities. Each FIOP outlines the concept of operations for integrating and synchronizing existing national-level Federal capabilities to support the whole community.

This update of the FIOPs focuses on discrete, critical content revisions, and confirming edits as a result of comments received on the National Preparedness Goal and National Planning Frameworks. Additional changes in the draft are the result of the lessons learned from implementing the FIOPs and recent events, as well as the findings of the National Preparedness Report.  The FIOPs and feedback submission forms may be found at http://www.fema.gov/ppd-8-news-updates-announcements">http://www.fema.gov/ppd-8-news-updates-announcements.

To ensure all feedback is properly handled, reviewers are asked to use the provided feedback submission form to submit feedback and recommendations. Please provide any comments and recommendations, using the submission form, toPPD8-Engagement@fema.dhs.gov byTuesday, September 2, 2015 at 5:00 PM EDT.

If you have any questions, please contact FEMA’s Private Sector Division at(202) 646-2600 or at FEMA-Private-Sector@fema.dhs.gov. Follow FEMA online at http://www.fema.gov/blog">www.fema.gov/blog, http://www.twitter.com/fema">www.twitter.com/fema, http://www.facebook.com/fema">www.facebook.com/fema and http://www.youtube.com/fema">www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at http://www.twitter.com/craigatfema">www.twitter.com/craigatfema. The social media links provided are for reference only.  FEMA does not endorse any non-government websites, companies or applications. 

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

NORTH LITTLE ROCK – Federal assistance may be available to help Arkansas communities rebuild infrastructure to higher, more disaster-resistant standards and state officials are encouraging local governments to take advantage of that funding.

The assistance to communities is part of the aid that became available following the severe storms, tornadoes, straight-line winds, and flooding during the period of May 7 to June 15, 2015.

“Generally, the federal Public Assistance program restores disaster damaged infrastructure to pre-disaster conditions,” said Nancy M. Casper, federal coordinating officer for the Federal Emergency Management Agency. “But when cost effective and technically feasible, it makes sense to rebuild to higher standards that can prevent future loss.”

FEMA’s Public Assistance program provides federal funds to reimburse a minimum of 75 percent of the costs for removing debris, conducting emergency protective measures and repairing levees, roads, bridges, public utilities, water control facilities, public buildings and parks. Mitigation funding may be considered in each project category.

Eligible applicants may include:

  • state agencies

  • local and county governments

  • private nonprofit organizations that own or operate facilities that provide essential government-type services

"Studies show that every $1 paid toward mitigation saves an average of $4 in future disaster-related costs,” said State Coordinating Officer Scott Bass of the Arkansas Department of Emergency Management Agency. "By adding mitigation money to repair costs, our goal is to reduce or eliminate damages from future disasters.”

As part of the process for applying for federal assistance, experts from ADEM and FEMA help identify projects that will qualify for the special mitigation program. Officials urge applicants to take advantage of the funds.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners, and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling (800) 659-2955, emailing disastercustomerservice@sba.gov  or visiting SBA’s website at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call (800) 877-8339.

Is London prepared for climate change?

London’s businesses are ill-prepared for climate change risks as 54% of FTSE 100 firms have no business adaptation strategy in place for climate change. Evidence suggests that 60% of small and medium sized businesses have no plan in place to deal with extreme weather conditions.

The UK capital’s status as a global city makes its economy increasingly vulnerable to climate change, not only facing extreme weather like flooding, drought, heatwaves in the city itself, but also imported risks through the insurance sector, overseas investments and international supply chains. This is according to the new ‘Weathering the Storm’ report by the London Assembly Economy Committee which looks into the impact of climate change on London’s economy in terms of risks and opportunities.

Jenny Jones AM, the report author and former Chair of the Economy Committee, said: “Too little is being done to understand and prepare for the potential costs of climate change. London faces a great unknown when it comes to how our supply chains and economy will be hit by extreme weather events. For example, the damage from the 2011 floods in Thailand, where IT component parts are made, meant much higher prices across the global IT industry, including in London. A much worse situation would be if too many harvests failed and affected our food supply.

It’s no secret that the field of emergency management is not overly diverse. The typical emergency manager is an older white male. This lack of diversity is rooted primarily in the profession’s evolution. Many of the first emergency managers came from police, fire or first responder backgrounds, which for a long time were largely white, male-dominated fields in most parts of the country.

“Most emergency managers traditionally came from a pretty narrow slice of the professional world,” said Joe Partridge, disaster recovery business continuity manager for CareOregon, a nonprofit involved in health plan services, reforms and innovations. “Even as recently as the late 1990s, emergency management director positions were almost always located within a police or fire department and typically staffed by either a retired or close-to-retired person from a first responder background — typically 55 years old or older and a white male.”

Carmen Merlo, director of the Portland Bureau of Emergency Management in Oregon, has been working in emergency management for 18 years. “It’s often the case that I’m the only female in the room,” she said. “I still go to conferences where literally all of the panelists are white men.”

...

http://www.emergencymgmt.com/disaster/Changing-of-the-Guard.html

Mike McConnell is a former director of the National Security Agency and director of national intelligence. Michael Chertoff is a former homeland security secretary and is executive chairman of the Chertoff Group, a security and risk management advisory firm with clients in the technology sector. William Lynn is a former deputy defense secretary and is chief executive of Finmeccanica North America and DRS Technologies.

More than three years ago, as former national security officials, we penned an op-ed to raise awareness among the public, the business community and Congress of the serious threat to the nation’s well-being posed by the massive theft of intellectual property, technology and business information by the Chinese government through cyberexploitation. Today, we write again to raise the level of thinking and debate about ubiquitous encryption to protect information from exploitation.

In the wake of global controversy over government surveillance, a number of U.S. technology companies have developed and are offering their users what we call ubiquitous encryption — that is, end-to-end encryption of data with only the sender and intended recipient possessing decryption keys. With this technology, the plain text of messages is inaccessible to the companies offering the products or services as well as to the government, even with lawfully authorized access for public safety or law enforcement purposes.

...

https://www.washingtonpost.com/opinions/the-need-for-ubiquitous-data-encryption/2015/07/28/3d145952-324e-11e5-8353-1215475949f4_story.html

Too few businesses testing their business continuity plans

Most midsize businesses have business continuity plans but few have tested them, according to The Hartford’s survey of midsize business owners and C-level executives in the US. This shortcoming presents potential risk for businesses, which may be unable to meet client needs due to an interruption in their operation or lose revenue due to a supplier issue.

The Midsize Business Monitor showed that the majority of midsize businesses surveyed (59%) had a formal, documented business continuity plan, one-third (33%) had an informal, verbal plan, and 8% reported having no plan at all. While this may be considered encouraging, what was damning was that only 19% of businesses had actually tested their plan.

The theme for Business Continuity Awareness Week 2015, run by the Business Continuity Institute was testing and exercising and one of the key themes that came out of the week was that a plan that has not been exercised is simply not a plan. You can only tell if a plan works when it is put to the test and it is far better to find out that it doesn’t work during an exercise rather than when the very existence of your business depends on it.

Weather-related events, fires, thefts and supplier interruptions are just a few of the issues that can impact a business,” said Eric Cannon, assistant vice president of property underwriting at The Hartford. “While many midsize businesses have taken the important step of developing a formal continuity plan, testing and updating that plan on a regular basis can mean the difference between a business’s ability to recover quickly versus being unable to meet client needs.

The Hartford survey found that more than one-third (36%) of midsize businesses had been unable to meet a client need due to an interruption in their operation, putting their relationship with that client at risk. While the majority managed to find an alternative supplier, nearly half (48%) lost business to other suppliers and 9% stated this loss was permanent.

Most midsize businesses surveyed (84%) rely on suppliers, vendors or consultants, yet four in 10 had suffered a supplier interruption and almost one-third (32%) had lost revenue due to a supplier problem.

Even the smallest vendor or that vendor’s supplier can impact a business’s ability to meet its customers’ needs. The savvy business owner must take the time to understand the continuity plans of its suppliers and their suppliers in order to fully know who is at the table and who can step in when back-ups are needed,” said Cannon. 

Is this what cyber war will look like?

Reports are saying that several major breaches, including Anthem, the U.S. government’s Office of Personnel Management (OPM) and United Airlines, which was just recently revealed, were all most likely conducted by the same Chinese cyberespionage group. All of the breaches involved the compromise of personally identifiable information (PII) of customers, employees and/or contractors, but as an eWeek article pointed out this could be a way for one government to spy or gain advantage over another government or country. Paul Kurtz, CEO of TruSTAR Technologies and a former White House cybersecurity advisor, told the publication:

We know that adversaries typically use a common command-and-control infrastructure to attack multiple companies across many sectors of the economy. Given what we've seen, it's not too shocking to learn about other breaches involving the same adversaries.

...

http://www.itbusinessedge.com/blogs/data-security/have-cyberattacks-become-nation-state-attacks.html

Kansas City, Mo. –The U.S. Department of Homeland Security’s Federal Emergency Management Agency’s (FEMA) Region VII office announced today there will be a routine biennial exercise conducted with Omaha Public Power District for the Fort Calhoun Nuclear Station in Nebraska on Aug. 4, 2015, followed by a public meeting.

Exercise participants will include: the states of Nebraska and Iowa; Washington County in Nebraska; Pottawattamie and Harrison counties in Iowa; and the Omaha Public Power District.

The routine exercise will test the abilities of the states of Nebraska and Iowa, the utility and the participating counties to protect the health and safety of the public living and working in the vicinity of the Fort Calhoun Nuclear Station.

The exercise is a biennial requirement to determine the adequacy of the state and local radiological emergency preparedness and response plans. It will require the activation of emergency facilities by the participating state and local officials. The activities of the state, county and local units of government will be observed and evaluated by the FEMA Region VII Radiological Emergency Preparedness (REP) Program. Fort Calhoun Nuclear Station on-site performance will be observed and evaluated by officials from the Nuclear Regulatory Commission (NRC).

On Thursday, August 6, 2015, a public meeting will be held to describe and explain the full-scale response exercise process. Since the process of evaluating the full-scale response exercise will take months, the preliminary findings and meeting discussion will be very limited in scope.

Members of the public and the media are invited to attend the meeting, starting at 11 a.m. (CDT) in the Fort Calhoun Volunteer Fire Station, located at 600 N. 14th Street, Fort Calhoun, Neb.

Representatives from FEMA Region VII will chair the meeting and explain the exercise process. A representative from the NRC Region IV office, located in Arlington, Texas, will discuss activities conducted on-site at the power plant during the exercise.

Follow FEMA online at www.twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema.  Find regional updates from FEMA Region VII at www.twitter.com/femaregion7. Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.  The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

OKLAHOMA CITY – To date, Oklahomans have received more than $40.7 million in grants, low-interest loans and insurance settlements from the federal government, helping to rebuild the lives of families and help out businesses affected by the severe weather and subsequent flooding during the period of May 5 through June 22.

Nearly 10,000 families have registered for assistance with the Oklahoma Department of Emergency Management, the Federal Emergency Management Agency and the U.S. Small Business Administration (SBA).

The disaster assistance, which totals more than $40.7 million, includes more than $15.5 million approved for homeowners and renters, more than $13.2 million in grants for housing, including home repairs and rental assistance, and more than $2.1 million for Other Needs, such as repair or replacement of personal property essential to the home. It also includes more than $8.6 million in payments to survivors through the National Flood Insurance Program and more than $16.7 million in SBA loans.

SBA has issued 1,342 applications for low-interest disaster loans to homeowners and businesses. More than $15.5 million has been approved for homeowners, and more than $1.2 million in loans has been approved for business owners rebuilding after the storms.

Low-interest SBA disaster loans may be available to businesses of all sizes as well as certain private nonprofit organizations. Homeowners and renters are also eligible for SBA loans for uninsured loss. These loans cannot duplicate benefits from other agencies or compensation from other organizations.

FEMA deployed 88 Disaster Survivor Assistance specialists going door to door in the affected 45 counties. To date, they have visited 18,878 homes and 889 community-based organizations delivering recovery information and guidance. These specialists have also registered 647 survivors for disaster assistance. A total of 4,206 people have visited DRCs.

Survivors may apply for state and federal assistance online with any computer, smartphone, or tablet at www.DisasterAssistance.gov or by calling 800-621-3362 or (TTY) 800-462-7585. Those who use 711-Relay or Video Relay Services can call 800-621-3362 to register. Hours to register by phone: 6 a.m. to 9 p.m. local time, seven days a week.

For more information on Oklahoma disaster recovery, click http://www.fema.gov/disaster/4222 or visit OEM at www.oem.ok.gov.

WASHINGTON – Today, the U.S. Department of Homeland Security's Federal Emergency Management Agency (FEMA) and Portlight Strategies (Portlight) announced an agreement that will increase preparedness awareness for people with disabilities in the event of natural or man-made disasters. The agreement aligns with FEMA’s commitment to inclusive emergency management by partnering with disability organizations and community leaders who serve the whole community at the local level.

“As we celebrate the 25th anniversary of the Americans with Disabilities Act, we are also reinforcing our commitment to serving the whole community before, during and after disasters,” said Craig Fugate, FEMA Administrator. “By having preparedness plans and thinking ahead, individuals, families and communities will be ready to respond to these events when they occur.”

The new partnership will bolster working relationships with state, local, tribal and territorial emergency managers to encourage including people with disabilities in planning.  It will also provide information so people understand the disaster risks in their area. By evaluating their own individual needs and making an emergency plan that fits those needs, people can be better prepared.

Some key highlights from the agreement show that FEMA and Portlight will:

  • Participate in training events and natural and simulation exercises, drills, and discussions focused on emergency preparedness and lessening the impact of disasters;
  • Share operational practices that work well and that may be adapted to make improvements in service delivery and support community resilience and accessibility for people with disabilities and others with access and functional needs; and
  • Share research-based emergency management data and information and training experience and expertise before, during, and after disasters.

"We're excited about this next important step in our relationship with FEMA and the ways it will enhance our ability to serve the disability community in times of disaster,” said Paul Timmons Jr., Portlight Co-founder and Board Chair. “It embodies our philosophy that there must be nothing about us without us.”

The primary mission of Portlight Strategies, Inc. (Portlight) is to provide disaster relief and recovery services specifically for people with disabilities and to facilitate accessible services—compliant with the Americans with Disabilities Act of 1990 (ADA)—from all providers, whether governmental or non-governmental.

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

Depending on who you talk or listen to, hyper-converged storage is either the future of storage, or it is a hype niche market that is not for everybody, particular not larger environments.

Admittedly, there is a lot of hype in and around convergence, including hyper-convergence. On the other hand, there is also a lot of reality in various converged infrastructure (CI), hyper-converged infrastructure (HCI), cluster in a box (CiB) and other solution bundle approaches.

Not every data center is the same; your data center will be different depending on whether you are a small office home office (SOHO), remote office branch office (ROBO) with a few servers, a departmental workgroup, small medium business (SMB), small medium enterprise (SME), large enterprise, web-scale or cloud services provider.

...

http://www.enterprisestorageforum.com/storage-management/is-future-storage-converging-around-hyper-converged-1.html

(TNS) - Nearly three years after Hurricane Sandy devastated New Jersey, its effects linger in the form of heightened anxiety and post-traumatic stress disorder, a report released Wednesday found.

More attention should be paid to the emotional consequences of housing damage, including mold, the report stated. Surprisingly, children who lived in homes with minor damage were even more likely than those in homes with major damage to feel sad or depressed or have trouble sleeping.

"We're definitely still hearing about the issues and the problems," said David Abramson, a New York University researcher who led the Sandy Child and Family Health Study.

...

http://www.emergencymgmt.com/disaster/Report-Health-effects-of-Hurricane-Sandy-still-linger.html

The cloud environment you know today will be very different from the cloud environment you’ll see in a couple of years – just as it’s different from the one you saw a couple of years ago. As the cloud evolves, cloud security compliance protocols will evolve, too. As a managed service provider (MSP), it’s important to always be mindful of the latest codes of compliance for cloud data storage and cloud-based file sharing across any and all industries.

As lawmakers and governing bodies continue to gain an understanding of the impact that cloud computing has on the modern business community, the rules being put in place will become more stringent. They’ll also be revised and amended in an attempt to evolve with the cloud space.

The list of compliance regulations already in place includes PCI DSS (The Payment Card Industry Data Security Standard), SOX (The Sarbanes-Oxley Act of 2002), GLBA (The Gramm-Leach-Bliley Act), and HIPAA (The Health Insurance Portability and Accountability Act of 1996) – and that’s just to name a few. As noted by Paul Korzeniowski for CIO.com, this list will only grow longer.

...

http://mspmentor.net/infocenter-cloud-based-file-sharing/073015/ensuring-compliance-evolving-cloud-security-protocols

After West Africa's 2014 Ebola epidemic magnified awareness about the deadly virus' effects -- and local response tactics -- Onslow County Health Department revisited its methods for prevention and management of communicable diseases.

"Ebola, it really took America by storm," said Pamela Brown, health department spokeswoman. "It really captured the public's imagination. It also gave us the opportunity to highlight the importance of public health. We are constantly preparing with our partners for just such a thing."

Ebola is a rare viral hemorrhagic fever that can spur severe headaches, fatigue, muscle pain, vomiting, diarrhea, abdominal pain or "unexplained hemorrhage," according to information from Centers for Disease Control and Prevention (CDC). The 2014 Ebola epidemic is the largest in history. "Two imported cases, including one death, and two locally acquired cases in health care workers were reported in the United States."

...

http://www.emergencymgmt.com/health/North-Carolina-County-Receives-Grant-to-Strengthen-Ebola-Response.html

(TNS) - When a 7.8-magnitude earthquake hit Baguio on July 16, 1990, 5-year-old Klaridelle Reyes was sleeping on a couch. She woke up to a cacophony of voices and loud footsteps. She could hear people shouting, running to safety.

Kyle Yan, a 16-year-old student at Saint Louis University, was also napping on that cold afternoon when the quake struck. He awoke in the commotion and then waded through piles of books and personal belongings that had fallen to the floor during the first few seconds of the quake.

Outside, buildings were starting to crumble, landslides blocked roads and mines collapsed on hapless workers.

...

http://www.emergencymgmt.com/disaster/The-Big-One-Could-Kill-34000-in-the-Philippines.html

When the Rana Plaza building collapsed in Bangladesh, it wasn’t the physical disruption to the supply chain that caused the most damage to organizations at the top, it was the reputational damage as a result of the poor safety standards and human rights abuses taking place further down the chain. A disruption in one organization, whether physical or reputational, will have an impact throughout the entire supply chain.

Have organizations learnt their lesson from the incident above? The risk of organizations breaching international human rights regulations has risen significantly over the last quarter as key Asian economies adapt to tougher economic conditions. That is the conclusion of the latest Risk Index Report from BSI which it identifies China, India, Vietnam, Bangladesh and Myanmar as the five highest risk countries for human rights violations. These countries account for 48% of global apparel production, 53% of global apparel exports, and 26% of global electronics exports.

The Quarterly BSI Risk Index is based on intelligence from BSI’s Supply Chain Risk Exposure Evaluation Network (SCREEN) tool, which provides real-time incident reports for corporate social responsibility (CSR), security, and business continuity risk, threats, from over 20 proprietary risk categories across 200 countries. Supply Chain Intelligence from SCREEN identifies major CSR concerns, such as brand protection risks and changes to global regulation including the US legislation aimed at eliminating forced child labour, EU draft conflict minerals law, and the UK’s Modern Slavery Act. All of which relate directly to complex supply chains worldwide and can subject an organization to prosecution if their suppliers exploit human rights.

In addition to the legal repercussions, an organization’s brand reputation and consumer trust is compromised. The latest generation of consumers, millennials, are focused on buying from ethical and responsible businesses, highlighting the increased importance for organizations to adopt a supply chain risk management program and implement risk-based sourcing strategies. Understanding country-level threats provides the needed intelligence to filter risk to underpin a socially compliant and responsible supply chain.

The latest BSI Risk Index report warns that efforts by Asian governments to boost their economies are having the unintended consequence of allowing child labour abuses to become more present in supply chains. Also highlighted were proposed changes to labour laws that may incentivise firms to restructure as 'family enterprises', making it easier to employ underage workers in a country where 4.4 million children are already put to work.

Mike Bailey, EMEA Director of Professional Services at BSI, commented: “Organizations can no longer turn a blind eye to the actions of their suppliers. The laws we are seeing today may only apply to larger firms, but they set a benchmark for the industry and smaller organizations will be forced to comply to work with the larger companies, by default. Products assembled or services provided by child labour or depending on minerals from conflict zones have no place in the modern world.” 

Thursday, 30 July 2015 00:00

BCI: The cost of catastrophe

Less than a third (31%) of global economic losses as a result of natural disasters were covered by insurance (including both private insurers and government-sponsored programs) during the first half of 2015, according to a new study by Aon Benfield. This is slightly above the 10-year average of 27% because the majority of the losses occurred in regions with higher insurance penetration.

By contrast, around 2% of the multi-billion-dollar economic loss from the Nepal earthquake was covered by insurance. Statistics like this show how catastrophe models can play a role in helping the insurance industry to better understand these risks and seek ways to grow insurance penetration in underserved regions.

On a more positive note, losses during the first half of 2015, from both an economic and insured loss perspective, were each below the 10-year (2005-2014) average. Preliminary data from the Global Catastrophe Recap: First Half of 2015 report determined that economic losses were US$46 billion, down 58% from the 10-year average of US$107 billion, and insured losses were US$15 billion, down 47% from the 10-year average of US$28 billion.

The severe thunderstorm peril was the costliest disaster type, comprising 33% of the economic loss and 49% of the insured loss. Most of the costs were attributed to strong convective thunderstorm events that prompted widespread hail, damaging straight-line winds, tornadoes, and major flash flooding in the United States during the months of April, May and June.

A clear majority (73%) of the insured losses were sustained in the United States due to an active winter season combined with numerous spring severe convective storm events. Asia Pacific was second with 14% and Europe, Middle East & Africa was third with 11% of the insured loss.

Steve Bowen, associate director and meteorologist with Aon Benfield's Impact Forecasting team, said: "The first half of 2015 was the quietest on an economic and insured loss basis since 2006. Despite having some well-documented disaster events in the United States, Asia Pacific and Europe, it was a largely manageable initial six months of the year for governments and the insurance industry. Looking ahead to the rest of 2015, the continued strengthening of what could be the strongest El Nino in nearly two-decades is poised to have far-reaching impacts around the globe. How that translates to disaster losses remains to be seen, but something to keep a close eye on in the coming months."

Thursday, 30 July 2015 00:00

Early Warning On Heat Health Risk

As many parts of the United States enter another day of high heat and humidity, we’re reading about the first ever heatwave warning guidelines issued by the United Nations earlier this month.

The guidelines are intended to alert the general public, health services and government agencies via the development of so-called heatwave early warning systems that should ultimately lead to actions that reduce the effects of hot weather extremes on health.

As the foreword to the publication states:

Heatwaves are a dangerous natural hazard, and one that requires increased attention. They lack the spectacular and sudden violence of other hazards, such as tropical cyclones or flash floods, but the consequences can be severe.”

...

http://www.iii.org/insuranceindustryblog/?p=4128

WASHINGTON – August 2015 marks the tenth year since the devastating 2005 Atlantic Hurricane Season.  According to the National Oceanic and Atmospheric Administration (NOAA), Hurricane Katrina was one of the strongest storms to impact the coast of the United States, causing widespread devastation and affecting an estimated 90,000 square miles along the central Gulf Coast states. Less than a month later, Hurricane Rita and then Hurricane Wilma in October made landfall compounding an already catastrophic situation.

Ten years into the recovery, FEMA continues to support communities and families, working side-by-side with state, local, and tribal partners to finish the job of rebuilding communities that are the economic engines and lifeblood of the Gulf Coast. To date, FEMA has provided $6.7 billion to more than one million individuals and households.  FEMA provided more than $131 billion to the states of Louisiana, Mississippi, Alabama, and Florida for public works projects in the aftermath of Hurricane Katrina to assist with recovery efforts.  

“Today, FEMA has the authority necessary to lean forward and leverage the entire emergency management team in response and recovery efforts,” said FEMA Administrator Craig Fugate.  “This team includes not only government but also the private sector, non-profits, and citizens themselves.  We support survivors and this holistic approach emphasizes the importance of working as a team to prevent, protect against, respond to, recover from, and mitigate all hazards.”

Since 2005, FEMA has significantly improved its ability to assist communities in responding to and recovering from disasters. With the support of Congress, FEMA was provided additional authorities and tools to become a more effective and efficient agency, one that is focused on putting survivors first.  Specifically, the Post-Katrina Emergency Management Reform Act (PKEMRA) of 2006, gave FEMA clear guidance on its mission and priorities, and provided the legislative authorities needed to better partner with state, local, tribal, and territorial governments before, during, and after disasters.  These improvements include:

  • Improved ability to provide support to states and tribes ahead of a disaster. Since 2005, FEMA gained statutory authority to surge resources to states, tribes, and territories ahead of a disaster should the capacity of states, tribes or territories become overwhelmed.  This authority expedites FEMA’s ability to respond to disasters if and when a state, tribe or territory requests support and a disaster is declared by the President. 
  • Development of a National Disaster Recovery Framework (NDRF). PKEMRA required FEMA, along with its partners, to develop a national disaster recovery strategy to guide recovery efforts after major disasters and emergencies. The NDRF clearly defines coordination structures, leadership roles and responsibilities, and guidance for federal agencies, state, local, territorial, and tribal governments, and other partners involved in disaster planning and recovery.
  • Establishment of Incident Management Assistance Teams.  These full time, rapid response teams are able to deploy within two hours and arrive at an incident within 12 hours to support the local incident commander. The teams support the initial establishment of a unified command and provide situational awareness for federal and state decision makers crucial to determining the level and type of immediate federal support that may be required.
  • Improved Search and Rescue capability.  Since 2005, FEMA has better integrated search and rescue assets from across diverse Federal agencies such as the U.S. Coast Guard and the Department of the Interior. 
  • Establish the Regional Emergency Communications Coordination Working Groups (RECCWGs) to serve as the primary focal points for interoperable communications coordination among federal, state, local, tribal and territorial emergency responders. The statute charges these RECCWGs with coordinating effective multi-jurisdictional and multi-agency emergency communications networks for use during disasters and emergencies.
  • Enhanced partnerships with the private sector. As part of this effort, FEMA established the National Business Emergency Operations Center that serves as a clearinghouse for two-way information sharing between public and private sector stakeholders in preparing for, responding to, recovering from, and mitigating disasters.
  • Support for the inclusion of people with access and functional needs. The Office of Disability Integration and Coordination was established to provide technical assistance and guidance for a wide range of emergency management activities, including equal access to emergency programs and services and meeting the access and functional needs of the whole community. This includes: preparedness, exercises, emergency alerting, accessible transportation and shelter accessibility guidance, assistive technology devices for accessible communication, accessible housing and grant guidance to states for accessibility, and partnership and stakeholder outreach.

For more information on FEMA’s continued work to support communities and families along the Gulf Coast, visit our Hurricane Katrina: A Decade of Progress through Partnerships website.

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

Few words spark more angst in business circles than “controls.” No one wants to be controlled, yet controls are an integral part to any business. Unfortunately, many people equate the word to a costly compliance exercise, largely thanks to the Sarbanes-Oxley Act of 2002 (SOX). This is not an article on SOX, but rather a look at how and why controls should be understood and appreciated by all organizations, regardless of type, industry or size. Defining and assessing controls is simply a sound business exercise regardless of regulatory compliance considerations.

However, before we leave SOX, there is a common question I want to address. Private companies and nonprofit organizations often inquire if SOX makes sense for them. First of all, let’s put this in perspective. SOX contains 66 sections within 11 titles covering a wide range of governance, audit, business, regulatory and enforcement topics. By far, the most common section is 404 entitled Management Assessment of Internal Controls. So for simplicity of addressing this question, I will approach it from this single section. Section 404 requires an annual management assessment of the effectiveness of the Internal Controls over Financial Reporting (ICFR), as well as an external audit opinion on ICFR for public companies reaching certain size thresholds. The answer is a definite “yes” regarding periodic management assessments, as this is simply a prudent business practice. As it pertains to additional attestation work, this is likely not warranted for most organizations. Instead, companies should ask their auditor to point out areas for control improvements as they obtain an understanding of ICFR for planning their audit of the financial statements. This independent feedback can be a valuable piece of the audit value proposition.

...

http://corporatecomplianceinsights.com/controls-is-not-a-dirty-word-insights-into-controls-challenges-and-solutions/

It seems that the prevailing wisdom in data center circles these days is that Big Data will simply be too big for the enterprise. When faced with the enormous volumes of sensor-driven and machine-to-machine (M2M) feedback, the enterprise will have no choice but to push the vast majority of the workload onto the cloud.

To be sure, the cloud offers a compelling value proposition when it comes to Big Data, but that does not mean that even small organizations won’t be able to build their own analytics infrastructure for the most crucial data.

The mistake that many executives make when contemplating Big Data is applying those volumes to infrastructure as it exists today. In reality, the infrastructure of tomorrow will be more compact, more scalable and more attuned to these emerging workloads than the legacy systems currently occupying the data center.

...

http://www.itbusinessedge.com/blogs/infrastructure/hyperscale-hyperconverged-infrastructure-ready-when-the-enterprise-is.html

By Tyler M. Sharp  Ph.D. (LCDR,USPHS)

Most travelers to Africa know to protect themselves from malaria. But malaria is far from the only mosquito-borne disease in Africa. Recent studies have revealed that dengue, a disease that is well recognized in Asia and the Americas, may be commonly misdiagnosed as malaria in Africa. So if you’re traveling to Africa, in addition to taking anti-malarial medications you should also take steps to avoid dengue.

Map of areas around the world affected by Dengue.

Dengue is a mosquito-transmitted illness that is recognized as a common illness throughout Southeast Asia and much of the Americas. In fact, a study published in 2013 estimated that 390 million dengue virus infections occurred throughout the tropics in 2010. Although 70% of infections were predicted to have occurred in Southeast or Southcentral Asia, the next most affected region (16% of infections) was Africa, followed by the Americas (14% of infections). The large estimated burden of dengue in Africa came as a surprise to some, since dengue is not often recognized to be a risk in Africa.

Dengue is Hard to Diagnose in Africa

There are several reasons why dengue has limited recognition in Africa. First, the lack of laboratory-based diagnostic testing leads to many patients not being diagnosed with dengue. This can be perilous because without early diagnosis and appropriate clinical management, dengue patients are at increased risk for poor outcome. However, in order for a clinician to request dengue testing, they must first be aware of the risk for dengue. This awareness usually comes in the form of a positive diagnostic test result. Hence, without testing there is limited clinical awareness, and without clinical awareness there is limited testing.

Finding Dengue in Africa

Map of Africa

Brown indicates countries in which dengue has been reported in residents or returned travelers and where Aedes aegypti mosquitoes are present. Light brown indicates countries where only Ae. aegypti mosquitoes have been detected.

How do we know that there actually is dengue in Africa? First, since 1960 at least 15 countries in Africa had reported locally-acquired dengue cases. In addition, travelers returning home with dengue had been detected after visiting more than 30 African countries. Still more African countries are known to have the Aedes mosquitos that transmit the 4 dengue viruses. These findings together provide strong evidence that dengue is a risk in much of Africa.

Thus, it was not a surprise in the summer of 2013 when dengue outbreaks were detected in several sub-Saharan African countries. In many cases, detection of dengue was facilitated by the availability of rapid dengue diagnostic tests that enabled on-site testing.

Dengue Field Investigations in Angola and Kenya

In a past blog I described the initial findings of a dengue outbreak in Luanda, Angola, in west-central Africa outbreak: dengue cases were initially identified with a rapid diagnostic test and confirmatory diagnostic testing and molecular epidemiologic analysis performed as CDC demonstrated that the virus had actually been circulating in the region for at least 45 years. This provided strong evidence that dengue was endemic in the area. During the outbreak investigation, CDC and the Angola Ministry of Health conducted house-to-house surveys wherein blood specimens and questionnaires were collected. Of more than 400 participants, 10% had been recently infected.

Teams from the Angola Ministry of Health conduct a dengue serosurvey in Mombasa, Luanda. Image courtesy of the Angola Field Epidemiology Training Program.

Teams from the Angola Ministry of Health conduct a dengue serosurvey in Mombasa, Luanda. Image courtesy of the Angola Field Epidemiology Training Program.

Though nearly one-third reported recently dengue-like illness, and half had sought medical care, none of the patients with laboratory evidence of infection with dengue virus had been diagnosed with dengue, including one person who had symptoms consistent with severe dengue. Although this investigation yielded more questions than answers, it was clear that there was much more dengue in Luanda than was being recognized clinically. By improving clinical awareness through training of clinicians and strengthening disease surveillance, the ability for diagnosis of individuals ill with dengue or other emerging infectious diseases was improved.

On the opposite coast of Africa in Mombasa, Kenya, although dengue outbreaks had been reported for decades, the first outbreak to be confirmed with laboratory diagnostics occurred in the early 1980s. When an outbreak of non-malarial illness was reported in 2013, blood specimens were sent to a laboratory at Kenya Medical Research Institute (or KEMRI) to determine the cause of the outbreak. Three out of the four dengue viruses were detected during this outbreak, which alone suggested that dengue was endemic in the area. To get a better idea for how much dengue there was in Mombasa, CDC and the Kenya Ministry of Health conducted a representative survey in a populous neighborhood of Kenya. Over 9 days, 1,500 people were enrolled in the serosurvey and testing revealed that 13% of participants were currently or recently infected with a dengue virus. Nearly half of infected individuals reported a recent dengue-like illness, most of which had sought medical care.

Field workers from CDC and the Kenya Ministry of Health conduct a dengue serosurvey in Mombasa, Kenya. Image courtesy of Dr. Esther Ellis.

Field workers from CDC and the Kenya Ministry of Health conduct a dengue serosurvey in Mombasa, Kenya. Image courtesy of Dr. Esther Ellis.

However, nearly all patients had been diagnosed with malaria. Because Mombasa is a port city that is also popular tourist destination, not only was the apparent magnitude of the outbreak a concern for patient diagnosis and care in Mombasa, it also meant that visitors to Mombasa may not be aware of the risk of dengue and therefore could be getting sick and/or bringing the virus home with them.

What next?

There is not yet a vaccine to prevent infection or medication to treat dengue. Unlike the night-time biting mosquitoes that transmit malaria, the Aedes mosquitoes that spread dengue are day-time biters. Consequently, both residents of and travelers to Africa should protect themselves from mosquito bites to avoid dengue by using mosquito repellent. Other strategies, like staying in places with air conditioning and screens on windows and doors and wearing long sleeve shirts and pants, can also help whether you’re traveling to Africa or other regions of the tropics. For clinicians, if travelers recently returned from Africa with acute febrile illness, consider dengue as a potential cause of the patient’s illness.

We still have much to learn about dengue in Africa, but learning where there is risk of dengue is the first step to avoiding it.

http://blogs.cdc.gov/publichealthmatters/2015/07/unveiling-the-burden-of-dengue-in-africa/

Wednesday, 29 July 2015 00:00

Brain Design-Inspired Computing Is Here

Computing inspired by the design of brains is rapidly progressing. Very rapidly.

Companies like IBM and Qualcomm are financing neurochip projects, and in the case of IBM’s Cognitive Computing push, it may be betting its own future on neuromorphic technology. Europe is investing US $1.3 billion in the Human Brain Project, which sets out to simulate the human brain. Not to be left behind, the US announced in 2013 it is investing $300 million in its own Brain Initiative with similar objectives. Researchers in the UKCanada, at Stanford University, and at DARPA are all working on various aspects of the neuromorphic computing puzzle, and are now publishing their results.

Deep thinkers like Stephen Hawking and tech billionaires like Bill Gates and Elon Musk ominously warn about the impeding perils of this technology while proponents (including Paul Allen, also of Microsoft fame) fight backMany world scientists are dismayed over how the Human Brain Project is unfolding, fearing the project is quixotic and not transparent. They are now raising a ruckus. Philosophers continue to rail against the whole matter of intelligent machines, but this time not so safely detached since, with recent technical advances, the future is a lot closer now than it was in the last artificial intelligence (AI) go-around more than 25 years ago.

...

http://blog.cutter.com/2015/07/28/brain-design-inspired-computing-is-here/

WASHINGTON — As part of the U.S. Department of Homeland Security’s (DHS) ongoing efforts to support state, local, tribal, and territorial partners, Secretary Jeh Johnson today announced final allocations for eight Fiscal Year 2015 DHS preparedness grant programs, including the Homeland Security Grant Program. These allocations total more than $1.6 billion to assist states, urban areas, tribal and territorial governments, non-profit agencies, and the private sector with their preparedness efforts.

Together with previous grant funding awarded since 2002, DHS has awarded over $40 billion to these partners. Preparedness grants strengthen our nation’s ability to prevent, protect against, mitigate, respond to, and recover from terrorist attacks, major disasters, and other emergencies in support of the National Preparedness Goal and the National Preparedness System.

The FY 2015 grants focus on the nation’s highest risk areas, including urban areas that continue to face the most significant threats. Consistent with previous grant guidance, dedicated funding is provided for law enforcement and terrorism prevention activities throughout the country to prepare for, prevent, and respond to crimes and other precursors or indicators of terrorist activity.

Preparedness Grant Program Allocations for Fiscal Year 2015:

Homeland Security Grant Program (HSGP)—provides more than $1 billion for states and urban areas to prevent, protect against, mitigate, respond to, and recover from acts of terrorism and other threats. 

  • State Homeland Security Program (SHSP)—provides $402 million to support the implementation of the National Preparedness System to build and strengthen preparedness capabilities at all levels.
  • Urban Areas Security Initiative (UASI)—provides $587 million to enhance regional preparedness and capabilities in 28 high-threat, high-density areas.
  • Operation Stonegarden (OPSG)—provides $55 million to enhance cooperation and coordination among local, tribal, territorial, state, and Federal law enforcement agencies to jointly enhance security along the United States land and water borders where there are ongoing Customs and Border Protection missions.

Awards made to the states and urban areas for HSGP carry pass-through requirements.  Pass through is defined as an obligation on the part of the State Administrative Agency (SAA) to make funds available to local units of government, combinations of local units, tribal governments, or other specific groups or organizations.  The SAA must obligate at least 80 percent of the funds awarded under SHSP and UASI to local or Tribal units of government.  

Per the Homeland Security Act of 2002, as amended, DHS/FEMA is required to ensure that at least 25 percent of grant funding appropriated for HSGP and the Tribal Homeland Security Grant Program are used for law enforcement terrorism prevention activities (LETPA).  DHS/FEMA ensures that this requirement is met in part, by requiring all SHSP and UASI recipients to ensure that at least 25 percent of the combined HSGP funds allocated under SHSP and UASI are dedicated towards LETPA. This 25 percent can be from SHSP, UASI, or both.  The 25 percent LETPA allocation is in addition to the 80 percent pass-through requirement to local units of government and Tribes.

Emergency Management Performance Grant (EMPG) Program—provides over $350 million to assist local, tribal, territorial, and state governments in enhancing and sustaining all-hazards emergency management capabilities. 

Tribal Homeland Security Grant Program (THSGP)—provides $10 million to eligible tribal nations to implement preparedness initiatives to help strengthen the nation against risk associated with potential terrorist attacks and other hazards.

Nonprofit Security Grant Program (NSGP)—provides $13 million to support target hardening and other physical security enhancements for nonprofit organizations that are at high risk of a terrorist attack and located within one of the 28 FY 2015 UASI-eligible urban areas.

Intercity Passenger Rail - Amtrak (IPR) Program—provides $10 million to protect critical surface transportation infrastructure and the traveling public from acts of terrorism and increase the resilience of the Amtrak rail system.

Port Security Grant Program (PSGP)—provides $100 million to help protect critical port infrastructure from terrorism, enhance maritime domain awareness, improve port-wide maritime security risk management, and maintain or reestablish maritime security mitigation protocols that support port recovery and resiliency capabilities.

Transit Security Grant Program (TSGP)—provides $87 million to owners and operators of transit systems to protect critical surface transportation and the traveling public from acts of terrorism and to increase the resilience of transit infrastructure.

Intercity Bus Security Grant Program (IBSGP)—provides $3 million to assist operators of fixed-route intercity and charter bus services within high-threat urban areas to protect bus systems and the traveling public from acts of terrorism, major disasters and other emergencies.

Further information on DHS’s preparedness grant programs is available at www.dhs.gov and http://www.fema.gov/grants.

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

By and large, organizations tend to invest in preventative cybersecurity measures and they also concentrate their resources on detecting and stopping cyberattacks, rather than on painstaking “who did it?” investigations. They want to close the gap, manage the public opinion fallout, learn from the episode and move on.

From an enterprise perspective, this makes sense, as resources dealing with cybersecurity are usually overstretched and the organization does not stand to gain much from determining, with a certain degree of certainty, who was behind a cyberattack. The incentive equation, of course, is different if the target of the attack is a government or a large organization that is part of a country’s critical national infrastructure.

Attack attribution has traditionally been approached from the perspective of enabling the target or victim entity to pursue the attacker either for damages in a court of law; or from a national, military or intelligence “strike back” perspective.

...

http://www.riskmanagementmonitor.com/should-you-track-down-your-cyber-attacker/

Business And IT 

In today’s world, company operations function at two distinct levels: the business operation level and the IT infrastructure operation level. While the two functions operate independently, IT exists to support the business. Many of the IT operations, like the deployment and management of IT infrastructure, applications and services are driven by the business layer requirements in a top-down fashion to enable the company to carry out its business. IT infrastructure management, including addressing cyber security risks is exclusively done in the IT layer. There are several tools, such as FireEye, McAfee, Qualys, ArchSight and BMC Software which IT deploys and uses in order to identify and manage IT security risk, but something is missing.

A chasm exists between the IT layer and business layer, when looked at from a bottom-up perspective.

...

http://blog.metricstream.com/2015/bridging-the-chasm-between-business-and-it-the-grc-way/

Every once in a while it’s good to take stock of a situation. A projected 1.25 billion Android users for 2015 (according to Gartner) is such a situation. Either your organisation is already an Android shop or it is likely to become one in the near future. A plethora of software apps for the Android OS and a decidedly spotty security record for many Android users means that reviewing your approach to Android security could be a wise move as well.

While advanced technology exists to help protect Android systems, a reminder about security basics can go a long way to avoiding problems:

...

http://www.opscentre.com.au/blog/how-are-you-doing-with-your-android-security/

That the cloud is a major boon to the enterprise is beyond question. At this point, it’s kind of like saying the CPU was a really good idea.

But no matter how valuable the cloud becomes, there will always be questions over its design, implementation and efficacy when it comes to specific applications and workloads. Already, cloud architectures have diverged along three distinct tracks – SaaS, PaaS and IaaS – and countless sub-tracks that use one or more of the three to achieve targeted goals, such as data center as a service, disaster recovery as a service and networking as a service.

So while increased use of enterprise-facing cloud services seems inevitable, the hows, wheres and whys of this transition are still unclear, which is why leading IT vendors like Intel are hoping to move things along.

...

http://www.itbusinessedge.com/blogs/infrastructure/is-it-time-for-the-enterprise-to-start-running-the-cloud.html

Anyone who has been around the managed services market a while knows this: Companies can get pretty creative with their definitions of “managed services.”

While inventive definitions of the term may deliver food for thought or some level of entertainment, it’s hard to get customers to understand what a service delivers if providers can’t agree on its meaning. It’s no wonder, then, that even customers who hire an MSP don’t always know what “managed services” means.

...

http://mspmentor.net/managed-services/072715/nothing-defines-managed-services-better-meeting-your-customers-needs

The reinsurance industry has recently seen a rise in mergers and acquisitions among some of its biggest players, such as Axis Capital Holdings Ltd. and PartnerRe Ltd. Faced with challenges like soft market conditions and impending regulation around the globe, many companies have turned to consolidation. Case in point: In 2014, acquirers spent $17 billion on property and casualty, multi-line insurance and reinsurance deals – the most since 2011, according to data compiled by Bloomberg.

Claude Lefebrvre, chief underwriting officer at Hamilton RE, described M&A as part of a cycle that tends to take place during the soft market. Last year, about 390 insurance transactions were announced for a combined value of almost $50 billion, making it the busiest year for deals since 2008. This begs the question: Is bigger actually better?

...

http://www.riskmanagementmonitor.com/is-bigger-really-better-pros-and-cons-of-the-reinsurance-industrys-recent-ma-wave/

(TNS) -- UNC officials are looking into what Chancellor Carol Folt termed a “completely unacceptable” failure of the system they use to warn students, faculty and staff of on-campus safety threats.

The review follows a pair of armed robberies that happened on campus at about 11 p.m. Wednesday, July 22.  Campus police are looking for two men who were in a white, four-door sedan and used handguns to threaten their victims.

Authorities implemented part of the alert system late that night, sounding sirens that by definition mean there’s an emergency somewhere on campus that requires people to go inside or take cover immediately.

The problem is that they’re also supposed to back up the sirens with Web bulletins, email, text messages or social media postings that explain what’s going on.

Those messages were 45 minutes late in trickling out.

...

http://www.emergencymgmt.com/disaster/University-Officials-Say-Alert-System-Failed.html

Monday, 27 July 2015 00:00

What Is Community Resilience?

Fire, flood, famine, nuclear disaster — we’ve been through them all and more, and yet we so quickly forget. All but a few Americans, depending on which survey you read, remain stubbornly unprepared for the next disaster. Without preparedness, there can be no resiliency.

Insurer Allstate reports that 40 percent of Americans have thought about an evacuation plan, but just 8 percent have practiced an escape plan. Thirty percent say they’d take their chances and leave at the last minute in the face of a storm. More than half of parents say they’ve been directly impacted by disaster, according to Save the Children, yet 67 percent don’t know about the emergency plan at their kids’ schools, and 42 percent wouldn’t know where to find their kids after an evacuation.

Certainly things are better today than they used to be. “Fifty years ago there were no flood maps. Anyone could do whatever they wanted on a flood plain,” said Gene Whitney, a member of the Committee on Increasing National Resilience to Hazards and Disasters at the National Academy of Sciences/National Research Council. “Today communities are aware of the high-risk zones and they use those flood maps to guide their land-use decisions.”

...

http://www.emergencymgmt.com/disaster/What-Is-Community-Resilience.html

Simplicity is the catch word behind the massive success of cloud-based file sharing services. The ability to access files and business applications without needing to invest in costly hardware installation and maintenance is a welcome relief for small, medium and large scale businesses alike. However, while cloud computing brings with it the joys of a simpler life, companies are likely to have some concerns before they put all their eggs in your cloud basket.

Here are some simple ideas on how to evaluate cloud providers as you "date" them before making a big commitment.

...

http://mspmentor.net/infocenter-cloud-based-file-sharing/072715/preparing-your-cloud-services-be-dated

Monday, 27 July 2015 00:00

Big Changes in Store for Storage

New market data on the storage industry is out and the news does not look good for SAN, NAS and other forms of traditional data preservation.

According to a recent outlook from Wikibon, we are on the cusp of a digital extinction event as today’s complex network storage architectures give way to more nimble server-side solutions. The firm predicts that within 10 years, 90 percent of storage revenues will flow toward server SAN or hyperscale server SAN solutions, marking a 150 percent annual growth rate from today’s current market estimate of about $1 billion. At best, traditional SAN and NAS may eke out meager existences within long-term data retention infrastructure in which the frequency of data access is low but metadata retrieval is fairly steady.

...

http://www.itbusinessedge.com/blogs/infrastructure/big-changes-in-store-for-storage.html

Friday, 24 July 2015 00:00

Risk Must Be Personalized

Emergency preparedness isn’t about three days of water or extra batteries for your flashlight. If it were, we could stop investing in emergency preparedness campaigns and put the money toward buying 72-hour kits for every person in America. But we don’t, because that won’t make our communities more disaster resilient.

Preparing people for emergencies is about changing the way they think, not just before disasters, but also during them. What will make our communities more disaster resilient is to use emergency preparedness outreach as training for individuals to become effective disaster decision-makers: to teach them how to think in a crisis; to know what the disaster environment looks and feels like; to adapt; and to be empowered to take the necessary actions once decisions are made.

Effective disaster communication is not new territory. Researchers have been identifying ways to make risk and crisis communication more effective since the days of duck and cover. What’s missing is the practical application of those lessons in emergency management.

...

http://www.emergencymgmt.com/disaster/Risk-Must-Be-Personalized.html

Gigantic baby steps--that’s one way to describe enterprise adoption of cloud applications.

On one hand, cloud adoption is happening faster than ever. On the other, companies are keeping themselves tightly tethered to their on-premise solutions.

While 93% of businesses were using at least one cloud application as of this year, the trend that has really taken off is the implementation of hybrid cloud environments (using both cloud and on-premise application deployments in tandem). As of this year, 82% of enterprise companies are using hybrid cloud strategies--up from 74% in 2014. This demonstrates that while organizations are fully prepared to take advantage of the benefits reaped when adopting cloud applications, the complexity of their on-premise deployments cannot be easily transferred to the cloud. The cloud isn’t always as “plug n’ play” as it is advertised to be.

...

http://mspmentor.net/blog/little-little-cloud-adoption-2015

Sometimes I think passwords are nothing but trouble for the security world. It seems like virtually every breach somehow involves passwords, whether it is because passwords are guessed to allow for the breach, or more often, the passwords are stolen and used in subsequent thefts. In April, while at the RSA Conference, I reported on a panel discussion that summed up the reason why passwords are still our primary form of authentication: We have a comfort level with them and no one is really that interested in change.

However, that attitude might actually be changing. New research from Accenture found that the majority of consumers are ready and willing to put aside passwords and try a different form of authentication. It’s a pretty large majority, too. According to the study, 60 percent of the 24,000 surveyed said they find the username/password combination to be cumbersome, while a whopping 77 percent said they’d be interested in using an alternative authentication method to protect their online information.

...

http://www.itbusinessedge.com/blogs/data-security/consumers-want-more-than-passwords-protecting-data.html

Friday, 24 July 2015 00:00

Lightning Fatalities Prompt Warning

The number of lightning deaths in the United States in 2015 continues to rise, the National Weather Service (NWS) has warned.

So far this year some 22 lightning fatalities have been recorded, just four shy of the 26 deaths recorded for the whole of 2014.

Alabama, Florida and Colorado top the states for lightning deaths in 2015 to-date with three lightning deaths each.

Lightning kills an average of 49 people in the U.S. each year, and hundreds more are severely injured, according to the NWS.

...

http://www.iii.org/insuranceindustryblog/?p=4125

Friday, 24 July 2015 00:00

Social Media: The Next Level

Last November the emergency management team in Nashua, N.H., participated in a cross-border disaster preparedness exercise with Canadian agencies to evaluate how digital volunteers and social media can be incorporated in the official emergency response to address alerts, warnings and notifications as well as mutual aid.

A short time later, over Thanksgiving weekend, a powerful nor’easter hit New Hampshire, causing multiple accidents and power outages. “We ended up using skills learned during the exercise right away,” said Justin Kates, Nashua’s director of emergency management. “Through social media posts, our digital volunteers were tracking roads that were closed and compiling that info onto GIS maps to help first responders direct resources, clear trees from roads and restore power.”

Public information officers (PIOs) have used social media to share information with the public about disasters for years. But emergency management agencies are beginning to work on how to incorporate social media into operations to improve situational awareness for responders. And including social media in exercises is one way they’re building capacity and relationships, while also identifying best practices.

...

http://www.emergencymgmt.com/disaster/Social-Media-The-Next-Level.html

When an hour of downtime for a small to midsize business (SMB) can cost between $8,220 and $25,600, it’s obvious that your business needs a backup and recovery plan that gets data and systems back online quickly. After all, what company can lose that much money in such a short amount of time and stay in business?

For the third year, ChannelPro’s SMB readership has chosen backup and recovery company, Carbonite, as its Best Cloud Backup and Disaster Recovery Vendor. The company and its partners support over 1.5 million businesses and individuals by ensuring their data is safe and available even after a disaster. It provides cloud and hybrid cloud solutions for business continuity with an easy-to-use system for protecting and storing critical business data.

According to a testimonial on the Carbonite website, when one user’s hard drive died, all of their data was restored within just a few days. Having the reassurance that all business data can be restored allows many SMB owners to feel more at ease about trusting their business information to this technology.

...

http://www.itbusinessedge.com/blogs/smb-tech/which-backup-and-recovery-solution-works-best-for-smbs.html

Washington - Today, the Ad Council and the Department of Homeland Security’s Federal Emergency Management Agency (FEMA) announced the launch of a new public service advertisement (PSA) to raise awareness about the importance of being prepared for emergencies. While the PSA targets all communities, We Prepare Every Day is the first in a series of videos that aim to deliver a strong preparedness message by showing people with disabilities taking charge to prepare themselves and their families for emergencies.

The PSA provides equal access to all viewers and includes open captioning, a certified deaf interpreter, and audio description for viewers who are blind or have low vision.

“As we celebrate a quarter century of the ADA, we look to people with disabilities as leading the way,” said Craig Fugate, FEMA Administrator. “By taking their own preparedness actions every day, they set an example for all of us, including their families and their communities.”

The launch of the PSA coincides with the 25th anniversary of the Americans with Disabilities Act (ADA) on July 26, 2015. The ADA prohibits discrimination and ensures equal opportunity for people with disabilities in employment, state and local government services, public accommodations, commercial facilities, transportation and telecommunications. The ADA guarantees the civil rights of more than 56 million Americans.

“Everyone can and should think about their specific needs and prepare for the kinds of emergencies that can happen where they live, work or visit,” said Lisa Sherman, President and CEO of the Ad Council. “Our hope is that this campaign encourages everyone to think ahead and be prepared.”

The new PSA emphasizes the Ready Campaign’s four building blocks of preparedness - Build a Kit, Make a Plan, Be Informed and Get Involved. FEMA’s Ready campaign in partnership with the Ad Council has helped to generate more than 87 million unique visitors to the campaign’s website, Ready.gov, since its launch in 2003. Through the Ad Council, to date, the Ready campaign has received more than $1.1 billion in donated media.

To get more information on how to make a family emergency communication plan, building a disaster supply kit or to learn how to get involved in community preparedness, please visit ready.gov/myplan. The PSA was created pro-bono by Free Range Studios and will be available for download from FEMA’s media library.

###

Federal Emergency Management Agency
FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Learn more at fema.gov.

The Ad Council
The Ad Council is a private, non-profit organization with a rich history of marshaling volunteer talent from the advertising and media industries to deliver critical messages to the American public. Having produced literally thousands of PSA campaigns addressing the most pressing social issues of the day, the Ad Council has affected, and continues to affect, tremendous positive change by raising awareness, inspiring action and saving lives. To learn more about the Ad Council and its campaigns, visit www.adcouncil.org, like us on Facebook, follow us on Twitter or view our PSAs on YouTube.

Free Range
Free Range is a world class brand and innovation studio with a commitment to driving positive social change through storytelling and design. Based in Oakland, CA and Washington D.C., Free Range has been named one of Fast Company’s Fast 50 most innovative companies and has won numerous Webbys, Addys and Sundance Interactive Awards. To learn more, visit FreeRange.com.

Andrew MacLeod, MBCI, investigates the origins of the term ‘resilience’ and demonstrates how its meaning, context and utility has evolved in the last 30 years.  This is the second paper in a series where we are publishing the short listed entries in the Continuity Central Business Continuity Paper of the Year competition.

As Napolitano (2010), the US Secretary of Homeland Security observed,

“… we are a resilient nation. But … we can’t guarantee there won’t be another successful terrorist attack … if that attack comes, our enemies will still not have succeeded, because our nation is too strong, and too resilient, to ever cower before a small group of violent extremists.”

The burgeoning use of ‘resilience’ has created a “concept used liberally and enthusiastically by policy makers, practitioners and academics” (McAslan, 2010). A Google search returns over five million references for ‘resilience’, and even the laconic  Geoffrey Boycott, now refers to England’s cricket team as lacking ‘resilience in the middle order’. There has been significant debate about the relationships between risk, business continuity, disaster recovery and crisis management. Resilience has the potential to be an umbrella term which encompasses these disciplines. Therefore, precise understanding of the contemporary meaning of resilience is fundamental, lest it become an inappropriately applied term such as ‘strategic’. This paper will investigate the origins of the term resilience and demonstrate how its meaning, context and utility has evolved in the last 30 years. Resilience and its utility will be examined in relation to a number of sectors; environmental, individual, community, organizational, and national security. It will be demonstrated that there are numerous definitions of resilience, which are contextually sensitive. Nevertheless, the term resilience underpins a mind-set, a common set of characteristics and an ability to recover no matter the context.

...

http://www.continuitycentral.com/index.php/news/resilience-news/388-an-examination-of-the-contemporary-meaning-and-utility-of-resilience

One of the bugbears of IT network security is the denial of service (DOS) attack. Instead of (or as well as) trying to sneak past a firewall with a few innocent-looking data packets, the DOS attack tries to cripple a network or a system by swamping it out. In the case of network firewalls, the attacker will try to generate as much network traffic as possible to overload the firewall’s processing power. Attackers often multiply the sources of the network traffic for that reason, leading to distributed denial of service (DDOS) attacks. Firewalls that are submerged by traffic may become unmanageable, unless the vendor has taken suitable design precautions, which might also inspire good business continuity in general.

...

http://www.opscentre.com.au/blog/it-network-firewall-technology-is-a-model-for-business-continuity-too/

There are 50 stars on our U.S. flag representing the 50 states that make up the Union. But when it comes to emergency management there are 100 states, not 50.

No, I’m not using some form of new math. What I’m referring to is the juxtaposition of rural and urban areas that exists in each state. Every state has at least one urban area. Some, like Florida and California, have more than one. Other states have one large urban area that dominates the politics, infrastructure, resources and attention of business, industry and state-level politicians. New York has New York City and upstate. Illinois has Chicago and then the rest of the state. Even a state like Nebraska has Omaha versus the more rural areas.

Emergency management is not immune from these urban versus rural differences. Perhaps the biggest disparity is the number of resources, generally meaning money, but that translates quickly into funding for staffing and the number of program areas that can be supported. In many ways these 100 state emergency management “districts,” which I’ll call urban and rural, use different methods to achieve success.

...

http://www.emergencymgmt.com/disaster/100-States-Not-50.html

A cyberattack targeting the U.S. power grid would have widespread economic implications, resulting in insurance claims of between $21.4 billion and $71.1 billion in a worst case scenario, according to a report by Lloyd’s.

Lloyd’s and the University of Cambridge’s Centre for Risk Studies recently released “Business Blackout,” which examines the insurance implications of a major cyberattack using the U.S. power grid as an example. In the scenario outlined, malware is used to infect control rooms for generating electricity in areas of the Northeastern U.S. The malware goes undetected and locates 50 generators that it can control, forcing them to overload and burn out. The scenario, described as “improbable but technologically possible,” leaves 15 states in darkness, meaning that 93 million people are without power.

Economic impacts include direct damage to assets and infrastructure, decline in sales revenue to electricity supply companies, loss of sales revenue for businesses and disruption to the supply chain. The total impact to the U.S. economy is estimated at $243 billion, rising to more than $1 trillion in the most extreme version of the scenario.

...

http://www.riskmanagementmonitor.com/lloyds-scenario-analyzes-widespread-blackout/

(TNS) -- University of Texas researchers have been awarded a $13.7 million federal grant to develop a software platform and other cybertools to help engineers construct buildings, levees, bridges, highways and other structures that are better able to withstand earthquakes and other natural hazards.

“There is tremendous potential to save lives and property through better engineering, design and planning,” said Ellen Rathje, a civil engineering professor and the project’s principal investigator.

The grant from the National Science Foundation, to be paid out over five years, will fund development of a Web platform, data repository and other tools that will allow engineers to simulate how various designs of structures, including residential housing, would hold up in an earthquake, hurricane, tornado or coastal storm surge, Rathje said.

...

http://www.emergencymgmt.com/disaster/Researchers-to-Engineer-Earthquake-Resistant-Buildings.html

No one thought about data standards when the Jack in the Box E. coli epidemic erupted in 1993. Instead, there was panic as the stomach-clenching illness engulfed more than 700 victims across California, Washington, Idaho and Nevada. The strain of bacteria, transmitted through undercooked beef patties, left more than 170 with permanent kidney and brain damage. Most of these were children, and tragically, four died as a result.

For Sarah Schacht, Socrata’s Public Health Data Advisor, the national epidemic resonates in a personal way.

“I’m a two-time E. coli survivor,” Schacht recalled. During the Jack in the Box outbreak, she contracted the disease at the age of 13 along with her 5-year-old brother. And in 2013, she was diagnosed yet again after dining at a Seattle restaurant.

...

http://www.emergencymgmt.com/health/Can-Food-Inspections-Stop-an-Epidemic.html

(TNS) - Turns out that it’s not as easy as you might think to transform what had been the yards of hundreds of flood-ruined homes into ball fields in the city’s emerging riverside greenway.

Proof of that is the heavy equipment working along the river in Time Check and at Czech Village, scraping up topsoil so it can be sifted, screened, and cleaned before being put in place to make practice ball fields for football, soccer, and other activities.

Pieces of demolition debris, glass, steel, sewer tile, roots, rocks and much else has been screened from the soil so sharp edges don’t tear up youngsters when the place where blocks of homes once stood becomes practice fields, said Steve Krug, landscape architect for the Department of Parks and Recreation.

...

http://www.emergencymgmt.com/disaster/Riverfront-Greenway-Begins-to-Emerge-in-Cedar-Rapids.html

Data breaches and cyberattacks happen daily, across industries and to businesses of all sizes. However, as these attacks become more sophisticated, companies admit that they are at a loss on how to best protect the data. According to eWeek, a study from RSA shows that those responsible for protecting the network don’t necessarily trust their information security capabilities.

The Cybersecurity Poverty Index survey revealed that four in 10 companies admitted that their security capabilities were “functional,” or, in terms of the survey, average. In all, approximately 75 percent of the 400 companies interviewed confessed that their security abilities were either average or below average when compared to the standards suggested by the Cybersecurity Framework, which was developed by the U.S. National Institute of Standards and Technology.

The RSA study used five areas to measure information security capabilities, as eWeek reported:

The five components of an information-security program include identifying threats, protecting information assets, detecting attacks, responding to incidents and recovering from compromises.

...

http://www.itbusinessedge.com/blogs/data-security/confidence-in-information-security-capabilities-is-lacking.html

(TNS) - In the heat of a major catastrophe, getting critical information to the public is crucial to saving lives and establishing trust.

At FEMA’s Emergency Management Institute, 60 Macon-Bibb County leaders are learning the challenges communities face when not only local folks, but the eyes of the world are looking to them for news.

“If people don’t know what’s happening and what to do, then they are not going to respond accordingly,” said Pam Collins, a public information specialist and FEMA adjunct instructor.

During Tuesday morning’s briefing, Collins urged the representatives of Macon-Bibb government and private sector agencies and organizations to have plans in place to ensure the public has the information they need or they will turn to other unofficial and sometimes inaccurate sources, such as social media.

...

http://www.emergencymgmt.com/disaster/Macon-Ready-Public-information-key-to-Macon-Bibb-disaster-response.html

If you have a chief information security officer working for your company, chances are that the rest of the executive leadership team wholly undervalues their contribution to the organization.

Unsurprisingly, being in charge of data safety is a massively under-appreciated role by other C-level executives, according to a new study from ThreatTrack Security. The company recently released its second annual Role of The CISO study, which surveyed 200 C-level executives at U.S. enterprises with a chief information security officer about the importance of having such an individual managing the company’s sensitive information.

...

http://mspmentor.net/managed-security-services/072115/study-cisos-underappreciated-c-level-executives

Once a month I use my blog to highlight some of S&R’s most recent and trending research. This month I’m focusing on application security and asking for your help with some of our upcoming research into the security and privacy risks associated with Internet of Things (IoT). IoT is any technology that enables devices, objects, and infrastructure to interact with monitoring, analytics, and control systems over the Internet. The illustrious and debonair, Tyler Shields (@txs), will lead our research into IoT security, but as the risks become more and more concrete for various verticals, you can expect the entire team to engage in this research.

Take our IoT security survey and talk with our analysts! If you contribute to the emerging IoT market, please fill out this brief survey (http://forr.com/2015-IoT-Security-Survey). Participants will receive a complimentary copy of the completed research report and we'd be happy to interview anyone who would like to discuss IoT and security in detail. Be sure to reach out to Tyler (tshields@forrester.com) or Jennie Duong (jduong@forrester.com) if you’re interested.

...

http://blogs.forrester.com/stephanie_balaouras/15-07-21-forresters_security_risk_research_spotlight_application_security_and_iot_security

Last week, a New Yorker article about a catastrophic earthquake predicted for the Northwest — that will unleash its fury and “spell the worst natural disaster in the history of the continent” — stoked our nation’s collective fears about a disaster not unlike those seen in Hollywood blockbusters. And while stories such as this incite a high level of anxiety in the public, they also motivate people to start the huge undertaking of creating a resilient community that could respond and recover from a disaster of this magnitude. 

What is a resilient community? The $100 million Rockefeller Foundation project called 100 Resilient Cities defines it as “the capacity of individuals, communities, institutions, businesses and systems within a city [or community] to survive, adapt and grow no matter what kinds of chronic stresses and acute shocks they experience.” 

As a civic tech entrepreneur and founder of Appallicious, I have worked with the White House, the Federal Emergency Management Agency (FEMA), nongovernmental organizations, universities, foundations, responders and local governments for a year and a half on a project to leverage technology and data to help communities respond to and recover from a disaster. I listened intently and took the best recommendations, ideas, theories and practices from all of these thought leaders and worked to integrate their ideas into to a customizable platform for daily and catastrophic events. What started as the first full-life cycle Disaster Assistance and Assessment Dashboard (DAAD) has been transformed through extensive iterative stakeholder development and design sessions into the Community Resilience Platform (CRP). The CRP is the first daily use, customizable, white label preparedness, planning, response and recovery platform developed for communities to build their own regional and local resilience platforms.

...

http://www.emergencymgmt.com/disaster/Tech-And-community-Resilience.html

Teaching prospects about the Health Insurance Portability and Accountability Act (HIPAA) could help managed service providers (MSPs) boost their revenues, according to RapidFire Tools.

The company behind the Network Detective application and reporting tool this week released a survey that revealed many MSPs are using HIPAA compliance assessments to increase business and better engage prospects.

...

http://mspmentor.net/managed-services/072115/can-hipaa-compliance-assessments-give-msps-competitive-advantage

If there’s one conversation that invariably creates a lot of hand-wringing among the IT professionals I’ve spoken with in recent years, it’s the one that centers on “shadow IT.” Buying and implementing technology independent of the IT organization—a practice that is probably most widely associated with marketing organizations—raises all sorts of hackles among these IT pros, and they’re not afraid to share their thoughts on why it’s a bad idea.

But there’s a fascinating dimension to all of this. Gartner has famously predicted that by 2017, marketing organizations will spend more on technology than IT organizations themselves spend. If that’s the case, it seems to me there’s a question that’s begging to be asked: If it’s marketing that’s driving the tech spending, then who’s the substance, and who’s the shadow?

I recently had the opportunity to discuss the marketing vs. IT topic with Chris Vennitti, vice president, contract staffing services at the HireStrategy subsidiary of Addison Group, a Chicago-based staffing and recruitment firm that specializes in IT. Vennitti lives and breathes this stuff, so I opened the conversation with the notion that the way things are going these days, you really do have to wonder which is the shadow—the marketing organization or the IT organization. I asked Vennitti for his thoughts on that, and he clearly accepted the legitimacy of the question:

...

http://www.itbusinessedge.com/blogs/from-under-the-rug/shadow-it-is-the-it-organization-becoming-the-shadow.html

British businesses are beginning to take a more sophisticated approach to disaster recovery (DR) planning, but most still fail to test their provisions frequently enough.

This is according to a new report from Plan B, in which 200 IT professionals and decision-makers at UK firms were polled on their DR practices.

It found that many are adopting hybrid DR plans, using a wide range of in-house and outsourced solutions to suit the “budget and criticality” of different IT systems.

However, fewer than a third (31 per cent) of respondents test their plans more than yearly, the researchers found, and just one in five (21 per cent) do so “properly” – trialling every component of their DR strategy in a single dry run.

This could put them at risk of missed recovery time objectives due to unforeseen bottlenecks, as well as data loss due to incomplete backups.

“Buyers are getting smarter, which is really good news for the business continuity world, but we still need to promote testing as an area to take more seriously to reduce IT downtime,” Plan B managing director Tim Dunger told Computer Weekly.

It is wise to choose a data recovery company who has a track record in recovering from the type of data loss you have experienced.

From:: http://www.krollontrack.co.uk/company/press-room/data-recovery-news/report-uk-firms-not-testing-dr-plans-frequently-enough795.aspx

The updating of NFPA 1600, the Standard on Disaster/Emergency Management and Business Continuity Programs, has reached a new stage. The Second Draft Report has now been posted and NITMAMs are now being accepted.

Under NFPA rules, anyone wishing to make an allowable amending motion at an NFPA Technical Meeting must declare their intentions by filing, within the published deadline, a NITMAM (Notice of Intent to Make a Motion).

The Motions Committee of the NFPA Standards Council, in accordance with NFPA rules, then reviews each NITMAM to determine whether the intended motion is a proper motion.

The deadline for NFPA 1600 new edition NITMAMs is August 21st 2015.

http://www.nfpa.org/1600

The Federal Emergency Management Agency provides two main types of assistance following natural disasters, such as the Texas storms, tornadoes, straight-line winds and flooding that occurred May 4 through June 19.

Individual Assistance is provided by the Federal Emergency Management Agency (FEMA) to individuals and families who have sustained losses due to disasters.

  • Texas homeowners, renters and business owners in designated counties who sustained damage to their homes, vehicles, personal property, businesses or inventory as a result of the May 4 through June 19 severe storms and floods may apply for disaster assistance.
  • Disaster assistance may include grants to help pay for temporary housing, emergency home repairs, uninsured and underinsured personal property losses, and medical, dental and funeral expenses caused by the disaster, along with other serious disaster-related expenses.
  • Disaster assistance grants are not taxable income and will not affect eligibility for Social Security, Medicaid, medical waiver programs, welfare assistance, Temporary Assistance for Needy Families, food stamps, Supplemental Security Income or Social Security Disability Insurance.
  • As a FEMA partner, the U.S. Small Business Administration (SBA) offers low-interest disaster loans to businesses of all sizes, private non-profit organizations, homeowners and renters. SBA disaster loans are the primary source of federal long-term disaster recovery funds for disaster damages not fully covered by insurance or other compensation. They do not duplicate benefits of other agencies or organizations.

Public Assistance can fund the repair, restoration, reconstruction or replacement of a public facility or infrastructure damaged or destroyed by a disaster.

  • FEMA will provide a reimbursement grant of 75 percent of eligible costs, with the state and local governments sharing the remaining 25 percent of costs. Eligible entities include state governments, local governments and any other political subdivision of the state, Native American tribes and Alaskan Native Villages. Certain private nonprofit organizations, such as educational, utility, irrigation, emergency, medical, rehabilitation, and temporary or permanent custodial care facilities also may receive assistance.
  • Although funds are awarded to government entities and nonprofits, the Public Assistance program is intended to benefit everyone — neighborhoods, cities, counties and states. Public Assistance dollars help clean up communities affected by disaster-related debris, repair the roads and bridges people use every day getting to work and school, put utilities and water systems back in order, repair hospitals and emergency services, rebuild schools and universities, and restore playground equipment in public parks.

###

All FEMA disaster assistance will be provided without discrimination on the grounds of race, color, sex (including sexual harassment), religion, national origin, age, disability, limited English proficiency, economic status, or retaliation. If you believe your civil rights are being violated, call 800-621-3362 or 800-462-7585(TTY/TDD).

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. 

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing disastercustomerservice@sba.gov, or visiting SBA’s website at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

FEMA’s temporary housing assistance and grants for childcare, medical, dental expenses and/or funeral expenses do not require individuals to apply for an SBA loan. However, those who receive SBA loan applications must submit them to SBA to be eligible for assistance that covers personal property, transportation, vehicle repair or replacement, and moving and storage expenses.

For more information on Texas recovery, visit the disaster web page at www.fema.gov/disaster/4223, Twitter at https://www.twitter.com/femaregion6 and the Texas Division of Emergency Management website, https://www.txdps.state.tx.us/dem.

Visit www.fema.gov/texas-disaster-mitigation for publications and reference material on rebuilding and repairing safer and stronger.

Can you share too much information (TMI) online? As organizations use more public cloud services, IT service providers should be careful about what cloud-based file sharing services they recommend. And, while the rise in public and hybrid clouds isn’t a bad thing, as an MSP you need to explain to your clients the risks associated with the public cloud so they can make an educated decision about what mix of public and private cloud services is right for them. Here are a few of the risks you should highlight:

...

http://mspmentor.net/infocenter-cloud-based-file-sharing/072015/3-public-cloud-risks-share-your-clients

CVS (CVS) last week notified CVSphoto.com customers that the independent vendor managing online payments for the website may have suffered a credit card breach.

And as a result, CVS tops this week's list of IT security news makers, followed by University of California, Los Angeles (UCLA) Health SystemUniversity of Pittsburgh Medical Center (UPMC) Health Plan and Symantec (SYMC).

What can managed service providers (MSPs) and their customers learn from these IT security news makers? Check out this week's list of IT security stories to watch to find out:

...

http://mspmentor.net/managed-security-services/072015/it-security-stories-watch-cvs-investigates-data-breach

WASHINGTON — In the month since a devastating computer systems breach at the Office of Personnel Management, digital Swat teams have been racing to plug the most glaring security holes in government computer networks and prevent another embarrassing theft of personal information, financial data and national security secrets.

But senior cybersecurity officials, lawmakers and technology experts said in interviews that the 30-day “cybersprint” ordered by President Obama after the attacks is little more than digital triage on federal computer networks that are cobbled together with out-of-date equipment and defended with the software equivalent of Bubble Wrap.

In an effort to highlight its corrective actions, the White House will announce shortly that teams of federal employees and volunteer hackers have made progress over the last month. At some agencies, 100 percent of users are, for the first time, logging in with two-factor authentication, a basic security feature, officials said. Security holes that have lingered for years despite obvious fixes are being patched. And thousands of low-level employees and contractors with access to the nation’s most sensitive secrets have been cut off.

...

http://www.nytimes.com/2015/07/19/us/us-vs-hackers-still-lopsided-despite-years-of-warnings-and-a-recent-push.html

Monday, 20 July 2015 00:00

Top Ten Tips for DR as a Service

In this article, we provide tips for what can be a particularly challenge task: deciding when and how to implement DRaaS in the enterprise.

Buy It, Don’t Hire It 

Some organizations already have an in-house team with the necessary expertise to establish and maintain a sophisticated DR plan. But plenty of others don’t even come close. In those cases, it is probably easier to buy the necessary DR technology and resources from the cloud than to try to hire it and build it in house.

“DRaaS is often a good fit for small to midsize businesses that lack the necessary expertise to develop, configure, test, and maintain an effective disaster recovery plan,” said Wayne Meriwether, an analyst for IT research firm Computer Economics.

...

http://www.enterprisestorageforum.com/backup-recovery/top-ten-tips-for-dr-as-a-service.html

“The Internet of Things is the biggest game changer for the future of security,” emphasizes David Bennett, vice president of Worldwide Consumer and SMB Sales at Webroot. “We have to figure out how to deal with smart TVs, printers, thermostats and household appliances, all with Internet connectivity, which all represent potential security exposures.”

Simply put, the days of waiting for an attack to happen, mitigating its impact and then cleaning up the mess afterward are gone. Nor is it practical to just lock the virtual door with a firewall and hope nothing gets in--the stakes are too high. The goal instead must be to predict potential exposure, and that requires comprehensive efforts to gather threat intelligence. According to Bennett, such efforts should be:

...

http://mspmentor.net/blog/msp-opportunity-managed-security-services

(TNS) - Few countries know how to deal with widespread disaster better than Japan, and on Thursday, Japanese firefighter Junichi Matsuo told his Yakima Valley counterparts what it was like to respond to the devastating 2011 earthquake and tsunami that killed more than 13,000 people.

“That was the first time I’d ever seen such a terrible situation,” said Matsuo, a veteran firefighter with decades of emergency response experience.

But the disaster also held lessons on the importance of community planning and community involvement in responding to a crisis, he said.

The magnitude 9.0 earthquake that struck March 11, 2011, was the most powerful recorded earthquake ever to hit Japan and the fourth-strongest worldwide since modern record-keeping began in 1900.

...

http://www.emergencymgmt.com/disaster/Japanese-Firefighter-Shares-His-Experiences-With-Yakima-County.html

The cost and consequence of a product recall

The number of food recalls and their costs to business are rising according to a new publication by Swiss Re which highlighted that since 2002, the annual number of recalls in the US has almost doubled. Food contamination costs US health authorities US$ 15.6 billion per year (nearly nine million Americans became sick from contaminated food in 2013 alone) and half of all food recalls cost the affected companies more than US$ 10 million.

Food manufacturers operate in a vast, globalised supply chain, making risk management for food recalls more difficult, yet one mislabelled product or contaminated ingredient can cause sickness, death, multi-million dollar losses and massive reputational damage for the affected companies. Swiss Re's Food Safety in a Globalised World examines how the increasing number food recalls is impacting consumers, public health services, governments and companies globally.

Product quality incidents or product safety incidents may not have been identified as a major threat to organizations according to the Business Continuity Institute’s latest Horizon Scan Report, but they do still raise some concerns among business continuity professionals. 26% of respondents to a survey expressed either concern or extreme concern about the prospect of a product quality incident that would disrupt the organization and 19% expressed the same level of concern over a product safety incident.

The latest Supply Chain Resilience Report produced by the BCI revealed that 40% of respondents to a survey claimed their supply chain had been impacted upon by a product quality incident during the previous twelve months. Many of these did suggest that the impact was low, but there was still an impact that can be disruptive.

"In a more globalised economy, ensuring the highest level of food safety is becoming an ever greater challenge for firms," says Jayne Plunkett, Head of Casualty Reinsurance at Swiss Re. "Today ingredients and technologies are sourced worldwide. This leads to greater complexity for food manufacturers and consumer and regulatory demands on companies are continually increasing."

As cyber threats emerge and evolve each day, they pose challenges for organizations of all sizes, in all industries. Even though most industries are investing heavily in cybersecurity, many companies are still playing catch up, discovering breaches days, months, and even years after they occur. The 2015 Verizon DBIR shows that this “detection deficit” is still increasing: The time taken for attackers to compromise networks is significantly less than the time it takes for organizations to discover breaches.

The risk posed by third parties complicates the issue further. How can an organization allocate time and resources to trust their partners’ security when they are struggling to keep up with their own? Over the years, audits, questionnaires, and penetration tests have helped to assess third party risk. However, in today’s ever-changing cyber landscape, these tools alone do not offer an up-to-date, objective view. While continuous monitoring solutions can improve detection and remediation times for all organizations, the retail, healthcare, and utilities industries can especially benefit from greater adoption.

...

http://www.riskmanagementmonitor.com/lowering-the-detection-deficit-what-industries-can-gain-from-continuous-monitoring/

Over the next few weeks the shortlisted articles and papers in Continuity Central’s Business Continuity Paper of the Year competition will be published, with the winner announced after that. This is the first shortlisted paper, written by Ken Simpson, FBCI.

Are you looking to build a high-performing team? Where each member understands their role, and how they fit with other team members’ roles? A team that can execute on the prepared game plan - while at the same time has the capability to improvise as the situation warrants?

That description might be something your business continuity, incident response and/or crisis management teams aspire to - or it may be just as appropriate a goal for your ‘business as usual (BAU)’ functional teams. In any case it applies to teams that seek to compete in elite level sports and perhaps we can learn something about how to prepare teams from the methods used in the sporting domain.

The nature of training and preparation changes as players and teams move from the participation and social levels of sport into elite competitions. Basic drills, sloppy execution and general fitness regimes are replaced with targeted training programs - building high-level skills, disciplined execution and embedding team concepts.

...

http://www.continuitycentral.com/index.php/news/resilience-news/374-exercising-and-resilience-fit-for-purpose

You may have read that the Justice Department is warning food manufacturers that they could face criminal and civil penalties if they poison their customers with contaminated food.

Recent high profile food recalls, such as the one at Texas-based Blue Bell Creameries and another at Ohio-based Jeni’s Splendid Ice Creams, have drawn attention to this issue once again.

Now a new report by Swiss Re finds that the number of food recalls per year in the United States has almost doubled since 2002, while the costs are also rising.

Half of all food recalls cost the affected companies more than $10 million each and losses of up to $100 million are possible, Swiss Re says. These figures exclude the reputational damage that may take years for a company to recover from.

...

http://www.iii.org/insuranceindustryblog/?p=4119

(TNS) - The mayors of four communities in south Mississippi weren't so eager at first to recall the events of 10 years ago, when they were new to the job and Hurricane Katrina had devastated their cities. But during a program Wednesday, they remembered the destruction, the people who came to help ­-- and the chickens.

Those in the audience of the Katrina +10 presentation at the Ohr-O'Keefe Museum of Art nodded as they remembered with the mayors how it was in the days after the storm and laughed at some of their stories.

Moderator Joe Spraggins had just retired as a brigadier general in the Air Force and said he asked the Lord, "I want to have a challenge in my next career."

His first day on the job as the head of emergency operations for Harrison County was Aug. 29, 2005 ­-- the day Katrina hit.

...

http://www.emergencymgmt.com/disaster/Mayors-Who-Were-New-to-the-Jobs-at-the-Time-Recall-Hurricane-Katrina.html

Climate markers continue to show global warming trend

State of the Climate in 2014 report available online. (Credit: NOAA).

State of the Climate in 2014 report available online. (Credit: NOAA)

In 2014, the most essential indicators of Earth’s changing climate continued to reflect trends of a warming planet, with several  markers such as rising land and ocean temperature, sea levels and greenhouse gases ─ setting new records.  These key findings and others can be found in the State of the Climate in 2014 report released online today by the American Meteorological Society (AMS).

The report, compiled by NOAA’s Center for Weather and Climate at the National Centers for Environmental Information is based on contributions from 413 scientists from 58 countries around the world (highlight, full report). It provides a detailed update on global climate indicators, notable weather events, and other data collected by environmental monitoring stations and instruments located on land, water, ice, and in space.  

“This report represents data from around the globe, from hundreds of scientists and gives us a picture of what happened in 2014. The variety of indicators shows us how our climate is changing, not just in temperature but from the depths of the oceans to the outer atmosphere,” said Thomas R. Karl, L.H.D, Director, NOAA National Centers for Environmental Information.

For State of the Climate in 2014 maps, images and highlights, visit Climate.gov. (Credit: NOAA).

For State of the Climate in 2014 maps, images and highlights, visit Climate.gov. (Credit: NOAA)

The report’s climate indicators show patterns, changes and trends of the global climate system. Examples of the indicators include various types of greenhouse gases; temperatures throughout the atmosphere, ocean, and land; cloud cover; sea level; ocean salinity; sea ice extent; and snow cover. The indicators often reflect many thousands of measurements from multiple independent datasets.

“This is the 25th report in this important annual series, as well as the 20th report that has been produced for publication in BAMS,” said Keith Seitter, AMS Executive Director. “Over the years we have seen clearly the value of careful and consistent monitoring of our climate which allows us to document real changes occurring in the Earth’s climate system.”

Key highlights from the report include:

  • Greenhouse gases continued to climb: Major greenhouse gas concentrations, including carbon dioxide, methane and nitrous oxide, continued to rise during 2014, once again reaching historic high values. Atmospheric CO2 concentrations increased by 1.9 ppm in 2014, reaching a global average of 397.2 ppm for the year. This compares with a global average of 354.0 in 1990 when this report was first published just 25 years ago.
  • Record temperatures observed near the Earth’s surface: Four independent global datasets showed that 2014 was the warmest year on record. The warmth was widespread across land areas. Europe experienced its warmest year on record, with more than 20 countries exceeding their previous records. Africa had above-average temperatures across most of the continent throughout 2014, Australia saw its third warmest year on record, Mexico had its warmest year on record, and Argentina and Uruguay each had their second warmest year on record. Eastern North America was the only major region to experience below-average annual temperatures.
  • Tropical Pacific Ocean moves towards El Niño–Southern Oscillation conditions: The El Niño–Southern Oscillation was in a neutral state during 2014, although it was on the cool side of neutral at the beginning of the year and approached warm El Niño conditions by the end of the year. This pattern played a major role in several regional climate outcomes.  
  • Sea surface temperatures were record high: The globally averaged sea surface temperature was the highest on record. The warmth was particularly notable in the North Pacific Ocean, where temperatures are in part likely driven by a transition of the Pacific decadal oscillation – a recurring pattern of ocean-atmosphere climate variability centered in the region.
  • Global upper ocean heat content was record high: Globally, upper ocean heat content reached a record high for the year, reflecting the continuing accumulation of thermal energy in the upper layer of the oceans. Oceans absorb over 90 percent of Earth’s excess heat from greenhouse gas forcing.
  • Global sea level was record high: Global average sea level rose to a record high in 2014. This keeps pace with the 3.2 ± 0.4 mm per year trend in sea level growth observed over the past two decades.
  • The Arctic continued to warm; sea ice extent remained low: The Arctic experienced its fourth warmest year since records began in the early 20th century. Arctic snow melt occurred 20–30 days earlier than the 1998–2010 average. On the North Slope of Alaska, record high temperatures at 20-meter depth were measured at four of five permafrost observatories. The Arctic minimum sea ice extent reached 1.94 million square miles on September 17, the sixth lowest since satellite observations began in 1979. The eight lowest minimum sea ice extents during this period have occurred in the last eight years.
  • The Antarctic showed highly variable temperature patterns; sea ice extent reached record high: Temperature patterns across the Antarctic showed strong seasonal and regional patterns of warmer-than-normal and cooler-than-normal conditions, resulting in near-average conditions for the year for the continent as a whole. The Antarctic maximum sea ice extent reached a record high of 7.78 million square miles on September 20. This is 220,000 square miles more than the previous record of 7.56 million square miles that occurred in 2013. This was the third consecutive year of record maximum sea ice extent. 
  • Tropical cyclones above average overall: There were 91 tropical cyclones in 2014, well above the 1981–2010 average of 82 storms. The 22 named storms in the Eastern/Central Pacific were the most to occur in the basin since 1992. Similar to 2013, the North Atlantic season was quieter than most years of the last two decades with respect to the number of storms.

The State of the Climate in 2014 is the 25th edition in a peer-reviewed series published annually as a special supplement to the Bulletin of the American Meteorological Society. The journal makes the full report openly available online.

NOAA’s mission is to understand and predict changes in the Earth's environment, from the depths of the ocean to the surface of the sun, and to conserve and manage our coastal and marine resources. Join us on FacebookTwitter, Instagram and our other social media channels.

The Office of Personnel Management (OPM) breach is in the news again. As you may have heard, it is much worse than originally thought, with nearly 22 million records compromised. With this news, this breach is the second one in less than three months that has hit a little too close to home for me personally.

It’s also not surprising. Our government is ridiculously lax in its cybersecurity efforts, especially when you consider the amount of personally identifiable information held in government databases. Remember, the OPM breach didn’t just have Social Security numbers and birthdates. PII revealed also included things like fingerprints and findings from security clearance investigations. The stealing of this data has created a new level of identity theft problems for the individuals affected, according to the security experts at NuData, who provided the following commentary to me in an email:

...

http://www.itbusinessedge.com/blogs/data-security/to-fix-cybersecurity-we-need-to-understand-it-more-completely.html

Thursday, 16 July 2015 00:00

BCI: Facing a skills shortage

A new study by the Confederation of British Industry and Pearson has shown that demand for higher-level skills in British industry is set to grow in the years ahead, with sectors central to future growth – manufacturing and construction – particularly hard-pressed.

The Education and Skills Survey highlighted that over two-thirds of businesses (68%) expect their need for staff with higher level skills to grow in the years ahead, but more than half of those surveyed (55%) fear that they will not be able to access enough workers with the required skills.

Availability of talents/key skills may not have been the greatest threat to organizations according to the Business Continuity Institute’s latest Horizon Scan Report, but it is still a threat. 43% of business continuity professionals surveyed expressed either concern or extreme concern about the prospect of their organization suffering from a lack of availability.

Katja Hall, Deputy Director-General at the CBI, said: “The Government has set out its stall to create a high-skilled economy, but firms are facing a skills emergency now, threatening to starve economic growth. Worryingly, it’s those high-growth, high-value sectors with the most potential which are the ones under most pressure."

Rod Bristow, President of Pearson’s UK business, said: “Better skills are not only the lifeblood of the UK economy – as fundamental to British business as improving our infrastructure, technology and transport links – they are also critical to improving young people's life chances, of enabling them to be a success in life and work."

The virtual data center is one of those things that sounded like a great idea at first, only to lose much of its appeal upon reflection. But while few organizations are pursuing a fully abstracted, end-to-end data environment, it appears that many data processes will benefit tremendously by not having to rely on integrated hardware/software infrastructure.

The virtual data center has gotten a boost from a number of key software developments lately that remove much of the complexity in creating functional data stacks in either on-premises or third-party clouds. One is the Mesosphere Datacenter Operating System (DCOS), which recently saw the release of a software development kit that allows cluster-wide installation and operation of Java, Go and Python services using a simple web or command-line interface. The system features a range of schedulers for various application types, such as long-term micro services, batch processing and storage, allowing enterprises to custom-build data frameworks to support highly specialized functions.

...

http://www.itbusinessedge.com/blogs/infrastructure/welcome-to-the-collective-working-toward-infinite-virtual-data-centers.html

‘Banana Skins’ poll reflects industry risk perception

A new survey charting the top risks in the global insurance sector shows that cyber risk and interest rates are now among the top risks for insurers. Their entry, new into the rankings of this fifth successive survey, are indicative of how high a concern they have become for the industry when looked at in conjunction with regulatory developments and the broader macro-economy.

The CSFI’s latest ‘Insurance Banana Skins 2015’ survey, conducted in association with PwC, polled over 800 insurance practitioners and industry observers in 54 countries, to find out where they saw the greatest risks over the next 2-3 years.

Regulatory risk emerged as the overall top risk for participants in the survey for the third successive time, underlining the deep impact regulatory change is having.

...

http://press.pwc.com/GLOBAL/cyber-risk-and-interest-rates-rank-alongside-regulation-as-top-risks-for-insurers/s/D438E164-668C-4A14-876D-D48C93FC1BD1

(TNS) - Twenty years ago this week, Chicago was gripped by one of the city's worst natural disasters: a scorching heat wave that claimed more than 700 victims, mostly the poor, elderly and others on society's margins.

The temperature hit 106 degrees on July 13, 1995, and would hover between the high 90s and low triple digits for the next five days. Dozens of bodies filled the Cook County medical examiner's office. On a single day — July 15 — the number of heat-related deaths reached its highest daily tally of 215; refrigerated trucks were summoned to handle the overflow of corpses.

Two decades later, the collective failings that contributed to the death toll are now well-documented: a city caught off guard, social isolation, a power grid that couldn't meet demand and a lack of awareness on the perils of brutal heat.

...

http://www.emergencymgmt.com/disaster/-Fatal-Heat-Wave-20-Years-Ago-Changed-Chicagos-Emergency-Response.html

Thursday, 16 July 2015 00:00

MSPs, Don't Ignore Cloud Opportunities

Just as the IT channel was getting comfortable a half-dozen years ago with managed services, another new service model was vying for recognition – the cloud. Many MSPs have since added cloud-based services, but some still struggle with how to go about it.

If you ask Michael Corey why, the founder and president of Dedham, Massachusetts-based MSP Ntirety will tell you one of the main obstacles is self-imposed: IT service providers fear cloud-based services will cannibalize parts of their businesses. They’ve made money delivering services in a certain way for so long that the idea of replacing it with a cloud model scares them.

...

http://mspmentor.net/cloud-computing/071515/msps-dont-ignore-cloud-opportunities

Don’t Fall into the Vendor Lock-In Trap of Hyper-convergence

About two years ago, I wrote a Blog (Storage Vendor Lock-in – Is the End Near?) that discusses how two emerging technologies, convergence and VM-aware storage, and more importantly the synergy among them, may provide the relief from vendor lock-in. Two years later, these two technologies have matured quite a bit and the synergy among them, widely referred to as hyper-convergence, is a pretty hot trend in IT.

For many customers, flexibility and avoiding vendor lock-in are primary concerns and a key reason for considering hyper-convergence. While all of us at Maxta have been busy improving our hyper-converged solutions and maintaining them to be flexible and free of vendor lock-in, this is not the case for some of our competitors. Unfortunately, some vendors are not leveraging the inherent potential of hyper-convergence to reduce vendor lock-in. Moreover, others are making moves to increase vendor lock-in to their own offerings.

...

http://www.maxta.com/dont-fall-into-the-vendor-lock-in-trap-of-hyper-convergence/

It’s no surprise that in today’s world, data grows by leaps and bounds daily. In fact, IDC and EMC report that global data will increase “by 50 times by 2020.” With the use of mobile devices, social networks and cloud applications, all businesses, large and small, can benefit from capturing and analyzing consumer and business data. Several companies have come forward with BI solutions for such businesses in recent months.

Most recently, Quatrro Business Support Services has created a leading-edge new business intelligence (BI) and financial analytics tool to help small to midsize businesses (SMBs) gather unstructured data and use it to make informed business decisions.

The BI Tool features financial dashboards, reporting templates and alerts to assist SMBs in making sense of the mounds of unstructured data they collect. According to PCWorld, SMBs will benefit from the BI Tool’s analysis and planning features to set up benchmarking and unit comparisons when attempting to identify trends in a market. It can also help with budgeting, forecasting and predictive analysis, which can give SMBs the ability to grow and expand.

...

http://www.itbusinessedge.com/blogs/smb-tech/fast-growth-of-data-spurs-development-of-bi-tools-for-smbs.html

He declined to live tweet his upcoming wedding from the altar, but there is no doubt that Nick Hayes is the social media expert on Forrester’s S&R team. He has extensive knowledge of the security, privacy, archiving, and compliance challenges of social media, as well as the technical controls used to address them. He also specializes in the tools that monitor and analyze social data to improve oversight and mitigation tactics of myriad reputational, third-party, security, and operational risks. He is certainly aware of the reputational risk of staring at your cell phone when you’re supposed to say, “I do”, but maybe if you follow him (@nickhayes10), you might get lucky with a pic or two -- and some good risk thoughts to boot.

Nick advises clients on a range of governance, risk, and compliance (GRC) topics, including corporate culture, training and awareness, and corporate social responsibility. He presents at leading industry and technology conferences, and he works with organizations of all sizes across all major industries.

...

http://blogs.forrester.com/stephanie_balaouras/15-07-14-forresters_security_risk_analyst_spotlight_nick_hayes

Wednesday, 15 July 2015 00:00

The New Needs of Digital Business

Digital business requires change across a very wide range of areas. There is an increasing use of storage, vastly expanded networking requirements, and a rise in the virtualization of all equipment. Digital systems deployed on the network can be replicated, modeled, and situated anywhere, so we have seen virtual networks, virtual servers, virtual mobile solutions, and virtual workstations of all types. Virtualization creates a need for new management techniques that control, replicate, and abandon virtual components on an automatic basis and manage their various interactions. Information technology is moving outside the firm to the public cloud, either directly or connected through a hybrid cloud mechanism. All aspects of IT are becoming increasingly connected to all the artifacts and processes of the firm.

The frameworks used in EA are also continuing to evolve and include elements such as big data, the cloud, mobile, and the other familiar elements of the changing environment. But what has not evolved so swiftly is the ability to rapidly change the models themselves and what they include as the cycles of technology change continue to accelerate. Continued development of digital business creates a space of massively interconnected data and processing, which must evolve into a more effectively governed system.

...

http://blog.cutter.com/2015/07/14/the-new-needs-of-digital-business/

Given the complexity of managing IT environments these days, it’s now only a matter of time before machine learning is routinely applied to manage IT operations. One of the first companies to provide such a capability is SIOS Technology, which today announced the general availability of SIOS iQ software for VMware environments that applies analytics based on machine learning algorithms to both IT infrastructure and application software.

Available in both standard and free editions, SIOS Technology COO Jerry Melnick says the machine learning software first automatically discovers what should be defined as normal within any IT environment, and then over time learns what deviations from normal will result in a particular performance threshold being broken or potential vulnerability being created.

Melnick says SIOS Technology decided to focus initially on the VMware environment because of the size of the installed base, but the technology will soon be more broadly applied. At its core is an implementation of a Postgres database running machine learning software that IT organizations download onto a VMware virtual machine. Via a SIOS PERC Dashboard, SIOS iQ then recommends the best solution to any particular issue it discovers.

...

http://www.itbusinessedge.com/blogs/it-unmasked/sios-technology-applies-machine-learning-to-it-operations.html

Tuesday, 14 July 2015 00:00

U.S. Winter Storm Losses Mount

As my kids head off for their snowy-themed day at camp, the statistic that jumps off the page in the 2015 Half-Year Natural Catastrophe Review jointly presented by Munich Re and the Insurance Information Institute (I.I.I.) is the record $2.9 billion (and counting) in aggregate insured losses caused by the second winter of brutal cold across the Northeastern United States.

As Munich Re illustrates in the following slide, a total of 11 winter storm and cold wave events resulted in 80 fatalities and caused an estimated $3.8 billion in overall economic losses in the period from January 2015 to the end of winter:

...

http://www.iii.org/insuranceindustryblog/?p=4116

A new study from the Ponemon Institute confirms that most healthcare organizations have been the victims of cyber attacks, placing sensitive patient data such as Social Security numbers and insurance information in the hands of identity thieves and organized criminals. With more and more healthcare organizations turning to managed service providers (MSPs) and cloud-based file sharing to store and administer their substantial number of patient records, healthcare organizations’ third-party vendors are increasingly held responsible for complying with industry standards for data protection.

The Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data investigated data breaches among 90 healthcare organizations and 88 of their business associates. Their findings show a shocking increase in cyberattacks and identity theft across the healthcare industry.

...

http://mspmentor.net/infocenter-cloud-based-file-sharing/071415/data-breaches-have-occurred-majority-healthcare-organizations

The majority of IT decision makers in large and midsize U.S. companies want to outsource their public cloud management to managed service providers, with 70 percent preferring to deal with a single vendor to manage their entire IT infrastructure, according to a new report.

Digital Fortress, a managed cloud and colocation provider with data centers in Seattle, surveyed 100 IT decision makers online in June. The company found that 65 percent of companies plan to partially outsource management of public cloud to a third-party.

...

http://mspmentor.net/cloud-computing/071315/adoption-grows-companies-want-msps-manage-public-cloud-report

U.S. Office of Personnel Management (OPM) Director Katherine Archuleta resigned last week after OPM officials discovered a data breach in April.

And as a result, OPM tops this week's list of IT security news makers, followed by the Army National Guard, Service Systems Associates (SSA) and "Gunpoder" malware.

What can managed service providers (MSPs) and their customers learn from these IT security news makers? Check out this week's list of IT security stories to watch to find out:

...

http://mspmentor.net/managed-security-services/071315/it-security-stories-watch-opm-director-steps-down-after-data-breach

Are you a risky partner? According to a recent Skyhigh Networks survey, nearly 8 percent of cloud partners are given access to company data that is considered high-risk. For MSPs, it’s vital that your clients see your cloud-based file sharing services as a safe move for their company.

In order to effectively work with clients, you must work to show yourself as a low-risk partner, one that works hard to secure their cloud sharing for their other partners. The average company works with 1,500 business partners via the cloud. By first proving yourself as a trusted partner, you can then start working to protect your clients against the other 1,499.

...

http://mspmentor.net/infocenter-cloud-based-file-sharing/071315/securing-cloud-services-against-other-partners

On January 28, 1986, nearly 30 years ago, the space shuttle Challenger broke apart 73 seconds into its flight, leading to the tragic deaths of its seven crew members.[1] As the spacecraft disintegrated over the Atlantic Ocean, the paradigm of risk management shifted from reactive to proactive. Taxonomies, frameworks, methodologies and tools developed rapidly to meet this need to manage risk proactively. And while, nearly 30 years later, we are more confident through the evolution of risk management that has taken place to answer the reactive question, “Are we riskier today than we were yesterday?” we face the stark realization that we are not truly able to answer an even more important question: “Will we be riskier tomorrow than we are today?”

Realizing a collective vision to have informative dashboards that look forward, providing confidence in assessments of how risky things are that lie ahead, is the work of the current generation. That makes today an exciting time for risk management. Great progress has been made, but as we reflect today, we know so much more can and must be done.

At this point, we thought we would take a pause and look back 30 years on how risk management has evolved and some of the lessons we can draw from the past.

...

http://corporatecomplianceinsights.com/risk-management-lessons-from-the-last-30-years/

The fact of the matter is that it should be more convenient to share threat-related information than it is right now, but an evolved level of suspicion between government and the private sector seems to supersede an understanding at the executive level of the severity of the threats…. Without better information sharing, particularly in the cyber arena, the critical infrastructure of this country remains vulnerable.  (Searle, ASA News & Notes, July 2013)

I’ve spent a fair amount of time since 2009 calling for action in the area of information sharing between the public and private sector.  Any progress that might have been made in this area – the increasingly helpful role and information sharing from the FBI with the private sector, for example – has been wiped out by several recent breaches of highly confidential data reported to the Internal Revenue Service (IRS) and the Office of Personnel Management (OPM).

The four Basel-defined sources of financial loss that can spring from operational risk are unchanging:  people, process, systems and external events.  These days, we have no better illustration of those four sources than in the area of data breaches, where the numbers are staggering, but where the true costs may not yet have been factored.  On the U.S. private sector side, we continue to identify a cost of $201 per record with an average overall breach cost of $5.85M; and we know that 43% of U.S. firms experienced a 2014 breach (www.insidecounsel.com).  Further, a 2014 Ponemon study suggests that if your organization has more than 10,000 records, the probability of breach is 22%, whether or not your firm knows that it has been breached.

...

http://anniesearle.createsend.com/t/ViewEmailArchive/r/84E38A1B43D5CF012540EF23F30FEDED/6F21BA1D1D483682/

Peter Cerrato is a principal consultant for Forrester's Business Technology consulting practice.  

A very strange and sudden thing happened 66 million years ago. A comet crashing into the Mexican Yucatan peninsula near Chicxulub put an end to the long reign of the dinosaurs. But not so fast. We now know that some of those dinosaurs survived the massive Cretaceous-Tertiary extinction event: the smaller, faster, feathered and headed-toward-warm-blooded early ancestors of our eagles and hawks.

What can we as security and risk professionals learn from those early ancestors of today’s great raptors (and other birds) to make the leap required to survive the massive extinction event the business world is undergoing: the age of the customer?

...

http://blogs.forrester.com/peter_cerrato/15-07-09-how_to_go_from_dinosaur_to_eagle_or_risk_being_the_ciso_that_got_hit_by_the_comet

It is easy to look at challenges to the enterprise data environment and view them as infrastructure problems or architectural problems or system problems. In reality, it is all a data problem – as in too much data coming in too quickly and in too much of a disjointed fashion.

And things are only going to get worse as organizations attempt to deal with Big Data, the Internet of Things, data mobility, and a host of other initiatives coming down the pike. So while measures to improve and expand infrastructure and architecture are vital as data trends emerge, so are ways to capture and manage these ever-increasing volumes without breaking the IT budget but still preserving the value of data within the overall business model.

According to MarketsandMarkets, the enterprise data management space is expected to nearly double in size by the end of the decade from today’s $64 billion to more than $105 billion, a compound annual growth rate of 10.2 percent. Key drivers here include the need for business continuity in the event of data loss plus the need to reduce the total cost of ownership of data, both of which are exacerbated by the flood of data coming into the enterprise. To meet this challenge, data management platforms are incorporating a wide range of disciplines, including integration, migration, warehousing, governance and security.

...

http://www.itbusinessedge.com/blogs/infrastructure/give-infrastructure-a-break-through-better-data-management.html

Bloggers like me often comment on how organizations are dealing with crises. I do often with a sense of dread knowing that I really don’t know what is going on inside and may not be aware of critical issues that are affecting the response.

That danger was highlighted to me to the extreme when I read today’s comments by Deborah Watson on PR Daily’s blog. My biggest concern is by getting the facts so wrong, the real lessons to be learned from BP’s reputation problems are missed, and therefore those interested will likely take away the wrong things.

I’ll comment on each of the five points she raises as BP’s biggest blunders. (Her comments are italicized).

...

http://ww2.crisisblogger.com/2015/07/post-mortem-on-bps-pr-demonstrates-dangers-of-commenting-in-the-dark/

TNS - The World Health Organization must undergo fundamental changes if it is to fulfill its function of protecting global health, according to an independent panel of experts that reviewed the agency’s bungled response to the deadly Ebola outbreak.

“The panel considers that WHO does not currently possess the capacity or organizational culture to deliver a full emergency public health response,” it says in a scathing report released Tuesday.

The panel, headed by Barbara Stocking, a former head of the aid group Oxfam GB, urged the WHO to create a division to oversee preparations for the next major outbreak and coordinate the response.

...

http://www.emergencymgmt.com/health/Scathing-Report-on-Ebola-Urges-Major-Changes-at-World-Health-Organization.html

There is growing concern that corporate boards and senior executives are not prepared to govern their organization’s exposure to cyberrisk. While true to some degree, executive management can learn to identify and focus on the strategic and systemic sources of cyberrisk, without becoming distracted by complex technology-related symptoms, by understanding the organization’s ability to make well-informed decisions about cyberrisk and reliably execute those decisions.

Making well-informed cyberrisk decisions

To gain greater confidence regarding cyberrisk decision-making, executives should ensure that their organizations are functioning well in two areas: visibility into the cyber risk landscape, and risk analysis accuracy.

...

http://www.riskmanagementmonitor.com/5-questions-boards-and-the-c-suite-should-be-asking-about-cyberrisk/

Joe Young, CEO of GDS in Pembroke, Massachusetts has started to focus on the lack of IT security with Government organizations across New England. Recently Joe and his team hosted an awesome webinar on this topic. You have to watch it

There’s no question about it: cybercrime is on the rise – from links in bogus phishing emails to malware-ridden websites to data-stealing ransomware, cybercrime is becoming more and more sophisticated and complex each and every day. A few months ago, in Wayland, Massachusetts, police investigated and discovered someone accessed the town’s bank accounts.

As you can imagine, the hackers stole a significant amount of money – withdrawing over $4 million from the town’s bank account. Unfortunately, they weren’t prepared to handle the attack. That’s why it’s absolutely vital to ensure you’re truly protecting governments from hackers.

...

http://mspmentor.net/managed-security-services/does-your-msp-firm-truly-protect-governments-hackers

The strategic value of business continuity

What is the value of business continuity? That is a question those working in the profession often grapple with, certainly when attempting to justify its existence to top management. In the latest edition of the Business Continuity Institute's Working Paper Series, Dr Clifford Ferguson explores the issue of strategic value and offers a way forward by integrating business continuity into an organization’s strategic plan.

This is timely given the growing interest in resilience as a quality that allows organizations to increase their adaptive capacity to sudden shocks or long-term, incremental changes. With his work revisiting some of the models featured in existing literature, Dr Ferguson makes the case for articulating the strategic value of BC and its relationship to resilience.

This paper is also relevant given its focus on the public sector. The 2015 BCI Horizon Scan report revealed BC funding cuts in 30% of public sector organizations sampled worldwide. These budget cuts present clear pressures for BC practitioners in the public sector to demonstrate value for money while maintaining standards of delivery.

Dr Ferguson concludes that business continuity should be both a cost saver and a strategic risk reduction tool. It cannot be independent from the corporate strategy and it should be embedded into the organizational value system. A business continuity culture will have a direct influence on the services the state offers its citizens and will give rise to a reduction of reputational risk. The continuity culture may be the best driver of continuous service delivery improvement.

To download your free copy of 'the strategic value of business continuity (BC): Integrating BC into an organization’s strategic plan' click here.

More than 70% of women in insurance believe the industry is making progress toward gender equality and, for the second year in a row, over two-thirds think their company is working to promote gender diversity, according to a new survey from the Insurance Industry Charitable Foundation.

After the IICF Women in Insurance Global Conference, which brought together 650 insurance professionals, senior executive speakers, and CEOs to discuss how the industry can increase gender diversity in the workplace, the foundation polled attendees on the current reality of gender diversity and its evolution across the insurance industry.

Almost half of attendees agree that their company is working to promote gender diversity with another 19% strongly agreeing, but 24.5% disagreed, and 7.1% disagreed strongly. Biases in advancement (51%) and lack of opportunities for professional advancement (24.6%) remain the biggest barriers for women seeking leadership positions in their companies, respondents said. The industry may be making some progress on those issues, however, as the percentage of women who named “biases in advancement” and “lack of opportunities for professional advancement” as the chief barriers fell to 68% from 76% last year.

...

http://www.riskmanagementmonitor.com/is-the-insurance-industry-improving-for-women/

Disaster management officials from APEC member economies have voiced support for the introduction of financial incentives to encourage businesses in the Asia-Pacific region to develop business continuity plans.

An incentives-based approach was backed by officials over mandatory measures during a recent public-private sector meeting in Bangkok to promote business continuity planning. The focus will be on lifting the low adoption rate by small and medium enterprises which account for more than 97 percent of businesses, 60 percent of GDP and over half of employment in APEC economies, and are an emerging yet vulnerable driver of cross-border production and supply chains.

“Small businesses play a significant and growing role in the international production and trade of goods, particularly as suppliers of component parts and equipment for larger manufacturers, but their disaster risk exposure remains disproportionately high,” explained Dr Li Wei-sen, co-chair of the APEC Emergency Preparedness Working Group, which oversees member cooperation on related issues.

...

http://www.continuitycentral.com/index.php/news/business-continuity-news/319-news7606

Disaster management officials from Asia-Pacific Economic Cooperation (APEC) member economies have voiced support for the introduction of financial incentives to spur emergency preparedness among businesses in the Asia-Pacific as the risk of shocks to trade and growth rises in the world’s most natural disaster hit region.

An incentives-based approach was backed by officials over mandatory measures during a public-private sector meeting in Bangkok to promote business continuity planning. Focus is on lifting the low adoption rate by small and medium enterprises which account for more than 97% of businesses, 60% of GDP and over half of employment in APEC economies, and are an emerging yet vulnerable driver of cross-border production and supply chains.

Small businesses play a significant and growing role in the international production and trade of goods, particularly as suppliers of component parts and equipment for larger manufacturers, but their disaster risk exposure remains disproportionately high,” explained Dr Li Wei-sen, Co-Chair of the APEC Emergency Preparedness Working Group, which oversees member cooperation on related issues.

The knock-on effects of small business disruptions or shutdowns can be substantial given the increasingly globalised nature of production and trade, as earthquakes, floods and other natural disasters in the Asia-Pacific have shown. The adoption of business continuity plans by small and medium enterprises is critical to mitigating the disaster threat within the sector and to the global economy but their recognition of this need and action to address it is often lacking.

APEC economies are hit by more 70% of the world’s natural disasters and suffered US$68 billion annually in related costs from 2003 to 2013. But just 13% of small and medium enterprises in the region have business continuity plans in place which involve raising disaster risk awareness, identifying vulnerabilities and organizing teams to address them. This gap leaves the sector more susceptible to business disruptions, financial losses and bankruptcy.

Possible financial incentives to encourage small and medium enterprises to adopt business continuity plans include tax cuts, reduced insurance costs and lower interest rates to help them overcome the initial investment of setting up their plans,” said Natori Kiyoshi, who is also Co-Chair of the APEC Emergency Preparedness Working Group. “There is no one-size-fits-all approach given variations in economic and financial conditions among the region’s economies.

Thousands of controversial .sucks domains emerged from their sunrise period on Sunday 21st June and became available to the general public. But just 20 percent of the UK’s top brands have snapped them up, leaving the rest in danger from online trolls , according to domain name registrar 34SP.com. 80 percent of the leading 100 UK brands are yet to register the top level domains (TLDs) that pose a reputational threat.

Vodafone, Barclays, ASDA, and ASOS are some of the more cautious UK brands to purchase the controversial domains released by Canadian domain registrar, Vox Populi, before they fell into the wrong hands. Vodafone, Barclays, Lloyds, and Nationwide have gone as far as to splash out on .sucks domains under a variety of versions of their brand terms or well-known phrases.

US brands were vocal when preregistering the domains whilst they were in their sunrise period and only available to trademarked holders, with Taylor Swift, Kevin Spacey, and Microsoft all saying they’d bought them. And a similar response was anticipated by 34SP.com for UK brands once the TLDs were available to the general public.

...

http://www.continuitycentral.com/index.php/news/erm-news/320-news7607

To many, the data center is still the heart of the enterprise, responsible for pushing vital digital nutrients to an increasingly diverse organism. To others, it is more like an anchor, weighing down what would otherwise be a nimble craft as it trawls the data sea in search of treasure.

Both camps recognize that dramatic changes that are taking place within and outside data center infrastructure, but they come to radically different conclusions as to what they mean and what is the best way for the enterprise to engage the next-generation data environment.

According to 451 Research, 87 percent of those with O&O data centers in North America and Europe plan on maintaining or even increasing their facilities in the coming year, with a quarter of those set to increase spending within the next three months. The spread covered medium-sized and large organizations, particularly in the healthcare and finance industry, which is a strong indication that if any group is liable to shed direct control of data infrastructure it is the SMB market, which has relatively little infrastructure to begin with.

...

http://www.itbusinessedge.com/blogs/infrastructure/the-enterprise-data-center-can-it-last-in-the-cloud.html

Have you noticed that you almost never hear about “green computing” anymore? It was all the rage a few years ago, but now, it seems, the topic draws about as much attention as a Palm Pilot. I don’t pretend to know exactly why that is, but my hunch is that IT professionals have so much to deal with in their quest to improve the efficiency of their operations, issues with labels that conjure up touchy-feely images of tree huggers and “Save the Planet” stickers simply don’t rise to a level that makes it on to a lot of IT department radars.

The irony, of course, is that, when you think about it, “green computing” and efficient operations are inseparable. Whether or not you call it something that makes for a good bumper sticker, it’s all about efficient enterprise facilities management.

Enterprise facilities management, or EFM, was the topic of my recent email interview with Paul Morgan, vice president and general manager of the Global Workplace Solutions (GWS) unit of Johnson Controls in Milwaukee. GWS is a provider of outsourced EFM services, and I thought it would be helpful to start off by clarifying how GWS defines EFM. Morgan prefaced his definition by noting that the facilities management industry and the business needs of building owners and occupiers continue to evolve.

...

http://www.itbusinessedge.com/blogs/from-under-the-rug/what-you-need-to-know-about-outsourcing-enterprise-facilities-management.html

New Ponemon research, highlighting that UK businesses are unable to determine the risk to 58 percent of the confidential data stored in the cloud and 28 percent of the sensitive information held on premise, has been published.

The study, supported by Informatica Corporation, explored how UK organizations are approaching data security, and reveals that businesses are failing to identify sensitive or confidential information.

Less than half (45 percent) have a common process in place for discovering and classifying the sensitive or confidential data on premise and only a quarter have a process in place for data in the cloud.

As information continues to proliferate, not knowing where sensitive or confidential data resides is one of the biggest concerns for 55 percent of IT and IT security practitioners.

...

http://www.continuitycentral.com/index.php/news/technology/321-research-reveals-breakdown-in-uk-businesses-data-security-practices

OKLAHOMA CITY As the waters recede and Oklahomans begin to assess the damage caused by the severe storms and flooding that washed across the state this spring, questions start to arise about how and when those with National Flood Insurance Program (NFIP) policies should file claims.

The first step is notification. Homeowners, renters and business owners with NFIP coverage should immediately report flood damage to their insurance company or agent. A claims adjuster will inspect your damages, estimate the repair costs, and send an estimate to the insurance company for review and payment approval.

As part of their claim, policyholders are required to submit a “Proof of Loss” statement which includes an estimate of the damages on both your structure and its contents. Insurance companies usually provide this form and in most cases will help you fill it out. A “Proof of Loss” is not a release of claim, but a statement of loss facts and damages claimed.

Your claims package should be supported by photos of water in the structure and the resulting damage. You should also compile an itemized list of all flood damage and retain swatches of carpets or fabrics that were damaged. Be sure to make copies of the insurance claim, proof of loss and all other supporting documents for your own records.

An important point to keep in mind is that you do not have to accept the initial estimate of the damage prepared by the claims adjuster. All issues should be addressed with the adjuster and the company’s management. However, if you believe the claims adjuster did not address all of your flood damage in their estimate, you can file a supplemental claim for the additional damages. For example, there may have been hidden damage not detected by the claims adjuster during their property inspection. 

Be aware there are strict deadlines for filing flood insurance claims. Regardless of whether you agree with the claims adjuster’s estimate, your proof of loss statement must be submitted to the NFIP or the insurance company within 240 days of the loss. This extension of the 60-day policy wording is specific to the current Oklahoma flood.

If your claim is denied, the Federal Emergency Management Agency (FEMA) has established a formal appeals process. You can start this process as soon as the insurance company issues its final determination in the form of a written denial (in whole or in part) of your claim.

The written appeal must be filed within 60 days of the insurance company's final claim determination. FEMA will acknowledge receipt of your appeal in writing and advise if additional information or documents are required for full consideration of your appeal. Next, FEMA will review your documentation and conduct any additional investigation needed. Finally, the policyholder and their insurance company will be advised of FEMA's decision regarding the appeal.

Even if you file an appeal with FEMA, that does not relinquish or replace your right to file a lawsuit against the insurance company, nor does it expand or change the one-year statute of limitation to file suit against the insurer for the disallowed portion of your claim.

To avoid conflicting results and duplicated effort, a policyholder who files suit against an insurance company is prohibited from filing an appeal with FEMA under this process. As a result, homeowners are encouraged to file an appeal with FEMA first.

Oklahomans who don’t have NFIP insurance – and who sustained losses or damages in the May 5 through June 4 storms – may be eligible for state and federal assistance. You can apply online at DisasterAssistance.gov or via smartphone at m.fema.gov or by phone at 800-621-3362 (Voice or 7-1-1/ Relay) or TTY 800-462-7585. For information about U.S. Small Business Administration (SBA) programs, applicants should call 800-659-2955 (TTY 800-877-8339).

Even if you have a NFIP policy, you may also be entitled to FEMA Individual Assistance payments for housing allowance, contents losses, or moving and storage expenses.

For more information about flood insurance, go to www.FloodSmart.gov. For more information on Oklahoma disaster recovery, click http://www.fema.gov/disaster/4222 or visit OEM at www.oem.ok.gov

###

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status.  If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

The Oklahoma Department of Emergency Management (OEM) prepares for, responds to, recovers from and mitigates against emergencies and disasters. The department delivers services to Oklahoma cities, towns and counties through a network of more than 350 local emergency managers.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow us on Twitter at www.twitter.com/femaregion6 and the FEMA Blog at http://blog.fema.gov.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners, and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling (800) 659-2955, emailing disastercustomerservice@sba.gov, or visiting SBA’s website at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call (800) 877-8339.

John Ball, MBCI, describes how taking business continuity training in-house can pay dividends for public sector organizations.

I would like to take a few moments to consider how most organizations, particularly the public sector, approach the training of business continuity, and offer up a low cost, continuous improvement model to push that training further into the organization.
Generally speaking many public sector organizations develop or employ one expert, who is trained to a recognised standard and responsible for business continuity across the organization. In some cases business continuity is combined with emergency planning and risk under the title of ‘resilience manager’. Personally I think that putting three jobs into one is not ideal, however I understand that organizations have to ‘cut their cloth’ according to the pressures they face.

Whatever the setup, and depending on the budget, the business continuity programme will be delivered via a project team, a single manager, or a manager guiding a number of business continuity representatives (in addition to the day job) that receive training as they go along. These are all tried and tested processes, the result of which sees us where we are today. Many organizations aspire to align with ISO 22301 and, consequently, the business continuity programme is driven along those lines.

It is important that business continuity managers should be trained to a high level of expertise. This is a necessary, yet expensive process, but brings with it a measurable return on investment in the form of continued service delivery.

...

 

WASHINGTON — The Foreign Intelligence Surveillance Court ruled late Monday that the National Security Agency may temporarily resume its once-secret program that systematically collects records of Americans’ domestic phone calls in bulk.

But the American Civil Liberties Union said Tuesday that it would ask the United States Court of Appeals for the Second Circuit, which had ruled that the surveillance program was illegal, to issue an injunction to halt the program, setting up a potential conflict between the two courts.

The program lapsed on June 1, when a law on which it was based, Section 215 of the USA Patriot Act, expired. Congress revived that provision on June 2 with a bill called the USA Freedom Act, which said the provision could not be used for bulk collection after six months.

The six-month period was intended to give intelligence agencies time to move to a new system in which the phone records — which include information like phone numbers and the duration of calls but not the contents of conversations — would stay in the hands of phone companies. Under those rules, the agency would still be able to gain access to the records to analyze links between callers and suspected terrorists.

...

http://www.nytimes.com/2015/07/01/us/politics/fisa-surveillance-court-rules-nsa-can-resume-bulk-data-collection.html

Thursday, 02 July 2015 00:00

Defining the Future of DR Storage

More and more workloads are being shunted off to the cloud. It appears that the days of having an arsenal of in-house hardware are over. Gone, too, will be expensive offsite mirror Disaster Recovery (DR) facilities – at least for all but the largest, richest and highest-end businesses. So what does this mean to the storage manager?

The future of DR appears to be moving steadily away from the primary site and recovery site concept. It is being gradually replaced with the ability to migrate or burst workloads seamlessly from site to site. As the cloud gains ground, the ownership of the sites involved is becoming less of an issue. Some may be customer owned, such as in a data center, a private cloud, a hosted data center or a colocation facility; others may be completely in the hands of an outside party. The key is that data must be able to shift dynamically on demand between the various sites involved while being able to attain always-on availability.

Sometimes companies will set things up this way purely for DR purposes. But this kind of more loosely coupled arrangement enables them to do other things.

...

http://www.enterprisestorageforum.com/backup-recovery/defining-the-future-of-dr-storage.html

The US National Institute of Standards and Technology (NIST) has named experts in business continuity planning and the post-disaster recovery of telecommunication networks to serve as NIST Disaster Resilience Fellows.

George B. Huff Jr., founder and director of The Continuity Project, Alexandria, Va., and Steve Poupos, AT&T’s director of technology operations, will assist NIST as it finalizes its Community Resilience Planning Guide for Buildings and Infrastructure. They also will contribute to follow-on efforts to support US counties, cities and towns in implementing the guide.

Issued in April, 2015, as a draft for public review, the planning guide lays out a flexible approach that communities can adapt and use to set priorities, allocate resources, and take actions that will help them to withstand and bounce back from the shocks and stresses of extreme weather and other hazards. NIST plans to issue the initial version in September, 2105. The guide will be updated periodically.

...

http://www.continuitycentral.com/index.php/news/resilience-news/325-nist-appoints-two-new-disaster-resilience-fellows

Over the past few years, there has been skyrocketing growth in the use of social media to get the word out during emergency situations. From fires to disease outbreaks to police shootings, more and more people turn to Twitter, Facebook or other social media sites to get the latest updates on incidents from reliable sources and "friends."

Earlier this year, Emergency Management magazine ran a story titled: Can You Make Disaster Information Go Viral? In that piece, new efforts were highlighted to improve the reliability of emergency communications using social media during man-made and natural disasters.

I applaud these social media efforts, and this emergency management communications trend has been a very good thing up to this point. But dark clouds are on the horizon. And soon, maybe you'll need to hold-off on that retweet.

...

http://www.emergencymgmt.com/disaster/False-Alert-Can-You-Really-Trust-that-Tweet-for-Emergency-Communications.html

TNS - While it's not the sort of threat we would immediately associate with the phrase "homeland security," New York's preparedness teams are hatching plans for the potential arrival of an avian flu that has already wiped out more than 40 million chickens in the Midwest.

Several weeks ago, officials announced that this year's State Fair and county celebrations wouldn't include poultry exhibits. In addition, there will be added inspection of poultry from out of state, and additional inspectors deployed to the handful of live bird markets that serve the burgeoning immigrant groups in New York City.

"We do not have an avian flu outbreak at this time, but we are planning for one," said Kelly Nilsson, an emergency preparedness and planning manager for the state Department of Agriculture and Markets.

...

http://www.emergencymgmt.com/health/New-York-Preparedness-Teams-Planning-for-Arrival-of-Avian-Flu.html

AUSTIN, Texas – State and federal dollars are flowing into Texas communities recovering from the May 4 through June 19 storms, straight-line winds, tornadoes and floods.

To date, more than $137 million in state and federal grants, U.S. Small Business Administration (SBA) low-interest disaster loans, and National Flood Insurance Program claims have been approved and/or paid to Texans.

The Texas Division of Emergency Management (TDEM) and the Federal Emergency Management Agency (FEMA), partners in the state’s recovery, provide the following summary of disaster assistance efforts as of June 30:

        NUMBER            ACTIVITY

  • $75.9 million         NFIP Flood claims paid to Texans since May 4
  • $27.7 million        SBA low-interest disaster loans
  • $34.1 million        Housing, Other Needs Grants
  • 22,158                  Total FEMA Registrations
  • 16,544                  Home inspections completed
  • 8,380                    National Flood Insurance Program claims to date 
  • 1,846                    Visits to Disaster Recovery Centers
  • 800                      Number of federal workers in Texas assisting with disaster recovery
  • 264                      Billboard and outdoor electronic signs displaying FEMA information
  • 58                       Number of counties designated for Public Assistance
  • 31                       Number of counties designated for Individual Assistance
  • 25                      Fixed and mobile disaster recovery and mobile registration intake centers

The deadline to register with FEMA is July 28. To register for assistance, Texans can apply online at www.disasterassistance.gov. or by calling 800-621-3362, (TTY) 800-462-7585 for the speech- and hearing-impaired. Both numbers are available from 7 a.m. to 10 p.m. local time daily, until further notice. More information is available online at www.fema.gov or at www.txdps.state.tx.us/dem.

###

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status.  If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY, call 800-462-7585.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.  Follow us on Twitter at https://twitter.com/femaregion6.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing disastercustomerservice@sba.gov, or visiting SBA’s website at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

FEMA’s temporary housing assistance and grants for childcare, medical, dental expenses and/or funeral expenses do not require individuals to apply for an SBA loan. However, those who receive SBA loan applications must submit them to SBA to be eligible for assistance that covers personal property, transportation, vehicle repair or replacement, and moving and storage expenses.

Visit www.fema.gov/texas-disaster-mitigation for publications and reference material on rebuilding and repairing safer and stronger.

Recently, I checked out all the iOS apps available from my home state, Kentucky.  I wasn’t impressed.

The parks system has a nice app — the same one available for other states, thanks to a private company. In fact, all of the apps I found were actually produced by private companies, and even so, they were pretty unimpressive. Tourism, for example, has collaborated on an app that basically gives you a .pdf of its main publication.

If mobile apps are the Internet in small, Kentucky seems to be making the same mistakes I saw it make back in 2000, when it was building a web presence. There’s no clear strategy of prioritizing critical services first.

...

http://www.itbusinessedge.com/blogs/integration/why-government-apps-are-totally-lame-and-how-to-fix-it.html

Liquid cooling is gaining, well, steam (sorry) in the data center as compute densities creep up and organizations look for ways to keep temperatures within tolerance without busting the budget on less-efficient air-handling infrastructure.

But there are a number of approaches to liquid cooling, ranging from running simple cold water in and around the data center to full immersion of chips and motherboards in non-conducting dielectric solutions.

According to Research and Markets, the data center cooling market as a whole is on pace to hit compound annual growth of 6.67 percent between now and 2019. The report summary available on the web does not break out the performance of specific cooling categories, but it does note that high adoption of liquid-immersion technologies is one of the key growth factors. As cloud computing and data analytics ramp up in the enterprise, data infrastructure across the board will have to provide greater performance within small, most likely modular, footprints, which means more heat and a more direct way to whisk it away from sensitive data equipment.

...

http://www.itbusinessedge.com/blogs/infrastructure/data-center-evolution-getting-hotter-and-wetter.html

Wednesday, 01 July 2015 00:00

The Data Lake as an Exploration Platform

The data lake is an attractive use case for enterprises seeking to capitalize on Hadoop’s big data processing capabilities. This is because it offers a platform for solving a major problem affecting most organizations: how to collect, store, and assimilate a range of data that exists in multiple, varying, and often incompatible formats strung out across the organization in different sources and file systems.

In the data lake scenario, Hadoop serves as a repository for managing multiple kinds of data: structured, unstructured, and semistructured. But what do you do with all this data once you get it into Hadoop? After all, unless it is used to gain some sort of business value, the data lake will end up becoming just another “data swamp” (sorry, couldn’t resist the metaphor). For this reason, some organizations are using the data lake as the foundation for their enterprise data exploration platform.

...

http://blog.cutter.com/2015/06/30/the-data-lake-as-an-exploration-platform/

TNS - Connecticut’s emergency dispatchers in the not-too-distant future will be fielding not only 911 calls and texts, but perhaps even viewing photos and videos of crimes or accidents.

The state’s changeover to the Next Generation 911 system has started at 10 pilot sites across the state, including locally at the Mashantucket Pequot Public Safety Department and Valley Shore Emergency Communications in Westbrook.

All of the state’s 104 public service answering points are scheduled for a changeover by next year.

...

http://www.emergencymgmt.com/next-gen-911/State-planning-text-to-911-as-part-of-new-system.html

Traffic video cameras were installed to keep the roads moving by letting transportation departments see trouble spots, dispatch assistance and arrange detours as quickly as possible. But this wealth of real-time video intelligence has proven to be an exceptional resource for emergency operations centers (EOCs) across the United States.

“Live traffic video substantially boosts our situational awareness,” said Michael Walter, public information officer with the Houston, Texas, Office of Emergency Management. “It makes a real difference to how we do our jobs.”

...

http://www.emergencymgmt.com/safety/-Wealth-of-Video-Intelligence-Is-an-Exceptional-Resource-for-EOCs.html

The web-based system used for federal background investigations for employees and contractors has been suspended after “a vulnerability” was detected, the Office of Personnel Management (OPM) announced Monday.

OPM has been the subject of intense congressional probing following the cyber attack on the personnel records of at least 4.2 million current and former federal employees. The decision to suspend the agency’s “E-Qip” system, however, is not directly related to that hack or another one of a security clearance data base that was previously announced.

“The actions OPM has taken are not the direct result of malicious activity on this network, and there is no evidence that the vulnerability in question has been exploited,” an OPM statement said. “Rather, OPM is taking this step proactively, as a result of its comprehensive security assessment, to ensure the ongoing security of its network.”

...

http://www.washingtonpost.com/blogs/federal-eye/wp/2015/06/29/federal-background-check-system-shut-down-because-of-vulnerability/

What does it take to get PC or server backups to work properly and bring computers back to operational status? Correctly stored data files are a critical component for most organisations. However, on their own they won’t let you get back to business. You’ll also need the applications that generated those data files and you’ll need the associated configuration and profile information. That includes user and account-specific information and any purpose-built software modules to link your system to others in your enterprise. The smart solution would be to back up all of this information within the same process.

...

http://www.opscentre.com.au/blog/image-backups-help-you-get-back-in-business-faster/

AUSTIN, Texas – Texans will have the opportunity to assist with the state’s disaster recovery from the severe storms, tornadoes, and flooding that occurred from May 4 to June 19. Dozens of qualified Texans will be offered temporary jobs as local hires of the Federal Emergency Management Agency (FEMA) in its Austin, Denton, and Houston offices.

FEMA has partnered in this venture with the Texas Workforce Commission. Those interested may go to http://www.workintexas.com and create an account. Once logged in, click on “Search All Jobs” and type “FEMA” into the search bar.

Currently, there are six job categories posted:

  • Administrative/Clerical
  • Customer service
  • Logistics
  • Report writing
  • Switchboard/Help desk
  • Technical/Architecture/Engineering

FEMA positions with detailed job descriptions will remain posted through July 24 or until the jobs are filled.

Candidates must be 18 years of age or older and must be a U.S. citizen. Qualified applications will be forwarded to FEMA staff, who will select candidates for interviews. Selected candidates should have a valid government identification card, such as a driver’s license or military ID. Candidates will be required to complete a background investigation, which includes finger printing, and additional ID, such as Social Security card, birth certificate or passport. The hiring process may take up to 15 days from the date of application.

FEMA is committed to employing a highly qualified workforce that reflects the diversity of our nation. All applicants will receive consideration without regard to race, color, national origin, sex, age, political affiliation, non-disqualifying physical handicap, sexual orientation, and any other non-merit factor. The federal government is an Equal Opportunity Employer.

More positions may be posted on the TWC webpage as the disaster recovery continues.

All are encouraged to visit https://www.fema.gov/disaster/4223 for news and information about this disaster.


                                                                     ###

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status.  If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY, call 800-462-7585.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.  Follow us on Twitter at https://twitter.com/femaregion6.

FEMA’s temporary housing assistance and grants for childcare, medical, dental expenses and/or funeral expenses do not require individuals to apply for an SBA loan. However, those who receive SBA loan applications must submit them to SBA to be eligible for assistance that covers personal property, transportation, vehicle repair or replacement, and moving and storage expenses.

Visit www.fema.gov/texas-disaster-mitigation for publications and reference material on rebuilding and repairing safer and stronger

BI is about to take a big step forward, and a major driver for new capabilities will be self-service data integration capabilities, according to Jamil Rashdi, a senior infrastructure development manager.

Rashdi, a veteran IT leader and cloud infrastructure architect, takes a look at this year’s business intelligence self-service trends. Of course, BI is by its nature self-serve, but as he points out, that’s primarily been limited to simpler data discovery functions such as search, dashboards and visualization tools.

New advancements are pushing well beyond these self-serve features, he writes. Advancements in both BI and analytics solutions “are significantly broadening the scope of self-service BI” to include data preparation and manipulation tools — including ETL and data wrangling, or lightweight tools for transforming, integrating and cleansing data.

...

http://www.itbusinessedge.com/blogs/integration/bi-tools-adding-advanced-data-capabilities-but-beware-governance-lags.html

The lifecycle of any given technological innovation follows a fairly standard path: proposal, development, deployment and then either success or failure based on cost, efficacy, execution or a number of other factors.

With the cloud, however, we seem to be diverging from this pattern, or at the very least the process is being drawn out due to the radical and fundamental way it affects the entire data stack, and indeed the entire business model.

The private cloud in particular seems to be caught in a no-man’s land of doubt/certainty, confusion/clarity, and ongoing debate between those who support it to the nines and those who chalk it up to so much wishful thinking. On any given day, a web search of the terms “private cloud” can produce the following results:

...

http://www.itbusinessedge.com/blogs/infrastructure/shifting-the-cloud-debate-to-a-higher-plane.html

Hershey Entertainment and Resorts, the company that owns Hershey Park, is investigating a possible data breach.

And as a result, Hershey Park tops this week's list of IT security news makers, followed by Damballa, Malwarebytes and The Hartford.

What can managed service providers (MSPs) and their customers learn from these IT security news makers? Check out this week's list of IT security stories to watch to find out:

...

http://mspmentor.net/managed-security-services/062915/it-security-stories-watch-was-hersheypark-breached

TNS - Miss Piggy is flying again.

But even as the lumbering P-3 Orion aircraft takes part in its first mission since getting two new engines in a life-extending overhaul, the National Oceanic and Atmospheric Administration is looking for the next generation of hurricane hunting aircraft.

Miss Piggy and NOAA’s other Orion, named Kermit, are stationed at MacDill Air Force Base. Each plane was put into service during the mid-70s and has flown more than 10,000 hours, into more than 80 hurricanes. They are long, grueling missions, often subjecting the crew to zero gravity as the aircraft lurch up and down in buffeting winds. With the pounding they’ve taken, the planes need the $42 million refurbishing to stay on the job during the June through November hurricane season and beyond.

But even with new engines, new wings and upgraded avionics and scientific instrumentation, they won’t fly forever. More like 15 years.

...

http://www.emergencymgmt.com/disaster/Hurricane-planes-get-overhaul-as-NOAA-eyes-next-generation.html

The Online Trust Alliance (OTA) recently released its 2015 Online Trust Audit & Honor Roll. For the report, OTA analyzed approximately 1,000 websites in three categories: consumer protection, privacy and security. According to a release, the seventh annual audit now includes websites of the top 50 leading Internet of Things device makers, wearable technologies and connected home products.

It’s tough to make the honor roll; that’s what makes it special. But then, this is the type of honor roll you want companies to make, especially if it is a company you do business with (or if it is your website being evaluated). Unfortunately, nearly half of all of the websites failed. Even more alarming was that the new category of IoT had an even more dismal showing, with a 76 percent failure rate.

In an ITProPortal article, Craig Spiezle, executive director and president of OTA, stated:

...

http://www.itbusinessedge.com/blogs/data-security/is-your-website-failing-to-keep-customers-data-secure-and-private.html

Sure, the average consumer is worried about storing their data in the cloud or sharing it through cloud-based file sharing, but how can managed service providers (MSPs) respond to an enterprise when even their own IT professionals are worried about the state of security in the public cloud?

In 2011, Symantec and the National Cyber Security released a study that reveals cyber attacks cost small- and medium-sized businesses an average of $188,242. Perhaps even more alarming, research conducted by Gartner shows that nearly 90 percent of the companies that were victimized by a major data loss went out of business within six months of the attack.

One-third of the 1000 IT professionals responding to a Bitglass survey said that they experienced more security breaches with the public cloud than their internal information technology function.

...

http://mspmentor.net/infocenter-cloud-based-file-sharing/062915/even-it-pros-are-worried-about-public-cloud-security

Monday, 29 June 2015 00:00

Preparing for the Unexpected

Stuff happens. We may not like it, we may even consider it unfair, but it is a fact of life. In the business environment, the question is: Are management and the Board prepared to respond?

Two years ago, I had the opportunity to talk with the Chairman of the Board for a major institution. He observed he had talked with some of his peers about recurring situations across America that had caused a reputation hit. There was a train of thought in this discussion that there had to be a connection between an organization’s risk assessment and its crisis management. In other words, should the risk assessment process inform the organization’s crisis response team?

It’s a fair question. And it’s important. Even the proudest organizations and brands are not immune to being called out by the unexpected.

...

http://corporatecomplianceinsights.com/preparing-for-the-unexpected/

(TNS) — Philadelphia’s security preparations for Pope Francis’ 48-hour visit have been going on for more than a year. For Ignazio Marino, mayor of Rome, papal security is an everyday issue.

“It’s pretty tough because the pope is a terrific person, he attracts millions of people, so traffic and security is a huge, huge issue — particularly in these days and time with possibility of terroristic attacks, we are always concerned,” Marino said Thursday outside his office in Rome.

The final day of the Philadelphia delegation’s trip to Rome focused largely on getting input from Roman and Vatican City authorities on security and infrastructure for large-scale events featuring the pope. A separate news conference discussed the programming for the World Meeting of Families.

...

http://www.emergencymgmt.com/safety/Philadelphia-Security-Plans-Popes-Visit.html

Information overload. Big data. Social media. Mobile computing. Bring-your-own-device policies. Cloud computing. New technologies. Records and information management continues to struggle with fundamental and, to a degree, existential challenges. The challenges to records and information management created by today’s technology are unprecedented and ever changing. Executives responsible for ethics and compliance must now address growing complexities in the management of records and information within their organizations. They must identify and implement new tools and techniques to match the challenges of today and the future while creating a culture of compliance in the records and information management sphere that aligns with the needs of 21st century business.

The Definition of a Record Is Changing: Records Are Created and Stored Differently

The vast majority of today’s business is fueled by, and conducted using, technology. Business records are almost exclusively becoming electronic and are generated by a wide variety of ever-changing devices, systems and applications. Records managers who have historically employed retention schedules to detail appropriate retention periods and records disposition actions are faced with adjusting their thinking to accommodate new and different types of records. The volume of data and the proliferation of that data across many platforms, repositories and devices makes capturing, preserving, managing and eventually disposing of records exceedingly difficult.

...

http://corporatecomplianceinsights.com/records-information-management-2015-risk-perspective-2/

Recovery is the least understood (and least studied) part of the emergency management cycle with little systematic information about tracking progress geographically and over an extended time. Unfortunately, once the disaster field offices close in local communities, recovery activity wanes. For hard-hit communities, recovery is a long-term process of rebuilding lives, livelihoods and the sense of place that once characterized the community. Recovery takes months to years in some places and decades for other communities.

Hurricanes Katrina and Sandy afforded an opportunity to conduct a natural experiment to compare recovery from two different storms and their effects on two different locales: coastal New Jersey in the case of Sandy and coastal Mississippi for Katrina. While the storms were different in magnitudes and timing, each resulted in significant storm surge impacts affecting a large section of the coastline. For New Jersey, storm surge flooding occurred from Upper New York Bay south to Delaware Bay, ranging between eight feet at Sandy Hook to four feet in Downe Township. The entire Mississippi coastline was affected with storm surges ranging from 28 feet nearest to Katrina’s track close to the border with Louisiana and Bay St. Louis to 17 feet farther to the east in Pascagoula.

...

http://www.emergencymgmt.com/disaster/A-Tale-of-Two-Recoveries-Hurricanes-Katrina-and-Sandy-.html

The cybersecurity insurance industry is booming, with demand for this specialty coverage vastly outpacing any other emerging risk line, according to a new survey by London-based broker RKH Specialty. In fact, 70% of the insurance professionals surveyed listed cyber as the top casualty exposure.

The brokers, agents, insurers and risk managers RKH queried after April’s RIMS 2015 conference said their top casualty concerns after cyber are product recall and drones (11% each), with others including e-cigarettes, autonomous vehicles and telematics totaling only eight percent.

...

http://www.riskmanagementmonitor.com/cybersecurity-product-recall-and-drones-top-list-of-emerging-casualty-risks/

Public sector becomes top target for malware attacks in the UK

Public sector organisations are the number one target for malware attacks in the UK. This is according to the 2015 Global Threat Intelligence Report (GTIR) – an analysis of over six billion security attacks in 2014 – announced by NTT Com Security, the global information security and risk management company.

While financial services continues to represent the number one targeted sector globally with 18% of all detected attacks, in the UK market nearly 40% of malware attacks were against public sector organisations. This was three times more than the next sector, insurance (13%) and nearly five times more than the media and finance sectors (both 9%).

However, according to the GTIR, attacks against business and professional services organisations saw a sharp rise this year from 9% to 15% globally, while this sector also accounted for 15% of malware observed. Typically, these businesses are seen as being much softer than other targets, but due to their connection and relationship with much larger organisations, are high value targets for attackers. In the UK, this sector represented 6% of all malware attacks.

It is perhaps interesting to note that the Business Continuity Institute's latest Horizon Scan report identified that business continuity professionals in the financial and insurance sector expressed greater concern at the prospect of a cyber attack occurring. 56% of respondents to a global survey who work in the financial and insurance sector expressed extreme concern compared to only 34% and 30% in the professional services sector and public administration sector respectively.

Stuart Reed, Senior Director, Global Product Marketing at NTT Com Security, comments: “The fact that public sector figures are so high compared to other sectors in the UK is due largely to the value of the data that many of these organisations have, which makes them attractive and highly prized targets for malware attacks. While the level of threat may vary from organisation to organisation, they all have information that would be of interest to cyber criminals."

It’s also interesting that we have seen some campaigns specifically targeting business & professional services. It’s possible that companies in this sector may not have the equivalent security resources and skills in-house that many other larger companies do, yet they potentially yield high value for attackers as both an end target and a gateway target to strategic partners.

Sites in northern and central California and Montana selected to showcase climate resilience approach

 

The Department of the Interior (DOI), Department of Agriculture (USDA), Environmental Protection Agency (EPA), National Oceanic and Atmospheric Administration (NOAA), and the U.S. Army Corps of Engineers (USACE) today recognized three new collaborative landscape partnerships across the country where Federal agencies will focus efforts with partners to conserve and restore important lands and waters and make them more resilient to a changing climate. These include the California Headwaters, California’s North-Central Coast and Russian River Watershed, and Crown of the Continent.

Building on existing collaborations, these Resilient Lands and Waters partnerships – located in California and Montana/British Columbia – will help build the resilience of valuable natural resources and the people, businesses and communities that depend on them in regions vulnerable to climate change and related challenges. They will also showcase the benefits of landscape-scale management approaches and help enhance the carbon storage capacity of these natural areas.

The selected lands and waters face a wide range of climate impacts and other ecological stressors related to climate change, including drought, wildfire, sea level rise, species migration and invasive species. At each location, Federal agencies will work closely with state, tribal, and local partners to prepare for and prevent these and other threats, and ensure that long-term conservation efforts take climate change into account.

The Russian River meanders through Mendocino and Sonoma counties in Northern California mountains and meets the Pacific Ocean at Jenner, California. Credit: NOAA

The Russian River meanders through Mendocino and Sonoma counties in Northern California mountains and meets the Pacific Ocean at Jenner, California. (Credit: NOAA)

These new Resilient Lands and Waters sites follow President Obama’s announcement of the first set of Resilient Landscape partnerships (PDF, 209K) (southwest Florida, Hawaii, Washington and the Great Lakes region) at the 2015 Earth Day event in the Everglades.

Efforts in all Resilient Lands and Waters regions are relying on an approach that addresses the needs of the entire landscape. Over the next 18 months, Federal, state, local, and tribal partners will work together in these landscapes to develop more explicit strategies and maps in their programs of work. Developing these strategies will benefit wildfire management, mitigation investments, restoration efforts, water and air quality, carbon storage, and the communities that depend upon natural systems for their own resilience. By tracking successes and sharing lessons learned, the initiative will encourage the development of similar resilience efforts in other areas across the country.

For example, in the California Headwaters, an area that contributes greatly to state’s water supply, the partnership will build upon and unify existing collaborative efforts to identify areas for restoration that will help improve water quality and quantity, promote healthy forests, and reduce wildfire risk. In California’s North-Central Coast and Russian River Watershed, partners will explore methods to improve flood risk reduction and water supply reliability, restore habitats, and inform coastal and ocean resource management efforts. In Montana, extending into British Columbia, the Crown of the Continent partnership will focus on identifying critical areas for building habitat connectivity and ecosystem resilience to help ensure the long-term health and integrity of this landscape.

"From the Redwoods to the Rockies to the Great Lakes and the Everglades, climate change threatens many of our treasured landscapes, which impacts our natural and cultural heritage, public health and economic activity," said Secretary of the Interior Sally Jewell. “The key to making these areas more resilient is collaboration through sound science and partnerships that take a landscape-level approach to preparing for and adapting to climate change.

“As several years of historic drought continue to plague the West Coast, there is an enormous opportunity and responsibility across federal, state and private lands to protect and improve the landscapes that generate our most critical water supplies,” said Secretary of Agriculture Tom Vilsack. “Healthy forest and meadows play a key role in ensuring water quality, yield and reliability throughout the year. The partnerships announced today will help us add resiliency to natural resource systems to cope with changing climate patterns.”

“Landscape-scale conservation can help protect communities from climate impacts like floods, drought, and fire by keeping watersheds healthy and making natural resources more resilient,” said EPA Administrator Gina McCarthy. “EPA is proud to take part in the Resilient Lands and Waters Initiative.

“Around the nation, our natural resources and the communities that depend on them are becoming more vulnerable to natural disasters and long-term environmental change," said Kathryn Sullivan, Ph.D., NOAA Administrator. “The lands and waters initiative will provide actionable information that resource managers and decision makers need to build more resilient landscapes, communities and economies."

"The Army Corps of Engineers is bringing our best scientific minds together to participate in this effort. We are working to ensure that critical watersheds are resilient to changing climate,” said Jo-Ellen Darcy, Assistant Secretary of the Army for Civil Works. “The Army Corps’ participation in this effort along with our local, state and federal partners demonstrates our commitment to implement President Obama's Climate Action Plan in all of our missions."

The Resilient Lands and Waters initiative is a key part of the Administration’s Climate and Natural Resources Priority Agenda (PDF, 8.9MB), a first of its kind, comprehensive commitment across the Federal Government to support resilience of America’s vital natural resources. It also directly addresses Goal 1 of the National Fish Wildlife and Plant Climate Adaptation Strategy to conserve habitat that supports healthy fish, wildlife, and plant populations and ecosystem functions in a changing climate.

When President Obama launched his Climate Action Plan (PDF, 319K) in 2013, he directed Federal agencies to identify and evaluate approaches to improve our natural defenses against extreme weather, protect biodiversity and conserve natural resources in the face of a changing climate. The Climate Action Plan also directs agencies to manage our public lands and natural systems to store more carbon.

Learn more information about the three selected landscapes (California Headwaters, California’s North-Central Coast and Russian River Watershed, and Crown of the Continent)


NOAA’s mission is to understand and predict changes in the Earth's environment, from the depths of the ocean to the surface of the sun, and to conserve and manage our coastal and marine resources. Join us on Facebook, Twitter, Instagram and our other social media channels.

Security experts have a lot of concerns and added responsibilities as connected devices, large and small, burrow their way ever deeper into people’s lives. Nowhere is the increasing need for oversight greater than in health care.

This week, the Workgroup for Electronic Data Interchange (WEDI) released a primer on how a health care organization should protect itself in cyberspace. In its story on the primer, Health IT Security carries a statement from WEDI President and CEO Devin Jopp illustrating the acceleration of health care compromises. From 2010 to 2014, 37 million health care records were compromised in breaches. That sounds like a lot, until it is considered that there were 99 million compromises in just the first quarter of this year. The primer has sections on the lifecycle of cyberattacks and defense, the anatomy of an attack, and ways of “building a culture of prevention.”

Those attacks were aimed at gathering patients’ financial and related data. Another health care vulnerability – and one that is in many ways even more frightening – is attacking connected health care devices in order to hurt people. For some reason, there are people in this world who find it okay to interfere with a heart patient’s pacemaker.

...

http://www.itbusinessedge.com/blogs/data-and-telecom/cybersecurity-especially-tough-in-health-care.html

While managed service providers (MSPs) are certainly well-versed in the areas of cloud-based file sharing and data storage, it pays to be just as familiar with some of the areas of interest of your clients. As MSPs see more healthcare companies migrating their services to the cloud – whether due to a relaxation of restrictions or a decision to evolve – the need for familiarity in this potentially lucrative market is as important as ever.

When the Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996, data security and privacy on the internet were not exactly the big concerns of the day. Then again, the MSP business model we know and love today didn’t even exist.

Fast forward about 20 years – and through a couple of generations of computing platforms – and HIPAA compliance has become a hot topic as health care organizations, at long last, begin to crawl out from under mountains of paper and into the digital world.

...

http://mspmentor.net/infocenter-cloud-based-file-sharing/062415/four-things-msps-should-know-about-hipaa-compliance-and-cloud

Wednesday, 24 June 2015 00:00

Shape Your Risk Culture

Today, institutions have become sophisticated in establishing an enterprise risk management infrastructure that includes risk management departments, appetite, framework, policies, limits, models, governance, key risk indicators, reporting and processes. Organizations are set up to manage risks of different kinds: strategic, business, market, credit, counterparty, earnings, capital, liquidity, concentration, legal, operational, model, reputational, funding, and even emerging risks. Effective risk management is not just about the infrastructure, it is also about the people. A major shortcoming that many institutions can improve on is putting boundaries on what is an acceptable “risk culture.” It has been a cause of many disastrous financial failures, including the, LIBOR rate manipulation, collapse of Bear Stearns, and Madoff’s Ponzi scheme. It is a risk management critical success and “random” risk aversion factor. It has become a buzz term and is on the radar of many institutions including hedge funds, banks, insurance companies, corporations, and regulators. For example, the Financial Conduct Authority (FCA) is a new regulatory body created on April 2013 as one of the successors to the United Kingdom’s Financial Services Authority. It has the power to regulate conduct related to the marketing of financial products and investigate organizations and individuals.

What is risk culture? See Figure 1. Ultimately it is behavior that is influenced by ethics, values, and beliefs of people in an organization that collectively supports the risk management of an organization. It is then easy to understand how well it supports risk management, which should be driven by five risk culture conditioning elements: leadership, risk knowledge, risk understanding, risk transparency, and reward system.

...

http://blog.metricstream.com/2015/shape-your-risk-culture/

An unusual combination of big and small tech companies are working on ways to accelerate the development of cloud computing technologies.

On Tuesday, an organization called Docker announced that its commercial software, used to create and maintain other software applications easily for millions of computers and mobile phones, would become generally available.

The commercial product follows an initial open source release of Docker, and it includes among other things a way that companies can securely store and share their software. In an unusually broad partnership, the product would be available not just from Docker, but from Amazon’s cloud computing business, AWS; IBM; and Microsoft.

...

http://bits.blogs.nytimes.com/2015/06/23/tech-companies-line-up-behind-containers-and-the-cloud/

Continuous monitoring on its own is great for the detection and remediation of security events that may lead to breaches. But when it comes to allowing us to measure and compare the effectiveness of our security programs, there are many ways that simply monitoring falls short. Most significantly, it does not allow us to answer the question of whether not we are more or less secure than we were yesterday, last week or last year.

This is a question that we all have grappled with in the security community, and more recently, in the board room. No matter how many new tools you install, settings you adjust, or events you remediate, there are few ways to objectively determine your security posture and that of your vendors and third parties. How do you know if the changes and decisions you have made have positively impacted your security posture if there is no way to measure your effectiveness over time?

...

http://www.riskmanagementmonitor.com/measuring-risk-why-we-need-standards-for-continuous-monitoring-assessment/

As drought grips California, floods overpower Texas and Eastern cities grapple with crumbling sewers that pump contaminated runoff into waterways, state and local governments are revisiting how they get, use and manage water. 

One method is to harness the rain. Some governments are doing this through massive systems that treat and pump stormwater back to residents, while others are looking to the installation of rain collection systems for homes and businesses. A few cities are introducing green infrastructure designed to put water back into the ground rather than letting it flow down the street.

Sally Brown, an associate professor at the University of Washington, said the last time governments spent significant amounts of money on water issues was after the Clean Water Act in the 1970s, when they had to change how they treated water and wastewater. Today, environmental factors coupled with water availability are forcing state and local officials to create new policies and invest financially to ensure future access to water.

...

http://www.emergencymgmt.com/disaster/States-Revisit-Method-to-Harness-Rain-to-Combat-Drought-and-Floods.html

Wednesday, 24 June 2015 00:00

Another Cloud Boom Coming Our Way?

As a managed service provider (MSP), you must know that cloud adoption is in full-swing, right? Well, what if we were to tell you that another cloud computing boom is still to come? Whether you believe it or not, research suggests that a slew of new opportunities could be on the way for MSPs in the world of cloud data storage and cloud-based file sharing

When a new technology is unleashed on the world, it often makes itself known in waves. First, there is in the initial announcement and discussion of the technology. Upon release, there are the early adopters that look to take hold of it. Then, perhaps after some feedback and revisions, most technologies that are destined for longevity will see a great boom in acceptance and adoption.

...

http://mspmentor.net/infocenter-cloud-based-file-sharing/another-cloud-boom-coming-our-way

Tuesday, 23 June 2015 00:00

6 Steps to Reduce Business Travel Risks

Serious medical emergencies, political unrest and devastating natural disasters – these are just a few of the dangers business travelers face as they travel the world on behalf of their companies.  Even seemingly smaller travel issues, such as a lost prescription, a stolen passport or even a cancelled flight can wreak havoc on one’s travel plans at the worst possible moment. All of these risks are abundant in business travel, and as employees circle the globe, it’s your responsibility to protect them from these risks with proactive crisis management.

A key component of any well-rounded Travel Risk Management (TRM) strategy, proactive crisis management can help organizations meet their Duty of Care objectives and prevent issues from becoming even more serious.  Companies must be ready to deal with crises as opposed to simply just reacting to them – and this knowledge can only come through experience. This experience is best found by incorporating crisis response exercises into your company’s TRM strategy. Here’s how:

...

http://www.corporatecomplianceinsights.com/6-steps-to-reduce-business-travel-risks/

Low river flow and nutrient loading reason for smaller predicted size

 

Scientists are expecting that this year’s Chesapeake Bay hypoxic low-oxygen zone, also called the “dead zone,” will be approximately 1.37 cubic miles – about the volume of 2.3 million Olympic-size swimming pools. While still large, this is 10 percent lower than the long-term average as measured since 1950.

The anoxic portion of the zone, which contains no oxygen at all, is predicted to be 0.27 cubic miles in early summer, growing to 0.28 cubic miles by late summer. Low river flow and low nutrient loading from the Susquehanna River this spring account for the smaller predicted size.

This chart shows, in the upper portion, the location of hypoxic (yellow, orange and red shading) bottom waters of Chesapeake Bay during the  early July,2014 survey. The bottom portion shows a longitudinal "slice" of the Chesapeake Bay main stem showing the depth of the hypoxic waters thru the central area of the Bay.  These data are collected by Maryland and Virginia as part of the comprehensive Chesapeake Bay Monitoring Program. (Credit: Maryland Department of Natural Resources)

This chart shows, in the upper portion, the location of hypoxic (yellow, orange and red shading) bottom waters of Chesapeake Bay during the early July,2014 survey. The bottom portion shows a longitudinal “slice” of the Chesapeake Bay main stem showing the depth of the hypoxic waters thru the central area of the Bay. These data are collected by Maryland and Virginia as part of the comprehensive Chesapeake Bay Monitoring Program. (Credit: Maryland Department of Natural Resources)

This is the ninth year for the Bay outlook which, because of the shallow nature of large areas of the estuary, focuses on water volume or cubic miles, instead of square mileage as used in the Gulf of Mexico dead zone forecast announced last week. The history of hypoxia in the Chesapeake Bay since 1985 can be found at EcoCheck, a website from the University of Maryland Center for Environmental Science.

The Bay’s hypoxic and anoxic zones are caused by excessive nutrient pollution, primarily from human activities such as agriculture and wastewater. The nutrients stimulate large algal blooms that deplete oxygen from the water as they decay. The low oxygen levels are insufficient to support most marine life and habitats in near-bottom waters and threaten the Bay’s production of crabs, oysters and other important fisheries.

The Chesapeake Bay Program coordinates a multi-year effort to restore the water and habitat quality to enhance its productivity. The forecast and oxygen measurements taken during summer monitoring cruises are used to test and improve our understanding of how nutrients, hydrology, and other factors affect the size of the hypoxic zone. They are key to developing effective hypoxia reduction strategies.

The predicted “dead zone” size is based on models that forecast three features of the zone to give a comprehensive view of expected conditions: midsummer volume of the low-oxygen hypoxic zone, early-summer oxygen-free anoxic zone, and late-summer oxygen-free anoxic zone. The models were developed by NOAA-sponsored researchers at the University of Maryland Center for Environmental Science and the University of Michigan. They rely on nutrient loading estimates from the U. S. Geological Survey.

“These ecological forecasts are good examples of the critical environmental intelligence products and tools that NOAA is providing to stakeholders and interagency management bodies such as the Chesapeake Bay Program,” said Kathryn D. Sullivan, Ph.D., under secretary of commerce for oceans and atmosphere and NOAA administrator. “With this information, we can work collectively on ways to reduce pollution and protect our marine environments for future generations.”

The hypoxia forecast is based on the relationship between nutrient loading and oxygen. Aspects of weather, including wind speed, wind direction, precipitation and temperature also impact the size of dead zones. For example, in 2014, sustained winds from Hurricane Arthur mixed Chesapeake Bay waters, delivering oxygen to the bottom and dramatically reducing the size of the hypoxic zone to 0.58 cubic miles.

“Tracking how nutrient levels are changing in streams, rivers, and groundwater and how the estuary is responding to these changes is critical information for evaluating overall progress in improving the health of the Bay,” said William Werkheiser, USGS associate director for water. “Local, state and regional partners rely on this tracking data to inform their adaptive management strategies in Bay watersheds.”

The USGS provides the nutrient runoff and river stream data that are used in the forecast models. USGS estimates that 58 million pounds of nitrogen were transported to the Chesapeake Bay from January to May 2015, which is 29 percent below average conditions. The Chesapeake data are funded through a cooperative agreement between USGS and the Maryland Department of Natural Resources. USGS operates more than 400 real-time stream gages and collects water quality data at numerous long-term stations throughout the Chesapeake Bay basin to track how nutrient loads are changing over time.

“Forecasting how a major coastal ecosystem, the Chesapeake Bay, responds to decreasing nutrient pollution is a challenge due to year-to-year variations and natural lags,” said Dr. Donald Boesch, president of the University of Maryland Center for Environmental Science, “But we are heading in the right direction.”

Later this year researchers will measure oxygen levels in the Chesapeake Bay. The final measurement in the Chesapeake will come in October following surveys by the Chesapeake Bay Program’s partners from the Maryland Department of Natural Resources (DNR) and the Virginia Department of Environmental Quality. Bimonthly monitoring cruise updates on Maryland Bay oxygen levels can be found on DNR’s Eyes on the Bay website at www.EyesontheBay.net

USGS provides science for a changing world. Visit USGS.gov, and follow us on Twitter @USGS and our other social media channels. Subscribe to our news releases via e-mailRSS or Twitter.

NOAA’s mission is to understand and predict changes in the Earth’s environment, from the depths of the ocean to the surface of the sun, and to conserve and manage our coastal and marine resources. Join us on FacebookTwitterInstagram and our other social media channels.

The conventional wisdom these days seems to be that MSPs should ditch break-fix all together. We’ve heard this advice from MSP partners like Guy Baroan and Vince Tinnirello. According to both of them, the full managed services model makes sense because it’s simple to invoice, easy to budget for, and both clients and the provider have service agreements that make it all quite simple. Not to mention the fact that it’s a much more proactive method where maintenance occurs constantly, not just when something goes wrong.

Little did we know, however, that there are plenty of MSPs that are happy to work as hybrids, and they have some good reasons for doing so:

...

http://mspmentor.net/blog/where-break-fix-and-managed-services-meet

Why should data be erased?

Companies, no matter whether they are part of a large corporation or a smaller business, definitely need to use a professional data erasure method if they want to ensure that their data doesn’t fall into the wrong hands, like the Brighton and Sussex University Hospitals NHS Trust experienced in 2008.

Generally speaking, due to legal and internal regulations, data should be erased at the end of its so-called lifecycle. There are a number of existing national rules, regulations and laws that already require companies to comply with data protection measures, and thus also with data erasure. The provisions concerning data erasure will also become significantly tougher with the introduction of the European data protection regulation. The central element of this regulation, which is expected to come into force early next year, is certainly Article 17, which gives force of law to the “right to deletion” or the “right to be forgotten”.

To cut a long story short: Article 17 requires that all saved personal information that is no longer needed for its original purpose, for which no consent was given for its processing, or if its agreed retention period has expired, is to be securely erased. This requirement applies to all data collected, structured, transmitted and distributed concerning EU citizens, irrespective of the country or the storage system where the data is saved. For all companies, regardless of their size, this means that they should prepare intensively as of now and adapt all their processes to the new rules.

...

http://blog.krollontrack.co.uk/top-tips/when-to-use-data-erasure-software-or-a-degausser/

When it comes to singling out sectors that are in the forefront of disaster recovery, finance is often quoted as an example. With so much depending on the ability to recover systems and data rapidly after any incident, major banks were among the first to implement hot failover data centres for instance – as well as being among the only organisations that could afford them. At the other end of the scale, there are those that are particularly ill-equipped to deal with IT disasters. The education sector has been identified as one example, but another group falling short of the levels required could surprise you.

...

http://www.opscentre.com.au/blog/teachers-and-role-models-falling-down-on-disaster-recovery/

Tuesday, 23 June 2015 00:00

Tangents on Resilience

It seems that it now officially become a buzz-phrase – ‘Organisational Resilience’: impossible to define because there are many differing perceptions about what it is.  BS 65000-2014 says that it’s this: ‘ability of an organization to anticipate, prepare for, and respond and adapt to incremental change and sudden disruptions in order to survive and prosper’.  So I’m going with that for the time being.  I want to particularly focus on the last three words: ‘survive and prosper’. I think that there is too much emphasis on the ‘survive’ part when in fact it is probably the focus of most organisations to prosper, unless there is an oncoming wave of water, disease or armed terrorists.  The fact that there may well be a variable risk of such waves affecting many elements of our societies at some level or another is probably lost – or at least ignored by – most business organisations. The truth is they have to focus on the bottom line – and scaremongering about the catastrophes that may (not will) befall them will cut no ice.

...

https://buckssecurity.wordpress.com/2015/06/22/tangents-on-resilience/

If the FirstNet national first responder network succeeds, it’ll be because federal officials who are planning and deploying the network forged strong partnerships with states and localities. That’s why comments from state CIOs at the NASCIO Midyear Conference in April are troubling.

Although state CIOs generally support the concept of a nationwide interoperable public safety network, they’re clearly frustrated with the lack of details coming from the federal First Responder Network Authority about how the new network will be built and paid for.

“FirstNet is a fantastic idea, but people like me are very skeptical of something where nobody can show me the plan and nobody can show me the cost,” said Alabama CIO Brunson White. “I’ll remain skeptical until somebody does that, and we’ve been asking for a while now.”

...

http://www.emergencymgmt.com/safety/CIOs-Raise-Questions-About-FirstNets-Viability-.html

(TNS) — Private security guards working at Iowa malls, schools and corporations have no required training and no recurring background checks, despite increased threats at these facilities.

Lawmakers and the public are raising questions about licensing requirements for private security companies after an off-duty guard fatally shot a woman June 12 at Coral Ridge Mall in Coralville.

Alexander M. Kozak, 22, of North Liberty, is being held on first-degree murder charges that he targeted mall employee Andrea Farrington, 20, and gunned her down amid hundreds of shoppers.

“Most organizations want to give the appearance of security, but they don’t want the substance,” said Tom M. Conley, president and chief executive officer of the Conley Group, a private security company in Urbandale.

...

http://www.emergencymgmt.com/safety/Mall-shooting-draws-attention-to-lack-of-training-oversight-for-private-security-industry.html

Tuesday, 23 June 2015 00:00

Three Problems that Prove You Need a CDO

A few signs show that organizations might be retreating from the idea of a chief data officer. Instead, some organizations are adding strategic data functions to the CIO’s job. But is that enough or does the growing demand require a dedicated data executive?

Here are three reasons why I think organizations may want to embrace chief data officers.

First, as I shared in my last piece, most CIOs don’t want the data officer task. Experian surveyed CIOs last November and found that an incredible 92 percent of CIOs “are calling out for a CDO role to release the data pressures they face and enable a corporate wide approach to data management.” Call me crazy, but to me, it’s pretty clear that the people who have thus far handled the job say it needs a separate role.

...

http://www.itbusinessedge.com/blogs/integration/three-problems-that-prove-you-need-a-cdo.html

With great convenience comes great responsibility...

Once a month I use my blog to highlight some of S&R’s latest and greatest. The cloud is attractive for many reasons -- the possibility of working from home, the vast array of performance and analytical capabilities available, knowing that your backups are safe from that fateful coffee spill, etc. Although the cloud is not a new concept, the security essentials behind it unfortunately remain a mystery to practically all users. What’s worse, the security professionals tasked with protecting corporate data rarely have visibility into all the risk -- it’s simply too easy for users to make critical cloud decisions without process or oversight.   

Underestimating or neglecting the necessary security practices that a cloud requires can lead to hacks, breaches, and horrendous data leaks. We’ve seen our fair share of security embarrassments that range from Hollywood execs to the US government, and S&R pros know that these are far from done.

...

http://blogs.forrester.com/stephanie_balaouras/15-06-22-forresters_security_risk_research_spotlight_dont_let_cloud_go_over_your_head

Tuesday, 23 June 2015 00:00

Creating a Risk Intelligent Organization

Many organizations spend time and effort building and developing robust risk mitigation frameworks and strategies to handle business-specific risks. In spite of constant monitoring through dashboards and reports, many companies still face major and unexpected issues. One of the main reasons for shortfalls in risk management is the general attitude towards risk mitigation. Although companies are well-prepared with an infrastructure in place, they often struggle when cultivating a sense of risk awareness, responsibility and intelligence into and across the fabric of an organization, which results in gaps and deficiencies.

Every organization realizes the significance of risk intelligence, but they frequently face issues in the initial stage of their transition. Developing a risk culture is frequently viewed as just a requirement to be fulfilled rather than something that adds value to an enterprise. Without a clear agenda, many companies find it impossible to cultivate risk-taking capabilities into its employee base.

Risk intelligence demands that every individual in an organization take responsibility for managing risks in the day-to-day operations. Senior management should assess the existing risk management strategy and gauge its effectiveness in alleviating risks as well as developing awareness throughout the organizational structure.

...

http://www.riskmanagementmonitor.com/creating-a-risk-intelligent-organization/

Here’s the conundrum: There is a shortage of IT professionals who have the skills that employers need, and at the same time, there is an abundance of bright, eager people who dream of obtaining those skills and building a career in IT, but who simply lack the wherewithal to obtain a four-year college degree to realize that dream. The solution to this problem has long seemed destined to elude us. But maybe there is an answer after all.

That’s the conclusion I drew after learning about the Creating IT Futures Foundation (CITFF), the philanthropic arm of CompTIA, the Downers Grove, Ill.-based IT trade association best known for its certification programs. Formerly called the CompTIA Educational Foundation, CITFF is headed by CEO Charles Eaton, who was brought on board in 2010 “to find a more impactful way to engage in our strategy.” That strategy, in Eaton’s words, is to “move the needle on getting people who need an opportunity into IT careers.”

...

http://www.itbusinessedge.com/blogs/from-under-the-rug/a-ray-of-hope-for-disadvantaged-people-who-dream-of-a-career-in-it.html

Let’s face it, you don’t know what’s happening until It’s happened; it takes time to find out what has occurred. What it major? Is it minor? Did IT get impacted? Was revenue (or other financial impacts) lost? Does the public know? Or worse, does the media know?

I’m all for plans and planning but you just won’t know everything up front when some sort of operational interruption occurs; be it weather related, power related, or some other interruption that causes a major disruption for the organization. Confusion is going to be present and it’s going to be present until you’ve got a handle on the situation. The amount of time from the disaster or operational interruption to the time you have a handle on what’s going on – and what needs to be done by way of a response, is where your plans and processes kick in.

...

https://stoneroad.wordpress.com/2015/06/21/bcm-dr-confusion-is-bound-to-be-present/

OKLAHOMA CITY – The recent severe storms, floods, straight-line winds and tornadoes occurring May 5 through June 4 damaged public and private roads and bridges.

The Federal Emergency Management Agency (FEMA) and the U.S. Small Business Administration (SBA) may be able to help when repairing privately owned access roads and bridges.

FEMA’s Individual Assistance program could cover the expenses of repairing privately owned access roads if the following criteria are met:

  • It is the applicant’s primary residence;
  • It is the only access to the property;
  • It is impossible to access the home with the damaged infrastructure; or
  • The safety of the occupants could be adversely affected.

SBA is FEMA’s federal partner in disaster recovery, and may also help. Private property owners, established homeowner associations and properties governed by covenant may apply for a low-interest disaster loans directly through SBA. These funds can be used to repair or replace private roads and bridges. Privately owned access roads owned by homeowner associations may apply directly to the SBA.

Homeowners who jointly own access roads and bridges may also be eligible for repair grants or SBA loans under certain circumstances. In some cases, sharing the cost of repairs with funds obtained through a combination of FEMA, SBA loans and private funds may be another option. The affected homeowners should each register with FEMA individually.

Survivors can apply for state and federal assistance online at www.DisasterAssistance.gov or by calling 800-621-FEMA (3362) or (TTY) 800-462-7585. Those who use 711-Relay or Video Relay Services can call 800-621-3362 to register.

Each request for private road or bridge repair assistance is evaluated on a case-by-case basis.

Repair awards through Individual Assistance funding are for disaster-related damages and will not include improvements to the road’s pre-disaster condition, unless improvements are required by current local or state building codes of ordinances.

To register online visit www.DisasterAssistance.gov, by phone at toll-free 800-621-3362 or (TTY) 1-800-462-7585, or via smartphone or tablet at m.fema.gov.

For more information on Oklahoma disaster recovery, click http://www.fema.gov/disaster/4222 or visit OEM at www.oem.ok.gov

###

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status.  If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

The Oklahoma Department of Emergency Management (OEM) prepares for, responds to, recovers from and mitigates against emergencies and disasters. The department delivers services to Oklahoma cities, towns and counties through a network of more than 350 local emergency managers.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow us on Twitter at www.twitter.com/femaregion6 and the FEMA Blog at http://blog.fema.gov.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners, and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling (800) 659-2955, emailing disastercustomerservice@sba.gov, or visiting SBA’s website at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call (800) 877-8339.

The Federal Communications Commission (FCC) is asking AT&T, in the form of a possible $100 million fine, to explain why it apparently throttled subscribers when it said their services were unlimited. The FCC says that the limitations kicked in after consumption of 5GB of data in a month.

This, Computerworld reports, has been happening since 2011: The company has 30 days to respond to the allegations. The FCC then will make an official determination. Even if the $100 million hit stands, it may have been worth it for AT&T:

The FCC said it's aware that the fine, while large, is a fraction of the revenue AT&T made from offering its unlimited plan to consumers. It is also considering other redress, including requiring AT&T to individually inform customers that its disclosures were in violation of rules and to allow them out of applicable contracts with no penalty.

...

http://www.itbusinessedge.com/blogs/data-and-telecom/fcc-to-att-what-part-of-the-word-unlimited-confuses-you.html

The future of enterprise IT will be defined by the need to securely deliver a more consumer-like application experience that can be updated in a matter of minutes.

Speaking at the launch this week of a VMware Business Mobility initiative, VMware CEO Pat Gelsinger says this brave new world of enterprise IT will require not only fundamental changes to the way enterprise applications are built and delivered, but also the way IT infrastructure is provisioned and managed.

The VMware Business Mobility initiative unifies the delivery of identity management as a service provided by the AirWatch unit of VMware and the software-defined networking (SDN) technologies that VMware gained when it acquired Nicira in 2012.

...

http://www.itbusinessedge.com/blogs/it-unmasked/vmware-ceo-a-brave-new-world-of-enterprise-it.html

If you work in an office, you might think that everyone’s favorite pastime is to complain about how inefficient IT is at helping to solve your technical issues in a timely manner. But surprise, surprise; according to a new study from Landesk, a majority of employees actually reported being very satisfied with their organization’s IT customer service.

Landesk announced the results of its 2015 Global State of IT Support Study, which surveyed 2,500 employees in the United States and Europe to determine how satisfied they are with their organization’s IT customer service. According to the survey, 80 percent of respondents said they would give their IT departments a grade of either “A” or “B” in terms of customer satisfaction, which seriously bucks the stereotype of inefficient IT workers.

...

http://mspmentor.net/msp-mentor/061915/survey-employees-actually-satisfied-it-service

Monday, 22 June 2015 00:00

Look Forward with Your Hybrid Cloud

The cloud industry is starting to look a lot like the wine industry: Experts galore are ready to declare what is and is not a quality cloud, and hybrids and cross-breeds incorporate various components to produce a wide variety of options for consumers.

The debate over the efficacy of the various cloud approaches now on the market will likely continue for some time to come, as neither public nor private infrastructure appears to be going anywhere soon. But remember that all data infrastructure solutions are a means to an end, so it is important to keep your ultimate goals in mind when pursuing any one strategy.

This can be a tricky thing to do, says IBM’s John Easton, because most IT professionals tend to view cloud solutions from their own perspectives as managers of traditional data center infrastructure. In fact, he says he can guess a person’s particular job based on their rationales for migrating to the cloud, such as improved systems management or greater scalability. But this ultimately diminishes the return on any cloud investment because it focuses on how the cloud can solve current problems rather than how it can open new opportunities for the future. This is why most hybrid cloud deployments have proven to be of middling success at best – they are geared largely toward cost-saving and infrastructure efficiency rather than more forward-looking data portability and development agility opportunities.

...

http://www.itbusinessedge.com/blogs/infrastructure/look-forward-with-your-hybrid-cloud.html

It’s a little known fact that flash-based storage can be too much for most systems. Designed back in the days when slow hard disk drives (HDDs) carried out the reading and writing of data, today’s channels for information transport often can’t cut it when loaded up with flash. The result is bottlenecking applications: the combined might of multicore processors, abundant RAM and flash pack far more processing punch than can be relayed by the associated storage protocols and bus architectures.

Enter Non-Volatile Memory Express (NVMe). It's a PCIe-based approach to resolving those bottlenecks. And it’s about to capture the imagination of the storage world.

“I’ve been at this for more than 20 years and NVMe is one of the most revolutionary, most anticipated and most exciting developments I’ve seen,” said Doug Rollins, Senior Technical Marketing Engineer, Enterprise Solid State Drives for the Storage Business Unit at Micron Technology.

...

http://www.enterprisestorageforum.com/storage-hardware/nvme-the-golden-ticket-for-faster-flash-storage-1.html

(TNS) — The Buckskin fire looks a little different on Matthew Krunglevich's computer screen, an adornment of yellow dots smeared across part of a southwestern Oregon map, with dashes of orange along the blaze's eastern and southern edges.

At a glance, this view from NASA's MODIS — Moderate Resolution Imaging Spectroradiometer — satellite doesn't look like much. But it actually tells Krunglevich, of the Oregon Department of Department of Forestry, a lot. The splashes of color southwest of Cave Junction show where the fire is burning and where it's burning hottest: yellow equals warm, orange equals warmer. Predictably, the orange is shown where the fire is burning outward, where the flames are newer.

"It gives us an idea of — but a really rough approach — to how big a fire is, where there's heat activity on a fire on a broad scale," Krunglevich says.

It's one tool in a growing high-tech toolbox that can help crews prioritize resources as needed. Because in an area such as southwestern Oregon that's so consistently primed for summer wildfires, the more information, the better, fire officials say.

...

http://www.emergencymgmt.com/disaster/Wildland-firefighters-use-satellites-infrared-to-track-smoke-lightning-strikes.html

(TNS) — As the nation mobilizes to determine what motivated the gunman in the Charleston, S.C., massacre, the shootings highlight what a number of experts said Thursday is a chilling reality: The greatest danger from terrorism may be from our own ranks and within our own borders.

“Since 9/11, our country has been fixated on the threat of jihadi terrorism,” said Richard Cohen, president of the Southern Poverty Law Center. “But the horrific tragedy at the Emanuel AME reminds us that the threat of homegrown domestic terrorism is very real.”

Dylann Storm Roof, 21, was arrested Thursday in Shelby, N.C., ending a massive manhunt that began after the killing of nine people attending a Bible study at the Emanuel African Methodist Episcopal Church on Wednesday night.

Now comes the investigation into how and why it happened.

...

http://www.emergencymgmt.com/safety/Suspect-in-church-shootings-is-an-enigma-but-threat-of-domestic-terrorism-is-clear.html

The term Internet of Things may have sprung to fame only recently, but its origin dates back several years. Apparently, it was first used in 1999 at a research facility located at the famous American university MIT, the Massachusetts Institute of Technology.

But what exactly is the Internet of Things? Conceptually, the IoT is simple: it describes a reality where things are capable of exchanging information. To fully understand the IoT’s potential, imagine that a growing quantity of objects- not PCs, smartphones and tablets, but common everyday objects – become capable of communicating with one another, exchanging data collected from sensors, accelerometers and GPS systems to provide us with services and information based on these readings.

This type of communication among objects is generally referred to by the acronym M2M, representing the Machine to Machine communication that allows wireless and wired devices to converse.

But what are the possible applications for the Internet of Things?

...

http://blog.krollontrack.co.uk/pieces-of-interest/internet-of-things-the-future-is-made-of-smart-objects-and-data/

There has been a lot of talk about the degree of enterprise readiness of the cloud. Some argue that it doesn’t have the performance capabilities of data center-based applications. Maybe the question we should be asking is whether the service is enterprise-ready. Many existing cloud services have a consumer heritage—fine for individual users and perhaps a very small business. And therein lies the problem. An enterprise-ready service should be designed from the ground up to operate in the cloud and provide enterprise-level performance, features and security.

...

http://mspmentor.net/blog/making-cloud-backup-enterprise-ready-msps

Increasing complexity means that business continuity professionals need to rethink some of the paradigms of the practice, says Geary Sikich.

Introduction

Business continuity professionals need to rethink some of the paradigms of the practice. All too often we tend to fall back on what are considered the tried and true ways of doing things. This essentially leaves us in two camps; the first, evolved out of information technology and disaster recovery and the second, evolved out of emergency preparedness (tactical planning), financial risk management (operational) and strategic planning (strategic). These two camps each offer much to be desired. The first, having renamed disaster recovery and calling it business continuity still retains a strong focus on systems continuity rather than true business continuity; but this is not a bad thing. The second, has begun a forced merger of sorts; combining the varied practices at three levels (tactical, operational and strategic) and renaming it enterprise risk management (ERM). The second group still retains strong perspectives on risk management; that is why I have divided it into the three sub-groups (tactical, operational and strategic).

...

http://www.continuitycentral.com/index.php/news/business-continuity-news/315-feature1324

Small to midsize businesses (SMBs) may be finally realizing the extent to which cybercrimes can affect them, but do they realize just how intently hackers are targeting them? A report by Check Point Software says that SMBs have become “the cybercriminal’s ‘sweet spot,” due to a lower level of IT security but still a decent level of valuable information that can be utilized to make money.

The Check Point report says that appropriately 63 percent of SMBs are worried about malware, and 38 percent are worried about possible phishing scams, but 31 percent aren’t doing anything to protect against such threats. This report also cites statistics from the CyberSecurity Alliance that say 36 percent of cyberattacks target small businesses and of those businesses that are attacked, 60 percent will be forced to close within six months following—likely due to the fact that the average cost for a data breach at an SMB is $36, 000.

...

http://www.itbusinessedge.com/blogs/smb-tech/how-smbs-can-tighten-their-cybersecurity-efforts.html

This week, I ventured up to West Glocester, Rhode Island, home of the coolest place any insurance broker, insurance client, or risk management journalist can visit: the FM Global Research Campus.

Because FM Global is intently focused on prevention of loss as the chief means of minimizing claims, the company maintains a 1,600-acre campus dedicated to property loss prevention scientific research. The biggest center of its kind, the research center features some of the most advanced technology to conduct research on fire, natural hazards, electrical hazards, and hydraulics. Here, experts can recreate clients’ warehouse conditions to test whether existing suppression practices would be sufficient in the event of a massive fire, for example. Fabricated hail or seven-foot 2x4s are shot from a cannon-like instrument at plywood, windows, or roofing to test whether these materials can withstand debris that goes flying in hurricane-strength winds. Hydraulic, mechanical and environmental tests are conducted on components of fire protection systems, like sprinklers, to ensure effectiveness overall and under the specific conditions clients face. Indeed, these hydraulic tests have led the company’s scientists and engineers to design and patent their own, more effective sprinklers, the rights to which are released so anyone can manufacture these improved safety measures.

...

http://www.riskmanagementmonitor.com/fm-global-teaches-explosive-safety-lessons/

(TNS) — Allstate said Wednesday that it is one step closer to using drones to assess damages after catastrophes.

The insurer, based in the Chicago suburb of Northbrook, said that a new ruling by the Federal Aviation Administration will allow the consortium it works with to research the benefits of flying drones to assess property claims.

The year-old Property Drone Consortium is led by EagleView Technology, whose services include aerial imagery and data analysis.

Allstate said that in a disaster, access to neighborhoods might be restricted by debris or local authorities and that drones could help claims professionals serve customers in spite of those restrictions.

...

http://www.emergencymgmt.com/disaster/How-Drones-Can-Help-Insurance-Companies-Research-Claims.html

A recent Information Management article argues that chief data officers (CDOs) are making “gradual gains” this year. The piece backs this up with a list of recent appointments, as well as a stat from Experian that says roughly 60 percent of chief information officers hope to hire CDOs this year.

With all due respect, I disagree. In fact, there are several signs that CDOs as a concept may falter, and their functions may be absorbed by other existing roles.

First, the list actually includes only one CDO appointment. That was at Clinical Ink, a company that develops health care patient engagement technology. Obviously, that’s a step forward, but if I may be frank, I’m a bit surprised a company like that didn’t already have a chief data officer, since their work is patient engagement.

...

http://www.itbusinessedge.com/blogs/integration/are-businesses-back-tracking-on-chief-data-officers.html

All countries need to be prepared for the unanticipated spread of serious infectious diseases says WHO.

After a meeting on the 17th June, the United Nations World Health Organization (WHO) declared that the Middle East Respiratory Syndrome, or MERS, outbreak that spread from the Middle East to the Republic of Korea does not constitute a ‘public health emergency of international concern’ but is nonetheless a ‘wake-up call’ for all countries to be prepared for the unanticipated spread of serious infectious diseases.

The Emergency Committee, convened by the WHO Director-General under the International Health Regulations regarding Middle East respiratory syndrome coronavirus (MERS-CoV) in regards to the outbreak in the Republic of Korea, also recommended against the application of any travel or trade restrictions and considers screening at points of entry to be unnecessary at this time.

WHO did recommend “raising awareness about MERS and its symptoms among those travelling to and from affected areas” as “good public health practice.”

The Committee noted that there are still many gaps in knowledge regarding the transmission of this virus between people, including the potential role of environmental contamination, poor ventilation and other factors, and indicated that continued research in these areas was critical.

Meanwhile, in a JAMA Viewpoint article, Georgetown public health law professor Lawrence O. Gostin and infectious disease physician Daniel Lucey state that MERS-CoV requires constant vigilance and could spread to other countries including the United States. However, MERS can be brought under control with effective public health strategies.

In the Viewpoint, published online on June 17th, the authors outline strategies for managing the outbreak, focusing on transparency, trust and infection control in health care settings. The duo also outline weaknesses in the World Health Organization's framework designed to govern patents on certain viruses, which is likely to impact critical future research.

Key points Gostin and Lucey make about MERS-CoV infection control include:

  • Training health workers and conducting diagnostic testing of certain travelers;
  • Limiting quarantine quarantines use to well-documented exposures using the least restrictive means possible;
  • Restricting travel should be avoided as it would be ineffective as evidence is lacking of MERS-CoV community transmission; and
  • Closing schools also should be avoided given the lack of community transmission of MERS-CoV.

In addition, Gostin and Lucey say the WHO's Pandemic Influenza Preparedness Framework fails to cover non-influenza pathogens like MERS-CoV noting, "...there remain substantial holes in international rules needed to facilitate critical research."

Data center infrastructure is supposed to be the rock upon which higher order applications and services are built. So what are we to think when someone comes along and says we can do all kinds of wonderful things by severing the application’s ties to this foundation?

In a way, what is happening to data architectures mirrors what we can see in the data center. The floor is concrete, but the racks are made of metal. The servers themselves are not welded to the rack but can slide in and out for easy replacement. At each delineation, the goal is to produce maximum flexibility while still rooting the system in the strength of its supporting infrastructure.

The latest iterations of virtual infrastructure are taking this idea to an entirely new level, however, because they purport to remove infrastructure concerns entirely from the business model. This can be seen in solutions like Nutanix’s Xtreme Computing Platform (XCP), which aims for full application independence from what the company is now calling “invisible infrastructure.” With the app now enjoying full mobility, native virtualization and even consumer-level search capabilities, it subsumes virtually all of the provisioning, orchestration and other functions it needs to support business processes at scale. In this way, organizations can finally rid themselves of costly infrastructure concerns and focus on what matters to them: making money through app-level innovation.

...

http://www.itbusinessedge.com/blogs/infrastructure/can-the-enterprise-thrive-without-infrastructure.html

WASHINGTON – Today, the U.S. Department of Homeland Security’s Federal Emergency Management Agency (FEMA) signed Memoranda of Understanding (MOU) with seven technology organizations to provide state, local, tribal and territorial governments with technology resources during a disaster to expedite response and recovery. Cisco Systems, Google, Humanity Road, Information Technology Disaster Resource Center, Intel, Joint Communications Task Force and Microsoft have joined FEMA’s new Tech Corps program – a nationwide network of skilled, trained technology volunteers who can address critical technology gaps during a disaster.

During major disasters or emergencies, trained technology volunteers can complement ongoing response and recovery efforts, including installing temporary networks; enabling internet connectivity, and telephone, and radio communications; and providing other support, such as geographic information system (GIS) capacity, coding, and data analytics.  In 2002, Senator Ron Wyden (D-OR) proposed a mechanism of leveraging private sector technology capabilities to innovate the way federal, state, local and tribal governments respond to disasters. Tech Corps is based on this model, which was developed beginning in 2013 to assemble the initial group of companies for the voluntary program.

“When disaster strikes, we all have a role to play in helping survivors recover, and that includes the private sector,” said FEMA Administrator Craig Fugate. “Tech Corps volunteers will bring a vital skill set to our emergency management team to help the survivors we serve recover more quickly after disasters. We’re grateful to Senator Wyden and the private sector for contributing to this effort and we look forward to partnering with them to make communities stronger and safer.” 

“Tech Corps harnesses a deep well of technical expertise and private-sector manpower to make sure every resource is available immediately when disaster strikes,” said Senator Wyden. “Information technology is often critical to saving lives, and this program ensures that red tape won’t stand in the way of volunteer experts who can stand up temporary cell networks and Wi-Fi solutions that are so important in disaster areas. I’m hopeful today’s partners are the first of many to sign up to work hand-in-hand with emergency responders to help craft more resilient and effective responses to future disasters.”

Already, Tech Corps partners have been active on their own during national and global technology disaster response efforts, including providing support during Hurricane Sandy and the earthquakes in Nepal and Haiti. This initiative signifies a greater level of coordination between volunteers and the emergency management community through FEMA. 

To learn more about Tech Corps, please visit: fema.gov/tech-corps.


###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

OKLAHOMA CITY – Not all of the damage from flooding takes place while your home or business is under water. Long after the flood waters have receded, mold and mildew can present serious and ongoing health issues.

Oklahomans impacted by the severe storms and flooding that took place between May 5 and June 4 should take steps to protect the health of their family or employees by treating or discarding mold- and mildew-infected items as soon as possible.

Health experts urge those who find mold to act fast. Cleaning mold quickly and properly is essential for a healthy home or work place, especially for people who suffer from allergies or asthma.

Mold and mildew can start growing within 24 hours after a flood, and can lurk throughout a home or business, from the attic and basement to crawl spaces and store rooms. The best defense is to clean, dry or discard moldy items. A top-to-bottom cleanup is your best defense, according to the experts.

Many materials are prone to developing mold if they remain damp or wet for too long. Start a post-flood cleanup by sorting all items exposed to floodwaters:

  • Wood and upholstered furniture and other porous materials can trap mold and may need to be discarded.
  • Carpeting presents a problem because drying it does not remove mold spores. Carpets with mold and mildew should be removed.
  • Glass, plastic and metal objects and other items made of hardened or nonporous materials can often be cleaned, disinfected and reused.

All flood-dampened surfaces should be cleaned, disinfected and dried as soon as possible. Follow these tips to ensure a safe and effective cleanup:

  • Open windows for ventilation and wear rubber gloves and eye protection when cleaning. Consider using a mask (rated N-95 or higher) if heavy concentrations of mold are present.
  • Use a non-ammonia soap or detergent to clean all areas and washable items that came in contact with floodwaters.
  • Mix 1.5 cups of household bleach in one gallon of water and thoroughly rinse and disinfect the area. Never mix bleach with ammonia, as the fumes are toxic.
  • Cleaned areas can take several days to dry thoroughly. The use of heat, fans and dehumidifiers can speed up the drying process.
  • Check all odors. Mold often hides in the walls or behind wall coverings. Find all mold sources and clean them properly.
  • Remove and discard all materials that can’t be cleaned like wallboard, fiberglass and other fibrous goods. Clean the wall studs where wallboard has been removed and allow the area to dry thoroughly before replacing the wallboard.

For other tips about post-flooding cleanup, visit www.fema.gov, www.oem.ok.gov, www.epa.gov, or www.cdc.gov.

###

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status.  If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

The Oklahoma Department of Emergency Management (OEM) prepares for, responds to, recovers from and mitigates against emergencies and disasters. The department delivers services to Oklahoma cities, towns and counties through a network of more than 350 local emergency managers.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow us on Twitter at www.twitter.com/femaregion6 and the FEMA Blog at http://blog.fema.gov.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners, and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling (800) 659-2955, emailing disastercustomerservice@sba.gov, or visiting SBA’s website at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call (800) 877-8339.

Improving server utilization is like walking on a frozen pond during a spring thaw. The more comfortable the air temperature gets, the greater the danger of falling through.

With utilization, the higher you go, the less overhead you have when the inevitable data spikes arrive. Sure, you could have cloud-based IaaS at the ready, but now you are simply leasing underutilized resources rather than buying them.

This is why the tendency to view recent reports of underutilized servers with consternation is wrong-headed. The latest is Anthesis Group’s finding that 30 percent of servers worldwide are “comatose,” says eWeek’sJeffrey Burt, representing about $30 billion in “wasted” IT infrastructure. This may cause non-IT people to wring their hands, but anyone who has even a modicum of experience in data infrastructure will know that a 70 percent utilization rate is actually quite good—in fact, it is historically high given that in the days before virtualization, a typical server could sit idle maybe 80 percent of the time.

...

http://www.itbusinessedge.com/blogs/infrastructure/should-we-celebrate-reaching-70-percent-server-utilization.html

While every organization is at risk of employee theft–with the typical company losing 5% of revenue to fraud each year–smaller organizations with less than 500 employees (72%) were the most targeted.

According to The 2015 Hiscox Embezzlement Watchlist: A Snapshot of Employee Theft in the U.S., of the smaller companies targeted, four out of five had less than 100 employees and more than half had fewer than 25 employees. Smaller organizations also had the largest losses, according to the survey. Financial services companies were most at risk (21%), followed by non-profits, labor unions and municipalities.

Hiscox noted steps organizations can take to minimize employee theft, adding that this is most important for small- to medium-sized businesses, which can be more impacted by theft. In fact, the survey found that 58% showed no recovery of their losses.

...

http://www.riskmanagementmonitor.com/smaller-companies-at-higher-risk-of-employee-theft

(TNS) — Iowa Agriculture Secretary Bill Northey said Monday the Bird flu outbreak ranks as Iowa’s worst animal health emergency and could cost federal and state agencies up to $300 million in the cleanup, disposal and disinfection process on top of the sizable losses being incurred by producers.

“Animal-health wise, there is nothing that we’ve ever had like it,” said Northey, who held out hope the spread is “winding down,” since Iowa recently has reported fewer confirmed cases of the highly pathogenic flu that has led to the deaths and euthanizing of more than 32.7 million commercial layers and turkeys on 76 farms in 18 Iowa counties. All the infected birds in Iowa have been depopulated and humanely destroyed, he said.

Northey said hotter temperatures and decontamination efforts have slowed the outbreak, although state officials Monday said they were investigating a possible new case. He noted that Minnesota saw a resurge in cases after a brief lull, and nearly 2,300 federal and state response personnel remained at work Monday in the field assessing Iowa’s situation and looking ahead to what might happen once fall weather returns along with migratory bird activity.

...

http://www.emergencymgmt.com/health/Bird-Flus-Cost-to-Iowa-So-Far-1-Million.html

Often crisis management case studies focus on what went wrong in badly handled crises. In this article Charlie Maclean-Bristol FBCI takes five lessons from an incident that was well managed.

After commenting on so many organizations that get their crisis management wrong, it is refreshing to see an organization which in the main have got their response to a serious incident right! The handling of the response to a recent accident at its Alton Towers theme park by Merlin Entertainments has not been quite ‘text book’ but it has been close to it. On June 2nd two cars on the Smiler rollercoaster crashed in to each other resulting in four serious and twelve minor injuries to those on the ride. Subsequently one of the riders had to have part of her leg amputated. Often it takes a poor response and criticism for an organization to ‘put its house in order’ and to improve its response. Here they got it right first time.

So what are the five lessons learned from this incident?

...

http://www.continuitycentral.com/index.php/news/business-continuity-news/304-feature1322

Using Twitter and Google search trend data in the wake of the very limited US Ebola outbreak of October 2014, a team of researchers from Arizona State University, Purdue University and Oregon State University have found that news media is extraordinarily effective in creating public panic.

Because only five people were ultimately infected yet Ebola dominated the US media in the weeks after the first imported case, the researchers set out to determine mass media's impact on people's behavior on social media.

"Social media data have been suggested as a way to track the spread of a disease in a population, but there is a problem that in an emerging outbreak people also use social media to express concern about the situation," explains study team leader Sherry Towers of ASU's Simon A. Levin Mathematical, Computational and Modeling Sciences Center. "It is hard to separate the two effects in a real outbreak situation."

...

http://www.continuitycentral.com/index.php/news/business-continuity-news/306-news7600

For many people, IT security is about keeping the bad guys out of the data centre by using firewalls to control external access and anti-malware programs to prevent hackers from infecting servers. That is only half the picture however. The threat that has also been growing comes from people already within the security perimeter of the data centre. They have legitimate access to servers, but are misusing that access either unintentionally or deliberately to take data out. The challenge in resolving this kind of insider threat is that it is typically not a malware attack, but a personal ‘manual’ attack.

...

http://www.opscentre.com.au/blog/data-loss-prevention-and-the-insider-twist-to-it-security/

The Office of Personnel Management has some explaining to do.

Cyberthieves have pilfered the personal information of millions of federal employees – notably including the private data of those with security clearances – and the story seems to grow worse by the day.

While investigating a cyberattack on the information of about 4 million feds, officials discovered “a separate intrusion into OPM systems that may have compromised information related to the background investigations of current, former, and prospective Federal government employees, and other individuals for whom a federal background investigation was conducted,” Samuel Schumach, OPM’s press secretary, said Sunday.

...

http://www.washingtonpost.com/blogs/federal-eye/wp/2015/06/14/after-hack-attacks-opm-has-some-explaining-to-do/

WASHINGTON – Today, the Federal Emergency Management Agency (FEMA) launched a National Flood Insurance Program (NFIP) call center pilot program to serve and support policyholders with the servicing of their claims.

Flood insurance claims can be complicated, and policyholders may have questions in the days and weeks following a disaster.

The NFIP call center is reachable at 1-800-621-3362, and will operate from 8 a.m. to 6 p.m. (CDT) Monday through Friday. Specialists will be available to assist policyholders with the servicing of their claims, provide general information regarding their policies, and/or offer technical assistance to aid in recovery.

For those who prefer to put their concerns in writing, a “Request for Support” form is posted at www.fema.gov/national-flood-insurance-program, which can be filled out and emailed to FEMA-NFIP-Support@fema.dhs.gov or faxed to 540-504-2360.

Call center staff will be able to answer questions, such as “How do I file a flood insurance claim? What type of documentation is needed? Can I still obtain disaster assistance even though I have a flood policy?” as well as more complicated insurance questions about the extent of coverage, policy ratings, and more.  The call center will also be open to disaster survivors who have general questions about the NFIP.

“Flood insurance provides residents with the ability to protect themselves financially against the most common disaster we see in America,” said Roy Wright, Deputy Associate Administrator for the Federal Insurance and Mitigation Administration. “We’re providing this new resource to ensure that the people we serve have another way get information they may need to understand how flood insurance works and how to navigate the claims process.  This hotline also provides us with a direct connection to policyholders themselves should they have concerns to report about how their claims are being handled and enabling us to take prompt action to ensure that they receive every dollar they are owed under their policies.”

Flood insurance plays a critical role in assisting survivors on their road to recovery. Like other types of insurance, it does not cover all losses, but it is the first line of defense against a flood. While the policy payouts won’t make the insured whole, our top priority is to ensure policyholders get what they are due under their coverage. This initiative is part of FEMA’s ongoing commitment to effective, long-term improvements to the NFIP.

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

Tuesday, 16 June 2015 00:00

Selecting the Right Kind of Cloud

Saying that the cloud is becoming more specialized is like saying the days are getting longer now that summer is here: It is such a natural phenomenon that it barely needs to be stated.

But I’m going to state it anyway, because this facet of cloud computing alone will probably do more to capture critical enterprise loads and break down the psychological barriers to cloud adoption than any mere technological development.

Across a number of fronts, organizations are gaining the ability to deploy not just the cloud, but a highly specialized data ecosystem tailored to specific functions, industry verticals and even individuals. In a way, this follows that same pattern of software development in general, except that now the application software is backed by a cloud component that caters to its every whim.

...

http://www.itbusinessedge.com/blogs/infrastructure/selecting-the-right-kind-of-cloud.html

Tuesday, 16 June 2015 00:00

Mastering IT Risk Assessment

The foundation of your organization’s defense against cyber theft is a mastery of IT risk assessment. It is an essential part of any information security program, and in fact, is mandated by regulatory frameworks such as SSAE 16, SOC 2, PCI DSS, ISO 27001, HIPAA and FISMA.

Compliance with those frameworks means that your organization not only has to complete an IT risk assessment but it must also assess and address the risks by implementing security controls.

In the event of a breach, an effective IT risk management plan—which details exactly what your IT department is going to do and how they’re going to do it—and implementation of the critical security controls that have the potential to save your organization millions of dollars in direct response costs, legal fees, regulatory fines, and costs associated with rebuilding a damaged corporate reputation.

...

http://www.riskmanagementmonitor.com/mastering-it-risk-assessment/

Thanks to a new report from Trustwave, it is easy to see why cybercrime has become so prevalent. It pays very well.

The 2015 Trustwave Global Security Report (free download with registration) looked at all sorts of issues on the cybersecurity front, from spam to passwords to where compromises are actually happening. Though the report presented a fascinating and all-encompassing look at the state of cybersecurity today, unfortunately, it isn’t pretty.

The bit of information that appears to have caught the most attention is how lucrative cybercrime is for hackers. The report stated that hackers receive an estimated 1,425 percent return on investment for exploit kit and ransomware schemes, or nearly $6000 for a single ransomware campaign. That’s a stunning amount of money. TechWeek Europe explained why cybercrime is so lucrative:

...

http://www.itbusinessedge.com/blogs/data-security/cybercriminals-are-getting-rich-from-our-security-failures.html

(TNS) — Energy firms in Wyoming are being urged to take precautions against potential cybersecurity attacks.

Michael Bobbitt, a supervisory special agent with the FBI, told attendees at the Wyoming Infrastructure Authority's energy conference on Friday that companies should be aware of the growing number of threats on both the national and international levels.

Bobbitt is the team leader for the FBI's criminal and national cybersecurity squad in the agency's Denver office.

He said any business that uses computers faces the risk of being hacked or exposed to a cyberattack.

...

http://www.emergencymgmt.com/safety/Cybersecurity-Threats-Plague-Energy-Groups.html

As important as it is for managed service providers (MSPs) to protect your clients from external threats, it can be just as important to protect organizations from themselves. By managing security and access in cloud data storage and cloud-based file sharing, MSPs can help to prevent employee misuse within an organization.

Over the past couple years, the news all around the world has been littered with the narratives of major security breaches from outside hackers. As organizations (and MSPs) rush to patch up any openings in their security protection against the external invaders, they better be just as cognizant of the potential threats that can compromise their data from inside their own walls.

...

http://mspmentor.net/infocenter-cloud-based-file-sharing/061515/prevent-misuse-managing-employee-cloud-access

Remember the U.S. Office of Personnel Management (OPM) data breach that was reported earlier this month? OPM officials last week said the incident now appears to have affected millions of federal employees and contractors.

And as a result, the OPM once again tops this week's list of IT security news makers to watch, followed by Microsoft (MSFT), the "Punkey" malware and Blue Shield of California.

What can managed service providers (MSPs) and their customers learn from these IT security news makers? Check out this week's list of IT security stories to watch to find out:

...

http://mspmentor.net/managed-security-services/061515/it-security-stories-watch-opm-data-breach-update

Business continuity and disaster recovery are two common reasons why organizations consider cloud migration: but sometimes the decision to migrate is put off due to fears that the process will be difficult. In this article, Lilac Schoenbeck offers some tips to help smooth the migration path.

Are you looking to utilise the business continuity and disaster recovery advantages that the cloud offers? Are you running out of data centre space? Do you need to reduce the time spent maintaining physical hardware? The reasons to transition to cloud continue to stack up, and stories about cloud benefits and successes are only becoming more prominent. Still, many organizations and IT teams continue to be wary of making the move because of the challenges associated with migrating their applications.

The good news? Cloud migration does not have to be as daunting as it once was. Others have helped pave the way, establishing best practices and systematic approaches to ease the process. Here are six tips to help make your migration a smooth one:

...

http://www.continuitycentral.com/index.php/news/technology/299-feature1320

In a world of constantly emerging threats, security is a tough job: but the concepts of best practice have been devised for a reason. The challenge for organizations is to attain that balance between unworkable change control practices and an anarchic environment that provides ample opportunities to hide.

However strong the perimeter security, in the vast majority of organizations there are far too many opportunities for hackers or malware attacks to slide in undetected.

Forensic-level monitoring of system changes provides a means whereby subtle breach activity can be exposed, but just having the means to detect changes is only part of the solution.

In the same way that seemingly clear pond water is revealed to be teaming with life when placed under a microscope, the amount of noise created on a daily basis by critical upgrades, system patches and required updates once visible is overwhelming. And when it comes to breach detection, it is virtually impossible to distinguish between the expected file and registry changes prompted by these changes and nefarious activity.

...

http://www.continuitycentral.com/index.php/news/technology/300-feature1321

Monday, 15 June 2015 00:00

What to Expect from a FEMA Inspection

After you register for assistance, an inspector from the Federal Emergency Management Agency (FEMA) will call you for an appointment to inspect your damaged property.
 

Q. Why is the inspector there?
A. Verifying disaster damage is part of the process to establish the amount and type of damage you suffered.  The inspectors have construction backgrounds and are fully qualified to do the job.

Q. How do I know the Inspector is from FEMA?
A. You should ask to see the inspector's identification.  All FEMA housing inspectors will have a FEMA badge displayed. Also, each disaster survivor is provided a unique FEMA registration number when they register for assistance.  The inspector will know your FEMA registration number.

If you have concerns with the legitimacy of a FEMA housing inspector, you should contact your local law enforcement as they will be able to validate their identification. 

Q. What does the inspector look for?
A. The inspector determines whether the house is livable by checking the structure, including heating, plumbing, electrical, flooring, wallboard, and foundation.

Q. How about personal property?
A. Damage to major appliances - washer, dryer, refrigerator, stove - is assessed. Other serious needs such as clothing lost or damaged in the disaster are surveyed.

Q. Do I need to have any paperwork on hand?
A. Some evidence that the property is your usual residence or evidence that you own the property will be required.  It might be a recent utility bill, mortgage payment record, or rent receipts.

Q. Will I find out the results of the inspection?
A. If you are eligible for assistance, you will receive a check in the mail.  You will be notified by letter if you are not eligible.  You have 60 days to appeal the decision, and the appeal process is outlined in the letter.

Q. What other inspections should I expect?
A. Depending on the types of assistance for which you may be eligible, your losses may be verified by FEMA, the U.S. Small Business Administration (SBA), and your local building inspector's office.

Heat is a form of energy, and energy is a commodity. And commodities, of course, can be sold for a profit.

So it is something of a misnomer to say that data centers are constantly dealing with the problem of waste heat when what is really going on is that they are failing to capitalize on their heat-generating capabilities.

But a few are starting to realize the commercial possibilities of the heat coming off the server racks. Probably the most innovative is the Foundry Project in Cleveland, Ohio, which is pumping heat from an underground data center to a $4.5 million co-located fish farm devoted to raising Mediterranean sea bass. The data center itself will measure about 40,000 square feet and is linked by three 100Gbps fiber networks. Foundry executives say they already have a client lined up but have yet to reveal a name. Meanwhile, the fish farm is expected to produce about 500,000 pounds per year, and waste from the fish will be delivered to a nearby orchard as fertilizer.

...

http://www.itbusinessedge.com/blogs/infrastructure/waste-not-want-not-it-works-for-heat-too.html

Forrester research analyst Michael Gualtieri made a bold prediction at this week’s Hadoop Summit. Gualtieri told attendees that 100 percent of all large enterprises eventually would adopt some form of Hadoop, according to Information Week Editor-at-Large Charles Babcock.

Babcock points out that Hadoop has a way to go, since actual deployment is currently around 26 percent, with only 11 percent planning to invest in the next 12 months.

Still, I think Gualtieri’s prediction is reasonable. Enterprises tend to be more conservative than, say, Internet start-ups, so typically they try to hit that sweet spot between disruption and too late to the game. In fact, Capgemini’s research found that leading businesses are already using Big Data to disrupt markets and threaten their competitors.

“In our study, a surprising 64% of respondents said that big data is changing traditional business boundaries and enabling non-traditional providers to move into their industry,” the report, released earlier this year, notes. “Companies report a significant level of disruption from new competitors moving into their industry from adjacent industries (27%), and over half (53%) expect to face increased competition from start-ups enabled by data.”

...

http://www.itbusinessedge.com/blogs/integration/businesses-say-big-data-is-changing-markets-but-whats-holding-back-adoption.html

(TNS) — When Justin McQuillen died in 1994 after being hit by a pitched baseball, the technology for automated external defibrillators was not as sophisticated as it is today.

Today, the lightweight, portable devices can check a person’s heart rhythm, recognize when a shock is required and advise the rescuer when to administer it.

Some AEDs use voice prompts, lights and even text messaging to tell the user what steps to take. Most range in cost from $1,500 to $2,000, according to the American Heart Association, though less expensive models can be found.

McQuillen, 9, of Honey Brook, Pa., died in May 1994 after being struck in the chest with a baseball in a Twin Valley youth league game. An AED was not immediately available at the field.

...

http://www.emergencymgmt.com/health/Doctors-Working-Make-AEDs-More-Widely-Available.html

OKLAHOMA CITY – Oklahoma residents whose properties were damaged in the recent storms and flooding are warned to be alert for, and urged to report, any potential fraud during recovery and rebuilding efforts, according to the Oklahoma Department of Emergency Management and the Federal Emergency Management Agency.

The aftermath of a disaster can attract opportunists and confidence artists. Homeowners, renters and businesses can follow some simple steps to avoid being swindled.

Be suspicious if a contractor:

  • Demands cash or full payment up front for repair work;
  • Has no physical address or identification;
  • Urges you to borrow to pay for repairs, then steers you to a specific lender or tries to act as an intermediary between you and a lender;
  • Asks you to sign something you have not had time to review; or
  • Wants your personal financial information to start the repair or lending process.

To avoid fraud:

  • Question strangers offering to do repair work and demand to see identification;
  • Do your own research before borrowing money for repairs. Compare quotes, repayment schedules and rates. If they differ significantly, ask why;
  • Never give any personal financial information to an unfamiliar person; and
  • Never sign any document without first reading it fully. Ask for an explanation of any terms or conditions you do not understand.

Disasters also attract people who claim to represent charities but do not. The Federal Trade Commission warns people to be careful and follow some simple rules:

  • Donate to charities you know and trust. Be alert for charities that seem to have sprung up overnight.
  • If you’re solicited for a donation, ask if the caller is a paid fundraiser, whom they work for, and the percentage of your donation that will go to the charity and to the fundraiser. If you don’t get a clear answer — or if you don’t like the answer you get — consider donating to a different organization.
  • Do not give out personal or financial information – including your credit card or bank account number – unless you know the charity is reputable.
  • Never send cash: you can’t be sure the organization will receive your donation.
  • Check out a charity before you donate. Contact the Better Business Bureau’s Wise Giving Alliance at www.give.org.

If you believe you are the victim of a contracting scam, price-gouging or bogus charity solicitations, contact local law enforcement and report it to the Oklahoma Office of the Attorney General. Find a complaint form online at www.ok.gov/oag. The Federal Trade Commission takes complaints at www.ftc.gov/complaint.

Many legitimate people — insurance agents, FEMA Disaster Survivor Assistance personnel, local inspectors and actual contractors — may have to visit your storm-damaged property. Survivors could, however, encounter people posing as inspectors, government officials or contractors in a bid to obtain personal information or collect payment for repair work. Your best strategy to protect yourself against fraud is to ask to see identification in all cases and to safeguard your personal financial information. Please keep in mind that local, state and federal employees do not solicit or accept money for their services to the citizens.

All FEMA employees and contractors will have a laminated photo ID. A FEMA shirt or jacket alone is not proof of identity. FEMA generally will request an applicant's Social Security or bank account numbers only during the initial registration process. However, FEMA inspectors might require verification of identity. FEMA and U.S. Small Business Administration staff never charge applicants for disaster assistance, inspections or help filling out applications. FEMA inspectors verify damages but do not recommend or hire specific contractors to fix homes.

###

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status.  If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

The Oklahoma Department of Emergency Management (OEM) prepares for, responds to, recovers from and mitigates against emergencies and disasters. The department delivers service to Oklahoma cities, towns and counties through a network of more than 350 local emergency managers.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow us on Twitter at www.twitter.com/femaregion6 and the FEMA Blog at http://blog.fema.gov.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners, and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling (800) 659-2955, emailing disastercustomerservice@sba.gov, or visiting SBA’s website at www.sba.gov/disaster.

I’ve seen the strides made in cloud security over the years, but a couple of new studies show that there is still a long way to go.

The study from Netskope found that sensitive data stored in the cloud has a one in five chance of being exposed. Okay, the flip side to that is a four out of five chance that your sensitive data won’t be exposed, but when you are dealing with health information, Social Security numbers, and other data that could result in identity theft for unsuspecting consumers, that number isn’t good enough – at least not for those who are still wary about migrating to the cloud.

The primary culprit of data loss is cloud storage apps, where 90 percent of all data loss prevention violations occurred. This result was a surprise, Sanjay Beri, Netskope's CEO and founder, told eSecurity Planet:

...

http://www.itbusinessedge.com/blogs/data-security/cloud-apps-failing-at-security-of-sensitive-data.html

As emergency management evolves as a profession and grows in diversity, there’s a blending of personalities, viewpoints and different structures that come to the fore. People will come from different backgrounds, experiences and professions and have different styles and perspectives. They can blend to become a healthy whole, said Nim Kidd, Texas Division of Emergency Management chief, in a keynote address at the 2015 National Homeland Security Conference this week in San Antonio.

Kidd came from the fire service and acknowledged that his experience and style is different from others rising in the emergency management ranks from the military, law enforcement, health care and academia. None of those have the market cornered on the “right way” to do things, and there are advantages and disadvantages to how each communicates and approaches situations.

For instance, law enforcement isn’t known for being the best at communicating information, for good reason and sometimes not so good. The military and fire service bring invaluable experience to the emergency management field, and what health care and academia lack in experience, they make up for in knowledge and information.

...

http://www.emergencymgmt.com/training/Orchestrated-Emergency-Response-Doesnt-Just-Happen.html

One of most effective risk management philosophies is to work smarter, not harder, implementing holistic tools, such as predictive analytics to ensure it is minimized. More often than not, companies implement blanketed management programs, applying the same strategies to all employees regardless of performance. With this approach, employers waste time and effort focusing on employees who are not at risk, leaving room for at-risk employees to go unnoticed. On an opposing front, many companies use the “squeaky wheel” approach, diverting all of their attention to employees that actively demonstrate troublesome behaviors. While this approach targets a greater amount of at-risk employees, it still leaves room for some to go undetected.

Alternatively, a strategic employee-specific management program allows employers to identify at-risk employees regardless of how “squeaky” they are. The theory behind an employee-specific management program is simple – monitor your employees for changes that indicative risky behavior.

...

http://www.riskmanagementmonitor.com/mitigating-risk-with-predictive-modeling/

WASHINGTON – Today, the Federal Emergency Management Agency (FEMA) launched a new data visualization tool that enables users to see when and where disaster declarations have occurred across the country. As hurricane season kicks off, the tool helps provide important information about the history of hurricanes and other disasters in their communities and what residents can do to prepare.

The data visualization tool is accessible at fema.gov/data-visualization and allows users to view and interact with a wide array of FEMA data. Through an interactive platform, users can view the history of disaster declarations by hazard type or year and the financial support provided to states, tribes and territories, and access public datasets for further research and analysis. On the site, you can see compelling visual representations of federal grant data as it relates to fire, preparedness, mitigation, individual assistance and public assistance.

“We have a wealth of data that can be of great use to the public,” said FEMA’s Deputy Administrator of Protection and National Preparedness Tim Manning. “By providing this information in a way that is visual and easy to understand, people will be moved to action to prepare their families and communities.”

The data visualization tool builds on FEMA’s commitment to transparency by making it easy to convert historical data – already available via the OpenFEMA initiative - into a readable and interactive map. Users can see the types of disasters that have occurred in their community and FEMA’s support to build and sustain the capabilities needed to prevent, protect, mitigate against, respond to, and recover from those threats and hazards in the future. The tool also provides ways for users to take action to prepare for future disasters by supporting community preparedness planning, providing information on individual preparedness actions people can take, or joining a local Citizen Corps program.

FEMA encourages all individuals to interact with the tool, learn more about the emergency management process, and provide feedback. FEMA will continue to develop additional visualizations based on feedback and the availability of public data.


###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

Thursday, 11 June 2015 00:00

Rising Concerns Over Next Global Pandemic

As South Korean authorities step up efforts to stop the outbreak of Middle East Respiratory Syndrome, or MERS, from spreading further, the president of the World Bank Jim Yong Kim has warned that the next global pandemic could be far deadlier than any experienced in recent years.

Speaking in Frankfurt earlier this week, Dr Kim said Ebola revealed the shortcomings of international and national systems to prevent, detect and respond to infectious disease outbreaks.

The next pandemic could move much more rapidly than Ebola, Dr Kim noted:

The Spanish Flu of 1918 killed an estimated 25 million people in 25 weeks. Bill Gates asked researchers to model the effect of a Spanish Flu-like illness on the modern world, and they predicted a similar disease would kill 33 million people in 250 days.”

...

http://www.iii.org/insuranceindustryblog/?p=4086

Thursday, 11 June 2015 00:00

Look Who’s Doing Risk Management

If you’re wondering how much risk management should become part of your organisation’s rulebook, you may already be looking around to see who else is doing it. Insurers and bankers are obvious examples, because their businesses are centred on risk calculation, whether in terms of setting insurance premiums or defining credit interest rates. Many insurers are also ready to discuss risk management with potential customers in a variety of different industry sectors. These can range from agriculture and aviation to sports and transportation. However, there are other perhaps unexpected examples that show how far the concept of risk management has spread in general.

...

http://www.opscentre.com.au/blog/look-whos-doing-risk-management/

Thursday, 11 June 2015 00:00

Is It Time for the Data Center OS?

It doesn’t take a lot of imagination to see the digital ecosystem as a series of concentric circles. On the processor level, there are a number of cores all linked by internal logic. The PC contains multiple chips and related devices controlled by an operating system. The data center ties multiple PCs, servers, storage devices and the like into a working environment, and now the cloud is connecting multiple data centers across distributed architectures.

At each circle, then, there is a collection of parts overseen by a software management stack, and as circles are added to the perimeter, the need for tighter integration within the inner architectures increases in order to better serve the entire data ecosystem.

It is for this reason that many data architects are warming to the idea of the data center operating system. With the data center now just a piece of a larger computing environment, it makes no more sense to manage pieces like servers, storage and networking on an individual basis than to have multiple OS’s on the PC, one for the processors, another for the disk drive, etc. As tech investor Sudip Chakrabarti noted on InfoWorld recently, the advent of virtualization, microservices and scale-out infrastructure in general are fueling the need to manage the data center as a computer so the distributed architecture can assume the role of the data center.

...

http://www.itbusinessedge.com/blogs/infrastructure/is-it-time-for-the-data-center-os.html

More than 20% of consumers use passwords that are more than 10 years old, and 47% use passwords that have not been changed in five years, according to a recent report by account security company TeleSign. What’s more, respondents had an average of 24 online accounts, but only six unique passwords to protect them. A total of 73% of accounts use duplicate passwords.

Consumers recognize their own vulnerability. Four out of five consumers worry about online security, with 45% saying they are extremely or very concerned about their accounts being hacked – something 40% of respondents had experienced in the past year.

...

http://www.riskmanagementmonitor.com/47-of-consumers-have-not-changed-passwords-in-5-years/

(TNS) — The newly appointed director of the National Flood Insurance Program said the organization needs to focus more on the welfare of disaster victims and rethink gaps in coverage that bedeviled homeowners after superstorm Sandy.

Roy Wright, who takes over the federal program next week, said in an interview Tuesday that flood insurance policies have become laden with complex loopholes that nickel-and-dime homeowners and undermine their ability to rebuild after floods.

"The center of gravity needs to continue to shift in favor of the policyholder," Wright said.

...

http://www.emergencymgmt.com/disaster/Flood-Insurance-Program-Focus-Disaster-Victims-Needs-New-Chief-Says.html

Page 1 of 18