Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Bonus Journal

Volume 29, Issue 5

Full Contents Now Available!

Industry Hot News

Industry Hot News (6817)

Tsunami racers, take your marks! This Sunday, September 13, Race the Wave participants will practice the tsunami evacuation route from the coast to higher ground in Cannon Beach, Oregon. We know that increasing preparedness levels across the board means greater community resilience, and Race the Wave is a great event to highlight during National Preparedness Month this September.

The race finishes at the higher ground of one of the community’s evacuation meeting points, where Cannon Beach will host a preparedness fair with interactive booths to learn more about how to prepare for emergencies and disasters.

Runners at starting line of race
Residents of Cannon Beach, Oregon gather for a 5K race following a tsunami evacuation route from the beach to a safe meeting spot. The race helped residents build the "muscle memory" of getting to safety, if they should feel an earthquake while they are on or near the beach.

Race the Wave uses the National Preparedness month themes of being disaster aware and taking action to prepare and makes those themes relevant for their community.

  • Know the Plan: Make a plan with your family about where you will meet. Know if you need to pick your kids up from school. Know where you need to go and what to bring with you.
  • Take the Route: Become familiar with signage in your area. Learn the evacuation route from where you live, work, and play. Evacuate on foot and avoid traveling by car if possible.
  • Race the Wave: Natural warnings are the best sign of a tsunami. If you feel the ground shaking, move quickly inland or to a higher elevation. Listen to the radio to learn of tsunami warnings originating from non-local causes.

This is the second annual Race the Wave event, which includes a 10k, 5k and 2k for all abilities to participate in; participants can run, walk or roll the route. Visitors and locals alike will learn about the risks posed by the Cascadia Subduction Zone, and what they can do to stay safe.

The Community of Cannon Beach, Clatsop County Office of Emergency Management, Oregon Office of Emergency Management, Oregon Department of Geology and Mineral Industries (DOGAMI), Oregon Office on Disability & Health at Oregon Health & Science University and the Federal Emergency Management Agency (FEMA) Region X office are coming together to support Race the Wave.

FEMA encourages everyone to take steps to become better prepared for an emergency. Whether it’s at home, at work, at school, or in the community, there’s a lot that you can do to be ready and help others be ready too.  This September, take time to get disaster prepared and take action to prepare.

What you can do:

Wednesday, 09 September 2015 00:00

Still Some Life in (Some) Data Center Hardware

It appears that enterprise hardware is doing quite well, thank you very much, despite the much ballyhooed rise of software-defined cloud computing infrastructure.

According to IDC’s most recent Worldwide Quarterly Tracker, sales of servers, switches and routers are all in the black, with servers in particular showing the best results in more than a year. While the report shows stronger performance for ODM servers versus stalwarts like HP and Dell, results were positive nearly across the board. The only anomalies were IBM, down nearly 33 percent, and Lenovo, up more than 550 percent, which is undoubtedly the result of the transfer of the IBM server line to Lenovo.

Ethernet switches saw more muted gains of just over 1 percent, but it is an indication that the enterprise is not scaling back purchasing just yet amid all the talk of software-defined networking. Routers, meanwhile, jumped 11.5 percent, which represents in part an 8.3 percent gain in enterprise sales and 7.7 percent for the service market.



Wednesday, 09 September 2015 00:00

The Myth of Moving to the Cloud

This is the 2nd in a series of articles examining the “myths” of today’s Business Continuity Management industry.

The emergence of “Cloud” technologies in the past decade has created both benefits and risks.  Whether simply backing critical data up in the cloud, moving applications there, or implementing a full-fledged DRaaS (Disaster Recovery as a Service) program, it is important to remember Murphy’s “law” that says “Anything that can go wrong, will” supplemented with MacGillicuddy’s corollary: “At the most inopportune time”.

The ‘myth’ in the case of the Cloud is simply set it and forget it.  C-suites all over the world have been lulled into the belief that they no longer have IT risks because their data is in The Cloud.  It’s not that simple – or that easy.  Potential risks in the Cloud are no different than those in a corporate data center: cyber security, data corruption and potential data loss or breach.



Wednesday, 09 September 2015 00:00

Defining Reputational Risk

The following article is part of a new blog series that will explore ideas, concepts, discussions, arguments and applications associated with the field of enterprise and strategic risk management.

One of the more striking conclusions contained in Aon’s 2015 Global Risk Management Survey is that damage to reputation and/or brand was considered by the survey cohort to be the most significant risk to the enterprise. The survey was conducted in Q4 of 2014 and received input from over 1,400 respondents coming from both the private and public business on a worldwide basis.

The “Top Ten” most identified risks included:



Even while more and more businesses turn to MSPs to manage their growing data collections, many still hesitate to adopt cloud-based file sharing due to misconceptions about its potential security risks. Every few months brings reports of a new leak of personal information from even the largest corporations and organizations—banks, retailers, government offices—that manage data about income, credit history, bank accounts, and other sensitive information.

With security threats on the rise, businesses are understandably wary about where and with whom they entrust their customers’ information, a mindset that could be costing MSPs potential clients. Here are some of the most common misconceptions about the cloud that could be preventing potential clients from utilizing the cloud-based file sharing services of MSPs.



Wednesday, 09 September 2015 00:00

MSP Pricing Should Be About Risk, Not Flat Fees

If value is what you deliver as an MSP, why are you still charging your customers a flat fee based on number of devices or users? Wouldn’t it be better to make calculations based on value, and price your services accordingly?

Of course it would, but value-based pricing isn’t easy. It requires a formula that accounts for risk levels, support commitments, and all the costs associated with delivering a service reliably and effectively.

Such formulas can get fairly complicated, which largely explains why MSPs for the most part have relied on a per-device, per-user pricing model. The model has worked well enough but is far from perfect.



WASHINGTON — In an investigation involving guns and drugs, the Justice Department obtained a court order this summer demanding that Apple turn over, in real time, text messages between suspects using iPhones.

Apple’s response: Its iMessage system was encrypted and the company could not comply.

Government officials had warned for months that this type of standoff was inevitable as technology companies like Apple and Google embraced tougher encryption. The case, coming after several others in which similar requests were rebuffed, prompted some senior Justice Department and F.B.I. officials to advocate taking Apple to court, several current and former law enforcement officials said.



Tuesday, 08 September 2015 00:00

Uncovering the Real Value of the Cloud

Even though the cloud is becoming old news in the enterprise industry, there is still a lot of work to do when it comes to creating the kinds of data environments that meet the performance needs of emerging workloads.

In many cases, the cloud just sort of happened to the enterprise and was simply incorporated into legacy infrastructure with varying degrees of success. The main job going forward, then, is to transform the cloud from a collection of parts into a unified ecosystem, which in all likelihood will prove to be as difficult a job as it was in the local data center.

According to a new report by Logicalis, the divergence of technology and capability across the cloud is substantial. Particularly when it comes to key requirements like data protection, disaster recovery and networking services, clouds can range from basic consumer-level functionality to the ultra-scalable, ultra-secure environments required of health care, financial and other industries. This means the typical enterprise has to worry just as much about over-performance in the cloud as under-performance. The best way to handle this, of course, is to gain a realistic view of the workloads you intend to migrate and the levels of service they require—particularly in areas like uptime, data replication/retention and infrastructure support.



Tuesday, 08 September 2015 00:00

Appreciating the IT Labor Factor

While this is the week the United States celebrates the contributions organized labor movement played in the development of the country, it’s also a good time to appreciate the critical role IT labor plays in the success of any MSP.

More often than not the biggest limiting factor that any MSP faces today is its ability to attract IT talent. The simple fact is that IT has never been more complex to manage. The problem is that finding and retaining people with not only the right IT skills but just as importantly the right attitude, has never been more difficult.

Nowhere is that a bigger issue than in the realm of security, where the unemployment rate for IT professionals with IT security expertise is essentially zero. For that Larry Cecchini, president and CEO of Secure Designs, a provider of managed security services based on Greensboro, North Carolina, said one of the most important decisions his company ever made was to set up shop near seven different local colleges. While Secure Designs does everything it can to hold on to talent, Cecchini said the MSP relies heavily on talent recruited from local colleges to replenish its ranks. Given the fact that many of those students have ties to the local area, Cecchini said it’s a lot more practical to grow his own talent base than it is to hope the right candidate someday wants to move to Greensboro.



Tuesday, 08 September 2015 00:00

McAfee report shows ransomware on the rise

The three months to June 2015 saw ransomware continue its unstoppable rise as one of the most common risks to business data worldwide.

This is according to McAfee Labs’ latest Threats Report, published on September 1st, in which the antivirus vendor said it had detected 58 per cent more new samples of the malware type over the quarter than it did between April and June 2014.

Commenting on the figures, Raj Samani of Intel Security also noted that ransomware has become simpler to deploy due to “crimeware services that provide attackers with user-friendly graphical user interfaces or consoles to customise attacks”.

“All attackers have to do is fill in the email addresses they want to target and wait for the money to come rolling in,” he told Computer Weekly.



Now that enterprise infrastructure is gravitating toward more modular, white-box configurations, attention has shifted up the stack to find ways to squeeze more performance from virtual and cloud-based data environments.

The need for advanced software-based architectures has long been apparent, but it is only lately that IT executives are starting to take a serious look at how they are to be designed. How flexible should they be? How much automation is required? What sort of life expectancy is reasonable? And who, or what, should be responsible for management, governance and oversight?

The answers floating around these days run the gamut from stolid, predictable architectures that can be provisioned and scaled to meet emerging data loads to free-wheeling, application-centric designs capable of building themselves up and tearing themselves down on a whim. The emerging discipline of Enterprise Architecture is dedicated specifically to guiding the enterprise through these seemingly contradictory approaches.



Tuesday, 08 September 2015 00:00

HP Advances IT Security Analytics

In a development that could provide a lot of relief to IT organizations pressed by IT security challenges, Hewlett-Packard this week unveiled an appliance through which it will apply analytics delivered via the cloud to simplify IT security along with an update to its Fortify application scanning software that makes use of machine learning to more accurately identify potential security issues.

At the HP Protect 2015 conference, HP unfurled an HP DNS Malware Analytics service that makes use of an appliance that gets installed next to a DNS server. As network traffic moves through that appliance, an HP cloud service analyzes it to identify clean traffic.



PHILADELPHIA – FEMA Region III has developed a planning integration guide titled Plan Integration: Linking Local Planning Efforts, which is aimed at helping communities link mitigation principles and actions with various community plans in order to increase community resilience. The guide leads planners and community officials through synchronizing plans and facilitating interagency coordination to reduce risk before and after a disaster.

Use of the planning integration guide enhances risk reduction through community-wide planning by improving coordination; developing specific recommendations for integration into community-wide plans; compiling existing plan measures to include in your hazard mitigation plan; and meeting the Local Mitigation Plan Review Tool requirement to integrate hazard mitigation.

“The guide, Plan Integration: Linking Local Planning Efforts, is a tool communities can tap into to strengthen resiliency through enhanced hazard mitigation planning. Community resilience is directly tied to recovery, which means this resource has the potential for impacting all phases of the full disaster cycle,” said FEMA Region III Regional Administrator MaryAnn Tierney. “This kind of pilot program lays the foundation for stronger resilience in any community. When community planners who live and work in communities set their own resilience priorities they take ownership of mitigation planning and the enthusiasm that generates inspires others to do the same – and that can help jump-start even more widespread success.”

The planning integration guide uses step-by-step instructions and a checklist, real-world examples from communities, and illustrations to assist in gathering and organizing information. Through use of the guide and its resources and tools, communities can develop their own plan integration document as well as identify where gaps exist and develop strategies to address the gaps. The end result of this effort is a synchronized planning effort to increase community resiliency and reduce the risk posed by disasters.

Plan Integration: Linking Local Planning Efforts  is available at https://www.fema.gov/media-library/assets/documents/108893. For further information about the guide, contact This email address is being protected from spambots. You need JavaScript enabled to view it..

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, the District of Columbia, Maryland, Pennsylvania, Virginia and West Virginia.  Stay informed of FEMA’s activities online: videos and podcasts are available at fema.gov/medialibrary and youtube.com/fema. Follow us on Twitter at twitter.com/femaregion3.

(MCT) - Missed warning signs, lack of communication and inadequate training hampered the treatment of the man who became the nation’s first patient diagnosed with the deadly Ebola virus, a panel of independent experts concluded.

But the lessons learned from the Dallas case could mean the next Ebola patient will get a faster diagnosis — and perhaps a quick trip out of a local hospital and into a specialized treatment center with staff experienced at handling the infectious disease, officials said.

The conclusions were reached by a panel of five medical experts who volunteered their time to analyze the treatment of Thomas Eric Duncan, a Liberian man who was admitted to Texas Health Presbyterian Hospital Dallas last September with symptoms later confirmed as Ebola.



(MCT) - Oil-waste disposal regulations that seem to have tamped down earthquakes in southern Kansas are set to expire in less than two weeks, the chief of the Kansas Geological Survey said Wednesday.

But while quakes have declined in recent months, Rex Buchanan, the interim director of the geological survey, cautioned against complacency.

“In spite of the fact activity has been lower over the last few months, I don’t think there’s anybody in my world who views this problem as one that has gone away or is going away,” Buchanan said. “I think we would be pretty short-sighted if we did look at this that way. We’ve got to look at other places and we’ve got to be better prepared than we were last time.”

The Kansas Corporation Commission passed regulations in March to limit the underground disposal of saltwater that comes up with the oil pumped out of wells mainly in Harper and Sumner County.



Tuesday, 08 September 2015 00:00

Healthcare Cyber Attacks On the Rise

Even as Health Insurance Portability and Accountability Act (HIPAA) regulations take hold, a potentially rewarding vertical market for cloud adoption can be found in healthcare technology. The demand on managed service providers (MSPs) will continue to increase as the industry’s need to secure data storage and cloud-based file sharing grows.

A recent study from security research firm Ponemon found that cyber thieves are costing the U.S. healthcare system an approximate $6 billion annually. Criminal cyber attacks on the healthcare industry have increased a startling 125 percent within the past 5 years, and nearly 90 percent of survey respondents reported having some sort of data breach in the past 2 years.



(TNS) - Parents, officers are on duty to keep your children safe.

“If there isn’t a feeling of safety and security on campus, kids aren’t going to learn. They’re not going to feel comfortable there,” Jon Best, the district’s director of student services, said.

Sergeant Daniel Marmolejo doesn’t hesitate when approaching students at Redlands High School—not only because of his friendly and outgoing demeanor, but because during his 20 years working campus safety and security at the school, he has found that building relationships with students is an effective way to keep them safe.

The Redlands Unified School District has six safety and security officers each at Redlands, Redlands East Valley and Citrus Valley high schools. Orangewood High School has a lead security officer and another officer. The middle schools have a lead security person and some monitors who are employed throughout the day. Campus monitors are stationed at the elementary school campuses throughout the day.



PHILADELPHIA, Pa. – National Preparedness Month is here and FEMA Region III encourages everyone to take action to prepare. Beginning this month, FEMA Region III will use social media to promote a new preparedness campaign around hashtag “Throwback Thursday,” but with a preparedness focus (#tbtPrep). Region III will use this hashtag to focus on past regional and national disasters to help inform and guide preparedness actions so individuals and communities are better prepared. FEMA Region III will also push “Take Action Tuesday” (#TakeActionTue) messages, which will emphasize meaningful actions to build preparedness and reduce our risk to disasters.  Thursdays we remember.  Tuesdays we take action.

This social media campaign will ensure a constant drum beat of preparedness, providing everyone with the necessary tools.  FEMA Region III encourages the public, private businesses, organizations and individuals to use both hashtags to promote preparedness and guide meaningful actions to reduce individual and community risk.

Each of us can make a difference and promote preparedness. “By remembering past disasters and taking active steps to prepare today, we can reduce the impact that future disasters will have on all of us,” stated FEMA Region III Regional Administrator MaryAnn Tierney.

To take part, follow us on Twitter at twitter.com/femaregion3 and share preparedness information with your followers, family, and communities. For additional information on preparedness and to get involved, please visit FEMA.gov, Ready.gov, and America’s PrepareAthon!.

The CloudBridge Connector feature of the Citrix NetScaler appliance connects enterprise datacenters to external clouds and hosting environments.

With it, you can configure a CloudBridge Connector tunnel between two different datacenters to extend your network without reconfiguring it, and leverage the capabilities of the two datacenters. Having a CloudBridge Connector tunnel configured between the two geographically separated datacenters enables you to implement redundancy and safeguard your setup from failure.

The CloudBridge Connector tunnel helps achieve optimal utilization of infrastructure and resources across two datacenters. The applications available across the two datacenters appear as local to the user.

To connect a datacenter to another datacenter, you set up a CloudBridge Connector tunnel between a NetScaler appliance that reside in one datacenter and another NetScaler appliance that reside in the other datacenter.



Friday, 04 September 2015 00:00

Enterprises warned not to ignore shadow IT

Rather than ignore or attempt to block the use of unsanctioned apps and devices in the workplace, organisations should seek to understand what it is that actually drives their users to shadow IT.

This is according to Julian Cook, director of UK business at M-Files, who warned today (September 3rd) that only by working together with employees can enterprises combat the security risks caused by the use of technology outside of IT’s control.

“Understanding the use of unauthorised devices and apps will allow stakeholders … to identify and agree sanctioned solutions,” he said, arguing that this will support “both security and data protection across the business”.



(MCT) - Fort Lauderdale, Fla. City commissioners fear the regional 911 dispatch system the city joined a year ago isn't doing the job it was supposed to, and is putting visitors and residents at risk.

They're asking City Manager Lee Feldman to come up with a Plan B — including the potentially expensive option of leaving the system — if the county can't quickly fix the emergency dispatch system's continuing problems.

Feldman sent a letter last week to County Administrator Bertha Henry critical of the "underperforming" system and requesting a meeting with the participating cities to discuss performance issues and how they will be resolved.



Given the pervasiveness of SaaS applications like Office 365 and Salesforce, you’d think we’d have a pretty good handle on SaaS data protection by now. But according to Jeff Erramouspe, we’d all probably be surprised by how many IT departments, users and executives have failed to fully understand the nuances of proper SaaS data backup and recovery.

Erramouspe is vice president and general manager of EMC’s Spanning unit, which provides data backup and recovery for cloud applications. In a recent email interview, Erramouspe shared some misconceptions about SaaS data protection, beginning with the notion that SaaS application data doesn’t need to be backed up:

While it is true that SaaS vendors do protect and replicate their customers’ data, they only do it to protect the customer from problems on the SaaS application infrastructure side, such as server failures or drive crashes. They don’t necessarily provide bullet-proof protection from user-driven data loss. You’d be surprised by how many experienced IT professionals don’t know this. While the cloud is a great place to cost-effectively run applications, accidental deletion and other mistakes can cause losses from which Google, Microsoft, and Salesforce.com can’t always help you easily recover. For Google, its policy states that if you permanently delete something, it’s not recoverable—it’s gone forever. Salesforce has a paid service to get data back, but it is expensive ($10,000 per incident), takes time (as much as up to three weeks to get started) and it only commits to best efforts—most data can’t be restored in full. And the Microsoft Office 365 SLA doesn’t include data recovery, despite the belief of many customers that it does.



Small businesses not prepared for disaster

Three in four small business owners in the US do not have a disaster recovery plan, but more than half say it would take at least three months to recover from a disaster. For companies with fewer than 50 employees, only one in five (18%) have a disaster recovery plan. That is according to a new survey of US small business owners conducted by Harris Interactive on behalf of Nationwide Direct and Member Solutions.

Small businesses are least likely to have disaster recovery insurance,” says Mark Pizzi, president and chief operating officer of Nationwide Direct and Member Solutions. “And yet they are the ones most affected by a disaster. That’s why it’s essential for small businesses to have a disaster recovery plan.”

For many without a plan for their business, disaster recovery is simply a low priority (34%). Time (11%) or cost (15%) both play less of a role in the decision not to have a written disaster recovery plan in place. Nationwide Direct note that America's small business owners may be feeling overconfident as one in four (26%) believe the likelihood of a natural disaster occurring in their area is slim and just over one-third (37%) say climate change and the weather phenomenon El Nino have decreased the likelihood of a natural disaster impacting their business.

Perhaps that overconfidence is also reflected in the Business Continuity Institute's latest Horizon Scan report which showed that business continuity professionals working for SMEs globally were less concerned about the prospect of a natural disaster than larger organizations. For example, with adverse weather only 41% expressed concern about this threat materialising, whereas this figure was 55% for larger organizations.

Assumptions can be the downfall of even the best Business Continuity Plan (we’ve addressed that issue in an early blog).  Sometimes it’s not the overt assumptions we make (“All critical IT systems will be available within 4 hours of the disruption.”) but the ones we don’t realize we’ve made that may jeopardize our ability to recover – or sustain a recovery.

Chief among these, of course, is the unspoken assumption that our Plan will work, everything will be restored in short order and our business will be back to ‘normal’ within hours – or at worst in a day or two.  It’s a common assumption.  Even if it’s not written into the Plan, that short recovery horizon may be implied -simply because we don’t plan for what we may need if the recovery takes longer (a week or a month or more).  It is curious that many organizations don’t plan for prolonged disruptions – especially when the majority of Business Impact Analyses (BIA’s) ask about impacts over extended time periods.  Why ask a process owner what resources they’ll need 4 weeks after the disruption – then only require them to plan for a 48-hour recovery?



Most IT organizations spend a fair amount of time trying to figure out the actual cost differential between delivering IT services via a public cloud versus on premise. There’s no doubt that virtual machines running in a public cloud are going to be less expensive, but when all the costs of delivering an IT service are fully loaded, the public cloud is not always the cheaper choice.

To help IT organizations sort through that financial morass, Cloud Cruiser this week announced it has added CloudSmart-Now templates to its cloud financial management service. The templates make it simpler for IT organizations to figure out their true costs across hybrid cloud computing environments.

Deirdre Mahon, chief marketing officer for Cloud Cruiser, says the templates were built around a service that collects cost data from Amazon Web Services (AWS), Azure, Windows Azure Pack (WAP), VMware and Openstack. The entire IT financial analytic service can be set up in as little as five days and continually monitors pricing changes being made by the “Big Five” cloud service providers. Using that data, IT organizations can then make a more intelligent choice about where to host any given application workload.



Friday, 04 September 2015 00:00

Value Proposition of Resilience

The degree of interdependence across critical infrastructure sectors has been amplified by globalization, advanced technologies and supply chain pressures. Our team at Johns Hopkins University Applied Physics Laboratory is studying — through modeling, analyses and empirical research in places such as the Port of Baltimore and Austin, Texas — the measurable impact of disruptive events, governance and societal demands upon resilience ecosystems in bounded geographic areas.

Governments, communities and individuals are not helpless in the face of natural disasters like Typhoon Haiyan, the category-5 super typhoon that struck the Philippines in November 2013, killing thousands and displacing hundreds of thousands. There are practical safeguards that can be designed within the multidisciplinary worlds of engineering, cyberphysical, and the social, behavioral and economic sciences if we systematically identify the independent variables that contribute to critical infrastructure interdependencies, conduct analyses that support a generalizable model, and test these methods under simulated and real-world conditions. Drawing from the principles of collective action theory and computational analytics, our studies are seeking to quantify the cost accounting and value proposition behind resilience by integrating economic factors into the research.



SAN DIEGO, Calif. – This is Part 3 in a series that explores the innovative and highly effective ways that organizations can strengthen their response to a cyber-attack. This series is written by CAPT. Mike Walls, former Commander of U.S. Navy Cyber Readiness and current Managing Director, Security & Operations at EdgeWave.

A professional Red Team is a group of highly trained specialists in a given field that can effectively analyze a problem from an adversarial perspective. Although their backgrounds are diverse, all Red Team members are at the top of their field, many of whom started out within the US Military's Cyber organizations. This piece will uncover who Red Team members truly are, what they do and why we should trust them.

With their help and expert insights, we can better prepare for tomorrow's battle against cyber criminals.

Click HERE to read the full blog post

Thursday, 03 September 2015 00:00

A Value-Based Approach to Risk Management

CEOs drive their organizations to pursue opportunities with the objective of building and sustaining long-term enterprise value. It is what the Board of Directors expects. In the book Built to Last, one of the principles asserted by the authors is that a company sustains itself by setting “big hairy audacious goals” requiring the commitment of its personnel working outside their comfort zone.[1] That is exactly what a good CEO does. Everyone knows that the status quo is a non-starter in a rapidly changing environment. Anyone standing still is likely to get run over.

Within this context, what is the role of risk? Many argue that risk management should contribute value. While this assertion is easy to make, what does it really mean? And what is the Board’s role from a risk oversight standpoint to ensure a value-based approach?

There are two ways of looking at this topic: the strategic view and the proprietary view.



KANSAS CITY, Mo. – This is the first week of National Preparedness Month (NPM) and in the Midwest it’s off to a roaring start with active outreach and conversations meant to inspire individuals and families to take action and prepare for flooding—the most common and costly disaster in the United States. Yes, it can happen where you live!

During this first week of NPM, the U.S. Department of Homeland Security’s Federal Emergency Management Agency’s 10 regional offices; county and local emergency managers; other federal agencies; businesses; voluntary and other organizations; as well as families and individuals will use news releases, social media, educational activities and events to promote the message that preparing for floods is important for protecting lives, livelihoods and properties.

“Flooding is fresh on the minds of many people in Iowa, Kansas, Missouri and Nebraska. With so much flooding during the past few months, it’s a good time to consider the true risk,” said FEMA Region VII Regional Administrator Beth Freeman. “But it’s not enough to simply realize flooding is a real threat for us all. This month, this week, today, we hope everyone will take action to develop and practice a family emergency communication plan for hazards like flooding. This year our theme is, 'Don’t wait. Communicate. Make your emergency plan today.'”

Fewer than half of Americans have taken the time to plan what they will do if there is an emergency. Sitting down and developing a communication plan with loved ones doesn’t cost a thing, but can save a lot if a flood or another disaster impacts you and your family.

In addition to floods, hurricanes, wildfires, tornadoes and earthquakes also occur frequently and devastate lives across the country every year. To encourage disaster planning for all hazards, FEMA and the Ad Council just launched a new series of public service announcements (PSAs) in English and Spanish, at www.ready.gov/september,  The PSAs direct audiences to www.ready.gov/communicate for tools and resources to help develop and practice a family emergency communication plan.

Managed and sponsored by the Ready campaign, National Preparedness Month is designed to raise awareness and encourage Americans to take steps to prepare for emergencies in their homes, schools, organizations, businesses, and places of worship. National Preparedness Month is an opportunity to share emergency preparedness information and host activities across the country to help Americans understand what it truly means to be ready.

National Preparedness Month Weekly Themes

•Week 1 (September 1–5)  Flood

•Week 2 (September 6–12)  Wildfire

•Week 3 (September 13–19)  Hurricane

•Week 4 (September 20–26)  Power Outage

•Week 5 (September 27–30)  Lead up to National PrepareAthon! Day, September 30

National Preparedness Month culminates with National PrepareAthon! Day on September 30 when cities and counties across the country are planning community-wide events bringing together schools, their business community, government, faith leaders, hospitals, individuals and families, and others to participate in preparedness drills and activities for hazards that are relevant to their area.

For more information visit Ready.gov/September or follow the campaign on Facebook, at https://www.facebook.com/readygov, on Twitter, at https://twitter.com/Readygov,  or for FEMA Region VII, www.twitter.com/femaregion7. For more information about events for America's PrepareAthon throughout September, and for National PrepareAthon! Day information, visit www.ready.gov/prepare.

Quick facts to consider as you plan:

•Text messages and social media can be better ways to communicate during an emergency when phone lines are tied up, or even not working.

•Homeowners and renters insurance don’t cover floods

•Talking to children about emergencies and involving them in the planning process helps children feel they have some control over what could happen during an emergency. It can also make recovery much easier on everyone.

Follow FEMA online at www.twitter.com/fema,  www.facebook.com/fema,  and www.youtube.com/fema.   Find regional updates from FEMA Region VII at www.twitter.com/femaregion7.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.  The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

This week, G DATA claimed that rogue retailers are installing malware on Android-based phones from China and selling them on the open market.

This is a supply chain issue, since the problem is occurring before the devices are sold, and so far, the issue has mostly impacted Chinese consumers—though some infected phones have been found in Europe. The malware has been found on more than 20 brands of mobile phones. The article from eWeek suggests that it “underscore(s) the current difficulties in securing technology as it moves through the supply chain to its destination.”

What we must realize is, supply chain issues are more widespread and have a far different profile than just a few shadowy characters intercepting crates of phones on a dock somewhere:

In 2013, classified documents leaked by former contractor Edward Snowden showed that the U.S. National Security Agency and other national intelligence agencies have regularly infiltrated supply chains feeding technology to countries of interest to compromise devices that act as electronic moles, according to the documents. Devices from Cisco, Dell and other manufacturers, for example, have all been modified in transit to their destination to include implants to enable NSA monitoring.



(MCT) - When you call 911, you're not likely to be at your calmest.

The Beaufort County Sheriff's Office new Smart911-- a program created to get information to dispatchers quicker -- could mean you get help faster throughout the county and on Hilton Head Island.

The website, unveiled Monday, allows residents and businesses to create a free, safety profile online that lists health information, names and photos of family members, pets in the home, floor plans, vehicle details and emergency contacts.

"We are trying to target as many residents as possible," Maj. David Zeoli, deputy division commander of the sheriff's office emergency management division, said. "The more the better."



Thursday, 03 September 2015 00:00

VMware Plays the Hybrid Cloud Card

When it comes to all things cloud, VMware has a vision that generally aligns with the way most internal IT organizations see the cloud computing world: The cloud is an extension of IT environments that will continue to run on premise for a very long time.

At the VMworld 2015 conference this week, VMware reaffirmed that vision of IT with the launch of a Unified Hybrid Cloud Platform that enables IT organizations to invoke object storage, a database-as-a-service offering based on Microsoft SQL Server and disaster recovery capabilities via the VMware vCloud Air cloud service. At the core of that offering is the EVO software-defined data center (SDDC) software, which VMware is building out as its base management platform.

Mark Chuang, senior director of product marketing and product management for VMware, says the primary VMware goal is to make it easier for IT organizations to consume a broad range of emerging technologies at a higher level of abstraction by using SDDC software. Without that capability, most internal IT organizations would not be able to absorb the costs associated with stitching all those technologies together on their own.



Thursday, 03 September 2015 00:00

Datto Expands Technical Support

Datto is now offering free technical support to its managed service provider (MSP) partners and end customers for all its products 24 hours a day, seven days a week.

The Norwalk, Connecticut-based backup and disaster recovery (BDR) solutions provider has expanded its customer support options to include Datto Backupify solutions.



Two governors, on opposite sides of the country, took executive action to beef up cybersecurity in their respective states on Monday, Aug. 31. California Gov. Jerry Brown and Virginia Gov. Terry McAuliffe both instituted aggressive cybersecurity orders to prepare for and defend against potentially damaging cyberattacks in their states.
While both mandates are geared toward the implementation of better cyberprotection protocols, Brown’s order outlined the need for a multi-stakeholder California Cybersecurity Integration Center (Cal-CSIC) under the state’s Office of Emergency Services (OES).
Brad Alexander, spokesperson for the OES, said the newly announced center will serve as a single location for cyberthreat reporting and will help to ensure best practices are adopted across the state’s public and private sectors.
Thursday, 03 September 2015 00:00

MSPs: Remain Compliant in Any Industry

One of the best ways for managed service providers (MSPs) to expand their client base is by reaching out to new industries. This produces a large pool of potential new clients and can build an MSP’s reputation, customer trust, and brand recognition.

With any venture into new industries, MSPs need to be certain that they comply with the regulations and legal requirements specific to that sector. This not only ensures that an MSP operates within the boundaries of the law when managing and archiving often-sensitive data over cloud-based file sharing, but helps the MSP to gain additional expertise that will make its services indispensible to new clients.

Businesses are struggling to protect data. As much as 20 percent of the files shared insecurely over the cloud contain personal information that should be made public according to compliance laws. This is a prime opportunity for MSPs to build their client base by reaching out to businesses that handle private information, providing them with a secure data management system.



As IT leaders have grown more comfortable with the security of software-as-a-service offerings and cloud storage, they also have started turning to cloud-based managed security services. For both commoditized basic services such as vulnerability testing and cloud security gateways to more sophisticated identity management and threat analysis, public-sector chief information security officers are growing more willing to consider managed security service providers (MSSPs).

Cost savings are one obvious consideration, but so is the fact that state and local governments are finding it next to impossible to compete with the private sector for cybersecurity talent. In a 2015 NASCIO state government IT workforce study, 67 percent of respondents said security was the most difficult position to fill and retain.

“Security is becoming highly specialized, and we are having a very difficult time finding appropriate people to do in-house security,” said Ralph Johnson, chief information security and privacy officer of King County, Wash., whereas a managed security services team often has the expertise and concentration he needs. For example, King County uses a managed security service for its network log and security event management. “For me to appropriately run that with an in-house solution, I would have had to hire three staffers and that would have been their sole function,” Johnson explained. “That would cost me $1.5 million over five years. I got a managed security product from a vendor that cost me $850,000 over the same time period.”



Wednesday, 02 September 2015 00:00

Three Steps to Protecting Your Clients' Business

As a whole, small businesses are tremendous economic engines–creating jobs, stimulating growth and fostering innovation. Unfortunately, their size makes them especially vulnerable to catastrophic incidents such as fire, flood and extreme weather events, as well as to more localized problems including equipment failures, theft, and cybercrime.

Anxiety about the impact of these risks on SMB clients can keep MSPs and IT solution providers awake at night, and rightly so. The cards aren’t stacked in the SMBs’ favor. For example, according to the Federal Emergency Management Agency (FEMA), 40 percent of businesses don’t reopen after a disaster, and another 25 percent fail within one year following the catastrophe. Fortunately, MSPs and IT solution providers are uniquely qualified to help their SMB clients prepare for any impending disaster, whether natural or man-made, and have the tools and processes in place to ensure that catastrophes–should they strike–don’t spell the end to the business.



Wednesday, 02 September 2015 00:00

Why All Businesses Need an Emergency Response Plan

Hardly a day goes by that we don’t hear a news story involving an emergency: weather catastrophes, fires, intense medical situations and occasionally the angry gunman. If any of these situations occurred in your place of work, would the staff know what to do, who to contact or where to go? And afterward, would anyone have information about how to access critical documentation and company information if the business was destroyed or otherwise unable to be open for business?

A detailed emergency response plan provides guidance for employees in the event of a disaster. Having a plan will help workers make it through the chaos and to a safe location or assist personnel in getting medical assistance should it be needed.



WASHINGTON  – Disasters like floods, hurricanes, wildfires, tornadoes, and earthquakes are a harsh and frequent reality for much of the country. According to a recent survey conducted by FEMA, progress has been made; however, fewer than half of Americans have discussed and developed an emergency plan with their household.

Today, the Federal Emergency Management Agency (FEMA) and the Ad Council launched a new series of public service announcements (PSAs) to encourage families to develop an emergency communication plan before a disaster occurs. An extension of the national Ready campaign, the new PSAs launch in conjunction with the 12th annual National Preparedness Month, serving as a reminder to take action to prepare for the types of hazards that could impact where you live, work, and vacation.

"The last thing you want to be worried about during a disaster is how to communicate with your family members," said Administrator Craig Fugate. "Have that conversation today. It doesn't cost a thing."

The new campaign includes English and Spanish-language TV, radio, outdoor, print and digital PSAs. Created pro bono by Chicago-based advertising agency Schafer Condon Carter, the PSAs illustrate the importance of having a family plan in the event of an emergency by showing real emergency moments and asking the question, “when is the right time to prepare?”  The viewer is encouraged to develop a family emergency communication plan through the clear message, “Don’t wait. Communicate.” The PSAs direct audiences to Ready.gov/communicate for tools and resources to help develop and practice a family emergency communication plan.

“Through the Ready campaign, we’ve made a lot of progress educating and empowering Americans to prepare for all types of emergencies but there are still so many families that don’t have a plan, said Lisa Sherman, President and CEO of the Ad Council. “Having these conversations is really important and can have a big impact on our families’ safety in the event of a disaster.”

“SCC is honored to work with the Ad Council and FEMA on the Ready campaign,” said David Selby, President and Managing Partner of SCC. “This new campaign provides powerful imagery and a critically important call-to-action that we hope will cause individuals and families to pay attention, lean in and, ultimately, take action.”

Localized television and radio PSAs were created and will be available for 27 states, Guam, the U.S. Virgin Islands, Washington D.C., and New York City as part of an ongoing collaboration with state and local emergency management partners. These PSAs drive audiences to their local organization’s website for resources and information pertinent to their area.

As an extension of the national Ready campaign, versions of the PSAs were created for Ready New York, a local initiative that was launched in partnership with the New York City Office of Emergency Management in 2009. Tailoring the message to the unique challenges faced by people living in New York City, audiences are directed to call 311 or visit NYC.gov/readyny, where they can find preparedness resources, including 11 Ready New York guides in 13 languages and audio format.

Managed and sponsored by the Ready campaign, National Preparedness Month is designed to raise awareness and encourage Americans to take steps to prepare for emergencies in their homes, schools, organizations, businesses, and places of worship. National Preparedness Month is an opportunity to share emergency preparedness information and host activities across the country to help Americans understand what it truly means to be ready.

National Preparedness Month Weekly Themes

  • Week 1 (September 1–5)  Flood
  • Week 2 (September 6–12)  Wildfire
  • Week 3 (September 13–19)  Hurricane
  • Week 4 (September 20–26)  Power Outage
  • Week 5 (September 27–30)  Lead up to National PrepareAthon! Day, September 30

National Preparedness Month culminates with National PrepareAthon! Day on September 30 when cities and counties across the country are planning community-wide events bringing together schools, their business community, government, faith leaders, hospitals, individuals and families, and others to participate in community-wide preparedness drills and activities for hazards that are relevant to their area.

Since the launch in 2003, the Ready Campaign has received nearly $1.2 billion in donated media. The Campaign helps to generate more than 92 million unique visitors to Ready.gov. The Ad Council is distributing the new PSAs to media outlets nationwide this week, and the PSAs will run in donated time and space.

For more information visit Ready.gov/September or follow the campaign on Facebook and Twitter. For more information about National PrepareAthon! Day, visit www.ready.gov/prepare.

Since its beginning in 2004, National Preparedness Month is observed each September in the United States. Originally created by the Federal Emergency Management Agency (FEMA), the campaign encourages people to make plans and preparations for emergencies in their homes, businesses and communities.

While it can be argued every month is a “preparedness month” for business continuity, IT and disaster recovery professionals, September is nevertheless a good time to take stock of contingency plans and communicate important resiliency concepts to employees, suppliers and other stakeholders. Here are a few things you might consider in order to take advantage of the national focus on preparedness.

Encourage employees to have a family preparedness plan.

Business continuity plans rely on people to carry them out. The expectation is individuals will be available and willing to address the business crisis at hand. However, if the safety and security of employee’s families is uncertain, it will difficult, if not impossible, for them to focus on work-related responsibilities. Having a family preparedness plan in place will provide the employee with a measure of comfort and security, and as such, should be encouraged by the employer.



(MCT) - The night of June 26, 72-year-old Robert Miller was wading through a foot and a half of standing water in his garage despite an infection on his leg, trying desperately to salvage his belongings that were damaged in a 100-year rainstorm.

"You ain't got time to think," Miller said. "You're just running, trying to grab."

The Waverly Road resident was out of town when the 1,000-year storm hit Jeffersonville a little more than two weeks later. He said if his daughter, Karen Wigginton, and her husband hadn't come to his empty home, he would have lost his cars and countless other possessions.



(TNS) - When Hurricane Katrina battered the Gulf Coast, Georgia threw open its doors, exposing the state’s character as it improvised to help tens of thousands of needy evacuees. But the storm also exposed weaknesses and gaps in the state’s emergency operations, with lines that stretched as long as football fields and confusion about who was in charge of what.

Government and non-profit groups here say they have tackled shortcomings that hobbled their response to the huge storm a decade ago. But some systemic challenges remain that could hamper the state’s ability to handle a future disaster, according to a review by The Atlanta Journal-Constitution of public records and interviews with state, local officials and non-governmental leaders.

The early response to Katrina in Georgia was plagued by communication missteps and turf battles. In particular, the region’s balkanized government made it tough to coordinate a response. The same problems, according to experts, became apparent during the 2014 ice storm that paralyzed the region.



Tropical Storm Erika came along right on cue to bring thoughts of disaster readiness on the eve of National Preparedness Month.

Macon-Bibb County Emergency Management Agency Director Spencer Hawkins was tracking the storm last week.

"We're watching and waiting," Hawkins said. "We are watching this very closely."

Although the storm fell apart after assaulting the Caribbean, it was poised to track up through Macon and Middle Georgia.

If it had held together, Macon could have seen heavy rain, flooding and gusty winds capable of bringing down trees and power lines.



Wednesday, 02 September 2015 00:00

The Myth of the RTO

This is the 1st in a series of articles examining the “myths” of today’s Business Continuity Management industry. 

In a standard, methodology-driven BCM program, much of the industry follows the RA-BIA-Strategy-Plan Development cookie-cutter path, assuming that of all of these will lead to a viable and sustainable Business Continuity Planning program.  Industry ‘experts’ cling to this methodology mainly because the cookie-cutter approach is easy to follow.  But, does the outcome reflect the needs of the organization?

Recovery Time Objective (RTO), as a key driver of a BCM Program, must be examined.   In the early days, RTO was a useful indicator of recoverability.  BCM today has evolved from IT Disaster Recovery of the 70’s – when the focus was on restoration of mainframes.  Once you understood how long it would physically take to recover the mainframe, it was simple to set a Recovery Time Objective – based on that capability.



Wednesday, 02 September 2015 00:00

Securing the Internet of Things

Cloud technologies have taken the business world by storm, bringing with them greater agility, flexibility, and cost savings. Unfortunately, it’s becoming more and more apparent that many IT professionals don’t understand how to effectively manage cloud usage in their companies. Cloud-based file sharing is a particular sore spot for IT departments that are trying to keep up with the ever-growing Internet of Things (IoT). 

The IoT is capable of enabling companies to create new revenue models and cut costs by connecting more “things” to the network that can collect essential data. With so much data being stored in the cloud, security is a serious concern for every business owner. After dissecting a recent Ponemon Institute study commissioned by data security specialist SafeNet, Nathan Eddy of eWeek wrote:

70 percent of respondents agree that it is more complex to manage privacy and data protection regulations in a cloud environment, and they also agree that the types of corporate data stored in the cloud—such as emails, and consumer, customer and payment information—are the types of data most at risk.



Digital identities are being exploited on a routine basis by sophisticated cybercriminals, a new study from ThreatMetrix found.

No surprise there, but "ThreatMetrix Cybercrime Report: Q2 2015," based on attacks the security technology company detected between April and June 2015, uncovered a number of unforeseen trends.

For one, increasingly sophisticated attackers were increasingly targeting diverse data sets to effectively stitch together consumers' credentials. And new account creation continued to be at high risk as fraudsters use stolen credentials harvested from massive breaches.



By Saul Haro

Sometimes the missing pieces of a puzzle can be right in front of you.

That’s how it was for me and my colleagues a few years ago. We were working in the supply chain and import/export group of a major automotive parts manufacturer and tasked with making sure operations moved smoothly.

It goes without saying that the automotive industry is huge, with hundreds of suppliers contributing parts and services to a single vehicle. But for context, consider that Toyota estimates the average car consists of about 30,000 individual parts – parts that have to be ordered, procured, shipped, delivered, received, installed, and tested. In this light, it’s easy to understand just how important managing the supply chain process can be to a successful production process.



The Weather Company delivers, on average, 15 billion weather forecasts to consumers and businesses every day. That’s an increase of more than 25-fold in the past five years, says Mark Gildersleeve, president of the business division of The Weather Company, which also owns the Weather Channel. The Weather Company is partnering with IBM to deliver those forecasts in real-time for 2.2 billion locations across the globe – a feat that would have been unthinkable without the recent advancements in cloud, mobile and data analytics. The Smarter Planet caught up with Gildersleeve to talk about how these new tools and technologies have improved forecasting and changed his business.



Tuesday, 01 September 2015 00:00

How COSO Destroyed Risk Management

“The Committee of Sponsoring Organizations of the Treadway Commission (“COSO”) was organized in 1985 to sponsor the National Commission on Fraudulent Financial Reporting, an independent private-sector initiative that studied the causal factors that can lead to fraudulent financial reporting. It also developed recommendations for public companies and their independent auditors, for the SEC and other regulators, and for educational institutions.

The National Commission was sponsored jointly by five major professional associations headquartered in the United States: the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), The Institute of Internal Auditors (IIA), and the National Association of Accountants (now the Institute of Management Accountants [IMA]). Wholly independent of each of the sponsoring organizations, the Commission included representatives from industry, public accounting, investment firms, and the New York Stock Exchange.



Aug. 29, 2015 marked the 10-year anniversary of Hurricane Katrina. During the storm and the ensuing chaos, 1800 people lost their lives in New Orleans and across the Gulf Coast. Many of these deaths, as well as the extensive destruction, could have been avoided or minimized if there had been better planning and preparedness in anticipation of just such an event, and if there had been much better communication and collaboration throughout the crisis as it unfolded. Responsibility falls on many from government officials (at every level) to hospitals to businesses to individuals. If there is any silver lining to such a destructive event, it’s that it forced many in the US to be much better prepared for the next major catastrophe. Case in point, in October 2012, Superstorm Sandy barreled through the Caribbean and the eastern US, affecting almost half of the states in the US. The storm caused unprecedented flooding and left millions without access to basic infrastructure and thousands without homes, but this time, about 200 people across 24 states lost their lives.



Shadow IT is happening in your company, and it is causing serious security problems.  My IT Business Edge colleague Arthur Cole reported on a recent Cisco study that found that CIOs really are in the dark when it comes to shadow IT, with the use of the forbidden apps 15-20 higher than anticipated:

On average, the report states, IT departments estimate their companies utilize about 50 cloud services while in fact the number is 730. And the discrepancy between reality and perception is growing quickly: One year ago, it was 7x, within six months it had jumped to 10x. At this rate, the number of shadow apps could top 1,000 for the average enterprise by the end of the year.

So, we know that employees are turning to shadow IT and we know that it is a serious security risk. That leaves the most important question: Why? What’s happening in the work place that has employees going rogue with their applications?



Tuesday, 01 September 2015 00:00

Man-Made Disasters, Global Impact

A New York Times article over the weekend takes a behind-the-scenes look at the recent deadly blasts at the port city of Tianjin in China.

The series of explosions and fire that began at a hazardous chemicals storage warehouse in the Binhai New Area of Tianjin August 12, leveled a large industrial area, leaving at least 150 dead and more than 700 injured.

As reported by the NYT, the lack of safety and oversight at the third largest port worldwide is shocking.



The never-ending quest to achieve trusted IT advisor status gets a lot of attention, but MSPs need the right strategy to get there. For some providers, the path to IT trusted advisor leads through the NOC (network operations center) and data analytics.

As MSPs mature and master remote service delivery, the imperative to constantly find new and different ways to add value for customers never goes away. If anything, it becomes more pronounced because of the inevitability of commoditization.

Partnering with a NOC vendor to deliver round-the-clock support and routine functions, such as patch management and systems maintenance, enables you to better focus on the consultative part of the business.



Today, we must demand of our software vendors that they support true, multi-platform hybrid clouds. And conversely, we must question why an ISV like VMware would claim all you need is “one cloud“…

Why? Citrix believes customers and partners want to support any application, available on any device, delivered from any cloud or even any infrastructure. After all, the ability to support multiple cloud  fulfills on the promise of hybrid cloud and multicloud computing. And at Citrix, this degree of choice and flexibility is core to our philosophy.

As Natalie Lambert recently pointed out, there are a variety of good reasons that customers demand the flexibility of using multiple clouds – to provide them with choices based on performance, compliance, security, avoidance of lock-in, and of course economics. But let’s also look at the data behind that, and see what the market really demands.



(TNS) - The desperate voices on the phone told emergency dispatchers Hurricane Katrina was much worse than anyone imagined — “We’re drowning!” — but until Desiree Hernandez stepped from the windowless bunker at a Biloxi, Miss., fire station into the air outside, she had no idea.

“I looked down to Highway 90 and there was nothing there,” she said. “And it was just so surreal. When you knew all the businesses — and you knew, ‘OK, that was Ruby Tuesday’s, that was the Shell station, that was that.’

“Where’s all the hotels? Where did all that stuff inside of all those buildings go? … Where are the signs? … Where did it go?”



(TNS) - New Orleans may sit nearly 900 miles from Wilmington, but that didn't stop the effects of Hurricane Katrina's 2004 landfall from reverberating all the way to the Port City and surrounding region.

While Wilmington was no stranger to hurricanes before the devastating storm, local emergency management officials were able to learn a few lessons from how Louisiana and the nation responded to the emergency. Those lessons could save lives if such a storm ever heads for Southeastern North Carolina.

Here are five of those lessons:



The cloud has come a long way since its genesis. In fact, most cloud professionals believe that cloud technology has passed its trial by fire, and stands today as a tried and tested technology. And yet, many survey results reveal that plenty of businesses continue to fear the perceived digital boogie man that is cloud data storage and cloud-based file sharing.

Case in point, the Cloud Security Alliance’s Cloud Adoption Practices & Priorities Survey found that 73 percent of participants cited a perceived lack of data security as holding back the adoption of cloud-based file sharing services. Another 38 percent thought that regulatory compliance unique to their industries were the number one reason why they chose not to move to the cloud.



Monday, 31 August 2015 00:00

BCM & DR: People Over Profil

There is an old adage that ‘you can’t put a price on life’ and I personally believe that. No amount of money will every replace a lost life due to a disaster or any other situation. After I recently heard a response to so some questions about Business Continuity and Disaster Recovery by a Senior Executive, I’m beginning to think that some organizations actually do put a dollar value on life – even if they don’t know they’re doing.

When an organization fakes its way through a disaster, pretending to show it has disaster response mechanisms in place, you’re putting the mechanism over the person, which means, you have put a dollar value on human life. Why? Because you didn’t put a response plan in place to protect those lives; if they were of value to your organization there would be some sort of BCM / DR program (and plans) in place. And not just a response program (BCM/DR program) but there are no risk mitigation protocols or management strategies in place to help reduce the impact of any potential threats and vulnerabilities. I know that’s kind of harsh but that’s really what’s happened, whether an organization knows it or not.



Most people still think of Bitcoin as the virtual currency used by drug dealers and shadowy hackers looking to evade the authorities.

But the innovations that helped turn Bitcoin into the most popular virtual currency are now being viewed as a potentially enormous disruptive force for several industries, including accounting, music and law.

Nowhere, though, are more money and resources being spent on the technology than on Wall Street — the very industry that Bitcoin was created to circumvent.

“There is so much pull and interest on this right now,” said Derek White, the chief digital officer at Barclays, the British global bank, which has a team of employees working on about 20 experiments that explore how the technology underlying Bitcoin might change finance. “That comes from a recognition that, ‘Wow, we can use this to change the fundamental model of how we operate to create our future.’”



In 2005, in the face of one of the largest natural disasters in U.S. history, Dr. Dan Sosin was called upon as a member of the United States Public Health Service to deploy to Louisiana and provide support to the state’s emergency response. Amidst the chaos and devastation from Hurricane Katrina, Dr. Sosin traveled to the state emergency operation center in Baton Rouge to serve as the emergency response liaison between the state Emergency Support Function (ESF) #8 and the federal ESF-8 response.

Headshot of Dr. Dan Sosin

Dan Sosin, MD, MPH, FACP, Deputy Director and Chief Medical Officer for CDC’s Office of Public Health Preparedness and Response

Today, Dr. Sosin is the Deputy Director and Chief Medical Officer for CDC’s Office of Public Health Preparedness and Response. With more than 10 years of experience working on emergency preparedness and response at CDC, Dr. Sosin took some time to answer our questions about his experience during the Hurricane Katrina response and how public health preparedness and response has changed throughout the last decade.

1. How did you get the call to deploy for Hurricane Katrina?  What was your role? 

I was called upon by the U.S. Public Health Service to serve in the Louisiana State Emergency Operation Center as a liaison between public health and medical (ESF-8) incident command staff at the state and the Federal levels. I helped match the needs of the state with the resources that federal government could supply. I arrived in Baton Rouge after Hurricane Katrina had hit and about one week before Hurricane Rita made landfall. My expertise and connections from working at CDC in the Office of Public Health Preparedness and Response helped me to better perform in my role as the state liaison officer but also better understand and connect with the larger scale federal response that was taking place.

 2. What was your experience like during this response?

It was intense. People were directly in harm’s way and needed immediate help. The demand was an around-the-clock, 24/7 job – you would work till you literally could not work anymore, at which point you would get some sleep and then return to the job.

The response was also an eye-opening experience for me in terms of seeing first-hand the scope and intricacy of a federal emergency response. I was fascinated by the sheer scale of resources that had to be delivered—everything from food to laundry supplies. In my role, I was able to see the moving parts from both sides—the state in desperate need of crucial aid and supplies and the federal government in the responsive role of identifying and delivering the proper aid and resources to the right place at the right time.

 3. What has changed in public health when it comes to responding to emergencies? 

CDC hurricane Katrina planning meeting in the CDC's Director’s Emergency Operations Center (DEOC), which took place August 2005.

CDC hurricane Katrina planning meeting in the CDC’s Director’s Emergency Operations Center (DEOC), which took place August 2005.

So much has changed in ten years. Everything from technology to public health services has evolved, and that has impacted the way emergency preparedness and response operates. For CDC, in our Office of Public Health Preparedness and Response, we see those changes in multiple areas. Some of the changes are clearly evident, like the innovations and updates that have been made to CDC’s Emergency Operation Center and new technological advancements in gathering data through geographic information systems and surveillance mechanisms.

There are also less obvious developments that have taken place in how we prepare for and respond to emergencies. Shifts in federal responsibility, better partnerships with state and local health departments, and improvements in logistics and staffing coordination have all made great strides in helping improve public health preparedness.

Ultimately through lessons learned and improvements made both during and after emergency responses, like Hurricane Katrina, CDC has significantly grown the scope, scale and readiness of the agency to respond to public health emergencies.

 4. What do you think was learned from Hurricane Katrina that makes CDC/PHPR better equipped to respond to public health emergencies today?

What stands out for me is that we learned about anticipating large scale emergencies and then identifying and understanding the needs of the most vulnerable populations during an emergency. Hurricane Katrina demonstrated the critical need for having plans in place for vulnerable populations that have medical and physical limitations.

Two CDC employees walking up the stairs of the Louisiana Superdome during clean-up after Hurricane Katrina

Inside the New Orleans, Louisiana Superdome during its restoration process, after serving as a temporary shelter for thousands in the wake of Hurricane Katrina.

In the realm of the public health response, we learned a lot about the health impact of evacuation shelters and medical shelters. We saw gaps where we could improve upon the pre-planning that goes into providing basic medical care after a disaster. After a disaster, it is not just the medical needs of those who become sick or injured from the event, but also the people that require everyday medical care, like those with diabetes, asthma, and other chronic conditions. For example, this insight influenced the planning in place for how we prepare our Strategic National Stockpile to provide medical resources after a disaster, and other mechanisms to ensure routine medications were available to people who needed them.

 5. How did the response change you? 

Overall, the whole experience gave me a renewed interest and commitment to emergency preparedness and response. Seeing first-hand the impact and importance of emergency preparedness reaffirmed for me the huge value that our work in emergency preparedness has at the federal, state, and local level. The hard work and dedication I saw from the people working day in and day out to ensure that progress was being made and help was being delivered to those who needed it was inspiring and something I will never forget.

The enterprise is rightly concerned about Big Data, but it isn’t so much the size of the volumes that should be causing consternation but the speed at which they need to be ingested and analyzed.

With knowledge workers increasingly gravitating toward the on-demand world of mobile computing, the enterprise needs to start replicating this functionality if it hopes to have any chance of maintaining control of its data. And since current architectures are already straining under the load generated by today’s applications and services, the enterprise will need an entirely new approach to enable real-time performance of Big Data loads.

Fortunately, this is not as daunting as it seems, although the challenges are still formidable. According to Infostructure Associates’ Wayne Kernochan, many of the tools already exist to provide high-speed data services; all the enterprise needs to do is find an effective way to deploy them. A key strategy will be to push Flash memory throughout the data architecture, essentially using it as a tiered extension to main memory. This, along with integration of existing databases into Big Data architecture, will allow the enterprise to better handle both speed and volume.



(TNS) -- The last time South Florida was walloped by a hurricane, apps were not even invented yet. We hope we won’t have to give them a test drive next week, but to be prepared we’ve compiled a list of some useful apps to track the storm and to use in the aftermath, provided we have service, of course.

In a related digital development, Google said Thursday that it has enhanced its weather forecasts and Public Alerts in Google Search to better track hurricanes. Now, when you search the web for information about particular storms, you may see a map showing your location in relation to the oncoming storm, visualizations of its forcasted track, wind severity and arrival time according to NOAA, and instructions for preparing and staying safe, from FEMA and ready.gov. The safety recommendations will be tailored to reflect the current status of the storm and the searcher’s current location.

Now, here is a sampling of apps you may want to download for your hurricane kit.



So, I am writing a complete Business Continuity Planning Governance Guide and Standards manual for one of my clients and it dawned on me that this process really is a neat little building block methodology that might best be simply explained through a “Twelve Days of Christmas”-like presentation.

This is NOT part of the manual I am creating, but, I thought I might share it with you.  So … here goes …



By Brandon Tansey, security research engineer, Lancope

The seemingly endless barrage of attacks on government and enterprise networks has made it clear that organizations need to be much more proactive when it comes to security. Deploying perimeter defences / defences like firewalls and antivirus, and expecting them to keep attackers off of your network, has become just plain foolish in the light of today’s increasingly complex threat landscape. Today it is not a matter of if, but when you will be attacked. Security success is no longer just about keeping threats out of your network, but instead about how quickly you can respond and thwart an attack when it happens.

Despite this scenario, many organizations still haven’t gotten it quite right when it comes to incident response. Here are ‘seven deadly sins’ that Lancope often sees companies committing when attempting to build an incident response function.



Frank Perlmutter

Hello everyone! It’s that time a year again. Our team of BCM consultants and product innovators, along with ResilienceONE software users will come together at the Disaster Recovery Journal (DRJ) Fall World 2015 Conference. For the fall conference, we are preparing a number of presentations and fun activities for attendees. These include:

  1. An exclusive peer-to-peer breakout session 2 (emergency session 2), Managing Global BC Programs as THE Lone Planner, on Monday, Sept. 28 from 2:45 to 3:45 PM PST. Joining me will be Keith Cantando, manager of Global Business Resiliency at Cisco Systems and Michael Lazcano, director of Global Business Continuity Services at Gap Inc. Both are ResilienceONE users who manage their BC programs efficiently. They will share their experiences, and offer strategies and current practices, including how to gain executive support, manage your time, create frugal innovation, and leverage your organization for amazing results.
  1. Formal product demonstrations of ResilienceONE BCM software, held in Sapphire Room 411B at the Hilton San Diego Bayfront Hotel, on Monday, Sept. 28 & Tuesday Sept. 29, 12:30-1:30pm PST & 5:30-6:30pm PST. Food and beverages will be served. We will showcase the latest features within ResilienceONE, including dynamic labeling via Smart Field Technology, which enables faster, more intelligent BC planning. The 5:30 demos will include Whiskey Tasting, featuring leading hand-crafted sprits specially selected by expert tasters.
  1. BCM exchanges during exhibit hours at Booth #401-403, where ResilienceONE users and our Strategic BCP team will offer insights and answer questions.

More details about these events can be found here.

Don’t forget to follow us on Twitter at the conference @strategicBCP or with the hashtag #drjfall.

I hope to see you in San Diego!



It’s that time of year again. College campuses are being flooded with students and faculty returning to begin another semester. For higher education institutions around the country safety is among their administrators’ highest priorities. Yet, when you have thousands of people working and living together the logistics of communication often proves difficult—classes are in session at different times, often spread across acres; students live in dorms and apartments both on and off campus; faculty and staff often commute long distances—how do you manage communication?

Adding an emergency notification service to your campus safety plan will allow you to broadcast alerts to all of your students, faculty, and staff in minutes no matter where they are. And, by using a self-registration feature, you can have them sign up for alerts quickly and easily. Or, you can integrate the notification service with the HR and enrollment databases already in place. It’s that easy.



The key question an enterprise must answer when a new technology becomes available is a very basic one: Is it necessary? In the case of 802.11ac, the question within that question, according to Craig Mathias, is whether the organization really needs the 1.3 gigabits per second (Gbps) throughput that it promises. This becomes an even more important issue in cases in which the move to 802.11ac requires the replacement of 802.11n and earlier access points (APs) that are not fully depreciated.

Mathias writes that there is a lot of life left in 802.11n APs, but there a couple of reasons to keep an eye on 802.11ac nonetheless. It is important for planners to keep in mind that the real throughput of 802.11ac is about half of the advertised 1.3Gbps speed. For the same reasons, however, all 802.11 variants only offer about half the speed that the marketers promise. Thus, appropriate apples-to-apples comparisons should be made. The second thing to plan against is the inexorable increase in per-user data requirements.



As a young programmer, I read a book by Michael Abrash which has provided me guidance through the years. “The Zen of Code Optimization” was published in 1994 and discusses graphics coding and performance using Intel 8086 assembly language, implemented under DOS. 

Today, it is $1.78, used, on Amazon and if you have a little time to kill, I recommend reading at least through chapter 3 where the author provides these words of wisdom.

“Assume nothing. I cannot emphasize this strongly enough-when you care about performance, do your best to improve the code and then measure the improvement. If you don’t measure performance, you’re just guessing, and if you’re guessing, you’re not very likely to write top-notch code.”



AUSTIN, Texas – Apply by Aug. 27 for assistance from FEMA or the U.S. Small Business Administration (SBA). You have every reason to do so. 

If you are among thousands of Texans affected by the severe storms, tornadoes, straight-line winds and flooding that occurred from May 4 to June 22, you may be eligible for a grant or low-interest loan from the SBA. If you answer YES to any of the following questions and were affected by the disaster, you may be eligible.

  • Are you a homeowner, renter or business of any size with disaster-related damage? 

  • Did you file an insurance claim for damage and have not received your settlement? 

  • Are you uninsured or under-insured and have unmet needs?

  • Do you need help applying because English is your second language?

  • Are you a Qualified Alien or the parent of a U.S. citizen in your household?

  • Are you a person with a disability or have an access or functional need?

  • Do you receive Social Security, Medicaid food stamps and are concerned help will affect your benefits?

  • Do you need help, but feel others need it more or that there won’t be enough assistance for everyone?

  • Do you feel you will not qualify for a low-interest loan?

If you have questions or concerns about applying for disaster assistance, call the FEMA helpline before the Aug. 27 deadline. Tell your friends and neighbors that help may be available, but they must register before the deadline.

Remember, FEMA grants do not have to be repaid and you are not required to accept an SBA loan. FEMA assistance is nontaxable and will not affect eligibility for Social Security, Medicaid or other federal benefits.

Find answers to questions on http://www.fema.gov/disaster/4223. Topics include rumor control, recovery information, recovery center locations and hours, links to apply for assistance and other resources, information about flood insurance, news releases, fact sheets, photographs and blogs.

You can apply for FEMA assistance online at www.DisasterAssistance.gov or by calling 800-621-3362 toll free from 7 a.m. to 10 p.m. (local time). Multilingual operators are available. Disaster assistance applicants who have a speech disability or hearing loss and use TTY should call 800-462-7585 directly; for those who use 711 or Video Relay Service (VRS), call 800-621-3362.

You also can visit a Disaster Recovery Center. Assistive equipment is available. To find the nearest DRC, go online to http://asd.fema.gov/inter/locator/home.htm.


All FEMA disaster assistance will be provided without discrimination on the grounds of race, color, sex (including sexual harassment), religion, national origin, age, disability, limited English proficiency, economic status, or retaliation. If you believe your civil rights are being violated, call 800-621-3362 or 800-462-7585(TTY/TDD).

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. 

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing This email address is being protected from spambots. You need JavaScript enabled to view it., or visiting SBA’s website at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

FEMA’s temporary housing assistance and grants for childcare, medical, dental expenses and/or funeral expenses do not require individuals to apply for an SBA loan. However, those who receive SBA loan applications must submit them to SBA to be eligible for assistance that covers personal property, transportation, vehicle repair or replacement, and moving and storage expenses.

Friday, 28 August 2015 00:00

The Word on Resilience

I was recently on a flight to Florida and had the opportunity to read an interesting article in Governing magazine. Titled The Word on Infrastructure, the story focused on the relative newness of the term “infrastructure” and traced its evolution, explaining how it has become much more prevalent in both industry and society over the past 35 years. 

The article got me thinking about the word “resilience” and how we, in the emergency preparedness realm, have seen a significant uptick in the term, its utilization and even its inclusion in grant guidance. I dare say that even as recently as 10 years ago, we would not have seen the coordinated effort of the Rockefeller Foundation to name the top 100 most resilient cities and fund these cities’ resilience efforts, including the hiring of a chief resilience officer (CRO), for a two-year time period.



Capterra, a free software solutions research firm, surveyed more than 500 businesses to find out more about who uses CRM software and how. Not entirely surprisingly, 52 percent of those responding said that they work for organizations with “less than $10 million in annual revenue.” This goes to show that when we think of customer relationship management (CRM), we should think about all sizes of companies—not just the enterprise.

The report continued to explain that SMBs are one of the fastest growth segments among CRM users. It also found that most companies reported to have adopted CRM software when they had between two and 500 employees—which puts the bulk of them in the SMB category when they began using the software. And two thirds of those surveyed had at least 100 customers when they embraced CRM.

So it seems appropriate that Wix.com, a cloud-based web development platform, is now offering its own CRM solution called MyAccount CRM. The platform is directed toward SMBs that need to better organize their business activities. MyAccount CRM allows them to do so with one simple online platform.



I got an email the other day that said companies shouldn’t let security worries keep them from moving to the cloud. Ironically, the two emails directly below that particular message in my inbox were warnings about the latest security concerns within cloud computing.

Now, I’ve been writing about security and the cloud long enough to know that while overall cloud security has improved, like everything else, it is hardly foolproof. You know the bad guys are going to find ways to penetrate any barrier you put up. So, I thought this would be a good time to think about what’s happening with cloud security right now.

First, I’ll cover the interesting news. According to a new report from CloudLock, 1 percent of users are causing the bulk of your cloud security problems. That 1 percent is also responsible for 62 percent of the apps installed in the cloud. If you want to increase cloud security, you first have to narrow down who that 1 percent includes. According to the report:

Understanding the composition of this one percent of users is crucial for security teams: Often times this subset of users includes super-privileged users, software architects, as well as machine-based identities that grant access privileges and archive data.



SAIPAN – Over 7,500 registrations have been received by FEMA for disaster assistance as a result of damages sustained by Typhoon Soudelor (DR 4235) and nearly $4.3 Million has been approved for survivors so far.  FEMA encourages all who have been suffered damages from Typhoon Soudelor, August 1-3, to register for Disaster Assistance.

Those who have suffered losses as a result of Typhoon Soudelor but have not yet applied for assistance are encouraged to do so as soon as possible.  Survivors can register by phone at 1-800-621-FEMA (3362) or TTY 1-800-462-7585 for survivors with hearing disabilities.  Online registration is also available 24/7 at www.DisasterAssistance.gov. A Disaster Recovery Center, at Pedro P Tenorio Multi-purpose Center in Susupe is open for assistance with the application process. Normal hours of operation are Monday-Saturdays 8 a.m. to 5 p.m.; Sundays 10 a.m.-4 p.m. Completing and returning the loan application does not mean that you must accept the loan.

After registering for disaster assistance, applicants can expect to 1.) Have a Housing Inspection and then 2.) Receive an Approval or Denial Notification.

Housing Inspections

Registered survivors will be contacted by a FEMA inspector to schedule an appointment for an inspection, so registrants do not need to contact FEMA to set up an inspection. The wait time for an inspection is approximately two weeks.  The inspection is needed to verify and assess damages listed in your application. The inspection generally takes 30-40 minutes or less and consists of a general inspection of damaged areas of the home and a review of your records. There is no fee for the inspection.

When a FEMA housing inspector comes to visit your home, be sure they show you proper identification. All FEMA inspectors have prominent photo ID badges. If you are not shown photo identification, then do not allow the inspection. Unfortunately, disasters often bring out criminals who prey on the needs of disaster survivors – so beware of scams and scam artists.

When a FEMA Housing Inspector visits your home, someone 18 years of age or older who lived in the household prior to the disaster must be present for the scheduled appointment. The inspector will ask to see:

  • Photo identification.
  • Proof of ownership/occupancy of damaged residence (structural insurance, tax bill, mortgage payment book/utility bill).
  • Insurance documents: home and/or auto (structural insurance/auto declaration sheet).
  • List of household occupants living in residence at time of disaster.
  • All disaster-related damages to both real and personal property.

If you are unable to provide traditional proof of ownership/occupancy (such as tax bill, mortgage payment books, deed, title, insurance), you can get a signed letter by a local precinct representative to validate the physical location of a home/dwelling (a P.O. Box address is not sufficient).  Letters can be picked up at:

  • Fire Stations
    • Kagman
    • Garapan
    • Susupe
    • Koblerville

Once filled out, please take the form to your local fire station. They will provide you with a contact number to reach your local precinct representative to validate.

If you have been displaced and need transportation to and from the housing inspection, you can contact the Commonwealth Office of Transit Authority at 670-237-8000 to schedule transportation.

Approval or Denial Notification Letters

Once the inspection process is complete, your case will be reviewed by FEMA and you will receive a letter or email outlining the decision about your claim.

If you qualify for a FEMA grant, FEMA will send you a check by mail or deposit it directly into your bank account. You will also receive a letter describing how you are to use the money.  You should only use the money given to you as explained in the letter and save receipts on how you spent the money.

If you do not qualify for a FEMA grant, you will receive a letter explaining why you were turned down and will be given a chance to appeal the decision*. Your appeal rights will be described in this letter. Appeals must be in writing and mailed within 60 days of FEMA’s decision.

If you’re referred to the Small Business Administration, you will receive a SBA application. The application must be completed and returned in order to be considered for a loan or for additional FEMA grant assistance. SBA representatives are available to help you with the application at local Disaster Recovery Center.

*An appeal is a written request to review your file again with additional information you provide that may affect the decision.  You may appeal any decision provided by FEMA regarding your Individual Assistance.

Appeals may relate to your initial eligibility decisions, the amount or type of assistance provided to you, late applications, requests to return money, or a denial of Continued Temporary Housing Assistance.  Prior to requesting an appeal review, you should review your file with a FEMA helpline agent at 1-800-621-3362 (FEMA), or (TTY) 1-800-462-7585, or request a copy of your file from FEMA so you can understand why you received the decision you want to appeal.

To appeal the decision:

  • Explain in writing why you think the decision about the amount or type of assistance you received is not correct. You, or someone who represents you or your household, should sign the letter and have it notarized. If the person writing the letter is not a member of your household, there must be a signed statement saying that that person may act for you.
  • Include the FEMA registration number and disaster number (shown at the top of your decision letter) in your letter of appeal.  You should also include the last four digits of your social security number, your full name, your address, and your date and place of birth.
  • You may also want to include a copy of a government-issued identification card or include the following statement "I hereby declare under penalty of perjury that the foregoing is true and correct".
  • If you have supporting documentation for your appeal, include that in your correspondence to FEMA.
  • Mail your appeal letter to:

FEMA - Individuals & Households Program
National Processing Service Center
P.O. Box 10055
Hyattsville, MD 20782-8055

or you can fax you appeal letter to:

(800) 827-8112
Attention: FEMA - Individuals & Households Program.

IMPORTANT: To be considered, your appeal letter must be postmarked within 60 days of the date of the decision letter's date. Remember to date your letters.

  • All appeals are reviewed.
  • Decisions usually are made within 30 days of receiving the request. 
  • Additional information may be requested from you if FEMA does not have enough information to make a decision.
  • You will be notified by mail of the response to your appeal.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

According to a recent survey of C-level executives by Accenture Strategy, 63 percent of respondents said their companies experience cyberattacks at least once a week. The kicker is that the majority of these executives are just talking about it, without taking the full corrective measures they need to take to give them the best shot at preventing those attacks.

In an email interview, Brian Walker, managing director of Accenture Technology Strategy, said it’s more likely a matter of when, not if, your company will experience a cyberattack. “And, while 88 percent of these executives believe their cyber defense strategy is robust, understood and fully functional, their answers to other questions we asked tell us that, by and large, there is much more they can do to better position themselves to withstand an attack or catastrophic failure,” Walker said.

Being resilient is about acknowledging the reality that they’re almost certainly not doing everything they can, he said. “It also is about taking the steps that enable a company to quickly respond when the inevitable occurs,” he added. Walker highlighted four steps that warrant particular attention:



I’m very excited about a new tool we’ve launched at Citrix called Workspace Cloud Labs. This is a new section in Workspace Cloud where you can try new and upcoming features and technologies from Citrix. The goal of the Workspace Cloud Labs is to drive innovation at a faster pace by providing you easy access to early technologies, and to give you the opportunity to respond and give us feedback.

What’s unique about Workspace Cloud Labs?

Let’s first consider how traditional enterprise software tech preview works. For instance, consider what Citrix has to do when releasing a new tech preview for a new XenApp feature. Anyone who has tried a XenApp tech preview knows the up-front time you need to commit to do the evaluation. You have to deploy a full XenApp environment before evaluating the new features and give us feedback. This means that the level of participation is limited to only those who can commit to the time required to evaluate the technology.

From the engineering side, we have to do a lot of prep work to turn a new feature still in development into something you can easily access and consume. As an example, for any new technology where we want your feedback, we incur in considerable delays due to the time it takes both to provide early access and collect input.  This means that those evaluating a tech preview may ultimately have very little influence in the final result.



Thursday, 27 August 2015 00:00

Katrina and the Next Crisis

(TNS) -- On Aug. 29, 2005, Hurricane Katrina made landfall over southern Louisiana, causing unprecedented destruction along the Gulf Coast and in New Orleans. Ten years later, what can we say we learned?

The Gulf Coast survived. New Orleans survived. Yet the scars run deep — not only for the million people who were displaced by the storm or the families of the 1,833 people who died, but also for a nation still struggling with what Katrina says about all of us. About poverty. About our sense of place. About our relationship with nature. About so much more.

As a nation we have become good at marking anniversaries as part of our collective healing process. At each arbitrary moment — one year, five years, 10 years — we gather for memorial ceremonies and publicly remember what we lost, expecting it to give us new perspective so we can push forward.

But what have we really learned about coping with massive emergencies?



In general, Apple is given credit for an overall approach that is more secure than Android’s. That common wisdom has slowed Android in the enterprise.

It is important to note, however, that Apple is not perfect in its approach to keeping devices and data safe. In some cases, the problem isn’t Apple itself – it’s the tendency of employees to disregard security.

This week, Centrify released a study it commissioned Dimensional Research to conduct. The firm found that only 28 percent of 2,249 U.S. workers queried who use Apple products have mobile device management (MDM) software installed and only 35 percent of those devices encrypt corporate data.



Thursday, 27 August 2015 00:00

Navigating Technology Risks

One of the key questions being asked by audit committees and boards of directors of organizations around the globe is whether their emerging technology risks are being properly identified and managed. To that end, the Global Internal Audit Common Body of Knowledge (CBOK) released “Navigating Technology’s Top 10 Risks,” which identifies the top technology risks and ways that organizations can learn about and address these risks.

Here are the top five out of 10 risks ranked by the study:



Thursday, 27 August 2015 00:00

The Data Center in the New Digital Economy

The cloud is a powerful new weapon in the IT arsenal, but it is pretty clear at this point that most enterprises will continue to invest in local data infrastructure for the foreseeable future.

This is in fact the more difficult strategy because it forces the enterprise into a series of tough decisions regarding infrastructure, architecture and technology at a time when the use case for the data center itself is undergoing such dramatic change (more on that toward the end of the post).

To date, only a handful of organizations have opted for a fully cloud-based data environment, the largest and most well-known being Netflix. The company is prepared to power down the last of its data centers any day now, according to the Wall Street Journal, placing its entire footprint – from video streaming and customer service to back-end office support – on the public cloud. The company actually began migrating key systems to Amazon back in 2008 following a serious hardware failure within its internal infrastructure, although the actual content delivery network (CDN), which competes with a similar service from Amazon, is ported out to various smaller providers.



Thursday, 27 August 2015 00:00

Storm Surge Risk Rising Along U.S. Coast

While there’s much focus on storm surge risk in New Orleans as we mark the 10th anniversary of Hurricane Katrina, two new reports highlight the vulnerability of other U.S. coastal cities to storm surge flooding.

An analysis by Karen Clark & Co ranks the U.S. cities most vulnerable to storm surge flooding based on losses to residential, commercial and industrial properties from the 100 year hurricane.

The findings may surprise you.

KCC reveals that some of the cities most vulnerable to storm surge flooding have not been impacted for decades. A few have not experienced a direct hit from a major hurricane in the historical record.



Wednesday, 26 August 2015 00:00

Five steps to protecting data in the cloud

Logicalis US says that there is a growing misperception that data that resides in the cloud is automatically protected just because it’s in the cloud. This, the company warns, is absolutely not the case.

“There’s a common misconception that placing your data in the cloud solves all problems, and that’s just not true,” says Eric Brooks, Cloud Services Practice Manager, Logicalis US. “Not all cloud providers are built to accommodate enterprise-level IT needs; many don’t provide the kind of advanced networking, backup or disaster recovery services you would expect to find in an enterprise IT organization. Don’t assume the cloud is somehow magic. When you consume cloud services, it’s critical to know what you are getting. You have to understand what inside of your business is driving the move to the cloud, and whether the services your cloud provider offers align with those business drivers.”

Cloud providers buy the same servers as their customers – just more of them. This means, the same issues a CIO might face in a corporate data center / cen6re regarding backup, disaster recovery and data retention can be amplified within a cloud provider’s environment.



The focus of most business continuity plans is operational resiliency.  How to keep operations running smoothly in the event of an unforeseen crisis.   But some crises don’t involve disruptions to service delivery.  When reputation management based crises occur, the steps for restoring marketplace trust are vastly different than those required for physical disruptions and/or power/IT failure.

Warren Buffet was quoted as saying “It takes 20 years to build a reputation and five minutes to ruin it.  If you think about that, you’ll do things differently.”

Reputation-based crises can be triggered by any number of events.  Some examples include:



As the amount of data that businesses generate continues to grow, managing the storage of that data has become an increasingly larger problem for the average internal IT organization. In fact, the time may have come to outsource the management of data storage altogether.

With that in mind, ClearSky Data today unfurled its managed cloud storage service based on a set of tiered services that are federated across a mix of solid-state and magnetic storage devices hosted in data center facilities owned by hosting services providers, such as Digital Realty, and cloud storage service providers, such as Amazon Web Services (AWS).

ClearSky Data CEO Ellen Rubin says that the volume of data that needs to be stored has reached a point where it is simply more efficient to contract a third party to manage it. Doing so then frees up the internal IT organization to focus more on adding value in terms of managing applications instead of dealing with lower-level infrastructure, says Rubin.



Some things never change, even in the cloud. No matter where data is stored, it still requires robust backup infrastructure that not only preserves data for the long term, but can also make it available at a moment’s notice.

This has become increasingly challenging, however, as both the data load and the operational complexity of the enterprise environment increase. And while the cloud does provide an answer to its own problem in the form of low-cost, flexible backup capabilities, it is by no means the only way to preserve data.

Ideally, the enterprise should implement a single backup solution for both on-premises and cloud infrastructure. This is the idea behind the recent partnership between Nexenta and Veeam Software, which unites the NexentaStor software-defined storage solution with the Veeam Backup & Replication platform. The combination allows organizations to extend backup and recovery operations across multiple storage tiers and targets in local or distributed infrastructure, while providing active management to continuously forward data to the most cost-effective storage solution based on utilization, data type and other parameters.



Have you tried VDI in the past, but felt the use cases were too limited?

Are you foregoing the security, mobility and flexibility benefits of virtual desktops due to a lack of in-house VDI skillsets, or because the cost and complexity is intimidating?

Are you interested in the simplicity of DaaS, but stymied by the lack of control over the desktop, moving everything to the cloud, inflexibility of deployment options, and the poor user experience delivered by DaaS providers?

If these or other reasons have been holding you back from deploying virtual apps and desktops or embracing cloud services, it’s time to put those experiences and doubts behind you.

Welcome to Citrix Workspace Cloud.



(TNS) - Sitting on a shelf in a county building in north Kalispell, there’s a four-inch-thick binder full of nightmare scenarios for Flathead County.

Avalanches, earthquakes and hazardous material spills are included. There are sections for nuclear emergencies and terrorist attacks.

These disaster plans are drawn up by officials who calmly look at agency resources and determine the best course of action. They look at how equipped medical responders would be if an earthquake brought a mountainside into the center of Columbia Falls, perhaps.

“We have to sit and we have to look at those worst-case scenarios,” said Nikki Stephan, 30, the emergency planner for the Flathead County Office of Emergency Services.



SAN DIEGO, Calif. – This is Part 2 in a series that explores the innovative and highly effective ways that organizations can strengthen their response to a cyber-attack. This series is written by CAPT. Mike Walls, former Commander of U.S. Navy Cyber Readiness and current Managing Director, Security & Operations at EdgeWave.

Most IT professionals will tell you that regular network vulnerability assessments are critical to good network hygiene. They will also tell you that periodic penetration tests are a good idea. But these techniques are only snapshots in time and do not measure or replicate the broader organizational impact of a breach.

The fact is that not even the most heavily resourced cyber defense capability will identify and defeat all adversaries at the network perimeter. Accepting the reality that at some point a hacker will be successful, organizations must prepare for sustaining critical business functions and operations while the Security and IT staffs are pushing the attacker off of the network. So how can a company do this? Let’s walk through a scenario which should answer the question…

Click HERE to read the full blog post

(TNS) -- Thanks to the proliferation of cellphones and access to social media, misinformation sometimes is conveyed to parents of Pasco County, Fla., schoolchildren during emergencies and nonemergencies.

In the past, a school participating in a safety drill received frantic phone calls from worried parents whose children texted them to say the school was in a lockdown situation, which means there is a direct threat to the campus, staff or students, Superintendent Kurt Browning said.

“You know how the game of rumor goes,” Browning said. “A student will (send a tweet, text or other message) about guns being on campus, when there are no guns on campus.

“We want to start pushing the right information out.”

To keep parents better informed about safety matters, the school district recently partnered with Pasco sheriff’s officials to develop an information system that will dispense fast, accurate information via Facebook, Twitter, Instagram and the Internet, officials said.



The Solutions Lab recently produced a document that provides single server scalability data regarding the running of XenApp and XenDesktop within a Federal environment.  

This environment was built out using Common Criteria Evaluation and Validation Scheme (CCEVS) guidelines provided by Citrix Security, as it pertains to Federal Information Processing Standards (FIPS) 140-2 compliancy and other essential components such as McAfee HBSS.

Test scenarios were designed to use various combinations of configurations and encryption types. Data collected during these scenarios shows the impact of a public sector normal configuration as it compares to the commercial base.

They were as follows:

  • Baseline
  • Common Criteria with HBSS
  • SecureICA
  • FIPS Internal (TLS + AES)
  • NetScaler FIPS Out + Basic In
  • NetScaler FIPS Out + FIPS In

The measurements and interpretation of the data gathered during this process and the explanation of the different scenarios and configurations used are fully documented in the Citrix XenApp 7.6 and XenDesktop 7.6 Public Sector Lockdown Design Guide.

Tuesday, 25 August 2015 00:00

Behavior Recognition as Cybersecurity Tool

If you think about it, many of the security incidents that companies deal with are a direct result of human behavior. Take phishing emails, for instance. You can put in all kinds of perimeter protection like firewalls, but that only does so much. Those who use phishing (or spearphishing) email as a form of attack aren’t worried about firewalls. They know that at some point the perimeter security will break down, and it will be that email versus the most vulnerable link in the security chain: the human being reading that email. According to an EnterpriseAppsTech article, the bad guys are targeting the weakest link on the network, and more often than not, that weakest link is an employee:

Since the target of these attacks is actually the user, it is the user that needs to be the first line of defense. Security awareness training, then, is the best defense against these attacks. The more end users are made aware of the risks, the more they will be able not to act in an impulse when pressed for information and will be able to evaluate better each request.



Even when you’re part of a large team, effective Business Continuity (BC) planning presents a series of very serious challenges. When you’re the only person in your organization responsible for BC planning, those challenges are magnified greatly. That’s why BC professionals Keith Cantando of CISCO Systems and Michael Lazcano of Gap Inc. – both users of ResilienceONE software – will join me to present revealing case studies on “Managing Global BC Programs as THE Lone Planner” at Disaster Recovery Journal (DRJ) Fall World 2015 on Monday, September 28 from 2:45 to 3:45 PM PST.

Attendees will learn both effective strategies and current BC best practices. These include how to gain executive support within your organization as an advocate for effective BC planning, critical time-management tips, and how to leverage other components of your organization to achieve results. During this interactive presentation and discussion, attendees will also learn how to effectively meet their own unique challenges with a tool like ResilienceONE that includes built-in intelligence and is ready to operate out-of-the box.

You can learn more about this exclusive peer-to-peer session here.

If you are not attending DRJ Fall World 2015 in-person, I will share the video-recorded session after the conference. Keep an eye out for my next blog or visit www.strategicBCP.com during the first week of October – when the video-recorded session will be available.

BILOXI, Miss. – More than $3.2 billion in FEMA funding has been allocated to Mississippi for Public Assistance after Hurricane Katrina. FEMA’s Public Assistance program includes grants for the repair and rebuilding of public infrastructure, such as bridges, roads, schools, hospitals and sewer treatment facilities. The PA program also provides funding for debris removal and emergency protective measures, such as search and rescue operations, temporary roads and overtime for other emergency workers, including police and firefighters. 

Some of the PA projects in Mississippi included repairing and rebuilding the Biloxi Civic Center and Library; the Hancock County Courthouse and Medical Center; the Waveland City Hall and Municipal Complex; and St. Martin School in Jackson County. The famous Biloxi Lighthouse, which came to represent the resiliency of the Mississippi Gulf Coast after Katrina, was also repaired with funding from FEMA’s PA program.

For more information on PA recovery projects in Mississippi, please go to FEMA’s Revitalizing Mississippi Communities.

The PA program normally reimburses local, state and tribal governments and qualified nonprofit organizations for a certain share of eligible costs. However, because of the magnitude of Katrina, FEMA covered 100 percent of allowable project expenses.

The largest PA project funded by FEMA in Mississippi after Katrina is the repair of a large section of Biloxi’s water and sewer treatment system. After Katrina, the system was out of operation for weeks. It was brought back into working condition with generators and temporary bypass pumps to transfer wastewater to treatment plants. City officials decided to use the $363 million in eligible FEMA repair and rebuilding grants toward the total cost of improving and upgrading the system. Repairs include consolidating and hardening the pump stations along the beachfront to withstand future storms.

Following is a breakdown of Public Assistance funding by sector.

Health Care: More than $50 million has been obligated to rebuild and improve hospitals and other health care facilities in disaster-affected areas. Over $40.6 million was used to restore parts of Hancock Medical Center in the town of Bay St. Louis which serves a population of approximately 44,000.

Education: More than $334 million has been allocated for K-12 public schools and universities. Some of these schools, such as the St. Martin school in Jackson County, combined the funding with other sources to build new state-of-the-art educational facilities and a public safe room to protect the community from future disasters.

Public Works/Utilities: Nearly $901.6 million has been obligated. This includes more than $363 million to repair and rebuild part of Biloxi’s sewer and water treatment system and nearly $99 million for the sewer and water treatment system in Gulfport. More than $36 million funded the repair of the wastewater treatment facility in Diamondhead.

Roads and Bridges: More than $84 million was allocated for repair and rebuilding.

Public Safety and Protection: Over $33 million has been obligated for the restoration of fire and police stations, courthouses and corrections facilities. Some public safety buildings, such as the Pass Christian police station, were rebuilt using FEMA 361 standards for public safe rooms to protect first responders in future disasters.

Historic Structures: Over $129 million was obligated for restoration of historic properties, such as the town of Waveland’s Civic Center, the Carnegie Library in Gulfport and the Old Brick House in Biloxi.

Debris Removal/Emergency Protective Measures: More than $1.15 billion was allocated to clear debris and reimburse overtime hours for emergency workers, including police and firefighters.


 FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

(TNS) - Dozens of wildfires continued to ravage the Pacific Northwest, particularly Washington state, as more firefighting equipment and manpower arrived from across the nation over the weekend.

Twelve uncontained fires in Washington covered more than 600,000 acres Sunday, according to the National Interagency Fire Center. Gov. Jay Inslee’s office said more than 200 homes had been destroyed and 12,000 homes remained threatened.

More resources to battle the blazes became available after the Obama administration declared a federal state of emergency in the area last week.

National Guard Blackhawk helicopters from Colorado, Minnesota and Wyoming headed over, Inslee’s office said in a statement. An incident management team from San Diego went north to oversee a new staging area at Fairchild Air Force Base near Spokane, the governor’s statement said, and 20 large fire engines “specifically designed to protect threatened communities and residences” were coming from Arizona, Colorado, Nevada and Utah.



Tuesday, 25 August 2015 00:00

Weaker Danny a Threat to State

(TNS) - Once powerful Hurricane Danny continued to weaken, dropping to tropical storm strength late Saturday — but remaining on a track that could steer it or its remnants toward South Florida by late this week.

Forecasters said the storm — with maximum winds dropping to 60 mph in the National Hurricane Center’s 11 p.m. update — was expected to continue weakening over at least the next two days.

“By Thursday, it is expected to be a depression,” said National Weather Service meteorologist Dan Gregoria.

The five-day track shows that Danny, an unusually small storm, could be anywhere between Cuba and the Bahamas by Thursday afternoon. If the storm holds together, South Florida could be poised to fall in the five-day forecast cone.



When Hurricane Katrina slammed into New Orleans 10 years ago this week, countless businesses were submerged in water and were partially or totally destroyed. Those without reliable disaster recovery operations in place paid an enormous price. In many ways, those with reliable disaster recovery operations in place paid an enormous price, too. But at least for them, their core business operations were unscathed.

A compelling example of the rewards of that foresight and preparedness is the case of Cooperative Processing Resources (CPR), a debt management system software provider in Richardson, Texas. CPR, which oversees a network of agencies that provide credit counseling services to consumers, has a New Orleans office that took a direct hit from Katrina, and was shut down. The good news is that the services provided by that office were back up and running within an hour.

That near-instantaneous recovery was made possible by the data hosting and disaster recovery operation that CPR has had in place since 2002 with Wayne, Pa.-based Sungard Availability Services. I recently had the opportunity to speak with CPR president Kate Campion about her company’s disaster recovery operations, and I began the conversation by asking her about the backup strategy the company had in place since its inception in 1994, and before Sungard AS came along. For many IT veterans, her response will bring back a lot of memories:



From the Middle East to Eurasia to Eastern Europe, events and potential events that translate into political risk fill the news.

Political risk is instability that damages or threatens to damage an existing or potential asset, or significantly disrupt a business operation. Examples include sustained political and labor unrest, terrorism and violent conflict. This risk is increasingly regional in nature, as the Arab Spring and sudden spread of Islamic State control demonstrate.

According to the new Clements Worldwide Risk Index, political unrest is the number one concern among top global managers at multinational corporations and global aid and development organizations.



You can create a Citrix XenDesktop proof of concept deployment with just a few clicks. Don’t believe it? What if we could show you how in just four straightforward steps?

You can. Welcome to Citrix Lifecycle Management.

What is Citrix Lifecycle Management?

Citrix Lifecycle Management is a comprehensive cloud-based lifecycle management solution to accelerate and simplify the design, deployment and ongoing management of Citrix workloads and enterprise applications.

Supporting many types of IT workloads across virtual and private or public cloud environments, this solution enables IT organizations to become faster, more cost-effective and more agile, and it helps maintain service quality and high availability with redundancy, automatic scaling and disaster recovery of applications. Built on blueprints incorporating validated reference architectures, configurations and best practices, Citrix Lifecycle Management provides a unified and standardized set of management tools for rapid and best practice-driven design, deployment and management of Citrix workloads and enterprise applications.



Business continuity consultant, Charlie Maclean-Bristol FBCI, recently conducted a response exercise using cyber attack as the scenario. In this article he captures ten lessons learnt from conducting the exercise:

Lesson one: I don’t think you need to be an IT security expert to conduct a cyber attack exercise. The technical element of the exercise is done by IT, and if you are looking at the first 24 hours of an incident then you don’t have to be too specific about how the attack took place, just about what the consequence of the attack was.

Lesson two: To be credible you have to do some reading on how other attacks have taken place, what the consequences of them were, and how to respond to them. There is a lot of guidance on the web about this so it is not very difficult to get yourself up to speed on the subject. One particular document I thought was useful was the National Institute of Standards and Technology (NIST) ‘Computer Security Incident Handling Guide.’ It is reasonably technical but it contains lots of useful advice for those who are non-technical.



Mass shootings this summer resulting in multiple deaths are prompting local leaders to educate the public on ways to protect themselves should they encounter an active shooter situation.

“One of the primary purposes is to get churches to understand that they need to develop an emergency operations plan for their house of worship. That will include active shooter and a lot of other emergency situations,” one of the forum’s presenters, Rev. David I. Fox, retired Wilberforce University Police chief, said.

Fox, whose law enforcement career has spanned 40 years, said he will be sharing the precepts of A.L.I.C.E., which stands for Alert, Lock down, Inform, Counter and Evacuate.

Anyone caught in an active shooter situation should first try to get out and second call for help, Fox said.



Monday, 24 August 2015 00:00

Data: its security and encryption

The data security is essential to guarantee the confidentiality of the information, especially in the age of anonymous, identity theft and hacking. It should be a major concern for anyone who lives at least part of their life online.

But how do we address this? Namely by encrypting the information that we digitally send around the world. But encryption isn’t without its drawbacks.

The risks of the encryption of data

When assessing the risks of encryption, we first need to assess one thing: the level of encryption. The level of encryption is generally determined by the number of bits which will be used to create an encryption key which will then contain a whole series of equations to transform a deciphered text into a ciphered text. Fortunately, there are pre-existing keys and official algorithms, such as the AES (Advanced Encryption System that dates from 2001), for example (which replaces the standard OF created in the 70s), that are used in numerous transactions in SSL (Secure Socket Layer, which includes the authentication) on the Internet. AES exists in 128, 196 or 256 bits and is very strong; its robustness depends on its algorithm, but also, naturally on the number of bits used for its key.



Friday, 21 August 2015 00:00

Infographic on Hurricane Katrina

The Insurance Information Institute (I.I.I.) is looking back at the costliest hurricane in U.S. history that took 1,800 lives and cost $125 billion in total economic losses, via a comprehensive infographic.

Insurance claims by coverage and state, total National Flood Insurance Program losses from Katrina, and other sources of Katrina recovery funds are all detailed.

Another compelling section to the infographic asks where are we now?

One of the fascinating analogies it draws is that even as awareness of flooding due to coastal storms rises, so too does the population of coastal communities.



Friday, 21 August 2015 00:00

What Big Data Means to Business

To the enterprise, the words “Big Data” mean a lot of things. It can represent vast amounts of unstructured data from a variety of sources or it can be large volumes of consumer Internet data. It may also represent the need for upgraded IT infrastructure and tools with which the data can be wrangled, stored and analyzed. The point is, it can mean something different to different parts of the business.

In many enterprise organizations, it is marketing and sales that drives the need for Big Data projects. These departments are backed by the C-level executives who are pushing IT to bring the company’s systems and infrastructure in line with what is needed to handle Big Data and be able to analyze and gather actionable information from it to help the business not only provide better services, but gain customers, too.



Friday, 21 August 2015 00:00

API Security Needs to Be Backed by CXOs

I don’t think I’m off base saying this, but in our current Internet security culture, it seems like threats and other issues are taken seriously only when top management begins to recognize the problem. And as we know, C-level executives are almost always the last ones in the company to jump on the security bandwagon.

So, when CXOs do pay attention to a security problem, you can be pretty sure that it is the real deal.

Application program interface (API) security is one such threat. At the Black Hat USA 2015 conference earlier this month, Akana released the results of its survey, Global State of API Security Survey 2015, and it found that API security is becoming a C-level concern, even before it becomes, as ProgrammableWeb put it, a “full-blown crisis.”

According to the study, 75 percent believe that API security has to be a CIO-level concern. But at the same time, 65 percent said that processes aren’t in place to ensure that data accessed by applications is kept secure, and another 60 percent aren’t doing anything to secure API consumers.



(TNS) -- At the heart of the newest building on the Pacific Northwest National Laboratory campus is an operations center focused on making the largest and most complex machine ever created more secure and more reliable.

“The Systems Engineering Building is a really generic name for a really cool place,” said Elizabeth Sherwood-Randall, the nation’s deputy energy secretary, at the building’s dedication Wednesday.

“I wish it sounded sexier so people could appreciate what amazing things are going to happen inside of it.”

The complex and piecemeal grid system that delivers electricity across the nation is largely a 20th century structure, she said, and it won’t meet many of the demands or the opportunities of the 21st century.



Flood insurance can save Texas homeowners and renters thousands of dollars in repairs. It also can provide peace of mind considering that flooding is the most frequent natural disaster in the United States.

Flood Insurance in Texas:

  • Flooding comes from a variety of sources in Texas, such as rainstorms, tropical storms, and hurricanes.
  • Last year, the National Flood Insurance Program (NFIP) paid out more than

$58.5 million in claims for Texans. So far this year, the agency has paid out more than quadruple that amount – exceeding $277.6 million, as of Aug. 19.

  • Nearly 600,000 Texas households had flood insurance as of May 31, according to the NFIP. While that number may seem large, it is a small percentage of the 8.9 million total Texas households.

Costs Add up Quickly:

  • Just three inches of floodwater in a home will require replacing drywall, baseboards, carpet, furniture and other necessary repairs that can cost $22,500 in a 2,000-square foot house.
  • The deeper the floodwater, the higher the repair costs – 12 inches of water in a 2,000-square foot house can cost $50,000 or more.

Common Misconceptions:

  • Understanding the value of flood insurance is important, yet many people remain uninsured, in part due to common misconceptions.
  • Many policyholders believe their insurance covers all hazards and flood insurance isn’t needed. However, standard homeowner policies do not cover flooding.
  • A federal disaster declaration is not necessary to make a claim on an NFIP flood insurance policy.
  • Homes located outside flood-prone areas need flood insurance, too. Nationally, 25 percent of the total structures that flood each year belong to policyholders whose properties are not in high-risk areas.

Obtaining Flood Insurance:

  • There is normally a 30-day waiting period when purchasing a new policy. Flood insurance is sold through private insurance companies and agents and is backed by the federal government.
  • Flood insurance is available to homeowners, business owners and renters in communities that participate in the NFIP and enforce their local flood plain management ordinances. To determine if a community participates in NFIP, go online to www.floodsmart.gov
  • Homeowners in a Special Flood Hazard Area (SFHA) must buy flood insurance if they have a mortgage from a federally regulated lender.
  • An interactive guide to determine flood risk is available online at www.floodsmart.gov. This site also provides additional information on the NFIP and a list of insurance agents in a homeowner’s area who sell NFIP flood coverage.

Costs and Coverage:

  • Flood insurance premiums average about $700 per year for homeowners.
  • Homeowners can insure their homes for up to $250,000 and contents for up to $100,000.
  • A number of factors determine rates for renters. Renters can cover their belongings in amounts up to $100,000.
  • Nonresidential property owners can insure a building and its contents for up to $500,000 each. 


FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

BILOXI, Miss.--In the last 10 years, FEMA’s Hazard Mitigation Grant Program has obligated more than $159 million from Hurricane Katrina recovery to build community safe rooms throughout Mississippi to protect people during storms. HMGP provides grants to state, local and tribal governments to implement long-term mitigation measures to reduce the loss of life and property from a disaster.

Safe rooms can be built as multipurpose shelters to protect communities from tornadoes, hurricanes and floods. These community safe rooms are built to FEMA 361 specifications, which include hardening of walls and roofs to withstand 200 mph winds.

Mississippi Emergency Management Agency officials have made the construction of safe rooms a priority since Katrina. A recent study from the Centers for Disease Control found that safe rooms are the best option to reduce the number of deaths during tornadoes.

“We always tell folks to get out of mobile homes and manufactured homes, and to consider going to a more substantial structure to wait out the storm,” said Robert Latham, executive director of MEMA. “By providing a secure place for them to go, we make our communities safer. Citizens need to incorporate safe room locations into their plans, or know where a substantial structure is located.”

“In so many cases, the death toll would be much higher were it not for safe rooms for people to take shelter in,” said Acting Director of FEMA’s Mississippi Recovery Office, Loraine Hill.

To date, 42 public safe rooms have been added to schools; 34 have been built as stand-alone structures for general use, and 9 constructed for first responders. Populations served by these safe rooms include approximately 44,000 students and staff; 28,000 citizens in the general population, and 3,500 first responders.

During the threat of an outbreak of tornadoes in the state earlier this year, 70 residents sought shelter; in a community safe room in Rankin County, built to FEMA 361 standards.  

Another $205 million in HMGP funding was made available to Mississippi for mitigation projects, such as elevating buildings, flood control, sirens, generators and grants to individuals to retrofit areas of their home or build stand-alone safe room units.

For more information on building a public safe room to FEMA 361 specifications, go to http://www.fema.gov/media-library/assets/documents/3140.

A video on community safe rooms in Mississippi.


 FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

(TNS) - On a recent Friday night, while many were kicking off the weekend with an evening on the town, Jenyne Wells waited for the phone to ring.

As a 911 call-taker at SunComm, Yakima County’s emergency dispatch center, she was waiting for anyone needing help.

It would not be long.

“A young girl is being forced into a van,” a woman caller said, speaking through an interpreter. The abductors are fighting and are known to carry guns, the woman said.

Wells calmly but authoritatively asks the woman to describe the vehicle and assures her police are on the way. All the while, she’s typing bursts of information that are transmitted to computer screens in the responding police car, as well as police dispatchers who are sitting on the other end of the center.



(TNS) - Tropical Storm Danny strengthened early Thursday to become the first hurricane of the Atlantic season, National Hurricane Center forecasters said.

Sustained winds increased to about 75 mph as Danny headed north, northwest at 12 mph, about 1,000 miles east of the Windward Islands, forecasters said. They expect Danny to continue strengthening at least for the next two days.

The compact storm has hurricane force winds extending only 10 miles from its center, with tropical storm winds reaching about 60 miles.

Hurricane Danny arrives just as the season swings into peak months. On average, the first hurricane of the season forms on Aug. 10.



Today, many organizations are under continuous attack from nation-states or professional cyber criminals. One of the main focuses for IT security teams is stopping intruders from gaining access to assets on the corporate network. However, this strain on IT teams means that when it comes to malicious insiders, a worrying number of organizations almost entirely drop their guard.

An insider attack is one of the biggest threats faced by organizations since these types of hacks can be very difficult for IT teams to identify. This is because an insider – whether he’s an employee or a contractor – is already entrusted with authorized access to at least some systems and applications on a corporate network. It can be very hard for those in IT to decipher whether he’s just performing his regular job tasks, or carrying out something sinister.

Insiders have been responsible for some interesting breaches or hostage scenarios in recent history, whether intentional or not. Consider Terry Childs in San Francisco who held the city hostage for two weeks while sitting in a jail cell or Edward Snowden, formerly of the NSA.

So, which is a bigger threat - an external hacker or a disgruntled employee?



IT administrators are realizing that application deployments are getting more complex and error-prone than ever before. Additionally, the deployment of Citrix workloads and enterprise applications is only the first step in the lifecycle of applications. Once the workloads are deployed, IT administrators must continuously monitor the health of the workloads to ensure they are running at optimum performance, can scale efficiently to meet changing demands and are always available to end users even in case of application component or environment failures.

What if there were an integrated application service lifecycle management solution that empowers IT to streamline design, deployment and management of a broad array of application workloads across hypervisor or cloud environments, all through a single integrated console?

Now there is! We are excited to announce the General Availability of Citrix Lifecycle Management!

With Citrix Lifecycle Management current and new Citrix customers can:



Storage is expensive. That raises a question for anyone engaged in cloud backup or considering hosting a backup service for others: Should we keep one copy of data or two?

The immediate answer is two, but economics can enter in. Keeping a single copy of data will be the most cost-effective approach, but there is a downside: It leaves you without any insurance should something happen to the primary copy. During Superstorm Sandy, for example, a New York healthcare firm found itself badly exposed when its DR site in New Jersey suffered from flooding. It took it more than a week to get its systems up and running, at a colossal loss of revenue.

That’s why keeping two copies is the best bet. But that comes at a price, as building and maintaining this infrastructure means doubling your storage acquisition and operating costs.



If you blinked, you would have missed it. That’s how a future tech historian will probably characterize the virtualization era now that containers have emerged as the preferred architecture for data-driven applications.

This isn’t to say that virtualization will no longer be a part of enterprise infrastructure, but that the development and productivity gains will soon move off the virtual layer to a more container-based data stack.

Tech industry analyst Janakiram MSV points to five key signs that the enterprise is on the cusp of a post-virtual environment. Not only is the virtualization market fully saturated by now with more than 75 percent of the enterprise workload now residing on virtual servers, but companies like Docker have demonstrated the efficacy of containers so effectively that even stalwart virtualization backers like VMware and Microsoft have jumped on the bandwagon. At the same time, organizations like the Cloud Foundry Foundation, the Open Container Initiative and the Cloud Native Computing Foundation are starting to coalesce around a new computing paradigm based on containers and container management to accommodate emerging Big Data and mobile applications.



Hurricane Katrina, which pummeled the Gulf Coast of the United States 10 years ago on Aug. 29, has proven to be the deadliest and costliest disaster on record. The 2005 Atlantic hurricane season was the most active in recorded history with more than 30 tropical and subtropical storms, including 15 hurricanes.

According to the study, Hurricane Katrina 10: Catastrophe Management and Global Windstorm Peril Review by Allianz Global Corporate & Specialty, it was predicted that hurricanes would become more frequent and intense after 2005, however, “In reality, the exact opposite has occurred,” Andrew Higgins, technical manager, Americas at Allianz Risk Consulting explained in the report. Instead, there has been a reduction in Atlantic hurricane activity during the last 10 years, with 2013 seeing the fewest Atlantic basin hurricanes since 1983. “These results illustrate the fact that we do not fully understand the complex climate variables that affect hurricane activity,” he said.

Because Katrina’s impact was so devastating and widespread, many changes have since been made. New Orleans has built a new system of levees, for example. Flooding caused by Katrina revealed the state of the levee systems in the U.S. to be substandard and in need of repairs estimated at $100 billion,the National Committee on Levee Safety found. “There are many levee systems throughout the U.S. that would reveal similar deficiencies if subjected to the same level of scrutiny as those in New Orleans,” according to the study.



(TNS) - When the U.S. Department of Agriculture denied Iowa Gov. Terry Branstad’s request for an avian influenza (AI) disaster declaration, it led Iowa farmers and state-level industry organizations to focus on rebuilding the state’s poultry production industry, which helps account for thousands of jobs.

Not only did the governor make a decision in late July to extend the state’s disaster declaration for a third time, to Aug. 30 instead of its planned July 31 expiration, but also, farms have begun to repopulate their flocks.

The extension basically gives agencies and organizations dedicated to stopping the outbreak the resources and authority needed in an emergency.



Thursday, 20 August 2015 00:00

Mainframe Resurgence: Big Iron for Big Data

The mainframe is back in business in the enterprise, a development that comes as a shock to those who predicted that the cloud would have taken over by now.

In reality, the mainframe was never absent from the enterprise, at least in the really large ones that need to pack substantial amounts of computing power. But now that scale and modularity are in big demand, many organizations are looking at the mainframe as a base on which to build Big Data infrastructure.

This is good news for IBM, of course, which has steadfastly supported the mainframe during the decades when distributed blade architectures were all the rage. The company recently launched two new mainframe models, the Emperor and the entry-level Rockhopper, running the new LinuxOne operating system based on Canonical’s Ubuntu distribution. The combo is targeted toward the rising cadre of Big Data tools, such as Apache Spark, MongoDB and PostgreSQL, and will likely become the focus of IBM’s contribution to the new Open Mainframe Project that looks to do for the mainframe what Google’s Open Compute Project is doing for scale-out commodity infrastructure.



Thursday, 20 August 2015 00:00

Could hackers take down a city?

First the power goes out. It's not clear what's gone wrong, but cars are starting to jam the streets -- the traffic light are down. And something seems to be going haywire with the subways, too.

No one can get to work. And even if they could, what would they do? A cyberattack has driven the city to a halt.

Of course, that hasn't happened yet -- and to a lot of people the idea of malicious hackers taking down a city still sounds like a bad movie plot. But it may not be as crazy as it sounds, according to security experts who say cities' increasing dependence on technology and the haphazard ways those systems sometimes connect could leave them vulnerable to someone looking to cause chaos.



Thursday, 20 August 2015 00:00


The Lafayette, Louisiana movie theater shooting was methodically planned. The shooter, John Russell Houser, is reported to have visited other theaters prior to the attack and had been to the Grand 16 movie theater in Lafayette at least once prior.  So, why did he choose this Lafayette theater over the others that he visited? Did the others have better security or at least portray that they were more secure and better prepared?

When analyzing cases like Lafayette, we often hear about what a person with malicious intentions did in the build up to the attack. This can be a physical or a digital (cyber) related event. The hostile might want to kill, or he could be looking for trade secrets and intellectual property, or to cause embarrassment in the case of most cyber-attacks. Whatever the reason, they all have one thing in common – they conduct a period of digital surveillance as part of their initial planning process.

What can movie theaters and other businesses do to help protect themselves against such tragedy and threats against their employees, customers, and other assets? Evaluating your organization’s digital profile is the first place that you can start to protect yourself against hostiles.



Wednesday, 19 August 2015 00:00

5 Ways SMBs Benefit from Embracing the Cloud

Small Biz Technology recently declared “Netflix Got Rid of Its Servers. When Will You? Cloud Rules. Servers Don’t.” And it’s true. Besides getting rid of on-premise servers, the cloud is a good choice for small to midsize businesses (SMBs) for many reasons.

Number one, choosing cloud options can save SMBs money. Growing businesses can invest in desktop cloud services, which allows them to add users as the company grows. In much the same vein, putting data in the cloud allows for scalability as a company’s data needs expand, but it also contributes to savings on power and hardware purchases. And if you opt for managed services through a cloud provider, you won’t need to pay for as many members of IT staff to manage it all.

As reported by Business2Community, data security is another reason SMBs turn to the cloud.



The data center is becoming more software-defined, with distributed, cloud-based architectures making bricks-and-mortar facilities appear more and more like single computing units, basically building-sized PCs, tied to a globally networked infrastructure.

So it shouldn’t come as any surprise that the selection of the software platform, or operating system, for the data center is emerging as one of the most important decisions on the agenda, eclipsing concerns about server, storage and networking hardware.

At this point, it seems that the only certainty when it comes to data center software is that it will have to be based on open standards. That makes Linux the default choice, given that it already owns a good chunk of the legacy data environment. Red Hat executives have not been silent on this subject, with top names like Paul Cormier, president of worldwide products and technology, crowing at the company’s 2015 Summit in Boston recently that “Linux has won the data center.” The next step, he says, is to push open source across the entire operating and application development infrastructure.



Organizations of all sizes, across all industries have become data breach victims as cyber crooks become more sophisticated in identifying vulnerable targets. Attackers can compromise an organization within scant minutes in 60% of breaches, reports the latest Verizon Data Breach Investigations Report. Still, insiders persist as one of the biggest fraud perpetrators, costing organizations globally about $3.7 trillion annually in 2014, estimates the Association of Certified Fraud Examiners. The puzzling question is this: With the advances in technology, why aren’t organizations preventing these incidents and why aren’t the offenders being nabbed earlier?

The answer to the insider fraud dilemma lies in a lag in robust risk-management technologies that help organizations identify and prevent insider fraud, especially in such industries as banking. With this type of breach, tracking behavior becomes a key component of managing risks and threats proactively. While basic data tracking isn’t new, what is fresh is grasping the internal behavior of employees in a real time, comprehensive view across multiple platforms and applications.



As cloud computing continues to transform how business is being conducted, a lot of attention has been paid by managed service providers (MSPs) to external and technical security threats. Almost all cloud-based file sharing systems have very powerful security features. You can hardly find an MSP who does not offer two-step authentication, robust encryption and periodic data backups. After all, no company will even bother knocking on your doors if you cannot convince them their data will be in safe hands.

But while technical security features and jargon might instill a measure of trust in your customers, have you really considered the threat your own organization might pose to your service?

A well-motivated workforce has the potential to transform a business landscape for the better and drive an organization to success. But, it only takes one disgruntled employee to send your company back to square one.



Since I first become the research director of the Security & Risk team more than five years ago, security leaders have lamented the difficulty of aligning with the business and demonstrating real business value. Over the years, we’ve written an enormous amount of research about formal processes for aligning with business goals, provided key metrics to present to the board, and developed sophisticated models for estimating security ROI. Yet for many, demonstrating real business value continues to be a significant challenge. If it wasn’t for the 24 hour news cycle and a parade of high profile security breaches, chances are good, that security budgets would have been stagnant the last few years.

Why is business alignment and demonstrating business value so hard? It’s because for too long, security leaders have focused on managing regulatory risks at the lowest possible cost, and securing corporate perimeters, back-end systems of record, and data center infrastructure. Security leaders have not been working with counterparts in the business and marketing leaders to champion privacy, embed controls directly into customer-facing products and services as a competitive differentiator or to help them identify, analyze, and mitigate risks in the customer life cycle. If your security priorities and investments don’t focus on helping your firm win, server, and retain, customers, and thereby increasing your firm’s top line growth, then I’m not surprised if demonstrating business value is an issue for you.



SAN DIEGO, Calif. – This is Part 1 in a 3 Part series that explores the innovative and highly effective ways that organizations can strengthen their response to a cyber-attack. This series is written by Capt. Mike Walls, former Commander of U.S. Navy Cyber Readiness and current Managing Director, Security & Operations at EdgeWave.

If I were to ask an IT Professional to explain why his or her network is secure, I would probably hear a response that goes something like, "I have the latest and best technology, I do regular vulnerability scans, I do an annual penetration test, and I am in compliance with my industry's security requirements and standards." At face value, that sounds like a solid answer and it appears that the IT Professional is taking the necessary steps to ensure that his company's network is secure. In reality, it is more likely that this answer is only partially correct…

Click HERE to read the full blog post

The British Security Industry Association (BSIA) has published a new guide that aims to help organisations in the public sector better manage the secure deletion of their data.

Called Information Destruction in the Public Sector and published on July 28th, the whitepaper is based on official guidance from the Cabinet Office and the Centre for the Protection of National Infrastructure (CPNI), including the CPNI benchmark Secure Destruction of Sensitive Items.

It explains the differences between Top Secret, Secret and Official classifications for government information, as well as their respective requirements when it comes to disposing of printed and digital data.

Commenting on the publication, chairman of the BSIA Information Destruction section Adam Chandler said that data breaches can “ruin a government’s credibility as well as a private company’s reputation”.

“By adhering to the standards set by the government and referenced by the BSIA in this paper, citizens, employees, and civil servants will be better protected,” he added.

When it comes to the secure deletion of end-of-life data, you can rely on the accredited software and hardware from Kroll Ontrack.

From:: http://www.krollontrack.co.uk/company/press-room/data-recovery-news/bsia-publishes-secure-data-destruction-guide876.aspx


♦ SBA offers low-interest disaster loans to businesses of all sizes, most private nonprofit organizations, homeowners and renters.

♦ Businesses may borrow up to $2 million for any combination of property damage or economic injury.

♦ SBA offers low-interest working capital loans (called Economic Injury Disaster Loans) to small businesses, small businesses engaged in aquaculture and most private nonprofit organizations of all sizes having difficulty meeting obligations as a result of the disaster.

♦ If you are a homeowner or renter, FEMA may refer you to SBA. SBA disaster loans are the primary source of money to pay for repair or replacement costs not fully covered by insurance or other compensation.

♦ Homeowners may borrow up to $200,000 to repair or replace their primary residence.

♦ Homeowners and renters may borrow up to $40,000 to replace personal property.


♦ Begin by registering with FEMA. If you haven’t already done so, call (800) 621-FEMA (3362) or visit www.disasterassistance.gov.

♦ Homeowners and renters should submit their SBA disaster loan application, even if they are not sure that they will need or want a loan. If SBA cannot approve your application, in most cases they will refer you to FEMA’s Other Needs Assistance (ONA) program for possible additional assistance.


We encourage every individual and business owner to come into the Disaster Recovery Center and speak one-on-one with an SBA Customer Service Representative. Our representatives will answer all of their questions and explain the application process. We will also help each business owner and homeowner complete their application to apply for a low-interest disaster loan.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners, and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling (800) 659-2955, emailing This email address is being protected from spambots. You need JavaScript enabled to view it., or visiting SBA’s website at www.sba.gov/disaster. Individuals who are deaf or hard of hearing may call (800) 877-8339.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

In theory, creating privileged access accounts to the most critical areas of your company’s network is supposed to add a layer of security to sensitive data or infrastructure. However, these accounts are difficult to completely lock down and thus could be a data vulnerability for many enterprises, says TechTarget’s SearchSecurity:

In the wrong hands, privileged accounts represent the biggest threat to enterprises because these accounts can breach personal data, complete unauthorized transactions, cause denial-of-service attacks, and hide activity by deleting audit data. Privileged accounts, such as the UNIX root, Windows Administrator accounts or accounts associated with database ownership and router access, are required for platforms to function. Moreover, they are required for ‘break the glass’ emergency access scenarios as well as more mundane day-to-day tasks.

A survey conducted by Thycotic of 201 hackers at Black Hat USA 2015 found most agreed that privileged accounts aren’t as secure as we think they are, and that little has been done to improve on such account security in recent years. According to the survey, despite an increase in security spending, 75 percent of hackers haven’t seen any real change in the level of difficulty in compromising privileged account credentials. In fact, the vast majority said it may be even easier to hack into these accounts than it was just a couple of years ago.



(TNS) - It used to be that a "Visitors must report to the office" sign was enough.

That was before multiple shootings at Columbine High School, Virginia Tech and other schools made the conversation surrounding school security at all levels more urgent.

The events of Dec. 14, 2012, brought that difficult conversation closer to home. Adam Lanza, 20 at the time, used a semi-automatic AR-15 assault rifle to shoot his way into Sandy Hook Elementary School in Newtown, killing 20 first-graders and six educators before turning the gun on himself.

In the aftermath, sections 86 and 87 of Public Act 13-3 became law, giving all public school districts in the state until July 1, 2014, to create school security and safety committees and to develop school security and safety plans.



BILOXI, Miss. – It’s been nearly ten years since Hurricane Katrina left widespread destruction along the Mississippi Coast. In the storm’s path, more than 234,000 homes were damaged or destroyed and more than one million people, a third of Mississippi’s population, were affected.

During the ten-years of recovery, the Mississippi Emergency Management Agency and the Federal Emergency Management Agency have collaborated with local governments and communities statewide to ensure that Mississippi rebuilds stronger and safer.

“FEMA was there to assist the state of Mississippi days before the storm made landfall and this partnership remains strong today,” said Robert Latham, Executive Director of the Mississippi Emergency Management Agency.  “They have continued to support with financial and technical assistance to help rebuild Mississippi and make us more resilient.”   

The following is a snapshot of FEMA and state assistance provided throughout the state during the last ten years:

Helping individuals and families:

More than $1.3 billion was spent to help individuals and families meet their basic needs and begin to recover. More than 126,000 families received rental assistance – with more than 45,000 families provided with a temporary housing unit.

Rebuilding Mississippi’s Infrastructure:

MEMA administers FEMA’s Public Assistance funds. To date, FEMA has obligated over $3.2 billion – the amount committed to restore schools, public buildings, roads and bridges, medical facilities, parks and other infrastructure and for debris removal and emergency response during and after the storm.  

The current water and sewer infrastructure project underway in the City of Biloxi is the largest Public Assistance project in Mississippi following Hurricane Katrina. FEMA obligated over $363 million for this project.                             

Historic preservation

In an innovative agreement to preserve historic properties after a disaster, FEMA partnered with several agencies to streamline the process required by the National Historic Preservation Act. Under this agreement – called the Secondary Programmatic Agreement – FEMA’s historic and archaeological specialists used GPS data to survey thousands of historic properties, districts and archaeological sites in the lower Mississippi counties most affected by Katrina. This survey is nearly 94 percent complete.

FEMA has worked with the state of Mississippi to safeguard these treasures in our Public Assistance and Hazard Mitigation work through extensive environmental/historical assessments and collaborative decisions.

Preparing for future disasters

FEMA has obligated $314 million for Hazard Mitigation in federal funds for safe rooms, shelters, hurricane-proofing and other projects to reduce the effect of future disasters. This is part of the $364 million available to Mississippi for projects to reduce the impact of disasters on people and property. The balance of the remaining funds to be obligated is just over $50 million. To date, $159 million has been obligated for safe rooms across the state. MEMA manages the Hazard Mitigation Grant Program in Mississippi. It identifies projects and manages them from beginning to closeout.

As we reach the ten year mark and the Hurricane Katrina recovery mission is nearly completed, Mississippi’s new and rebuilt infrastructure will be less vulnerable to future storms than in 2005. “Our strong partnership with the state of Mississippi was the key part in making our recovery efforts a reality for Mississippians,” said FEMA Mississippi Recovery Office Acting Director Laura Hill. “FEMA is proud of having worked with Mississippi in our rebuilding efforts to make the state stronger and better prepared.”

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Maintaining enterprise security only gets more difficult, as additional means of cyberattack and increasingly sophisticated techniques are added to attackers’ arsenal.

“Our personal and professional attack surfaces have never been greater, and they are only expected to grow as organizations and individuals continue to increase their reliance on the digitally connected world for a variety of tasks,” explained researchers from network infrastructure and security services company Verisign. “Security practitioners must not only protect their enterprise assets, but also guard against threats to their supply chain and other business ecosystems. These threats, coupled with the cyber threat landscape’s continuous evolution in terms or actors, tactics and motivations, have created a situation where organizations must now move toward an intelligence-driven, holistic security approach to keep pace with the rapid changes in attackers’ tactics, techniques and procedures (TTPs).”

According to Verisign’s “2015 Cyber Threats and Trends: What You Need to Know to Protect Your Data,” the top cyberrisks from 2014 and the first half of 2015 came from:



Some MSPs view the cloud as children regard a dark place – it’s scary. But scary as it may seem, every MSP needs some kind of cloud strategy.

To be fair, plenty of MSPs have successfully added cloud services and, in the process, reinvented themselves as well-rounded managed IT service providers. They realized that adding cloud solutions is a logical and necessary step.

“I see cloud as a delivery mechanism for managed services,” says MSPAlliance CEO Charles Weaver. As an MSP, he points out, you don’t have to change billing practices or radically alter your business model when adding cloud offerings. Rather, you are adding services that complement what you already do.



Monday, 17 August 2015 00:00

Are We Heading for Storage Armageddon?

Many of us remember those old computer messages that no more storage space was available on the hard drive. The user had no choice but to offload some data or spend some hours going through the files finding material that could be deleted. Enterprise users will also recall the fondness some storage administrators had for sending out those “You have exceeded your storage quota” notices. Fortunately, the size of today’s hard disk drives (HDDs) seems to have brought about a virtual disappearance of such unwelcome communications.

But what about the storage world as a whole? We are merrily merely packing information onto digital storage from every conceivable angle. Mobile phones, big data, the cloud, tablets, the internet of things (IoT), analytics and more are gobbling up available storage capacity at an alarming rate.

Could we reach the point where there is simply nowhere left to put all this data? In other words, could we arrive at Storage Armageddon or Stor-mageddon?



Hacktivists, cyber criminals and other threat factors are radically changing the way enterprises handle information security.

No longer just an IT issue, security is an urgent, strategic business concern. Customers are worried and looking for answers – and that means new opportunities for partners to sell Citrix networking solutions including NetScaler and CloudBridge.

The rapid growth of mobile and cloud environments, and their unique security issues, increase the revenue potential of these solutions.



Cloud service providers have a lot to celebrate – since 2011, adoption of software as a service has more than quintupled from 13 percent to 72 percent in 2014. The growth of services such as cloud-based file sharing is driven by startups for which the cloud is the great equalizer – allowing startups to use tools and applications usually restricted to companies with deeper pockets.

In fact, a survey done by Rackspace on the economic impact of the cloud found that a quarter of medium- and small-scale businesses surveyed experienced an increase in profits from 25 percent to 75 percent by moving to the cloud. 84 percent of businesses were also able to increase their investment back into the company by 50 percent.

While these are no doubt fantastic numbers, there are still many out there that are concerned about the security of the data in transit. Despite the fact that most clouds have very robust security features, many companies will be hesitant to part with (the locality of) their data. You, as an MSP offering cloud-based file sharing need to be prepared to clear up any doubts that companies might have. Next time you are meeting up with a prospective client, consider asking them the following questions:



Better than any report on the federal government’s “critical skills gap,” the cybertheft of 22 million federal personnel records demonstrates Uncle Sam’s need for cyber experts.

They did, but too late. Most of them were already committed to private industry.

That illustrates one reason cybersecurity, or more accurately cyber-insecurity as shown by the Office of Personnel Management data breach, remains on the Government Accountability Office’s 2015 high-risk list. “Although steps have been taken to close critical skills gaps in the cybersecurity area,” GAO says, “it remains an ongoing problem and additional efforts are needed to address this issue government-wide.”



Monday, 17 August 2015 00:00

Cybersecurity: Fix It or Die?

Two of the largest hacking conferences, Black Hat and DEF CON, highlighted some of the scariest vulnerabilities in cyberattacks today. From hacking a Wi-Fi connected rifle, a Tesla electric car, a Brinks safe and an electric skateboard, there seemed no end to the demonstrations of what a hacker can do.

From unlocking cars and opening garages to hacking a satellite, the breach demonstrations made a clear point about cyberattacks: They are very real and can be very dangerous.

Although content database hacking is still of concern, as seen shown by the Pentagon's recent hacking of nonclassified emails, there seems to be a more dangerous and lethal capability now being demonstrated in our increasingly device-connected world. Gartner projects 25 billion connected vehicles will be in use by 2020, and a recent HP study shows that more than 70 percent of Internet of Things (IoT) devices have vulnerabilities that can be exploited.



What's a lifeline service? In the telecom industry, we used to say landline voice was such a service, but that's certainly no longer the case. Mobile or broadband Internet? To many people, those services seem like lifelines.

What about electricity, nuclear power, other forms of energy like oil and gas? Or transportation systems -- highways, railways and airline networks? And don't forget public safety -- everything from the local first responders to national homeland security and border management. There's little argument that all of the above are lifeline services as much as any telecom service is.

Yet, despite the extreme importance of these services, some of the world's critical infrastructure for enabling these lifeline services could be at risk for potentially devastating cyber security attacks. We aren't necessarily talking about hacker schemes targeting the IT systems of the companies operating this infrastructure the way Target and Sony have suffered embarrassing breaches.



Friday, 14 August 2015 00:00

Wear and tear of SSDs

Unlike traditional hard drives, data in SSDs are not stored on a magnetic surface but inside flash memory chips (NAND flash). By design, an SSD is made by a motherboard, few memory chips (depending on the size in GB of the drive) and a controller that controls all the operations.

The memory of SSDs is a non-volatile memory, in other words, it’s able to retain data even without power. We can imagine the data stored in the NAND flash chips as an electric charge preserved in each cell. With that in mind, the question arises: how long is the lifespan of an SSD?



Have you thought about where your data is at greatest risk? If you haven’t, you should, because where that risk lies may surprise you.

Bromium, a global enterprise security company, asked Black Hat attendees about the state of security, querying them about security trends, the security of Windows 10, and where to find the source of the worst security risks. The answer to that last question wasn’t the network or the cloud. Fifty-five percent of the 100 respondents said endpoints are the security risk they are most concerned about (compared to 27 percent who cited insider threats and 9 percent for both the cloud and the network).

What makes endpoints such a security risk? According to the survey, “humans are just one element that makes the endpoint the source of the greatest security risk. Another major factor is vulnerable software.”



Scope creep can be disastrous to a managed service provider delivering cloud-based file sharing -- and is one of the major reasons why a service level agreement is so imperative. Scope creep can occur either due to internal or external drivers, but either way it is almost always detrimental to the system as a whole.

Understanding how scope creep happens and how you can manage it can help you keep your cloud projects on track and under control while still keeping your clients happy.



AUSTIN, Texas – Texans will have the opportunity to assist with the state’s disaster recovery from the severe storms, tornadoes, and flooding that occurred from May 4 to June 22. Dozens of qualified Texans will be offered temporary jobs as local hires of the Federal Emergency Management Agency (FEMA) in its Austin, Denton, and Houston offices.

FEMA has partnered in this venture with the Texas Workforce Commission (TWC). Those interested may go to http://www.workintexas.com and create an account. Once logged in, click on “Search All Jobs” and type “FEMA” into the search bar.

Currently, there are several job categories posted:

  • Customer service
  • Logistics
  • Switchboard/Help desk
  • Project Specialist
  • Technical/Architecture/Engineering
  • Environment Restoration/Anthropologists/Biology/Historic Preservation

FEMA positions with detailed job descriptions will remain posted until the jobs are filled.

Candidates must be 18 years of age or older and must be a U.S. citizen. Qualified applications will be forwarded to FEMA staff, who will select candidates for interviews. Selected candidates should have a valid government identification card, such as a driver’s license or military ID. Candidates will be required to complete a background investigation, which includes finger printing, and additional ID, such as Social Security card, birth certificate or passport. The hiring process may take up to 15 days from the date of application.

FEMA is committed to employing a highly qualified workforce that reflects the diversity of our nation. All applicants will receive consideration without regard to race, color, national origin, sex, age, political affiliation, non-disqualifying physical handicap, sexual orientation, and any other non-merit factor. The federal government is an Equal Opportunity Employer.

More positions may be posted on the TWC webpage as the disaster recovery continues.

All are encouraged to visit https://www.fema.gov/disaster/4223 for news and information about this disaster.


All FEMA disaster assistance will be provided without discrimination on the grounds of race, color, sex (including sexual harassment), religion, national origin, age, disability, limited English proficiency, economic status, or retaliation. If you believe your civil rights are being violated, call 800-621-3362 or 800-462-7585(TTY/TDD).

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing This email address is being protected from spambots. You need JavaScript enabled to view it., or visiting SBA’s website at   www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

FEMA’s temporary housing assistance and grants for childcare, medical, dental expenses and/or funeral expenses do not require individuals to apply for an SBA loan. However, those who receive SBA loan applications must submit them to SBA to be eligible for assistance that covers personal property, transportation, vehicle repair or replacement, and moving and storage expenses.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing This email address is being protected from spambots. You need JavaScript enabled to view it., or visiting SBA’s website at   www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

FEMA’s temporary housing assistance and grants for childcare, medical, dental expenses and/or funeral expenses do not require individuals to apply for an SBA loan. However, those who receive SBA loan applications must submit them to SBA to be eligible for assistance that covers personal property, transportation, vehicle repair or replacement, and moving and storage expenses.

SAIPAN, CNMI – The government of the Commonwealth of the Northern Marianas (CNMI), the American Red Cross (ARC) and Federal Emergency Management Agency (FEMA) announced an expansion of enhanced resource assistance for Saipan residents affected by Typhoon Soudelor. Using FEMA supplies, the ARC, which has already provided assistance to some 3,000 residents, will make the aid available.

Residents already registered with the ARC and are considered to have the greatest need will be processed first, said the ARC’s Operations Director, Denise Everhart.

ARC has a list of more than 3,000 individuals who have called into the chapter looking for assistance and is calling those with greatest need to do one-on-one casework.  ARC will then supply Client assistance Cards with some money for fuel, phone, and laundry as well as tarps, water, buckets, hygiene supplies, food and other supplies.  This will be continued, until the list is complete.

If there are limiting factors, where people cannot get to the designated ARC Chapter, located at 1 Airport Road, please call the ARC at 670-234-3459, and the ARC will work with FEMA and CNMI to accommodate those individuals on a case-by-case basis.

“Working through the CNMI Government and the American Red Cross is the best and fastest way to get the basic life sustaining supplies into the hands of the residents of Saipan that need them most,” said FEMA’s Federal Coordinating Officer, Steve DeBlasio.

“These supplies will go a long way in allowing the government of CNMI and the rest of our federal and private sector partners to create solutions to problems.” DeBlasio also thanked the US Navy and the US Marine Corps for their assistance in supporting the humanitarian mission on Saipan, and praised the resilience and patience of the citizens of the CNMI.

Additional supplies to what FEMA already had on the ground in CNMI were transported from Guam on the USS Ashland last Saturday. That cargo contained generators of various sizes, as well as large amounts of food, drinking water, tents, and vital heavy equipment needed to move the larger generators. The USS Ashland is expected to off-load Guam Power Authority heavy equipment on Saipan this morning.This equipment will help to expedite the restoration of electrical infrastructure here in Saipan.

“The residents of Saipan have been resilient, patient, and extremely hospitable under very trying and austere circumstances,” DeBlasio said. “They deserve our thanks and our help.”

DeBlasio also encouraged disaster survivors on Saipan to continue to register for FEMA assistance by calling 1-800-621 FEMA (3362), adding that more than 2,500 households had already done so.

Last Updated: 
August 13, 2015 - 11:17
State/Tribal Government or Region: 
Friday, 14 August 2015 00:00

Regional Collaboration: Rural Style

Darrell Ruby is the regional coordinator for Washington State Homeland Security (HLS) Region 9 for Greater Spokane Emergency Management (GSEM) in Washington state. (This is not a Washington State Emergency Management Division position). Region 9 is composed of the 10 counties and three tribes of eastern Washington. His role is to support regional collaboration, coordination and an interagency approach to all-hazard emergency preparedness.

For more than 10 years, he has served GSEM in all phases of emergency management supporting planning, training, exercises, HLS grants and grant-related projects. He is a certified emergency manager, Incident Command System (ICS) trainer, has an undergraduate degree in construction science from Texas A&M University, a master’s degree in business, and remains active in the naval reserve as an explosive ordnance disposal officer. He responded to a series of questions about what makes a successful regional rural approach to emergency management.



Traditionally, disaster recovery has always been sold like “earthquake” insurance--like it’s only for natural disasters. The reality is that 75% of downtime is the result of human error--completely unrelated to natural disasters. This new reality puts businesses in a precarious position as they don’t have any way to mitigate the effects of system downtime.

Consequently, IT failures have increased in frequency, becoming more the status quo than the anomaly. And, unfortunately, these failures cost 80% of SMBs at least $20,000 per hour (source: IDC). That said, downtime costs vary significantly within industries, especially due to the different types of downtime. A failure of a critical application can lead to a few types of losses:



The cyber insurance market for small- to mid-sized companies is much friendlier than the market for larger insureds, according to the findings of an annual survey just released by Betterley Risk Consultants.

The Cyber/Privacy Insurance Market Survey 2015 notes that there are many insurance products competing for the business of small and mid-sized (SME) organizations.

Brokers are actively selling cyber policies to their SME insureds, and more are buying than ever before, as they realize the potential for liability, breach and response costs, arising out of the possession of private data.



If FDE and FLE sound like twins to you, you could be on the right track for a comprehensive approach to keeping your data confidential. Indeed, FDE (full disk encryption) and FLE (file level encryption) both have security advantages to offer on their own – and even more when they are used together. Conversely, this means that neither encryption approach replaces the other. In particular, FDE protects data at rest on a PC hard disk, for example, whereas FLE protects data in motion, as in files that are being transferred or copied to other systems. Both can benefit from paying attention to the following.



As if to reiterate recent reports on small to midsize business (SMB) security issues, CompTIA recently released findings from its latest report, which found that in the digital age, security has become a huge concern.

Not surprising is the fact that SMBs have recognized the need to find new, technology-based ways to reach their customer bases. Along with embracing new technology, though, have come troubling issues with a lack of budget and staff to back up the new tech with a strong security plan. As CompTIA’s VP of Member Communities, Jim Hamilton, told ARN, SMBs are seeking ways to gain technology and implement security on the cheap:

“Without an abundance of capital to invest in technology initiatives, many firms seek the best value or the lowest cost option. [They are] choosing to handle technology issues internally using employees who may be tech savvy but actually hold other jobs such as sales or accounting.”



Eighty-one percent of MSPs deliver some level of security to clients, according to CompTIA. But how good are MSPs at addressing the human factor?

IBM estimates human error contributes to at least 95 percent of security incidents, while Verizon has concluded mistakes by internal staff, especially administrators, were “prime actors” in more than 60 percent of incidents. While most of those insider threats result from negligence rather than malice, the outcome is the same – a vulnerable IT environment.



Doing Business in a Big Data World

Big Data — Will it supercharge the economy, and revolutionize how companies compete? Will it tyrannize us all, as governments and businesses track and anticipate our every move? Or is it all just hype?

In Digital Exhaust, leading digital expert Dale Neef cuts through the breathless enthusiasm and dystopic sci-fi visions, placing Big Data in a realistic context that reflects the larger technological and economic processes that are changing our world.

Neef explains how Big Data works, what can be done with it, and what it all really means. Neef shows how an emerging Big Data-intelligence complex is innovating at a pace that is increasingly difficult to absorb or regulate. Then he assesses the implications: not just for civil liberties and personal privacy, but for businesses, the economy, law, and even geopolitics.



Thursday, 13 August 2015 00:00

Changes to the Core of the Enterprise

“The times they are a changing” would make a good theme for the enterprise these days. In virtually every aspect, organizations across the board are transforming into digital entities and are rapidly discovering the challenges and opportunities that this change represents.

Some may argue that the enterprise has always been changing, from the introduction of the first mainframe to the cloud, but by and large this was a change to enterprise technology. The hardware and software changed, but these were almost always aimed at improving traditional processes and workflows that had existed in their basic forms for decades.

The difference today is that technological change is producing fundamental, functional change in the enterprise and driving an entirely new economic model in the process.



(TNS) - The automated communication system designed to "quickly and directly send messages" to Naperville, Ill., residents and keep them informed during emergencies apparently failed Monday morning, during a police manhunt for two robbery suspects.

The Naper Notify Mass Notification System "may have malfunctioned" and failed to alert at least some residents to the robbery, and the hours-long police search of their neighborhoods, Naperville police Cmdr. Lou Cammiso confirmed late Monday afternoon. Police "did not know that at the time, and are trying to determine what the malfunction was," Cammiso said in an email.

Police set up a perimeter and began a house-to-house search following a Monday morning robbery. Two men fled from the apparent getaway car police were trying to stop on Thornapple Drive just south of Aurora Avenue, a block or two east of the police station.



(TNS) -- The National Science Foundation has awarded Oklahoma State University and three partner universities $6 million to develop an integrated unmanned aircraft system to improve weather forecasting through the study of atmospheric physics.

The four-year grant will support the collaboration of researchers from OSU and the universities of Oklahoma, Nebraska and Kentucky.

The project’s goal is the development of small, affordable unmanned systems to be used by government and university scientists and private companies to expand the understanding of atmospheric conditions and improve weather forecasting.



Everyone wants to do more with less. In the data center, this means increasing the data load while reducing hardware, infrastructure, management and power consumption.

While most of these items are achievable with virtualization and automation, the power equation is a bit trickier, if only because most people outside the industry fail to appreciate the connection between the data services they demand and the energy it takes to provide them. Even if systems are more efficient, at the end of the day, the data center industry is still consuming steadily more power.

Admittedly, part of this is due to lack of participation from the data center industry. As a recent survey from IDC pointed out, the bread-and-butter enterprise still has not jumped on the energy efficiency bandwagon like the web-scale industry has. Simple economics plays a big part in this equation: Large-scale facilities have to drive efficiency to new levels lest their energy budgets crash the entire business model. As well, standard enterprises often have lower utilization rates in order to protect critical apps and services, whereas large cloud providers are more adept at shifting loads should key components go dark.



As IT organizations begin to routinely collect massive amounts of data, deciding who inside the organization should have access to that information is becoming a thorny issue. Business analysts often want to compare and contrast random sets of data in the hopes of discovering new patterns and insights regardless of the sensitivity of the data. This often puts them at loggerheads with IT organizations that have long been responsible for overseeing data management.

To reduce that friction, Paxata, a provider of a data preparation platform that runs on top of Apache Spark clusters, has added two-factor governance tools to the Paxata Summer '15 release of its adaptive data preparation platform, which provides data administrators with control over all functional permissions, such as who can perform what types of tasks, while resource permissions over who has access to data sets and projects can be set by analysts.



(TNS) - Local emergency managers agree that a recent New Yorker article was more than a little over the top in implying that everything west of Interstate 5 will be “toast” after the next Cascadia megaquake hits the Pacific Northwest.

While the region’s infrastructure will be in tatters, most newer buildings should ride out the shaking fairly well. But engineers and civic leaders have known for decades that one type of structure will, indeed, be reduced to rubble: old brick buildings.

From corner groceries to churches, offices and multistory apartment blocks, thousands of these seismic death traps are scattered through neighborhoods in Seattle, Tacoma, Portland and other Northwest cities.

Yet little has been done to require owners to retrofit or even warn occupants that the walls around them are likely to collapse in a major quake.



Rogue drone operators are rapidly becoming a national nuisance, invading sensitive airspace and private property — with the regulators of the nation’s skies largely powerless to stop them.

In recent days, drones have smuggled drugs into an Ohio prison, smashed against a Cincinnati skyscraper, impeded efforts to fight wildfires in California and nearly collided with three airliners over New York City.

Earlier this summer, a runaway two-pound drone struck a woman at a gay pride parade in Seattle, knocking her unconscious. In Albuquerque, a drone buzzed into a crowd at an outdoor festival, injuring a bystander. In Tampa, a drone reportedly stalked a woman outside a downtown bar before crashing into her car.



(TNS) -- As the camera attached to its underbelly snapped pictures, the drone glided a few hundred feet above the quiet, tree-lined suburban streets of North Coventry Township.

It was tracing the path of a killer, investigators say.

Chester County, Pa., prosecutors are hoping the images captured by the unmanned device, driven by four propellers and weighing less than a half-gallon of milk, will help prove that a man arrested last month carefully planned his fatal attack on a rival who was involved with his ex-girlfriend.

As an alternative to costly helicopter reconnaissance flights, the county says, the craft that it bought last fall for $1,800 is saving taxpayers thousands of dollars.

Drones such as this one are becoming ever more popular across the nation for investigative and other purposes, with industry officials projecting that 20,000 will be purchased annually by public-safety agencies by 2025.

They also have stoked privacy concerns.



Geary Sikich looks at the subject of collateral risk and shows how the concept can be used in risk management processes.


The Law Dictionary defines collateral risk as:

The risk of loss arising from errors in the nature, quantity, pricing, or characteristics of collateral securing a transaction with credit risk.  Institutions that actively accept and deliver collateral and are unable to manage the process accurately are susceptible to loss.  A subcategory of process risk.

The military defines collateral risk in terms of ‘risk to mission’ as depicted in figure one below:



This paper by Jim Burtles, Hon. FBCI, is an attempt to bring a simple but effective and comprehensive approach to the development and delivery of business continuity solutions. It is the third article in a series where we are publishing the short listed entries in the Continuity Central Business Continuity Paper of the Year competition.

Some forty years of experience have led me to the conclusion that it is important to have a broad understanding of what we are trying to achieve right from the start of any business continuity development program. A broad understanding does not require a detailed set of objectives, pre-determined procedures or specific deliverables; such a cumbersome short-sighted approach usually leads to a solution which appears to meet the prescribed parameters rather than one that solves the actual problem or provides adequate protection. I suggest that we should try to base our approach upon a generic, but comprehensive, model that shows which areas should be considered and covered by our plans and procedures.

Whenever we are trying to develop our ideas and understanding of any practical subject it is more reliable and effective to work from a basic concept which we can visualise and remember. Simple pictures and basic shapes are more powerful starting points than strings of words which can soon lose their meaning and relevance as the project moves forward and the detail begins to reveal itself. For this reason I have based my hypothesis upon a hexagon, a simple six-sided figure which is easy to remember and visualise.

Business continuity is a relatively modern management discipline, derived in the 1980s from disaster recovery which only began in the mid-1970s. Consequently, it is still evolving and refining its language, concepts and techniques in order to match an ever-changing business environment. This steady advance requires, and includes, the definition and refinement of a generally accepted code of good practice together with an agreed terminology which can be used to form the basis of relevant standards, regulations and guidelines. We are slowly acquiring a common body of knowledge, experience and information which supports the ongoing development and expansion that is happening within a number of disparate and often unconnected schools of thought.



Like a medical examination, the result of penetration testing to assess your organisation’s IT security is technically only valid at the moment it is performed. Independently of how thorough such ‘pen tests’ are, the context in which they are performed changes on a frequent basis. IT hardware and software vendors release new versions and patches of firmware, operating systems and applications. Hackers invent new attack vectors. Employees come and go, and business partners and suppliers, with whom you collaborate and share information, change too. If the business and IT environment fluctuates so much, why then is it still important to do penetration testing?



Tuesday, 11 August 2015 00:00

Even Security Companies Get Breached

We depend on security companies for several things. First and foremost, to provide the software and tools that help keep our own networks and data secure. Second, to be the front line of the latest security issues; while we may only know some companies by their AV software, most are also involved in research and detection of new vulnerabilities and malware. Third, we expect them to be the shining example of how good security is done.

So what happens when the security companies are the victim?

In July, the announcement came that Bitdefender suffered a data breach, in which a small number of customer usernames and passwords were compromised. According to eSecurity Planet, the breach was caused by human error and outdated software. The article also pointed out that those responsible for the hack are using blackmail – wanting a ransom for the customer data or it gets released (which was done a day or two after the threat).



(TNS) - Each day, freight trains slice through the center of the city at a swift 70 miles an hour, carrying industry goods eastward and westward. With the explosion of heavy train traffic stemming from the Permian Basin oil boom, the threat of rail-related accidents looms larger.

Earlier this summer, a freight train slipped off its tracks in Odessa. Ten rail cars carrying hydraulic fracturing sand derailed and fell sideways along the track. About a week ago, Midland County Fire Marshal Dale Little saw the derailed cars still belly-up, causing him to ask the critical question: “What if that had been oil or a chemical?”

Throughout the past 10 years, 109 hazmat-carrying train cars have been involved in accidents, according to data rail lines report to the Federal Railroad Administration. In that same period, five instances of derailments have been reported inside Ector County. To the east, in Howard County, 54 cars carrying hazardous materials have been involved in accidents with six instances of derailments in the last decade, according to federal data.



Machine learning is all about algorithms. It’s been used to spot fraud by the financial industry and is supposed to predict behaviors of users.

So how does machine learning intersect with IT security?

“Machine learning is the technology that underpins analytics in security,” says Travis Greene, Identity Solutions strategist at NetIQ, the security portfolio of Micro Focus. “Analytics is the distillation of data or statistics (in this case, security events) into meaningful information that is used for better decision making.”

Analytics, Greene goes on to say, is differentiated from reports, which are typically a graphical representation of data without an identification of trends, abnormalities, predictions or scoring, which analytics provides.



With all of the high-profile data breaches occurring across the spectrum of industries over the last few years, enterprises are no longer in the dark as to the dangers lurking in the digital world. However, awareness of the problem is not the same as prevention. For managed service providers (MSPs), preventing security breaches in cloud data storage and cloud-based file sharing may mean collaborating for a better understanding of how to keep ahead of  the hackers.

In nearly every industry, there have been laws passed or regulations put in place that act to help organizations to keep their sensitive data and information safe from unwanted eyes. But, is it enough? One could argue that these laws and regulations only provide the explicit, transcribed details for what malicious parties will be up against. For many hackers, it’s as if their homework has been done for them.



(TNS) - On Aug. 29, it will have been a decade.

A decade since Katrina hit New Orleans.

Ten years have passed. Although it seems much longer.

And no time at all. The waters have receded. The refrigerators and their fetid contents have been carted away. The dead have been buried.

The mold has been conquered. For the most part. New Orleans is back. Better than ever.

But Katrina is still a presence here. The one watermark that cannot be scrubbed away. The line that divides New Orleans into pre- and post-hurricane. Post-Katrina is different. For the locals. For the visitors, too.



Tuesday, 11 August 2015 00:00

Is the Hard Disk Past Its Prime?

People have been calling for an end to the spinning disk drive for quite a while, but is it possible that it could actually come to pass over the next few years?

The history of technology innovation argues against it. Rarely does something new come along that pushes the old way into extinction – broadcast TV is still with us, as are trains, and the postal system still delivers the odd hand-written letter.

But when it comes to the disk drive, it is getting harder and harder to make a case for its continued deployment in either enterprise or consumer settings, even for long-term, archival applications. It’s not just that solid state solutions are faster and more flexible than disk, but they are becoming increasingly suited to the types of modular infrastructure that is currently finding favor in both the cloud and the enterprise, not to mention being more conducive to the distributed resource and application environments that are driving the new economy.



Tuesday, 11 August 2015 00:00

The Study of Risk and Uncertainty

I’ve been reviewing any number of books on risk, trying to find texts that resonate for teaching enterprise risk management to undergraduates this fall.  The fact of the matter is that most books on risk are written either by academics whose primary expertise is in some ancillary area of study, whose authors often lack experience in having made risk-related decisions in the organizational environment; or by analysts from the financial sector, who focus primarily on financial or compliance risk.  As a result, there is usually no broader context into which the practice of risk management is placed.  I want more for my students, so they will be reading from more than one book, then reading also a range of white papers and articles.

I will be using excerpts from Peter L. Bernstein’s non-textbook, called Against the Gods: The Remarkable Story of Risk because he tells the story of risk and probability theory through the centuries with clarity and color.  “The revolutionary idea that defines the boundary between modern times and the past is the mastery of risk: the notion that the future is more than a whim of the gods and that men and women are not passive before nature.  Until human beings discovered a way across that boundary, the future was a mirror of the past or the murky domain of oracles and soothsayers who held a monopoly over knowledge of anticipated events.” (Introduction, p.1)



The first payments are being made to policyholders taking part in the Federal Emergency Management Agency’s (FEMA) Hurricane Sandy Claims Review, the agency announced today.

The payments represent additional funds owed to National Flood Insurance Program (NFIP) policyholders who filed flood insurance claims after Hurricane Sandy in 2012.

“We want to ensure our policyholders are paid what they are owed under their policies. This claims review gives us a chance to take another look,” said Roy Wright, Deputy Associate Administrator for FEMA’s Federal Insurance and Mitigation Administration. “I encourage policyholders to request a review if they believe their Hurricane Sandy claim was underpaid for any reason.”

In May 2015, FEMA began contacting 142,000 NFIP policyholders who filed claims resulting from Hurricane Sandy, offering to review their claim files. To date, more than 10,000 policyholders have entered the process. FEMA authorized the insurance companies writing NFIP policies to make the first additional payments to policyholders whose claims have been reviewed through this process.

The deadline to request a review is Sept. 15, 2015. After initial request, the entire process usually takes around 90 days to complete.

To be eligible for the review, policyholders must have experienced flood damage between Oct. 27, 2012 and Nov. 6, 2012 as a result of Hurricane Sandy. Policyholders may call the NFIP’s Hurricane Sandy claims center at 866-337-4262 to request a review. Before contacting the claims center, policyholders are asked to have their flood insurance carrier name and policy number at hand.

Alternately, policyholders can go online to download a form requesting a review. The downloaded form may be filled out and emailed to This email address is being protected from spambots. You need JavaScript enabled to view it. to start the review process. 

For individuals who are deaf, hard of hearing, or have a speech disability and use 711 or VRS, please call 866-337-4262.  For individuals using a TTY, please call 800-462-7585 to begin the review process.

The Sandy claims review process is designed to be simple for the policyholder, and does not require paid legal assistance. Several nonprofit service providers are ready to offer free advice and answer questions policyholders may have. A list of these advocacy groups can be found on the claims review web page.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

Monday, 10 August 2015 00:00

Shadow IT: Worse Than We Thought

The enterprise has many reasons to convert legacy infrastructure into a private cloud: lower costs, greater flexibility and scalability. These are all perfectly valid reasons, but it seems that a key driver is the rise of shadow IT.

According to new research from Cisco, shadow IT (and I’m still waiting for someone to print the obvious acronym here) is much worse than previously suspected. A recent survey of data users showed that the use of unauthorized applications is 15 to 20 times higher than what many CIOs believe. On average, the report states, IT departments estimate their companies utilize about 50 cloud services while in fact the number is 730. And the discrepancy between reality and perception is growing quickly: One year ago, it was 7x, within six months it had jumped to 10x. At this rate, the number of shadow apps could top 1,000 for the average enterprise by the end of the year.



(TNS) — An active shooter in a school — it’s everyone’s worst nightmare.

And, lately, FBI statistics show, it has been happening more often. A generic scenario goes something like this:

The shooter enters the building through the front doors and moves through the lobby. He — because FBI data show it’s almost always a he — is looking for targets. In the lobby he fires off a couple of shots.

Panic ensues.

People run for cover, and teachers work to follow practiced safety drills. Everyone is screaming and many are calling 911.

Meanwhile, the shooter moves to another floor, or another building, looking for more people to terrorize.

More often than not — in 67 percent of cases — the incident is over before police are able to engage the shooter.

That means every minute matters.



(TNS) - The likelihood of a below-average hurricane season is even higher than what forecasters first predicted in May, but whether the sluggish forecast and Florida’s 10-year lull signals a permanent shift in weather patterns is doubtful.

An updated storm forecast released Thursday by NOAA’s Climate Prediction Center upped the chances of a quieter than normal 2015 Atlantic hurricane season to 90 percent — the highest confidence level given since seasonal hurricane outlooks were first issued in 1998 and an increase from the previous 70 percent prediction.

The new report, which was timed to coincide with the beginning of the more active storm months of August through October, also reduced the number of storms expected this season. Overall, six to 10 named storms are forecast, down from May’s 6 to 11.



Monday, 10 August 2015 00:00

Top Ten Ways to Use OpenStack for Storage

In the first article in this series, we explained what OpenStack is. Now we are following it up with some tips for those thinking about implementing it for specific tasks. Here are ten popular ways to use this open source cloud computing software for storage purposes:



Monday, 10 August 2015 00:00

BCI: The value of standards

The value of standards

There have been many standards produced that support the work we do – ISO22301 on business continuity management, BS65000 on organizational resilience and ISO22317 on business impact analysis. But what are these standards for, what do they achieve and what value can we place on them?

BSI note, in their latest report, The economic contribution of standards to the UK economy, that "the development of standards is driven by a demand from industry" and "help to solve fundamental process, organisational and technical problems, which if left unresolved, could result in inefficient market functioning and poor economic outcomes." Or, to put it another way, they make our organizations more streamlined and therefore more efficient.

But can you actually put a value on this? Yes, according to the report which was based on independent research conducted by the Centre for Economics and Business Research (Cebr), whose analysis found a positive and significant contribution of standards to productivity – supporting 37.4% of annual labour productivity growth in the UK economy over the period 1921 to 2013, which translates into approximately 28.4% of annual GDP growth. To put an actual monetary figure on that, standardization at a national level would be associated with approximately £8.2 billion of the £29.0 billion of GDP growth recorded in 2013 (2014 prices).

That's quite an extraordinary finding, so if your business continuity management programme is not currently aligned to ISO22301 then you might want to consider doing so. And where better to start than reading through the Business Continuity Institute's Good Practice Guidelines that are fully aligned to the standard.

The report does note that standards do not boost productivity growth exclusively. Instead standards have a symbiotic and complementary role in driving productivity along with other factors such as improvements to education and advancements in technology. Standards support productivity growth through a variety of mechanisms such as by enhancing organisational efficiency, boosting trade and facilitating innovation.

The survey also highlighted the existing capacity of businesses to become more involved in the standards development process. Over two-thirds (68%) of businesses surveyed were not involved in the standards development process, yet the evidence showed that participating in developing standards makes it more likely that a company experiences benefits from using standards. Those who reported they are highly involved in the standards development process are the most likely to report that they experience a net benefit from standards.

Members of the BCI play an important role in standards development with several of them on the relevant committees. You don't need to be on a committee to play a role however, you can also get involved by providing feedback when standards are in development and 'out for comment'. If you would like to get involved with this, then keep an eye out on our website and social media channels or by subscribing to our newsletter.

Monday, 10 August 2015 00:00

Your digital shadow

Many people move about daily through the Internet in a completely natural and uninhibited manner and make intensive use of the many opportunities that the World Wide Web has to offer. Nowadays it is almost always available thanks to the ever faster evolving technical possibilities and the number of devices that constantly communicate with the Internet is also ever increasing.

But it is not only devices but also such activities as have become standard use, which make the digital universe explode: emails, SMS, video files, MP3 music file downloads, online banking, cloud computing and, last but not least, interactivity through social media, all of them ensure that the amount of information that each individual consumes and produces, rapidly increases.



As one of the U.S.’s largest processors of payments, Heartland Payment Systems is teaming up with emaginePOS to offer a cloud-based POS system integrated with Heartland Secure payment processing for small to midsize businesses (SMBs).

Through its Heartland Commerce venture, Heartland is helping SMBs strengthen their business operations by providing highly secure credit and debit card payment processing solutions. By adding the emaginePOS system, a whole new world of POS security and flexibility is opened up for SMBs. The emaginePOS cloud-based system “runs on virtually any hardware platform,” which will allow restaurants and retailers to integrate the system with their current touchscreen workstations, iPads and other tablets.

As one of the big players in the payments industry, Heartland offers many perks to software developers with whom they do business. As Heartland CEO Robert Carr explained in a statement:



I know a number of people who wear fitness trackers or other wearable devices because their employers’ health insurance either offers incentives for doing so or, in at least one case, requires they wear them.

In any case, wearables and apps that monitor our health have entered the workplace. Perhaps your company is one of those that use such a device or app. If so, what is being done to protect the data transmitted via these devices and apps? While this may seem more like an HR issue for now, the management of wearable devices needs to transfer to the IT and security departments (if it hasn’t already). The reason is simple: Employees are worried about security and privacy. According to a survey by Healthline, nearly half of respondents (45 percent) expressed serious concern about hackers gaining access to their medical information, and that concern is spread over a variety of devices. 



By Ben J. Carnevale

Cloud computing remains a strong topic of interest for organizations big and small. And, as with many topics and developing technologies concerned with use of the internet, risk management and cyber-security preparedness teams struggle to keep up with the terminology and risk mitigation strategies needed in order to make cloud technologies work successfully and effectively for your organization.

To help that process along, our staff has recommended adding a recent article dealing with “cloud computing terms you need to know” to your organization’s information security and preparedness reading library.

Friday, 07 August 2015 00:00

3 Step Cloud Onboarding Plan

The cloud can be intimidating for companies. Many business leaders and even IT professionals don’t know what impact cloud-based file sharing will have on their business, what the risks are and whether it will add another layer of complexity to their organization.

When they do decide to adopt the cloud, many businesses are ready to jump in head first, but that doesn’t mean you should let them. It also doesn’t mean their initial concerns have been completely washed away.

Before any cloud implementation, MSPs should prepare their client, and themselves, for the project ahead. To do so, there are a few things you need to educate your client on, a few things you need to ask your client and a few things you should both agree on before getting started.



(TNS) - A consolidated 911 center in Richmond County is one step closer to becoming a reality.

County Manager Rick Sago announced Tuesday night that the county was awarded a $6.3 million grant to build the center.

Richmond — one of three counties awarded — received the lion’s share of the $9.9 million available this year from the N.C. 911 Board. Graham and Hyde counties also received grants.

The funding for the grants comes from the 911 surcharge assessed on wireless phones, said Richmond County Director of Emergency Management Donna Wright.

The new center will consolidate the current Richmond County 911 center with the dispatch desks of the Richmond County Sheriff’s Office and Rockingham and Hamlet police departments.



With nearly 28 years of experience with the Lexington Division of Police and 15 months as director of Lexington Enhanced 911, I’ve seen the realities of next-generation public safety communications — what it can be and what it should be.

You can’t go 60 seconds in a conversation about public safety communications without someone using the word “interoperability.” Plus, the number of interpretations — and misinterpretations — of what it actually means is directly related to the number of participants in the conversation. That’s because “interoperability” means something different to the industry’s many facets.

One commonality, however, is that regardless of how the term is used, interoperability is vital to realizing the true potential of next-generation public safety communications and how we can better protect lives. But in order to realize that potential, everyone who has even a cursory stake in public safety operations should be aware of the breadth and impact of interoperability in each of its expressions, chief among them network and component considerations.



Thursday, 06 August 2015 00:00

The Future Economy of Continuity

The future is automation, business processes automated, IT systems automated but where does that leave us humans in the equation of the automated world? And will there be sufficient job positions to counteract the imbalance of jobs moving to an automated cycle? The answer lies within our economy and heads of organisations. For a business to progress and effectively make their margins and profits every year involves many factors and the biggest factor is the expense of paying employees.



I ran into an interesting article in the Harvard Business Review this week that points to what may be a huge mistake management and IT are regularly making: Holding IT responsible for data quality. The author, Thomas C. Redman, wrote back in 2012 that you need to get responsibility for data the heck out of the IT department and put it someplace where the authority exists to assure the result. You see, line organizations collect and use the data, are far closer to the source, and have a far better understanding of what it means and how it is going to be used. This means that line organizations should own the responsibility for the data they use because they are generally closer to it, understand it more deeply, and will be the most impacted by the data quality.

Line also typically owns the budget to fund any data acquisition and analytics effort and thus is more likely to fund the effort fully. It appears that large companies and IT organizations often make the most foolish of management decisions, having the people that are responsible for something not have any real authority over it.



Thursday, 06 August 2015 00:00

Big Infrastructure, then Big Data

Big Data is turning into a big driver of enterprise infrastructure deployment, but this begs the question: Since so little is known about Big Data and how it can be used, can we make any firm decisions about how to support it with existing technology?

According to a recent study by market tracking firm SteelBrick, 72 percent of high-tech providers are reporting increased sales volumes due to Big Data, and more than 40 percent report accelerating sales cycles, in some cases from more than a year to as low as three months. This means that not only is more product moving off the shelf, but also buyers are upgrading legacy systems at a faster pace. The results spanned virtually the entire enterprise data spectrum, from basic infrastructure to cloud computing and software-as-a-service. If these trends continue, expect demand to soon outstrip supply, says SteelBrick CEO Godard Abel, which inevitably leads to product shortages and rising costs.



Thinking about the day your business is destroyed from a natural disaster is about as fun as thinking about cleaning up the Christmas tree needles come Valentines day when you finally decide to take the tree down. However, like life insurance, it’s something important to think about, and plan for, or you could end up in a lot of trouble.

In the infographic below, we break down common disasters that can happen to a business, their potential costs, and give some great ideas on how to to plan for them.

A recent article in the New Yorker magazine about the Cascadia Earthquake threat received a great amount of attention in the popular press. Multiple news organizations have profiled the story and sought to bring it home convincingly to their audiences. The question is: Will anything really change?

Six months or a year from now will the building codes be revised? Will landlords owning unreinforced masonry buildings — those that are most likely to pancake in an earthquake — be required to retrofit these buildings to address this public safety issue? Will more than a smattering of individuals or families have taken action to become more personally prepared?

As someone who has worked on earthquake and disaster planning for years, I think not — for a variety of reasons. Any reasonable person might make the assumption that given all this geological history that is well documented will motivate people and organizations to change their behaviors.



I continue my exploration of the use of social media in your Foreign Corrupt Practices Act (FCPA) compliance program today. One of the ways that Chief Compliance Officers (CCOs) and compliance practitioners can communicate about their compliance programs is through the use of the social media tool Twitter. In an article in the Summer issue of the MIT Sloan Management Review, entitled “How Twitter Users Can Generate Better Ideas”, authors Salvatore Parise, Eoin Whelan and Steve Todd postulated that “New research suggests that employees with a diverse Twitter network – one that exposes them to people and ideas they don’t already know – tend to generate better ideas.” Their research led them to three interesting findings: (1) “Overall, employees who used Twitter had better ideas than those who didn’t.”; (2) In particular, there was a link between the amount of diversity in employees’ “Twitter networks and the quality of their ideas.”; and (3) Twitter users who combined idea scouting and idea connecting were the most innovative.

I do not think the first point is too controversial or even insightful as it simply confirms that persons who tend have greater curiosity tend to be more innovative. The logic is fairly straightforward, as the authors note, “Good ideas emerge when new information received is combined with what a person already knows.” In today’s digitally connected world, the amount of information in almost any area is significant. What the authors were able to conclude is that through the use of Twitter, “the potential for accessing a divergent set of ideas is greater.”



Wednesday, 05 August 2015 00:00

Instill an Appetite Cognizant of Risk

The time has come for a firm to find a solution to financial perils, as shown by the frequency and severity of the recent financial disasters.  Wouldn’t it be nice if a firm has a system that “physiologically or automatically” predisposes its stakeholders to respond coherently and timely before it is trapped into a financial hole?  This paper describes the methodology for creating such a system.

The Need for Risk Appetite

If a firm lets the feelings or emotions of its decision makers decide how much risk they should take, they would likely miss the mark.  Yet, rogue traders doubled their bets on the way down, institutions took risks that exceeded their capital, and firms failed due insufficient liquidity.  Often, these debacles are caused by the institutions’ lack of clearly defined risk appetites, or failure to adhere to them.



Heavy June rains, high July nutrient runoff levels likely cause for increased size


Map showeing distribution of bottom-water dissolved oxygen from July 28 to August 3, west of the Mississippi River delta. Black lined areas — areas in red to deep red — have very little dissolved oxygen. (Data: Nancy Rabalais, LUMCON; R Eugene Turner, LSU. Credit: NOAA)

Map showing distribution of bottom-water dissolved oxygen from July 28 to August 3, west of the Mississippi River delta. Black lined areas — areas in red to deep red — have very little dissolved oxygen. (Data: Nancy Rabalais, LUMCON; R Eugene Turner, LSU. Credit: NOAA)

Scientists have found this year’s Gulf of Mexico dead zone — an area of low to no oxygen that can kill fish and marine life — is, at 6,474 square miles, above average in size and larger than forecast by NOAA in June. The larger than expected forecast was caused by heavy June rains throughout the Mississippi River watershed.

The measured size this year — an area about the size of Connecticut and Rhode Island combined — is larger than the 5,052 square miles measured last year, indicating that nutrients from the Mississippi River watershed are continuing to affect the nation’s coastal resources and habitats in the Gulf. The size is larger than the Gulf of Mexico / Mississippi River Watershed Nutrient Task Force (Hypoxia Task Force) target of 1,900 square miles.

“Dead zones,” also called hypoxia areas, are caused by nutrient runoff from agricultural and other human activities in the watershed and are highly affected by river discharge and nitrogen loads. These nutrients stimulate an overgrowth of algae that sinks, decomposes, and consumes the oxygen needed to support life in the Gulf. Dead zones are a major water quality issue with an estimated total of more than 550 occurring annually worldwide. The Gulf of Mexico dead zone is the second largest human-caused hypoxic area in the world.

“An average area was expected because the Mississippi River discharge levels and associated nutrient data from May indicated an average delivery of nutrients during this critical month which stimulates the fuel for the mid-summer dead zone,” said Nancy Rabalais, Ph.D. executive director of the Louisiana Universities Marine Consortium (LUMCON), who led the July 28 to Aug 3 survey cruise. A suite of NOAA-sponsored models forecasted a range of 4,633 to 5,985 square miles based on May nitrogen loading data provided by USGS. “Since the models are based largely on the May nitrogen loads from the Mississippi River, the heavy rains that came in June with additional nitrogen and even higher river discharges in July are the possible explanations for the larger size,” said Rabalais.

Funded by NOAA and the EPA, the annual measurement mapping of the dead zone provides a critical scientific record of the trend of hypoxia in the Gulf, as well as the primary measure of progress used by the Hypoxia Task Force to determine whether efforts to reduce nutrient loading upstream in the Mississippi River Basin are yielding results. This year marks the 30th annual ship-based sampling that is the backbone of the mapping effort.

“The importance of having continued and sustained coastal observations are foundational in helping us better understand the size and impacts of the Gulf dead zone. This information ultimately informs the best strategies to reduce the size and the impacts of the dead zone, which will help improve the sustainability and productivity of our coastal economy,” said Holly Bamford, Ph.D., assistant NOAA administrator for the National Ocean Service performing the duties of the assistant secretary of commerce for conservation and management.

“The annual ship-based sampling is the backbone of the mapping effort,” said Diane Altsman, chief of staff of the EPA Gulf of Mexico Program. “It is important for us to partner with NOAA on supporting the cruise this year to ensure that the Gulf of Mexico Hypoxia Task Force has the critical information needed to assess their progress in mitigating hypoxia, part of our effort to restore the Gulf coastal ecosystem.”

The largest previous Gulf of Mexico dead zone was in 2002, encompassing 8,497 square miles. The smallest recorded dead zone measured 15 square miles in 1988. The average size of the dead zone over the past five years has been about 5,500 square miles, nearly three times the 1,900 square mile goal set by the Hypoxia Task Force in 2001 and reaffirmed in 2008.

The hypoxic zone off the coast of Louisiana and Texas forms each summer threatening the ecosystem that supports valuable commercial and recreational Gulf fisheries. NOAA-funded research in the past decade shows hypoxia results in habitat loss, displacement of fish (including shrimp and croaker) from their preferred areas, and a decline in reproductive ability in some species.

Visit the Gulf Hypoxia web site for additional graphics and information concerning this summer’s LUMCON research cruise, and previous cruises.

NOAA’s National Ocean Service has been funding monitoring and research for the dead zone in the Gulf of Mexico since 1985 and currently oversees the NGOMEX program, the hypoxia research effort for the northern Gulf which is authorized by the Harmful Algal Bloom and Hypoxia Research and Control Act.

The National Centers for Coastal Ocean Science is the coastal science office for NOAA’s National Ocean Service.

NOAA’s mission is to understand and predict changes in the Earth's environment, from the depths of the ocean to the surface of the sun, and to conserve and manage our coastal and marine resources. Join us on FacebookTwitter, Instagram and our other social media channels.

Wednesday, 05 August 2015 00:00

The Rise of Malvertising

LAS VEGAS — One of the hottest topics in cyberthreat detection right now is the rise of malvertising, online advertising with hidden malware that is distributed through legitimate ad networks and websites. On Monday, Yahoo! acknowledged that one of these attacks had been abusing their ad network since July 28—potentially the biggest single attacks, given the site’s 6.9 billion monthly visits, security software firm Malwarebytes reported.

In the first half of this year the number of malvertisements has jumped 260% compared to the same period in 2014, according a new study released at the Black Hat USA conference here today by enterprise digital footprint security company RiskIQ. The sheer number of unique malvertisements has climbed 60% year over year.

“The major increase we have seen in the number of malvertisements over the past 48 months confirms that digital ads have become the preferred method for distributing malware,” said James Pleger, RiskIQ’s director of research. “There are a number of reasons for this development, including the fact that malvertisements are difficult to detect and take down since they are delivered through ad networks and are not resident on websites. They also allow attackers to exploit the powerful profiling capabilities of these networks to precisely target specific populations of users.”



The resilience challenge for the business continuity profession

Since its inception, the goal of the Business Continuity Institute has been to promote a more resilient world, and with so much attention being placed on resiliency in recent years, never has this goal been more pertinent. To help introduce the paradigm shift to resilience that we are currently experiencing, the BCI 20/20 Think Tank (UK Group) has published a new white paper that draws on recent ideas relating to the discipline which demonstrate the vital role that business continuity has in advancing its concept and prepare BCI members for entering the next stage of progression under its umbrella.

The resilience challenge for the business continuity profession positions BC as an integral part of resilience, the benefit of which can be felt in a variety of ways throughout an organization. It directly impacts on operational decision making and problem solving, allowing leaders to respond in a manner consistent with strategic intent. It also enables organizations to increase adaptive capacity, maximise competitive advantage and become more agile to changes in the business environment.

The paper notes that building resilience goes beyond BC and requires substantial input from other protective disciplines. This represents a real opportunity for BCI members to advance professionally with high-level thinking and a fundamental understanding of risks which may prepare them to undertake future roles at the top level of their organizations. Thinking about resilience and aligning one’s actions to strategic goals will also strengthen the accountability of professionals in the protective disciplines as well as an organization’s top management.

Bill Crichton, Membership director of the BCI and Chair of the 20/20 UK Group, noted: “It is recognised by many in the wider resilience community that both the individuals within it, and the professional bodies representing them, will need to grow their relevant skills and develop closer links with the other related disciplines. This first published white paper from the BCI’s UK 20/20 Group; The resilience challenge for the BC profession, is aimed at both promoting the changes needed to move the profession forward and challenging us as practitioners to develop and enhance the additional skills required to meet to achieve the resilient future.

The paper concludes that BCI members should realise the business environment has changed dramatically and it is necessary to adapt in order to stay relevant. The paradigm shift will likely demand a change in knowledge, skills and competencies of BCI members. In addition to technical know-how and the BC specialism, BCI members may increasingly be expected to exercise strategic communication skills as they work with other professionals. Ultimately, as the way to resilience heralds changes in business practice, it also uncovers opportunities. By accepting and responding to the changes, BCI members can profit from these opportunities.

Wednesday, 05 August 2015 00:00

BCM & DR: Decision Management

When you’re building a BCM / DR program, there are allot of decisions to be made along the way. Some come from results of a BIA or other information gathering session and some have to be made through feedback received from the sponsor based on a potential roadblock encountered. Regardless, decisions get made and when they do, you – as the BCM / DR practitioner – should document these decisions.

When documenting decisions, ensure you keep a consolidated tracking log that outlines;

  • What the decision is,
  • Who made the decision (and what meeting it was made in, if not captured in an email),
  • Date of the decision,
  • Why the decision was required (what sparked the need for a decision in the first place), and finally,
  • Give each decision a unique identifier (e.g. D-001, D-002 etc.).



There are plenty of compelling reasons to install a surveillance system in your office, but there are also a number of reasons not to. Cameras are becoming more and more common in our daily lives, and choosing whether or not to embrace them in your own workplace can be a challenging decision.

There are advantages and disadvantages to consider before installing cameras and phone/Internet monitoring. Here are a few of them:



Wednesday, 05 August 2015 00:00

Risk Management – Looking Forward 30 Years

Last month, we looked back 30 years and reported some of the powerful lessons learned from that period with respect to risk management (with a particular focus on the last 15 years). During the last three decades, we have seen risk management evolve to a more holistic view that portrays an enterprise risk profile to help management and directors understand the full array of risks facing the organization. Access to data necessary to better understand and manage risk has never been greater. Both internal and external data sources can be combined to create more insights than ever before. While the processes used to update risk profiles certainly help executives answer the question, “Are we riskier today than we were yesterday?”, progress has been curtailed by continued emphasis on fragmented silos, ineffective measurement and monitoring of risks, subordinating risk to an afterthought to strategy setting and positioning risk management as an appendage of performance management.

The good news is that today, largely because of the financial crisis, risk management has made its way onto the agendas of executive management and Boards of Directors as a critical discipline and a necessary part of good governance. This is a base upon which we can build as we go forward. The heightened level of importance at the highest levels of organizations will accelerate improvements in risk management in the future.



Today, FEMA’s National Integration Center (NIC) is soliciting public feedback for the update of the Federal Interagency Operational Plans (FIOPs).

This National Engagement Period began August 3, 2015 and will conclude at 5:00 pm EDT September 2, 2015. National Engagement provides an opportunity for interested parties to comment and provide feedback on the FIOPs.

Each FIOP outlines the concept of operations for integrating and synchronizing existing national-level Federal capabilities to support local, state, tribal, territorial, insular area, and Federal plans. The FIOPs are also designed to provide state, local, tribal, territorial, and insular area planners an understanding of how the Federal Government will utilize capabilities so that they may develop or modify plans accordingly. All FIOPs, except Prevention, are available to the whole community. The Prevention FIOP is Unclassified and For Official Use Only (FOUO)/Law Enforcement Sensitive (LES), Restricted Access and therefore available to appropriate personnel through separate and secure communication means.

FEMA will also host a number of National Engagement Webinars to provide stakeholders with additional details on the FIOPs update effort. The Webinars will take place August 17-26, 2015. Webinar details will be announced at a later date.

This update of the FIOPs focuses on discrete, critical content revisions, and conforming edits as a result of comments received on the National Preparedness Goal and National Planning Frameworks. Additional changes in the current draft of the FIOPs are the result of the lessons from implementing the Frameworks and recent events, as well as the findings of the National Preparedness Report.

To review the draft FIOPs, please visit http://www.fema.gov/learn-about-presidential-policy-directive-8. To provide comments, please complete the feedback form and submit to This email address is being protected from spambots. You need JavaScript enabled to view it..

Questions can be directed to FEMA’s NIC at: This email address is being protected from spambots. You need JavaScript enabled to view it..

For more information on national preparedness efforts, visit: http://www.fema.gov/national-preparedness.

FEMA is requesting stakeholder feedback on working drafts of four of the five Federal Interagency Operational Plans (FIOPs):  Protection, Mitigation, Response, and Recovery. The Prevention FIOP is Unclassified and For Official Use Only (FOUO)/Law Enforcement Sensitive (LES), Restricted Access and therefore available to appropriate personnel through separate and secure communication means. The FIOPs describe how the Federal government aligns resources and delivers core capabilities. Each FIOP outlines the concept of operations for integrating and synchronizing existing national-level Federal capabilities to support the whole community.

This update of the FIOPs focuses on discrete, critical content revisions, and confirming edits as a result of comments received on the National Preparedness Goal and National Planning Frameworks. Additional changes in the draft are the result of the lessons learned from implementing the FIOPs and recent events, as well as the findings of the National Preparedness Report.  The FIOPs and feedback submission forms may be found at http://www.fema.gov/ppd-8-news-updates-announcements">http://www.fema.gov/ppd-8-news-updates-announcements.

To ensure all feedback is properly handled, reviewers are asked to use the provided feedback submission form to submit feedback and recommendations. Please provide any comments and recommendations, using the submission form, toThis email address is being protected from spambots. You need JavaScript enabled to view it. byTuesday, September 2, 2015 at 5:00 PM EDT.

If you have any questions, please contact FEMA’s Private Sector Division at(202) 646-2600 or at This email address is being protected from spambots. You need JavaScript enabled to view it.. Follow FEMA online at http://www.fema.gov/blog">www.fema.gov/blog, http://www.twitter.com/fema">www.twitter.com/fema, http://www.facebook.com/fema">www.facebook.com/fema and http://www.youtube.com/fema">www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at http://www.twitter.com/craigatfema">www.twitter.com/craigatfema. The social media links provided are for reference only.  FEMA does not endorse any non-government websites, companies or applications. 

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Cloud adoption and cloud-based file sharing are becoming increasingly popular among the general public and private use of cloud services within organizations is causing concern among CIOs. Unfortunately, IT organizations are having a hard time keeping up. According to an article from Business Cloud News, a recent survey conducted by Fruition Partners of 100 UK CIOs found that 84 percent believe cloud adoption reduces their organization’s control over IT.

However, it isn’t the cloud itself that is causing organizations to feel a lack of control. The cause of most CIOs anxiety comes from Shadow IT.



The hackers responsible for the Anthem and U.S. Office of Personnel Management (OPM) data breaches recently may have attacked United Airlines as well.

And as a result, United tops this week's list of IT security news makers to watch, followed by the University of Connecticut (UConn), Franciscan St. Francis Health and the HAMMERTOSS malware.

What can managed service providers (MSPs) and their customers learn from these IT security news makers? Check out this week's list of IT security stories to watch to find out:



Technology is not enough in the fight against cybercrime, effective cybersecurity measures require policy and process changes as well.

That’s the takeaway from an analysis of cyber-risk spending included in the 2015 U.S. State of Cybercrime Survey recently released by PwC.

While cybersecurity budgets are on the rise, companies are mostly reliant on technology solutions to fend off digital adversaries and manage risks.

Among the 500 U.S. executives, security experts and others from public and private sectors responding to the survey, almost half (47 percent) said adding new technologies is a spending priority, higher than all other options.



For those MSPs contemplating the build-versus-buy question with regards to offering backup and disaster recovery (DR) as a service, be careful when it comes to the purchase and management of storage. Get it wrong and you could end up with a money pit.

A useful analogy is the home. Suppose a couple is looking at whether to buy a house or build their own dream house. The latter option would require buying a parcel of land, working out the plans, obtaining the necessary city permits and going to Home Depot repeatedly for an endless list of materials. With the basic elements on site, now comes the hard part. Digging the trenches, cutting the steel rebar to erect the framework in which to pour the concrete, then adding the walls, doors, windows, plumbing, electrical and many more details--any one of which could trip up the home owners and add time to the project.

Like the distraught home buyers who end up looking like they are in a remake of Tom Hanks’ “Money Pit” movie, many such projects run way over budget and are delayed by many months, if not years. Only if the homeowner has a broad do-it-yourself (DIY) skillset, or has generous contractor friends, does this method have any possibility of success.



NORTH LITTLE ROCK – Federal assistance may be available to help Arkansas communities rebuild infrastructure to higher, more disaster-resistant standards and state officials are encouraging local governments to take advantage of that funding.

The assistance to communities is part of the aid that became available following the severe storms, tornadoes, straight-line winds, and flooding during the period of May 7 to June 15, 2015.

“Generally, the federal Public Assistance program restores disaster damaged infrastructure to pre-disaster conditions,” said Nancy M. Casper, federal coordinating officer for the Federal Emergency Management Agency. “But when cost effective and technically feasible, it makes sense to rebuild to higher standards that can prevent future loss.”

FEMA’s Public Assistance program provides federal funds to reimburse a minimum of 75 percent of the costs for removing debris, conducting emergency protective measures and repairing levees, roads, bridges, public utilities, water control facilities, public buildings and parks. Mitigation funding may be considered in each project category.

Eligible applicants may include:

  • state agencies

  • local and county governments

  • private nonprofit organizations that own or operate facilities that provide essential government-type services

"Studies show that every $1 paid toward mitigation saves an average of $4 in future disaster-related costs,” said State Coordinating Officer Scott Bass of the Arkansas Department of Emergency Management Agency. "By adding mitigation money to repair costs, our goal is to reduce or eliminate damages from future disasters.”

As part of the process for applying for federal assistance, experts from ADEM and FEMA help identify projects that will qualify for the special mitigation program. Officials urge applicants to take advantage of the funds.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners, and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling (800) 659-2955, emailing This email address is being protected from spambots. You need JavaScript enabled to view it.  or visiting SBA’s website at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call (800) 877-8339.

Is London prepared for climate change?

London’s businesses are ill-prepared for climate change risks as 54% of FTSE 100 firms have no business adaptation strategy in place for climate change. Evidence suggests that 60% of small and medium sized businesses have no plan in place to deal with extreme weather conditions.

The UK capital’s status as a global city makes its economy increasingly vulnerable to climate change, not only facing extreme weather like flooding, drought, heatwaves in the city itself, but also imported risks through the insurance sector, overseas investments and international supply chains. This is according to the new ‘Weathering the Storm’ report by the London Assembly Economy Committee which looks into the impact of climate change on London’s economy in terms of risks and opportunities.

Jenny Jones AM, the report author and former Chair of the Economy Committee, said: “Too little is being done to understand and prepare for the potential costs of climate change. London faces a great unknown when it comes to how our supply chains and economy will be hit by extreme weather events. For example, the damage from the 2011 floods in Thailand, where IT component parts are made, meant much higher prices across the global IT industry, including in London. A much worse situation would be if too many harvests failed and affected our food supply.

It’s no secret that the field of emergency management is not overly diverse. The typical emergency manager is an older white male. This lack of diversity is rooted primarily in the profession’s evolution. Many of the first emergency managers came from police, fire or first responder backgrounds, which for a long time were largely white, male-dominated fields in most parts of the country.

“Most emergency managers traditionally came from a pretty narrow slice of the professional world,” said Joe Partridge, disaster recovery business continuity manager for CareOregon, a nonprofit involved in health plan services, reforms and innovations. “Even as recently as the late 1990s, emergency management director positions were almost always located within a police or fire department and typically staffed by either a retired or close-to-retired person from a first responder background — typically 55 years old or older and a white male.”

Carmen Merlo, director of the Portland Bureau of Emergency Management in Oregon, has been working in emergency management for 18 years. “It’s often the case that I’m the only female in the room,” she said. “I still go to conferences where literally all of the panelists are white men.”



Mike McConnell is a former director of the National Security Agency and director of national intelligence. Michael Chertoff is a former homeland security secretary and is executive chairman of the Chertoff Group, a security and risk management advisory firm with clients in the technology sector. William Lynn is a former deputy defense secretary and is chief executive of Finmeccanica North America and DRS Technologies.

More than three years ago, as former national security officials, we penned an op-ed to raise awareness among the public, the business community and Congress of the serious threat to the nation’s well-being posed by the massive theft of intellectual property, technology and business information by the Chinese government through cyberexploitation. Today, we write again to raise the level of thinking and debate about ubiquitous encryption to protect information from exploitation.

In the wake of global controversy over government surveillance, a number of U.S. technology companies have developed and are offering their users what we call ubiquitous encryption — that is, end-to-end encryption of data with only the sender and intended recipient possessing decryption keys. With this technology, the plain text of messages is inaccessible to the companies offering the products or services as well as to the government, even with lawfully authorized access for public safety or law enforcement purposes.



Too few businesses testing their business continuity plans

Most midsize businesses have business continuity plans but few have tested them, according to The Hartford’s survey of midsize business owners and C-level executives in the US. This shortcoming presents potential risk for businesses, which may be unable to meet client needs due to an interruption in their operation or lose revenue due to a supplier issue.

The Midsize Business Monitor showed that the majority of midsize businesses surveyed (59%) had a formal, documented business continuity plan, one-third (33%) had an informal, verbal plan, and 8% reported having no plan at all. While this may be considered encouraging, what was damning was that only 19% of businesses had actually tested their plan.

The theme for Business Continuity Awareness Week 2015, run by the Business Continuity Institute was testing and exercising and one of the key themes that came out of the week was that a plan that has not been exercised is simply not a plan. You can only tell if a plan works when it is put to the test and it is far better to find out that it doesn’t work during an exercise rather than when the very existence of your business depends on it.

Weather-related events, fires, thefts and supplier interruptions are just a few of the issues that can impact a business,” said Eric Cannon, assistant vice president of property underwriting at The Hartford. “While many midsize businesses have taken the important step of developing a formal continuity plan, testing and updating that plan on a regular basis can mean the difference between a business’s ability to recover quickly versus being unable to meet client needs.

The Hartford survey found that more than one-third (36%) of midsize businesses had been unable to meet a client need due to an interruption in their operation, putting their relationship with that client at risk. While the majority managed to find an alternative supplier, nearly half (48%) lost business to other suppliers and 9% stated this loss was permanent.

Most midsize businesses surveyed (84%) rely on suppliers, vendors or consultants, yet four in 10 had suffered a supplier interruption and almost one-third (32%) had lost revenue due to a supplier problem.

Even the smallest vendor or that vendor’s supplier can impact a business’s ability to meet its customers’ needs. The savvy business owner must take the time to understand the continuity plans of its suppliers and their suppliers in order to fully know who is at the table and who can step in when back-ups are needed,” said Cannon. 

Is this what cyber war will look like?

Reports are saying that several major breaches, including Anthem, the U.S. government’s Office of Personnel Management (OPM) and United Airlines, which was just recently revealed, were all most likely conducted by the same Chinese cyberespionage group. All of the breaches involved the compromise of personally identifiable information (PII) of customers, employees and/or contractors, but as an eWeek article pointed out this could be a way for one government to spy or gain advantage over another government or country. Paul Kurtz, CEO of TruSTAR Technologies and a former White House cybersecurity advisor, told the publication:

We know that adversaries typically use a common command-and-control infrastructure to attack multiple companies across many sectors of the economy. Given what we've seen, it's not too shocking to learn about other breaches involving the same adversaries.