Summer Journal

Volume 29, Issue 3

Full Contents Now Available!

Industry Hot News

Industry Hot News (6393)

AUSTIN, Texas – Recovery specialists have some sound advice for Texans whose homes and property took on floodwaters: Protect your family’s health and your own by treating or discarding mold- and mildew-infected items.

Health experts urge those who find mold to act fast. Cleaning mold quickly and properly is essential for a healthy home, especially for people who suffer from allergies and asthma, said the Federal Emergency Management Agency (FEMA).

Mold and mildew can start growing within 24 hours after a flood, and can lurk throughout a home, from the attic to the basement and crawl spaces. The best defense is to clean, dry or, as a last resort, discard moldy items.

Although it can be hard to get rid of a favorite chair, a child’s doll or any other precious treasure to safeguard the well-being of your loved ones, a top-to-bottom home cleanup is your best defense, according to the experts.

Many materials are prone to developing mold if they remain damp or wet for too long. Start a post-flood cleanup by sorting all items exposed to floodwaters:

  • Wood and upholstered furniture, and other porous materials can trap mold and may need to be discarded.
  • Carpeting presents a problem because drying it does not remove mold spores. Carpets with mold and mildew should be removed.
  • However, glass, plastic and metal objects and other items made of hardened or nonporous materials can often be cleaned, disinfected and reused.

All flood-dampened surfaces should be cleaned, disinfected and dried as soon as possible. Follow these tips to ensure a safe and effective cleanup:

  • Open windows for ventilation and wear rubber gloves and eye protection when cleaning. Consider using a mask rated N-95 or higher if heavy concentrations of mold are present.
  • Use a non-ammonia soap or detergent to clean all areas and washable items that came in contact with floodwaters.
  • Mix 1-1/2 cups of household bleach in one gallon of water and thoroughly rinse and disinfect the area. Never mix bleach with ammonia as the fumes are toxic.
  • Cleaned areas can take several days to dry thoroughly. The use of heat, fans and dehumidifiers can speed up the drying process.
  • Check out all odors. It’s possible for mold to hide in the walls or behind wall coverings. Find all mold sources and clean them properly.
  • Remove and discard all materials that can’t be cleaned, such as wallboard, fiberglass and cellulose areas. Then clean the wall studs where wallboard has been removed, and allow the area to dry thoroughly before replacing the wallboard.

 For other tips about post-flooding cleanup, visit www.fema.gov, www.epa.gov, or www.cdc.gov.

###

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status.  If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.  Follow us on Twitter at https://twitter.com/femaregion6 and the FEMA Blog at http://blog.fema.gov.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling (800) 659-2955, emailing disastercustomerservice@sba.gov, or visiting SBA’s website at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call (800) 877-8339.

I was leafing through a pile of old BCI documents when I stumbled across a paper detailing a presentation, entitled “Resilience isn’t the future of business continuity” given by Charlotte Newnham at the BCM World Conference and Exhibition in November 2012.

In the presentation a number of facts and figures were provided which explain a great deal about “actual” resilience capabilities. The figures provided, included the facts that, of the existing resilience departments approximately 50% were in the public sector and that 76% of organisations extend their remit to incident/emergency management. Whilst, these figures seem positive for the resilience function, only 30% oversaw security or risk management and just 7% had any involvement in IT continuity.

...

https://buckssecurity.wordpress.com/2015/06/08/resilience-isnt-the-future-of-business-continuity/

Friday, 05 June 2015 00:00

Storm Surge: The Trillion Dollar Risk

More than 6.6 million homes on the Atlantic and Gulf coasts are at risk of hurricane-driven storm surge with a total reconstruction cost value (RCV) of nearly $1.5 trillion.

The latest annual analysis from CoreLogic finds that the Atlantic Coast has more than 3.8 million homes at risk of storm surge in 2015 with a total projected reconstruction cost value of $939 billion, while the Gulf Coast has just under 2.8 million homes at risk and nearly $549 billion in potential exposure.

Which states have the highest total number of properties at risk?

Six states—Florida, Louisiana, New York, New Jersey, Texas and Virginia—account for more than three-quarters of all at-risk homes across the United States. Florida has the highest total number of properties at various risk levels (2.5 million), followed by Louisiana (769,272), New York (464,534), New Jersey (446,148), Texas (441, 304) and Virginia (420,052).

...

http://www.iii.org/insuranceindustryblog/?p=4081

Friday, 05 June 2015 00:00

What to Do About Reputation Risk

Of executives surveyed, 87% rate reputation risk as either more important or much more important than any other strategic risks their companies face, according to a new study from Forbes Insights and Deloitte Touche Tohmatsu Limited. Further, 88% say their companies are explicitly focusing on managing reputation risk.

Yet a bevy of factors contribute to reputation risk, making monitoring and mitigating the dangers seem particularly unwieldy. These include business decisions and performance in the following areas:

...

http://www.riskmanagementmonitor.com/what-to-do-about-reputation-risk/

 

Global temperature trends.

(Credit: NOAA)

A new study published online today in the journal Science finds that the rate of global warming during the last 15 years has been as fast as or faster than that seen during the latter half of the 20th Century. The study refutes the notion that there has been a slowdown or "hiatus" in the rate of global warming in recent years.

 

The study is the work of a team of scientists from the National Oceanic and Atmospheric Administration's (NOAA) National Centers for Environmental Information* (NCEI) using the latest global surface temperature data.

"Adding in the last two years of global surface temperature data and other improvements in the quality of the observed record provide evidence that contradict the notion of a hiatus in recent global warming trends," said Thomas R. Karl, L.H.D., Director, NOAA's National Centers for Environmental Information. "Our new analysis suggests that the apparent hiatus may have been largely the result of limitations in past datasets, and that the rate of warming over the first 15 years of this century has, in fact, been as fast or faster than that seen over the last half of the 20th century." 

The apparent observed slowing or decrease in the upward rate of global surface temperature warming has been nicknamed the "hiatus." The Intergovernmental Panel on Climate Change's (IPCC) Fifth Assessment Report, released in stages between September 2013 and November 2014, concluded that the upward global surface temperature trend from 1998­­-2012 was markedly lower than the trend from 1951-2012.

 

Since the release of the IPCC report, NOAA scientists have made significant improvements in the calculation of trends and now use a global surface temperature record that includes the most recent two years of data, 2013 and 2014--the hottest year on record. The calculations also use improved versions of both sea surface temperature and land surface air temperature datasets. One of the most substantial improvements is a correction that accounts for the difference in data collected from buoys and ship-based data.

No slow down in global warming.

(Credit: NOAA)

Prior to the mid-1970s, ships were the predominant way to measure sea surface temperatures, and since then buoys have been used in increasing numbers. Compared to ships, buoys provide measurements of significantly greater accuracy. "In regards to sea surface temperature, scientists have shown that across the board, data collected from buoys are cooler than ship-based data," said Dr. Thomas C. Peterson, principal scientist at NOAA's National Centers for Environmental Information and one of the study's authors. "In order to accurately compare ship measurements and buoy measurements over the long-term, they need to be compatible. Scientists have developed a method to correct the difference between ship and buoy measurements, and we are using this in our trend analysis." 

In addition, more detailed information has been obtained regarding each ship's observation method. This information was also used to provide improved corrections for changes in the mix of observing methods.   

New analyses with these data demonstrate that incomplete spatial coverage also led to underestimates of the true global temperature change previously reported in the 2013 IPCC report. The integration of dozens of data sets has improved spatial coverage over many areas, including the Arctic, where temperatures have been rapidly increasing in recent decades. For example, the release of the International Surface Temperature Initiative databank, integrated with NOAA's Global Historical Climatology Network-Daily dataset and forty additional historical data sources, has more than doubled the number of weather stations available for analysis.

Lastly, the incorporation of additional years of data, 2013 and 2014, with 2014 being the warmest year on record, has had a notable impact on the temperature assessment. As stated by the IPCC, the "hiatus" period 1998-2012 is short and began with an unusually warm El Niño year. However, over the full period of record, from 1880 to present, the newly calculated warming trend is not substantially different than reported previously (0.68°C / Century (new) vs 0.65°C / Century (old)), reinforcing that the new corrections mainly have in impact in recent decades. 

On the Web

* Note: NOAA's National Centers for Environmental Information (NCEI) is the merger of the National Climatic Data Center, National Geophysical Data Center, and National Oceanographic Data Center as approved in the Consolidated and Further Continuing Appropriations Act, 2015, Public Law 113-235. From the depths of the ocean to the surface of the sun and from million-year-old sediment records to near real-time satellite images, NCEI is the nation's leading authority for environmental information and data. For more information go to: http://www.ncdc.noaa.gov/news/coming-soon-national-centers-environmental-information 

 

NOAA’s mission is to understand and predict changes in the Earth's environment, from the depths of the ocean to the surface of the sun, and to conserve and manage our coastal and marine resources. Join us on FacebookTwitter, Instagram and our other social media channels.

Friday, 05 June 2015 00:00

The Real Cost of IT Complexity

IT complexity is one of the enterprise’s biggest challenges, affecting every facet of the organization--from employees to customers.

But how do you define IT complexity, and what is the impact? Lucky for us, Oracle commissioned IDC to look at organizations that simplified their IT environment and to develop an index to quantify IT complexity’s impact.

According to IDC, IT complexity can be defined “as the state of an IT Infrastructure that leads to wasted effort, time, and expense.” Conditions contributing to this include:

  • Heterogeneous environments
  • Using outdated technologies
  • Server, application or data sprawl
  • Lack of sufficient management tools and automation
  • Silo’d IT

...

http://mspmentor.net/blog/real-cost-it-complexity

Cloud Endure has released the results of a recent survey into public cloud usage, downtime, availability and disaster recovery.

The 2015 Public Cloud Disaster Recovery Survey looks at disaster recovery challenges and best practices. It also benchmarks the best practices of companies that host web applications in the public cloud. The survey received responses from 109 IT professionals from North America and Europe.

Key findings include:

  • The number one risk to system availability is human error followed by networks failures and cloud provider downtime.
  • While the vast majority of the organizations surveyed (83 percent) have a service availability goal of 99.9 percent or better, almost half of the companies (44 percent) had at least one outage in the past three months, and over a quarter (27 percent) had an outage in the past month.
  • The cost of a day of downtime in 37 percent of the organizations is more than $10,000.
  • When it comes to service availability, there is a clear gap between how organizations perceive their track record and the reality of their capabilities. While almost all respondents claim they meet their availability goals consistently (37 percent) or most of the time (50 percent), 28 percent of the organizations surveyed don’t measure service availability at all. It is hard to tell how these organizations claim to meet their goals when they are not able to measure them.
  • The top challenges in meeting availability goals are budget limitations, insufficient IT resources, and lack of in-house expertise.
  • There is a strong correlation between the cost of downtime and the average hours per week invested in backup and disaster recovery.

Read the survey report (registration required).

Celebrating Europe's finest in the business continuity industry

At an awards ceremony at the La Maison du Cygne, a prestigious 17C building on the Grand Place in Brussels, Belgium and once home to the city's butchers' guild, the  Business Continuity Institute recognised the talent that exists in the business continuity industry across the continent as they held their annual European Awards.

The BCI Awards consist of nine categories – eight of which are decided by a panel of judges with the winner of the final category (Industry Personality of the Year) being voted upon by BCI members from across the region.

The winners were:

Continuity and Resilience Consultant of the Year 2015
Chris Needham-Bennett MBCI of Needhams 1834

Continuity and Resilience Professional of the Year 2015 (Private Sector)
Michael Crooymans CBCI of SOGETI

Continuity and Resilience Newcomer of the Year 2015
Jacqueline Howard CBCI of Marks and Spencer

Continuity and Resilience Team of the Year 2015
Ulster Bank Business Resilience Team

Continuity and Resilience Provider (Service/Product) of the Year 2015
Sungard Availability Services

Continuity and Resilience Innovation of the Year 2015
PinBellCom Ltd

Most Effective Recovery of the Year 2015
E.ON UK Ltd

Industry Personality of the Year 2015
David Window MBCI of Continuity Shop

The BCI European Awards are one of seven regional held by the BCI and which culminate in the annual  Global Awards held in November during the Institute’s annual conference in London, England. All winners in the BCI European Awards are automatically entered into the Global Awards.

(TNS) — Rice University civil engineering professor Philip Bedient is an expert on flooding and how communities can protect themselves from disaster. He directs the Severe Storm Prediction, Education and Evacuation from Disasters Center at Rice University.

On Memorial Day evening, Houston suffered massive flooding after getting nearly 11 inches in 12 hours. Bedient designed the Flood Alert System — now in its third version — which uses radar, rain gauges, cameras and modeling to indicate whether Houston's Brays Bayou is at risk of overflowing and flooding the Texas Medical Center. In an interview with Ryan Holeywell, editor of the Kinder Institute's "Urban Edge" blog, Bedient said more places need this kind of warning system.

...

http://www.emergencymgmt.com/disaster/Could-Better-Flood-Warnings-Have-Saved-Lives-Texas.html

Thursday, 04 June 2015 00:00

Implications of the All-Flash Data Center

From a performance perspective, the all-Flash data center certainly makes a lot of sense. In an age when the movement of data from place to place is more important than the amount of data that can be stored or processed in any given location, high I/O in the storage array should be a top priority.

But while no one disputes the efficacy of Flash over disk and tape when it comes to speed, the question remains: Does the all-Flash data center still make sense for the enterprise? And if so, what impact will this have on other systems and architectures up and down the stack?

HP recently pushed the envelope on the all-Flash data center a little further with a new line-up of arrays and services for the 3PAR StoreServ portfolio. The set-up is said to improve performance, lower the physical footprint of storage and reduce cost to about $1.50 per usable GB, which is about 25 percent less than current equivalent solutions. The company is already reporting workload performance of 3.2 million IOPS with sub-millisecond latency among its Flash drives, and the 3PAR family’s Thin Express ASIC provides a high degree of data resiliency between the StoreServ array and the ProLiant server to reduce transmission errors.

...

http://www.itbusinessedge.com/blogs/infrastructure/implications-of-the-all-flash-data-center.html

Now that management science has taught us how to quantify so many other things, crisis management is a good candidate for being awarded its own scale of seriousness too. The detail you put into such a scale will depend on how much crises afflict your enterprise. If you are battling a continual stream of problems, your scale may be finer (say, 1 to 10), in order to sort out the life-and-death situations from the nuisances. Otherwise, a high-medium-low system of ranking may be sufficient, as long as there are clear definitions for crises to be categorised correctly. So, how does this work in practice?

...

http://www.opscentre.com.au/blog/putting-numbers-on-levels-of-importance-in-crisis-management/

(TNS) — Thousands of Pinellas County, Fla., beach residents and business owners could hit an unexpected road block trying to return to the barrier islands after a storm evacuation.

Pinellas County Sheriff Bob Gualtieri said Monday his office, working with beach city governments, has developed a hang-tag identification system to allow drivers quick access to the islands after an evacuation.

However, since the program rolled out in February, only 17,000 hang tags have been handed out, while Gualtieri estimates about 88,000 people will need them.

“That gives me a lot of concern,” he said, urging people to get the tags as soon as possible.

...

http://www.emergencymgmt.com/disaster/Hang-Tag-ID-System-Storm-Evacuation.html

AUSTIN, Texas – Texans who sustained property damage as a result of the ongoing severe storms and flooding are urged to register with the Federal Emergency Management Agency (FEMA), as they may be eligible for federal and state disaster assistance.

The presidential disaster declaration of May 29 makes disaster aid available to eligible families, individuals and business owners in Hays, Harris and Van Zandt counties.  

“FEMA wants to help Texans begin their recovery as soon as possible, but we need to hear from them in order to do so,” said FEMA’s Federal Coordinating Officer (FCO) Kevin Hannes. “I urge all survivors to contact us to begin the recovery process.”

People who had storm damage in Harris, Hays, and Van Zandt counties can register for FEMA assistance online at www.DisasterAssistance.gov or via smartphone or web-enabled device at m.fema.gov. Applicants may also call 800-621-3362 or (TTY) 1-800-462-7585 from 6 a.m. to 9 p.m. daily. Flood survivors statewide can call and report their damage to give the state and FEMA a better idea of the assistance that is needed in undesignated counties.

Assistance for eligible survivors can include grants for temporary housing and home repairs, and for other serious disaster-related needs, such as medical and dental expenses or funeral and burial costs. Long-term, low-interest disaster loans from the U.S. Small Business Administration (SBA) also may be available to cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations.

Eligible survivors should register with FEMA even if they have insurance. FEMA cannot duplicate insurance payments, but under-insured applicants may receive help after their insurance claims have been settled.

Registering with FEMA is required for federal aid, even if the person has registered with another disaster-relief organization such as the American Red Cross, or local community or church organization. FEMA registrants must use the name that appears on their Social Security card. Applicants will be asked to provide:

  • Social Security number
  • Address of the damaged home or apartment
  • Description of the damage
  • Information about insurance coverage
  • A current contact telephone number
  • An address where they can get mail
  • Proof of residency, such as a utility bill, rent receipts or mortgage payment record
  • Bank account and routing numbers if they want direct deposit of any financial assistance.

(TNS) — When a powerful earthquake in March 2011 triggered a tsunami that devastated Japan’s Fukushima-Daiichi nuclear plant and raised radiation to alarming levels, authorities contemplated sending in robots first to inspect the facility, assess the damage and fix problems where possible. But the robots could not live up to the task and eventually, humans had to complete most of the hazardous work.

Ever since, Defense Advanced Research Projects Agency (DARPA), an agency under the U.S. Department of Defense, has been working to improve the quality of robots. It is now conducting a global competition to design robots that can perform dangerous rescue work after nuclear accidents, earthquakes and tsunamis.

The robots are tested for their ability to open doors, turn valves, connect hoses, use hand tools to cut panels, drive vehicles, clear debris and climb a stair ladder — all tasks that are relatively simple for humans, but very difficult for robots.

...

http://www.emergencymgmt.com/safety/5-Robots-That-May-Rescue-You-From-Natural-Disasters.html

Wednesday, 03 June 2015 00:00

Five Myths About the Commoditization of IT

“Commodity” is a bad word among technologists. It implies standardized, unchanging, noninnovative, boring, and cheap. Commodities are misunderstood. This post seeks to dispel some of the myths around the commoditization of IT services (i.e., the cloud).

...

http://blog.cutter.com/2015/06/02/five-myths-about-the-commoditization-of-it/

s a Public Information Officer, Mike was used to communicating health information to the people of his state. When word came that a major hurricane was approaching, he knew people would be facing fear and uncertainty. How could he make sure that the right information got to the right people? How should he react to the public’s negative emotions and false information? Most importantly, how could he help to protect health and lives?  Mike knew exactly where to begin- with the principles of CDC’s Crisis and Emergency Risk Communication training.

CDC’s Crisis and Emergency Risk Communication (CERC) program teaches you how to craft messages that tell the public what the situation means for them and their loved ones, and what they can do to stay safe.

CERC provides a set of principles that teach effective communication before, during, and after an emergency. The six principles of CERC are:

  1. Be First                              4. Express Empathy
  2. Be Right                             5. Promote Action
  3. Be Credible                      6. Show Respect

The CDC CERC program has resources, training, and shared learning where you can participate in online training and receive continuing education credits. CERC also has CERC in Action stories from other public health professionals who have successfully applied CERC to an emergency response.

Communicating during an emergency is challenging, but you’re not alone! CERC can help you figure out how to get the right information to the right people at the right time whether you’re dealing with a family emergency or a hurricane.

CERC in Action

23Frozen powerline.4

PHPR: Health Security in Action

This post is part of a series designed to profile programs from CDC’s Office of Public Health Preparedness and Response.

CERC and CERC training are a service provided by CDC’s Office of Public Health Preparedness and Response’s (OPHPR) Division of Emergency Operations.

http://blogs.cdc.gov/publichealthmatters/2015/06/cdcs-cerc-program-principles-to-communicate-by-in-an-emergency-response-and-everyday-life/

Companies are learning the hard way that there’s a downside to data democratization: more data silos.

“On the heels of the consumerization of enterprise software and the growing ubiquity of easy-to-use analytics tools, silos appear to be coming back in all their former collaboration-stifling glory as individual teams and departments pick and choose different tools for different purposes and data sets without enterprise-level oversight,” writes Katherine Noyes in a recent Computerworld article exploring this growing problem.

It’s hard to hear in this age of Big Data and data lakes, but in hindsight, it really isn’t surprising. SaaS made it possible for the lines of business to choose their own applications with nothing more than a credit card. Then Apple tipped the balance on personal devices. Finally, Amazon and others democratized storage and Big Data processing power. It only makes sense that analytics — and more data — would leave the centralizing influence of IT and segregate into silos.

...

http://www.itbusinessedge.com/blogs/integration/how-to-stop-the-new-silos-created-by-data-democratization.html

According to a new study conducted by PwC and commissioned by the UK Government to raise awareness of the growing cyber threat, the average cost of the single worst online security breach suffered by big businesses is between £1.46m and £3.14m, up from £600k – £1.15m in 2014. The Information Security Breaches Survey 2015 highlights the rising costs of malicious software attacks and staff related breaches, and illustrates the need for companies to take action. And it is all companies, not just big business, as the research also shows that the equivalent costs for small business is £75k – £311k, up from £65k – £115k a year ago.

It is not just costs that are high, but occurrence too, as the survey also revealed that 90% of large organisations reported they had suffered an information security breach, while 74% of small and medium sized businesses reported the same. The median number of breaches for large organisations was 14 (down from 16 in 2014) while for small businesses it was four (down from six last year). The problem is unlikely to go away as 59% of respondents to the survey expect there will be more security incidents in the coming year.

These figures may not come as a surprise to business continuity professionals who have consistently expressed concern about data breaches, the disruption they can cause and the cost as a consequence. The latest Horizon Scan report published by the Business Continuity Institute revealed that 74% of respondents to a survey expressed concern or extreme concern at the prospect of a data breach occurring and, along with cyber attacks, it has been a top three threat since the survey began.

Attacks from outsiders have become a greater threat for both small and large businesses with 69% of large organisations and 38% of small organisations being attacked by an unauthorised outsider in the last year, although Denial of Service (DoS) attacks have actually decreased with only 30% of large organisations and 16% of small organisations being attacked in such a way. The outsider threat may be high, but when asked about the single worst breach, 50% of organisations stated that it was due to inadvertent human error.

Digital Economy Minister Ed Vaizey said: "The UK’s digital economy is strong and growing, which is why British businesses remain an attractive target for cyber-attack and the cost is rising dramatically. Businesses that take this threat seriously are not only protecting themselves and their customers’ data but securing a competitive advantage."

Andrew Miller, Cyber Security Director at PwC, said: "With 9 out of 10 respondents reporting a cyber breach in the past year, every organisation needs to be considering how they defend and deal with the cyber threats they face. Breaches are becoming increasingly sophisticated, often involving internal staff to amplify their effect, and the impacts we are seeing are increasingly long-lasting and costly to deal with."

Wednesday, 03 June 2015 00:00

Nepal: Risk from the Theoretical to Reality

The Nepal earthquake, which triggered massive destruction from the Himalayan Mountains to India, is more than a tragic story of bad luck. It’s an example of how little we really understand risk and the consequences of our inability to fully absorb events such as earthquakes in Nepal and Haiti and other natural disasters that are so devastating.

Even our perception of these events is skewed.  According to the USGS website, the U.S. government’s official site for monitoring earthquakes, approximately one major earthquake of magnitude 8.0 or greater has occurred each year over the last 24 years.  We tend to discount major disaster in our own lives while believing there is a higher probability that others may suffer calamity.  That may explain why so many say we “never saw that coming” when disaster strikes.  Many of these quakes have occurred with little damage or no deaths, but we remember the ones with a high death toll and quickly dismiss the others.

Given our inability to look into the future, the question is: has our world become more or less risky?  Well, it depends!  For many of us, the perception of risk depends on our own circumstances.  Let’s take two people of similar age but from remarkably different backgrounds.

...

http://www.corporatecomplianceinsights.com/nepal-risk-from-the-theoretical-to-reality/

Financial firms are tasked with a lot of different responsibilities, not the least of which is the responsibility to protect sensitive data and information.  When it comes to the resistance on the part of financial firms choosing to adopt cloud services for data storage and cloud-based file sharing, managed service providers (MSPs) need to preach security as everyone’s top priority.

According to a How Cloud is Being Used in the Financial Sector, a recent study from the Cloud Security Alliance (CSA), a large number of security concerns are keeping financial firms on the sidelines looking in at cloud computing.  Chief among those concerns is data security apprehension.

...

http://mspmentor.net/infocenter-cloud-based-file-sharing/060315/financial-firms-concerned-about-cloud-data-security

Wednesday, 03 June 2015 00:00

Datameer Applies Data Governance to Hadoop

One of the biggest inhibitors to applying Hadoop in any production environment is the general lack of governance tools for IT organizations to use to manage access permissions for the data that resides there.

To address that issue, Datameer today announced it has embedded a raft of data governance tools inside its analytics software that runs natively on Hadoop.

Matt Schumpert, director of product management at Datameer, says that because its software runs in memory as a Hadoop application, responsibility for data governance within Hadoop naturally falls to Datameer.

...

http://www.itbusinessedge.com/blogs/it-unmasked/datameer-applies-data-governance-to-hadoop.html

Last week the Ponemon Institute rolled out the results of yet another Global Cost of Data Breach report and, surprising very few people in the security world, the stats show costs rising again. Sponsored by IBM, the report benchmarked 350 companies across 11 countries. It found that the consolidated total cost of a breach has now risen to $3.8 million, about 23 percent higher than the figure back in 2013. They're compelling statistics for anyone in the managed services world trying to offer customers justification for improved security coverage.

According to the report, there are three big factors that are contributing to the rising costs of breaches.

...

http://mspmentor.net/managed-security-services/060115/3-reasons-it-security-breach-costs-keep-rising

(TNS) — Staring at an image of your home and neighborhood inundated with 2, 6 or maybe 9 feet of rushing water from a hurricane storm surge can be horrifying.

At least that’s what Pinellas County Emergency Management Director Sally Bishop is hoping.

As the 2015 hurricane season dawns on Monday, Bishop is unveiling her department’s newest tool for storm preparation: a Storm Surge Protector computer application that gives people a realistic view of what can happen when a hurricane comes ashore.

...

http://www.emergencymgmt.com/training/Storm-Surge-App-Makes-Theoretical-Damage-Personal.html

(TNS) — It was the year they ran out of names.

The hurricane season that began 10 years ago Monday generated so many storms — 27 in all — that, for the first time since officials started using names in 1953, they went through a list of 21 names and had to start on the Greek alphabet: from Arlene on June 9, just nine days in, to Zeta, which finally fizzled on Jan. 6, 2006, a month after that manic 6-month season officially ended.

Right in the middle was Katrina, which raised serious issues that had little to do with meteorology. And for South Florida, so late in the season that its cleanup competed with Halloween preparations, was Wilma. It brought billions in damage, much of that to Palm Beach County, still recovering from two hurricanes three weeks apart in the previous year's "mean season."

...

http://www.emergencymgmt.com/disaster/Will-10-Year-No-Hurricane-Trend-Continue-Florida.html

Hackers illegally accessed the personal information of 104,000 taxpayers this spring, according to the U.S. Internal Revenue Service (IRS).

And as a result, the IRS tops this week's list of IT security newsmakers to watch, followed by Woolworths, Google (GOOG) and Kaspersky Lab.

What can managed service providers (MSPs) and their customers learn from these IT security newsmakers? Check out this week's list of IT security stories to watch to find out:

...

http://mspmentor.net/managed-security-services/060115/it-security-stories-watch-irs-woolworths-data-breaches

(TNS) — While the global fracking boom has stabilized North America’s energy prices, Chicago — America’s third largest city and the busiest crossroads of the nation’s railroad network — has become ground zero for the debate over heavy crude moved by oil trains.

With the Windy City experiencing a 4,000 percent increase in oil-train traffic since 2008, Chicago and its many densely populated suburbs have become a focal point as Congress considers a number of safety reforms this year.

Many oil trains are 100 or more cars long, carrying hydraulically fracked crude and its highly explosive, associated vapors from the Bakken region of Montana, North Dakota, Saskatchewan, and Manitoba.

...

http://www.emergencymgmt.com/safety/Fracking-Cities-Fear-Explosive-Safety-Risk.html

WASHINGTON – Today, the Federal Emergency Management Agency (FEMA) urges residents across the nation to prepare for the 2015 Atlantic Hurricane season, which begins today and runs through November 30. 

Hurricanes and tropical systems can cause serious damage on both coastal and inland areas. Their hazards can come in many forms including: storm surge, heavy rainfall, inland flooding, high winds, and tornadoes. To prepare for these powerful storms, FEMA is encouraging families, businesses, and individuals to be aware of their risks; know your sources of reliable information; prepare your home and workplace; and be familiar with evacuation routes.

“One hurricane hitting where you live is enough to significantly disrupt your life and make for a very bad hurricane season,” said FEMA Administrator Craig Fugate. “Every person has a role to play in being prepared – you should know if you live or work in an evacuation zone and take time now to learn that route so you’re prepared to protect yourself and your family from disaster.”

This year, FEMA is placing an emphasis on preparing communities to understand the importance of evacuations, which are more common than many people realize. When community evacuations become necessary, local officials provide information to the public through the media. In some circumstances, other warning methods, such as, text alerts, emails, or telephone calls are used. Information on evacuation routes and places to stay is available at www.ready.gov/evacuating-yourself-and-your-family.

Additionally, knowing and practicing what to do in an emergency, in advance of the event, can make a difference in the ability to take immediate and informed action, and enable you to recover more quickly. To help communities prepare and enhance preparedness efforts nationwide, FEMA is offering two new products.

  • FEMA launched a new feature to its App, available for free in the App Store for Apple devices and Google Play for Android devices. The new feature enables users to receive weather alerts from the National Weather Service for up to five locations anywhere in the United States, including U.S. territories, even if the mobile device is not located in the weather alert area. The app also provides information on what to do before, during, and after a disaster in both English and Spanish.
  • The Ready campaign and America’s PrepareAthon! developed a social media toolkit that you can download and share with others at www.ready.gov/ready2015. The kit contains information on actions communities can take to practice getting ready for disasters.

While much attention is often given to the Atlantic Hurricane Season, there are tropical systems that can affect other U.S. interests as well. The Eastern Pacific Hurricane Season runs from May 15 through November 30. The Central Pacific Hurricane Season runs from May 15 to November 30. To learn more about each hurricane season and the geographical areas they may affect, visit www.noaa.gov.

Additional tips and resources:

  • Learn how to prepare for hurricane season at www.ready.gov/hurricanes
  • Talk with your family today about how you will communicate with each other during a significant weather event when you may not be together or during an evacuation order. Download the family communications at www.ready.gov/family-communications.
  • For information on how to create an emergency supply kit, visit www.ready.gov/build-a-kit
  • Consider how you will care for pets during an evacuation by visiting www.ready.gov/caring-animals
  • Use the Emergency Financial First Aid Kit (EFFAK) to identify your important documents, medical records, and household contracts. When completing the kit, be sure to include pictures or a video of your home and your belongings and keep all of your documents in a safe space. The EFFAK is a joint publication from Operation Hope and FEMA. Download a copy at www.ready.gov/financial-preparedness.
  • If you own or manage a business, visit www.ready.gov/business for specific resources on response and continuity planning.
  • The National Weather Service proactively sends free Wireless Emergency Alerts, or WEAs, to most cell phones for hurricanes, tornadoes, flash flooding and other weather-related warnings. State and local public safety officials may also send WEAs for severe or extreme emergency conditions. If you receive a Wireless Emergency Alert on your cell phone, follow the instructions, take protective action and seek additional information from local media. To determine if your wireless device can receive WEA alerts contact your wireless carrier for more information or visit www.ctia.org/WEA.

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

Last week, we learned that cybercriminals undermined the identity verification of the IRS’ Get Transcript app and gained access to the tax returns on 104,000 US citizens, so it’s only fitting in this analyst spotlight, we interview one of the team’s leading analysts for identity and access management (IAM), VP and Principal Analyst, Andras Cser. Andras consistently produces some of the most widely read research not just for our team but across all of Forrester. And clients seek his insight across a number of coverage areas beyond IAM, including cloud security, enterprise fraud management, and secure payments. As the tallest member of our S&R team at 6’5”, Andras also provides guidance to clients on the emerging fields of height intel and altitude management.

 

Andras Cser Image

 

Before joining Forrester, Andras worked as a security architect at Netegrity and then CA Technical Services. He also worked in a number of technical and sales capacities at Sun Microsystems prior to joining Netegrity. In his roles on the vendor-side, he architected and implemented IAM and provisioning solutions at Fortune 500 companies.

 

Listen to this month’s podcast below to hear Andras talk about his most common client questions, counterintuitive insights, and vendors to watch. And as you can tell from our analyst interview, Andras prides himself on being clear and concise.

...

http://blogs.forrester.com/stephanie_balaouras/15-06-01-forresters_security_risk_analyst_spotlight_andras_cser

‘Agile’ is still a buzzword. That’s quite a feat in today’s high-speed business and technological environments, where concepts date so rapidly. The original ‘Manifesto for Agile Software Development’ appeared in 2001, some 14 years ago. Since then, the word and the concept it labels have been applied to different business areas, including marketing and supply chain operations. Recently, it has also cropped up in the phrase ‘agile recovery’. But is this taking the ‘agile concept’ too far?

...

http://www.opscentre.com.au/blog/does-the-concept-of-agile-recovery-make-sense/

BSI is seeking feedback on the draft BS 12999 standard. ‘BS 12999 Damage Management - Stabilization, mitigation, and restoration of properties, contents, facilities and assets following incident damage’ is intended to provide recommendations to individuals and organizations involved in carrying out damage management. It will be applicable to domestic, commercial and public buildings and includes the following main contents:

  • Introduction
  • Scope
  • Terms, definitions and abbreviations
  • Damage incident instructions, intake and response planning4 On‑site damage assessment
  • Stabilization
  • Damage scoping
  • Damage recovery and restoration
  • Completion sign-off and handover.

The deadline for comments is June 30th 2015.

Click here to read the draft standard and take part in the consultation.

Downtime to the broadband connection is now one of the major threats facing today’s organizations, so why are many businesses not considering resilience when purchasing broadband or looking at how broadband failure fits into the disaster recovery plan? Mike van Bunnens, managing director, Comms365, explores the issue.

What is the most important consideration for a business buying a new broadband connection? From the way many businesses are making the investment decision, the answer appears to be cost: with most expecting to achieve the same rock bottom prices on offer in the domestic market. But with more and more businesses running VoIP and cloud based applications, their choice of broadband connection is essential. Any glitch in service will have a massive knock on effect on productivity and customer relationships. So why are businesses not considering resilience or how broadband failure fits into the disaster recovery plan? Why are many not even ascertaining the speed and quality of the broadband options before moving to a new office premises?

A high quality, resilient broadband connection is now one of the most critical aspects of any business’ set up. So why are business owners still applying domestic thinking to business critical communications?

...

http://www.continuitycentral.com/index.php/news/resilience-news/261-feature1316

What does the phrase “needle in a haystack” mean to you? For many, it implies the impossible or something that can’t be done. As an MSP, don’t you strive to do the seemingly impossible for your customers? It sure will endear them to you.

One feature that can help you triumph over “needle in a haystack” scenarios is granular recovery. Think back to a customer that got hit with CyrptoLocker or perhaps had a rogue employee who deleted important files. No doubt your customers had that empty feeling that their valuable data was unrecoverable. With granular recovery, it’s not only possible, but also easy. You can easily search documents, emails and attachments by keyword and restore exactly what you need. Now, won’t that impress your customers?

...

http://mspmentor.net/blog/what-granular-recovery-and-why-should-you-care

Houston, the fourth-largest city in the United States, has been struggling through extreme storms and some of the worst flooding in years over the past few days. Roadways were blocked, drivers were left stranded, and homes were completely destroyed due to the flash flooding.

More than 1,000 residents have been displaced and area businesses have come to a screeching halt. Once the storms and flash flooding started, I reached out to some of my clients in the area to make sure they were okay and find out what they were doing to help affected individuals and businesses.

...

http://mspmentor.net/backup-and-disaster-recovery/052915/severe-flooding-hits-texas-leaving-some-businesses-down-days

According to the 2015 Makovsky Wall Street Reputation Study, released Thursday, 42% of U.S. consumers believe that failure to protect personal and financial information is the biggest threat to the reputation of the financial firms they use. What’s more, three-quarters of respondents said that the unauthorized access of their personal and financial information would likely lead them to take their business elsewhere. In fact, security of personal and financial information is much more important to customers compared to a financial services firm’s ethical responsibility to customers and the community (23%).

Executives from financial services firms seem to know this already: 83% agree that the ability to combat cyber threats and protect personal data will be one of the biggest issues in building reputation in the next year.

The study found that this trend is already having a very real impact: 44% of financial services companies report losing 20% or more of their business in the past year due to reputation and customer satisfaction issues. When asked to rank the issues that negatively affected their company’s reputation over the last 12 months, the top three “strongly agree” responses in 2015 from communications, marketing and investor relations executives at financial services firms were:

...

http://www.riskmanagementmonitor.com/cyberbreach-and-reputation-woes-hack-away-at-bottom-line-for-44-of-financial-firms/

Monday, 01 June 2015 00:00

2015 Hurricane Season Opener

By now you’ll have read the latest forecasts calling for a below-average Atlantic hurricane season.

NOAA, Colorado State University’s Tropical Meteorology Project, North Carolina State University, WSI and London-based consortium Tropical Storm Risk all seem to concur in their respective outlooks that the 2015 hurricane season which officially begins June 1 will be well below-norm.

TSR, for example, predicts Atlantic hurricane activity in 2015 will be about 65 percent below the long-term average. Should this forecast verify, TSR noted that it would imply that the active phase for Atlantic hurricane activity which began in 1995 has likely ended.

Still it’s important to note that the forecasts come with the caveat that all predictions are just that, and the likelihood of issuing a precise forecast in late May is at best moderate. In other words, uncertainties remain.

...

http://www.iii.org/insuranceindustryblog/?p=4076

Monday, 01 June 2015 00:00

Real Tools to Manage Shadow IT

It is the rare enterprise these days that does not have some form of shadow IT in its midst. If you think otherwise, maybe it’s time to do a little digging into what your business groups have been up to.

But while the consensus is that the enterprise should embrace shadow IT rather than fight it, there has not been a whole lot of guidance as to how this should be done, other than vague recommendations about becoming more proactive and transitioning IT to cloud brokerage.

Lately, however, the industry has started to see a trickle of actual solutions that enhance the enterprise’s ability to get a handle on shadow IT – not to combat it, mind you, but to help integrate it into a broader computing architecture.

...

http://www.itbusinessedge.com/blogs/infrastructure/real-tools-to-manage-shadow-it.html

FEMA Officials Encourage Those With Concerns about Hurricane Sandy Flood Insurance Claims to Call 866-337-4262


WASHINGTON – The Federal Emergency Management Agency’s (FEMA) National Flood Insurance Program (NFIP) announced the start of Hurricane Sandy flood insurance claims review. The review is part of a broad process to reform NFIP claims and appeals procedures.       

FEMA opened the Hurricane Sandy claims review process and began mailing letters to approximately 142,000 NFIP policyholders, offering them an opportunity to have their claims from Hurricane Sandy reviewed. In the review, policyholders who have not pursued litigation or already received the maximum amount under their policy will have an opportunity to have their files reviewed. FEMA will contact policyholders and explain how to request this review.

“Flood insurance issues arising from Hurricane Sandy are of great concern to FEMA,” said Deputy Associate Administrator for Federal Insurance Brad Kieserman. “We are committed to administering a program that is survivor-centric and helps policyholders recover from flooding in a fair, transparent, and expeditious way. I encourage anyone who suspects they may have been treated unfairly to call 866-337-4262.”

Flooding is the most common natural disaster in the United States. Between 1980 and 2013, the United States suffered more than $260 billion in flood-related damages. Flood insurance is a vital service that protects communities from the most common and costly disaster we face, and those who purchase insurance must be able to count on it being there when it is needed to help rebuild their lives.

Policyholders who incurred losses from Hurricane Sandy from Oct. 27, 2012, through Nov. 6, 2012, and want their claim reviewed may contact FEMA by:

  • Calling toll-free at 866-337-4262.
  • Email by downloading an application online and submitting it to FEMA-sandyclaimsreview@fema.dhs.gov.
  • Fax by downloading an application online and submitting it to 202-646-7970.
  • For individuals who are deaf, hard of hearing or have a speech disability using 711 or VRS, please call 1-866-337-4262.  For individuals using a TTY, please call 800-462-7585.

As FEMA reviews Hurricane Sandy claim files, the agency will also begin overhauling the claims and appeal process and improving the customer experience. FEMA’s goals are excellent customer experience, responsiveness, transparency, low risk of waste, fraud and abuse, and continuous improvement. While settling these legal matters, FEMA is instituting additional oversight of Write Your Own insurance companies to hold them accountable.

FEMA will continue to work closely with Congress and federal, state, local, tribal, and community officials to ensure policyholders are paid every dollar to which they are entitled and to improve the flood insurance program going forward.

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

The data breach at the IRS that left the personal information of 104,000 taxpayers in the hands of thieves is the latest wrinkle in a mammoth problem faced by tax authorities: Identity theft and its crippling consequences.

An unprecedented surge in online tax scams by increasingly sophisticated criminals has challenged the IRS to respond quickly to get ahead of the fraudsters, especially during this year’s tax season after hackers targeted TurboTax, the country’s largest online filing service.

The vulnerability of taxpayers’ personal data was identified last fall by the IRS’s independent watchdog as the agency’s number one problem. Tax officials estimate that the government has lost billions of dollars in recent years to fraudulent refunds filed by hackers who steal personal information on tax returns, then use it to claim a refund in a taxpayer’s name before he or she files.

...

http://www.washingtonpost.com/blogs/federal-eye/wp/2015/05/29/how-the-breach-of-irs-tax-returns-is-part-of-a-much-bigger-problem-facing-taxpayers/

In investing, diversification is often seen as a good thing, unless you ask Warren Buffet, who is famously quoted as saying, “Wide diversification is only required when investors do not understand what they are doing.” Cloud services are the same way. So let’s change that quote up a bit, “Diversification of cloud-based file sharing is only required when managed service providers (MSPs) do not understand what they are doing.”

The average organization uses 721 cloud services, according to a recent study by Skyhigh Networks. How do companies end up with so many cloud solutions? Is it a good or bad thing for their organization? MSPs must understand how companies get themselves into this situation and the downsides they face to be able to take the first steps to getting them out of it and helping them unify their cloud infrastructure.

...

http://mspmentor.net/infocenter-cloud-based-file-sharing/how-many-cloud-services-do-your-clients-use

Recognising business continuity talent in India

Business continuity may be a developing industry in India but there still exists a wealth of talent across the country and those at the top of the profession were recognised at an awards ceremony at the India Business and IT Resilience Summit in Mumbai where the Business Continuity Institute presented their annual India Awards.

The BCI Awards consist of seven categories – six of which are decided by a panel of judges with the winner of the final category (Industry Personality of the Year) being voted upon by BCI members from across the region.

The winners were:

Continuity and Resilience Consultant of the Year 2015
Kaustubh Vazalwar MBCI of Hewlett Packard

Continuity and Resilience Professional of the Year 2015 (Private Sector)
Kapil Punwani CBCI of Reliance Life Insurance Company Limited

Continuity and Resilience Team of the Year 2015
JP Morgan Chase, CIB Resilience Team

Continuity and Resilience Provider of the Year 2015 (Service/Product)
Sungard Availability Services

Continuity and Resilience Innovation of the Year 2015
Sungard Availability Services

Most Effective Recovery of the Year 2015
JP Morgan Chase, CIB Resilience Team

Industry Personality 2015 of the Year 2015

Ramachandran Vaidhyanathan MBCI of Cognizant Technology Solutions

The BCI India Awards are one of seven regional awards held by the BCI, which culminate in the annual Global Awards held in November during the Institute’s annual conference in London, England. All winners in the BCI India Awards are automatically entered into the Global Awards.

A business model focused on cutting costs has obvious limitations. That’s why managed services have to be about much more than lowering the cost of IT. And as much as customers love a bargain, most understand this intuitively, often citing other objectives for adopting managed services – improved uptime, access to technology advances and better security among them.

A new poll of MSPs by the MSPAlliance found customers hire MSPs primarily because they want to pay more attention to their core business. “Fifty percent of MSPs point to ‘focusing on core competencies’ as one of the leading reasons customers buy their managed services,” said MSPAlliance CEO Charles Weaver.

...

http://mspmentor.net/sales/052815/matter-perception-what-managed-services-users-really-want

Climate change is taking a toll on Texas, and the devastating floods that have killed at least 15 people and left 12 others missing across the state are some of the best evidence yet of that phenomenon, state climatologist John Nielsen-Gammon said in an interview Wednesday. 

"We have observed an increase of heavy rain events, at least in the South-Central United States, including Texas," said Nielsen-Gammon, who was appointed by former Gov. George W. Bush in 2000. "And it's consistent with what we would expect from climate change." 

But the state's Republican leaders are deeply skeptical of the scientific consensus that human activity is changing the climate, with top environmental regulators in Texas questioning whether the planet is warming at all. And attempts by Democratic lawmakers during the 2015 legislative session to discuss the issue have come up short.

...

http://www.emergencymgmt.com/disaster/Climate-Change-Texas-Floods-Largely-Ignored-Lawmakers.html

(TNS) — The National Bio and Agro-Defense Facility is more than just a big project for Kansas and Kansas State University – it will be the front line in protecting the nation’s food supply.

That was the consensus of federal and state leaders who gathered Wednesday to celebrate the start of construction on the $1.25 billion national laboratory complex that will be built across the street from Kansas State University’s football stadium.

“The NBAF laboratory will provide the nation with cutting-edge, state-of-the-art lab capabilities to help protect our food supply and the nation’s public health,” said U.S. Secretary of Homeland Security Jeh Johnson. “The NBAF addresses a serious vulnerability: biological or agricultural threats, deliberate or natural.

“We will now be able to ensure availability of vaccines and other rapid-response capabilities to curb any outbreak.”

...

http://www.emergencymgmt.com/health/New-Biodefense-Lab-Protecting-US-Food-Supply.html

(TNS) — Despite more predictions Wednesday from experts that it will likely be a quieter than normal hurricane season, the information comes with two caveats — they don't know where the storms will go and below average doesn't mean zero.

NOAA predicts 6-11 named storms (winds of 39 mph or higher), of which 3-6 could become hurricanes (winds of 74 mph or higher), including 0-2 major hurricanes (winds of 111 mph or higher) for the 2015 hurricane season. They also project a 70 percent likelihood that it will be below average.

In a similar report released last month, Colorado State forecasters William Gray and Phil Klotzbach also projected a season that won't make the average of 12 named storms, six hurricanes and two major hurricanes.

...

http://www.emergencymgmt.com/disaster/What-NOAAs-2015-Hurricane-Forecast-Numbers-Really-Mean.html

All organizations with a Business Continuity Management (BCM) or Disaster Recovery (DR) program always strive to have their Business Continuity Plans (BCP) / Disaster Recovery Plans (DRP) in a state they can use: in a state they believe will cover them in any and all situations. They want their plans to at least cover the basic minimum so that they can be responsive to any situation. But if an organization takes its program – and related plans – seriously, then these plans are never fully complete.

For a plan to be truly viable and robust, it must be able to address as many possible situations as possible and be flexible enough to adapt to any potential unknown situations.

This includes incorporating lessons learned captured from news headlines and then incorporating the potential new activities or considerations that may not be in the current BCM / DRP plan. These plans aren’t quick fixes or static response to disasters; they are living and breathing documents that need new information to grow and become robust. This is why they should never be considered as complete; as the organization grows and changes – and the circumstances surrounding the organization changes – so to must the BCM and DRP plans.

...

https://stoneroad.wordpress.com/2015/05/28/bcpdrp-plans-never-consider-them-complete/

Engagement is critical to the success of a firm. Years ago, I did a competitive study between Sony and Dell. Sony had better looking, more reliable hardware; Dell’s stuff wasn’t as attractive and it broke a lot in comparison. Sony sucked at engaging with customers; Dell led the segment. The end result was that Sony failed and Dell succeeded.

Dell’s Annual Analyst Conference (DAAC) is this week and HP Discover is next week. Many of the analysts here at DAAC have decided not to attend Discover because they don’t feel HP is really relevant anymore and the others who are going have indicated that they are going to confirm that the firm is effectively dead. At this same time, I’m getting notes from folks who have left HP for Oracle and are sharing how much better Oracle is than HP, in their opinion.

I can’t believe the experienced executives at HP realize they are sending a strong message that they are effectively managing their company out of business. Nor that if this results, that this is likely their last job because the failure will inevitably stain their resumes. The reason they don’t see this is that they don’t engage, and this behavior starts at the top.

I spent some time with Michael Dell this trip. I follow Meg Whitman and have met with her in person as well and the distinct difference between the two people is like night and day.

...

http://www.itbusinessedge.com/blogs/unfiltered-opinion/michael-dell-and-meg-whitman-the-importance-of-a-ceo-who-can-engage.html

In the enterprise world, keeping a business afloat is not enough. The true mark of success comes when a company brings innovation and evolution to the forefront. And the most successful businesses find ways to constantly grow and change with the flow of the market.

But how does an enterprise go about identifying, fostering and delivering the right innovations? How is it possible to have this level of coordinated effort flow through departments and provide the outcome that the business needs? In a term, the answer is program management.

First, program management is not project management. Program management involves goals that generally affect the company as a whole—often the bottom line. And managing programs requires commitment. It involves long-term strategy and in many cases an ongoing dedication to improvement of processes, products and people.

Of course, program management isn’t something that can be started on a whim to bring about competitive change in a company. To help the enterprise begin a successful program management process, Satish P. Subramanian wrote the book, “Transforming Business with Program Management: Integrating Strategy, People, Process, Technology, Structure and Measurement.”

...

http://www.itbusinessedge.com/blogs/it-tools/how-program-management-brings-business-evolution-and-innovation.html

Thursday, 28 May 2015 00:00

BCI: The Cost of Data Breaches

According to a new study by the Ponemon Institute, sponsored by IBM, the average consolidated total cost of a data breach is $3.8 million, representing a 23% increase since 2013. The annual 'Cost of Data Breach Study' also found that the average cost incurred for each lost or stolen record containing sensitive and confidential information increased 6% from a consolidated average of $145 to $154.

"Based on our field research, we identified three major reasons why the cost keeps climbing," said Dr Larry Ponemon, chairman and founder, Ponemon Institute. "First, cyber attacks are increasing both in frequency and the cost it requires to resolve these security incidents. Second, the financial consequences of losing customers in the aftermath of a breach are having a greater impact on the cost. Third, more companies are incurring higher costs in their forensic and investigative activities, assessments and crisis team management."

Data breaches are a significant threat to organizations as highlighted in the Business Continuity Institute's latest Horizon Scan report which revealed that 82% of respondents to a survey were either concerned or extremely concerned about this threat materialising while 74% expressed the same level of concern to a data breach, making them the first and third greatest threats respectively.

Some of the highlights from the Ponemon Institute’s research include:

  • Board level involvement and the purchase of insurance can reduce the cost of a data breach. The study looked at the positive consequences that can result when boards of directors take a more active role when an organization had a data breach. Board involvement reduces the cost by $5.50 per record. Insurance protection reduces the cost by $4.40 per record.
  • Business continuity management plays an important role in reducing the cost of data breach. The research reveals that having business continuity management involved in the remediation of the breach can reduce the cost by an average of $7.10 per compromised record.
  • The most costly breaches continue to occur in the US and Germany at $217 and $211 per compromised record respectively. India and Brazil still have the least expensive breaches at $56 and $78 respectively.
  • The cost of data breach varies by industry. The average global cost of data breach per lost or stolen record is $154. However, if a healthcare organization has a breach, the average cost could be as high as $363, and in education the average cost could be as high as $300. The lowest cost per lost or stolen record is in transportation ($121) and public sector ($68).
  • Hackers and criminal insiders cause the most data breaches. 47% of all breaches in this year's study were caused by malicious or criminal attacks. The average cost per record to resolve such an attack is $170. In contrast, system glitches cost $142 per record and human error or negligence is $137 per record. The US and Germany spend the most to resolve a malicious or criminal attack ($230 and $224 per record, respectively).
  • Notification costs remain low, but costs associated with lost business steadily increase. Lost business costs are abnormal turnover of customers, increased customer acquisition activities, reputation losses and diminished good will. The average cost has increased from $1.23 million in 2013 to $1.57 million in 2015. Notification costs decreased from $190,000 to $170,000 since last year.
  • Time to identify and contain a data breach affects the cost. The study shows the relationship between how quickly an organization can identify and contain data breach incidents and financial consequences. Malicious attacks can take an average of 256 days to identify while data breaches caused by human error take an average of 158 days to identify. As discussed earlier, malicious or criminal attacks are the most costly data breaches.

(TNS) — The recent rioting and unrest in Baltimore will cost the city an estimated $20 million, officials said Tuesday.

The expenses — which go before the city’s spending board for approval Wednesday — include overtime for police and firefighters, damage to city-owned property and repaying other jurisdictions for police and other assistance.

Henry J. Raymond, Baltimore’s finance director, said the city can temporarily cover the costs from its rainy-day fund while seeking reimbursement for up to 75 percent from the Federal Emergency Management Agency.

“The city remains on strong financial footing,” Raymond said. “Hopefully, with the FEMA reimbursement, it will reduce the financial stress that we’re under. In terms of the city’s overall revenue structure, we’re on firm footing and we’ll move forward.”

...

http://www.emergencymgmt.com/safety/Unrest-Will-Cost-Baltimore-20-Million-Officials-Estimate.html

Most of the commentary regarding the cloud these days (mine included) focuses on the myriad ways in which abstract, distributed architectures can remake the enterprise as we know it.

We talk of software-defined data environments, hyperscale infrastructure and advanced Big Data and mobile application environments that will allow organizations to shed their rusty legacy environments in favor of a brave new world of computing.

The trouble is, most organizations don’t want that – at least, not right away.

The simple fact of the matter is that radical change is frightening to most people, and the typical CIO or data management executive is driven not by a desire to deploy the latest and greatest technology but to implement solutions that contribute to the bottom line.

...

http://www.itbusinessedge.com/blogs/infrastructure/what-does-the-enterprise-really-want-from-the-cloud.html

By conventional standards, business continuity cannot exceed one hundred percent. Business continuity of less than 100% is obviously possible, although measurements of just how much less may only be approximate. However, if everything is working properly, full business continuity has been achieved. Does it make sense to then talk about ‘fuller than full’ or a business continuity index that is more than 100%?

...

http://www.opscentre.com.au/blog/a-business-continuity-index-that-is-greater-than-100/

I continue my exploration of actions you can take to improve your compliance program during an economic downturn with a review of what my colleague Jan Farley, the Chief Compliance Officer (CCO) at Dresser-Rand, called the ‘Desktop Risk Assessment’. Both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) make clear the need for a risk assessment to inform your compliance program. I believe that most, if not all CCOs and compliance practitioners understand this well articulated need. The FCPA Guidance could not have been clearer when it stated, “Assessment of risk is fundamental to developing a strong compliance program, and is another factor DOJ and SEC evaluate when assessing a company’s compliance program.” While many compliance practitioners have difficulty getting their collective arms about what is required for a risk assessment and then how precisely to use it; the FCPA Guidance makes clear there is no ‘one size fits all’ for about anything in an effective compliance program.

One type of risk assessment can consist of a full-blown, worldwide exercise, where teams of lawyers and fiscal consultants travel around the globe, interviewing and auditing. Of course this can be a notoriously expense exercise and if you are in Houston, the energy industry or any sector in the economic doldrums about now, this may be something you can even seek funding for at this time. Moreover, you may also be constrained by reduced compliance personnel so that you can not even perform a full-blown risk assessment with internal resources.

...

https://tfoxlaw.wordpress.com/2015/05/27/economic-downturn-week-part-iii-the-desktop-risk-assessment/

The Ponemon Institute has released its annual Cost of Data Breach Study: Global Analysis, sponsored by IBM. According to the benchmark study of 350 companies spanning 11 countries, the average consolidated total cost of a data breach is $3.8 million1 representing a 23 percent increase since 2013.

The study also found that the average cost incurred for each lost or stolen record containing sensitive and confidential information increased six percent from a consolidated average of $145 to $154. Healthcare emerged as the industry with the highest cost per stolen record with the average cost for organizations reaching as high as $363. Additionally, retailers have seen their average cost per stolen record jump dramatically from $105 last year to $165 in this year's study.

"Based on our field research, we identified three major reasons why the cost keeps climbing," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. First, cyber attacks are increasing both in frequency and the cost it requires to resolve these security incidents. Second, the financial consequences of losing customers in the aftermath of a breach are having a greater impact on the cost. Third, more companies are incurring higher costs in their forensic and investigative activities, assessments and crisis team management."

The first Cost of Data Breach study was conducted 10 years ago in the United States. Since then, the research has expanded to 11 countries. Ponemon Institute's Cost of Data Breach research is based on actual data of hundreds of indirect and direct cost categories collected at the company level using field-based research methods and an activity-based costing framework. This approach has been validated from the analysis of more than 1,600 companies that experienced a material data breach over the past 10 years in 11 countries.

...

http://www.continuitycentral.com/index.php/news/technology/252-news7565

Thursday, 28 May 2015 00:00

Why insider threats are succeeding

Many companies still lack the means or motivation to protect themselves from malicious insiders; but the effects of insider threats are simply too big to ignore. According to a report by the market research company Forrester, 46 percent of nearly 200 technology decision-makers reported internal incidents as the most common cause of the breaches they experienced in the past year. Out of those respondents, almost half said the breach stemmed from a malicious insider.

In this article TK Keanini looks at the practical steps that organizations can take to protect data and systems from insider threats.

...

http://www.continuitycentral.com/index.php/news/technology/251-feature1314

Thursday, 28 May 2015 00:00

Backing Up Large Data Sets

Some MSPs may be understandably worried about taking on the responsibility of backing up large data sets. After all, just about any analyst you talk to is projecting data growth of 30% or more per year. So is it a wise move to add to existing service responsibilities by taking on an additional service such as cloud backup? The answer is a resounding yes.

Here are the facts. First, a major potential headache when it comes to cloud backup is the initial backup of a large data set from a new customer. That’s the one that could take a while. But it doesn’t take that long when you use an enterprise-class cloud backup solution.

A recent independent test by Mediatronics revealed Zetta.net could back up half a TB of data in less than 3 hours with a 1Gbit connection. After that, an incremental backup--using a 5% change rate for a worst-case scenario--took only an hour. In reality, 5% is actually an aggressive change rate. Surveys show that the rate of change in any organization is typically only about 2% of the entire data set. This opens the door for a larger total dataset in the cloud.

...

http://mspmentor.net/blog/backing-large-data-sets

Wednesday, 27 May 2015 00:00

The Importance of Risk Culture

When objective parties, armed with the benefit of 20/20 hindsight, can easily see warning signs that something was either wrong or wasn’t working and that executive management either missed or chose to ignore these same warning signs, it is fair to assert that management was encumbered with a blind spot. A culture that is conducive to effective risk management encourages open and upward communication, sharing of knowledge and best practices, continuous process improvement and a strong commitment to ethical and responsible business behavior.

Effective risk management doesn’t function in a vacuum and rarely survives a leadership failure. The risk management function can review, inform, advise, monitor, measure and even resign. It cannot control, decide or abort; that’s management’s job. Without an effective internal environment in place to ensure that adequate attention is given to protecting enterprise value, entrepreneurial behavior can run amok, completely unbridled and without boundaries or constraints. By “internal environment,” we mean the total package – the control environment, management’s operating style, the incentive compensation structure, a commitment to ethical and responsible business behavior, open and transparent reporting, clear accountability for results and other aspects of the organization’s culture.

Our premise is that ensuring an effective risk culture is an important task for executive management and the Board. Unfortunately, despite its importance, risk culture is often either given lip service or simply ignored.

...

http://www.corporatecomplianceinsights.com/the-importance-of-risk-culture/

(TNS) --On a day that brought a new round of fierce thunderstorms and torrential rains, authorities continued a grim search Monday for 12 people still missing after being swept from riverfront homes, and property owners returned to dramatic scenes of destruction.

San Marcos and Hays County officials revised upward the property damage wrought by the historic flood, saying 72 homes had been washed away. Texas Gov. Greg Abbott, who toured the scene, said the storms brought a punch that "you cannot candy coat" and declared a disaster area in 24 counties, including Bastrop and Hays.

Abbott said the flood in the Wimberley valley is "the highest flood we've ever recorded in the history of the state of Texas."

"It's a powerful message to anyone in harm's way of the relentless, tsunami-type power this wave of water can pose to people," he said.

...

http://www.emergencymgmt.com/disaster/Texas-Governor-Tours-Sites-Historic-Flooding.html

(TNS) — Climate change may be triggering an evolution in hurricanes, with some researchers predicting the violent storms could move farther north, out of the Caribbean Sea and the Gulf of Mexico, where they have threatened coastlines for centuries.

Hurricane season in the Atlantic Ocean began Monday, and forecasters are predicting a relatively quiet season. They say three hurricanes are expected over the next six months, and only one will turn into a major hurricane.

Florida hasn’t been hit by a hurricane in a decade, and researchers are increasingly pointing to climate change as a potential factor.

...

http://www.emergencymgmt.com/disaster/Hurricanes-Centuries-Old-Patterns-Shifting.html

(TNS) — After a major accident or disaster, rescue operations have always focused on the nuts and bolts — saving the survivors, searching for those who didn’t make it, securing the evidence.

Now an added dimension — the consumer perspective — has expanded how disaster planners think. Philadelphia emergency management officials say it guided their response to the Amtrak derailment that killed eight people and injured more than 200 on May 12.

Passengers are going through “the most traumatic time of their lives,” said Everett A. Gillison, Mayor Michael Nutter’s chief of staff and deputy mayor for public safety. “Seeing the world through their eyes really kind of forces us to always question: ‘Are we providing what we really need to provide to them?’ “

That includes understanding what frantic families are going through. “If you haven’t heard from somebody, you kind of have to assume the worst,” he said.

...

http://www.emergencymgmt.com/training/Consumer-Perspective-Expands-Disaster-Planners-Think.html

We have become not only acculturated to interruptions, but addicted to them. We have the mistaken belief that interruptions are a perfectly normal way of life, despite knowing deep down that “time is a precious commodity that we cannot afford to waste.”

Therein lies the essential message of Edward Brown, founder and president of Cohen Brown Management Group, a culture change and time management consulting and training firm in Los Angeles. But at least he’s trying to do something about it. He’s the author of The Time Bandit Solution: Recovering Stolen Time You Never Knew You Had,” and he feels strongly enough about the issue to take time out for an in-depth email interview on the topic.

I learned a lot from that interview about the extent to which we allow ourselves to be interrupted, and the price we pay as a result. To set the stage for the discussion, Brown pointed out that there are two key types of interruptions that we tolerate: those coming from other people, and those coming from our devices. He said other people are inveterate time bandits, and the fact that their intent is innocent doesn’t matter:

...

http://www.itbusinessedge.com/blogs/from-under-the-rug/dealing-with-interruptions-recognize-the-seriousness-of-the-problem.html

Wednesday, 27 May 2015 00:00

Another Strand of the Resilience Web

One of the problems that is related to our ability to understand how resilient we can possibly be in the future is that we expect the future to be based on our normalities.  We expect (and would probably like) a degree of stability based upon what we know and understand to be our current terms of reference. Unfortunately, things change; and alongside the political and international tectonic shifts that appear to be accelerating at the moment, we should also consider those structures and capabilities upon which we have long relied and the fact that we may be losing control of them.

The structures of our societies, the underpinning elements of the way that we live can also have a profound influence on our ability to live in the same way in the future. An interesting combination of debt and demographic is influencing the potential longevity of our economic structures according to the European chief executive of Goldman Sachs Asset Management.

...

https://buckssecurity.wordpress.com/2015/05/26/another-strand-of-the-resilience-web/

It’s been about eight months since IT services giant and top-ranked MSPmentor 501 2015 company Dimension Data announced it would deploy globally standardized managed services for data centers.

The service, built on the organization’s managed services automation platform, manages server, storage and networks for on-premise, cloud and hybrid data centers, the company said in a statement in September. Those services can be in the client’s data centers, colocation facilities, in the public cloud, in a private cloud, or in Dimension Data’s cloud.

...

http://mspmentor.net/managed-services/052615/executive-interview-dimension-datas-exec-charge-managed-services-data-centers

Wednesday, 27 May 2015 00:00

Reinventing the Data Center Stack

Now that the cloud is becoming a common fixture in the enterprise, the IT industry is starting to look at how a cloud-facing, mobile-driven environment will affect that full data stack.

Naturally, this is mostly conjecture at this point because many leading experts still do not know how the technology, user requirements, business models and even entire industries will be affected by this transformation. From an historical perspective, the current decade is very similar to about 100 years ago as utility-based electrical grids were first powering up: People are in awe of an amazing new technology, even though its full ramifications cannot be discerned.

Still, there are those who are willing to give it a try, particularly when it comes to the all-software IT deployment capabilities that abstract architectures represent. MapR Technologies’ Jack Norris recently explored the potentialities of “re-platforming” the enterprise toward a more data-centric footing.  This will naturally require a new view of physical infrastructure, such as the current separation of compute and storage, but it also has implications higher up the stack, as in the need to maintain separate production and analytics architectures. This new stack will also require global resource management, linear scalability and real-time processing and systems configuration.

...

http://www.itbusinessedge.com/blogs/infrastructure/reinventing-the-data-center-stack.html

I. Bill Gates is an optimist.

Ask him, and he'll tell you himself. "I'm very optimistic," he says. See?

And why shouldn't Bill Gates be an optimist? He's one of the richest men in the world. He basically invented the form of personal computing that dominated for decades. He runs a foundation immersed in the world's worst problems — child mortality, malaria, polio — but he can see them getting better. Hell, he can measure them getting better. Child mortality has fallen by half since 1990. To him, optimism is simply realism.

But lately, Gates has been obsessing over a dark question: what's likeliest to kill more than 10 million human beings in the next 20 years? He ticks off the disaster movie stuff — "big volcanic explosion, gigantic earthquake, asteroid" — but says the more he learns about them, the more he realizes the probability is "very low."

...

http://www.vox.com/2015/5/27/8660249/gates-flu-pandemic

eFax Corporate recently hosted a webinar to inform covered entities in healthcare of the dangers that today’s sophisticated cyber hackers pose to their electronic protected health information (ePHI) and other intellectual property.

We chose healthcare because it is a favored target among hackers and other “malicious actors,” as the FBI calls them. This is largely because the personal data that health providers hold includes information valuable to criminals--names, birth dates, Social Security numbers. According to the Department of Health and Human Services’ Office of Civil Rights, data breaches of health providers in 2014 affected as many as 10 million people. And breaches like these were up an astonishing 1,800% from 2008 to 2013!

But the common pitfalls and best practices we identified in this webinar relate not only to healthcare-related businesses; they can also apply to organizations in all industries. So here’s a brief overview of the key points we discussed in the webinar--details you might want to share with your corporate clients.

...

http://mspmentor.net/blog/best-practices-deterring-cyber-hackers

ATLANTA – As the 2015 hurricane season begins, FEMA has launched a new feature to its mobile app to help you be prepared and stay informed about severe weather. The free feature allows you to receive weather alerts from five locations you select anywhere in the country, even if the phone is not located in the area. This tool makes it easy to follow severe weather that may be threatening your family and friends in other areas.

“Whether this years’ hurricane season is mild or wild, it’s important to be prepared,” said Regional Administrator Gracia Szczech. “Despite forecasters’ predictions for a below-normal number of storms, fewer storms do not necessarily mean a less destructive season. FEMA is reinforcing preparedness basics and resources to help people be ready whether they live along the coast or farther inland.” Visit FEMA’s www.ready.gov/hurricanes for step-by-step information and resources for what to do before, during and after a hurricane.

Cellphones and mobile devices are a major part of our lives and an essential part of how emergency responders and survivors get information during disasters. According to a recent survey by Pew Research, 40 percent of Americans have used their smartphone to look up government services or information. Additionally, a majority of smartphone owners use their devices to keep up to date with breaking news, and to be informed about what is happening in their community.

The new weather alert feature adds to existing features in the app to help Americans through emergencies. In addition to this upgrade, the app also provides a customizable checklist of emergency supplies, maps of open shelters and Disaster Recovery Centers, and tips on how to survive natural and manmade disasters. The FEMA app also offers a “Disaster Reporter” feature, where users can upload and share photos of disaster damage. The app defaults to Spanish language content for smartphones that have Spanish set as their default language.

The latest version of the FEMA app is available for free in the App Store for Apple devices and Google Play for Android devices. Users who already have the app downloaded on their smartphones should download the latest update for the new alerts feature to take effect. To learn more about the FEMA app, visit: The FEMA App: Helping Your Family Weather the Storm.

###

One of the often overlooked aspects of Big Data and the Internet of Things is the ability to model and simulate advanced data architectures. This is likely to become a crucial element in the emerging data-driven economy because it allows business leaders to further optimize their digital footprints in support of business goals without disrupting current operations.

As expected, there is a plethora of new simulation platforms hitting the channel that utilize both cloud and on-premises resources to, ironically, model cloud and on-premises infrastructure in support of advanced development and productivity applications.

...

http://www.itbusinessedge.com/blogs/infrastructure/enterprises-warm-to-the-power-of-simulation.html

Editor’s Note: This is part of a series on the factors changing data analytics and integration. The first post covered cloud infrastructure; the second discussed new data types, and the third focused on data services.

Data keeps expanding, but only recently have organizations been able to store the data in useful ways. Now, organizations can theoretically keep data at the ready, whether it’s in the cloud, a data lake or in-memory appliance.

Hopefully, it will soon be archaic to hear my doctor say, “Oh, we sent that x-ray to tape. We could get it — but it’s a huge hassle.”

The ability to store mass data is one of the five data evolutions that David Linthicum cited in his thesis on “The Death of Traditional Data Integration.” The ability to pool Big Data sets would not be disruptive, though, if it weren’t coupled with the ability to access it easily and as needed for analytics. As Informatica CEO Sohaib Abbasi points out, this “richness of big data is disrupting the analytics infrastructure.”

...

http://www.itbusinessedge.com/blogs/integration/four-questions-to-ask-before-building-the-data-infrastructure-of-tomorrow.html

Tuesday, 26 May 2015 00:00

New Approaches to IT Efficiency

Virtually everyone is in favor of an energy-efficient data center. But if that is the case, why has the industry struggled so mightily to reduce power consumption?

Even with the remarkable gains in virtualization and other advanced architectures, the data center remains one of the primary energy consumers on the planet, and even worse, a top cost-center for the business.

But the options for driving greater efficiency in the data center are multiplying by the day – from low-power, scale-out hardware to advanced infrastructure and facilities management software to new forms of power generation and storage. As well, there is the option to offload infrastructure completely to the cloud and refocus IT around service and application delivery, in which case things like power consumption and efficiency become someone else’s problem.

...

http://www.itbusinessedge.com/blogs/infrastructure/new-approaches-to-it-efficiency.html

Most people are visually oriented when it comes to taking in information. They also prefer analogue displays to digital ones. In other words, when it comes to understanding risk as part of business continuity, they like colours and graphics, rather than numbers in a spreadsheet. That makes the risk heat map a popular choice for presenting summary risk information to non-risk experts or senior management. Typically, areas in red on the heat map indicate the biggest risks and areas in green the smallest/most acceptable risks. But does this approach in fact too limited?

...

http://www.opscentre.com.au/blog/the-colour-of-continuity-and-the-risks-of-red-and-green/

According to a new market research report published by MarketsandMarkets the mass notification market is estimated to grow from $3.81 billion in 2015 to $8.57 billion in 2020. This represents a compound annual growth rate (CAGR) of 17.6 percent from 2015 to 2020.

The major forces driving this market are the growing need for public safety, increasing awareness for emergency communication solutions, the requirement for mass notification for business continuity, and the trend towards mobility.

The report says that business continuity and disaster recovery and public safety compliance standards are boosting the sales of mass notification solutions.

Mass notification solutions providers are expected to collaborate and provide better competitive services to take advantage of the emerging mass notification market and to meet the need for complete crisis communication solutions.

Obtain the ‘Mass Notification Market by Solution (In-Building, Wide-Area, Distributed Recipient), by Application (Interoperable Emergency Communications, Business Continuity & Disaster Recovery, Integrated Public Alert & Warning, Business Operations), by Deployment, by Vertical & by Region - Global Forecast to 2020’ report from here.

On 12th December 2014 NATS, the UK's leading provider of air traffic control services, experienced a failure in its Swanwick flight data system. The outage resulted in widespread flight delays and cancellations. A report has now been published which details the events behind the outage and subsequent business continuity response.

Written by an enquiry panel led by Sir Robert Walmsley the report finds that:

  • Failure occurred on the 12th December because of a latent software fault that was present from the 1990s. The fault lay in the software’s performance of a check on the maximum permitted number of Controller and Supervisor roles.
  • The system error was caused because of a number of new Controller roles that had been added to the system the day before.
  • The standard practice in NATS is that engineering recovery is coordinated through a group of designated engineers, known as the Engineering Technical Incident Cell (ETIC) and drawn from those available in the Systems Control Centre adjacent to the Operations Room. While some recovery actions are automated, ETIC manually control all key recovery actions, e.g. the restoration of data, to ensure that decisions are made with due and careful deliberation; this is important, as the wrong decisions could have further downgraded performance.
  • Identifying a software fault in such a large system (the total application exceeds 2 million lines of code), within only a few hours, is a surprising and impressive achievement. This was made possible because system logs contain details of the interactions at the workstations.

The detailed 93 page report is available here as a PDF and should be of interest to business continuity managers whatever their sector. It shows how legacy systems can have unexpected and unanticipated impacts as well as giving useful details about the business continuity plans and strategies that were in place at the time of the incident.

The report makes clear that although this was a high profile incident which caused difficulties for NATS' direct customers and the supply chain, it was undoubtedly a business continuity success. Without a strong recovery team response and the pre-planned procedures that were in place the incident and disruption would have been much worse.

To ensure the availability of high performance, mission critical IT services, IT departments need both solid monitoring capabilities and dedicated IT resources to resolve issues as they occur. But even with the right tools in place, when an abundance of alerts and alarms start streaming in, it can quickly become overwhelming , particularly when IT staff have been asked to focus time and attention on activities that both support the organization’s end users and add to the company’s bottom line.

Logicalis US suggests that organizations need to ask the following five key questions to help ensure that enterprise IT monitoring is fit for purpose:

1. Is your monitoring tool configured properly? Most organizations have off-the-shelf monitoring tools that gather information from all of the devices on their network. The information coming from these tools can be overwhelming, and while it may be helpful to have access to all of that data, weeding through it in crunch-time can be cumbersome. To limit alerts to those that are most important takes training, knowledge and expertise, which leads many organizations that want to manage IT monitoring in house to employ full-time experts just to configure and manage their monitoring tools.

2. Do you update regularly? Since rules are continually being added to monitoring tools, monitoring isn’t an ‘implement and forget it’ situation, which means IT departments spend a considerable amount of time making sure the tools they depend on for alerts are as current and up-to-date as possible.

3. Can your tool provide event correlation? A single network error can have a ripple effect impacting applications that would otherwise be completely unrelated. As a result, it’s critical that an IT monitoring tool provide event correlation to speed diagnosis and remediation in all affected areas.

4. Does your monitoring tool offer historical trending data? When managing an enterprise environment, IT pros need to analyze historical trend data to identify recurring issues as well as to do capacity planning which, in many cases, can help prevent issues before they arise. Some of today’s popular monitoring tools, however, either operate in real time or store historical data for 30 days or less. Knowing what your tool offers is important information since being able to intelligently analyze and manage an organization’s IT environment can depend on having access to this historical data long term.

5. Do you have the right expertise in house? In an enterprise IT environment, it’s important to consider internal staffing needs and the expertise required to manage the monitoring tools and process in house. Keeping an enterprise environment up and running is no longer IT’s value-add; it’s an expectation. Today, most organizations want their IT staff delivering business results, which is why it may make sense to consider outsourcing monitoring to a third party skilled in assessing and limiting incident reports to only the handful that a busy internal staff actually needs to address.

www.us.logicalis.com

You’re ready for advancement, you want to learn and you’re looking for an educational programme to encompass the needs of your current or planned role in the protection and preservation of your organisation’s functionality, viability and profitability. The MSc Organisational Resilience at Buckinghamshire New University will be good for you – here’s why:

You will become confident, capable and thorough in your knowledge and understanding of organisational resilience

You will understand how resilience needs to match the context of a changing global operating and threat landscape

You will develop the important skill of not just being able to talk about resilience, but also to take an analytical approach that allows you to offer balanced and evaluated solutions to real problems and issues

...

https://buckssecurity.wordpress.com/2015/05/26/why-the-msc-organisational-resilience-will-be-good-for-you-2/

The typical organization loses 5% of revenue each year to fraud – a potential projected global fraud loss of $3.7 trillion annually, according to the ACFE 2014 Report to the Nations on Occupational Fraud and Abuse.

In its new Embezzlement Watchlist, Hiscox examines employee theft cases that were active in United States federal courts in 2014, with a specific focus on businesses with fewer than 500 employees to get a better sense of the range of employee theft risks these businesses face. While sizes and types of thefts vary across industries, smaller organizations saw higher incidences of embezzlement overall.

According to the report, “When we looked at the totality of federal actions involving employee theft over the calendar year, nearly 72% involved organizations with fewer than 500 employees. Within that data set, we found that four of every five victim organizations had fewer than 100 employees; more than half had fewer than 25 employees.”

...

http://www.riskmanagementmonitor.com/small-businesses-hit-hardest-by-employee-theft/

(TNS) — Congressman Tom Cole (OK-04) introduced legislation this week that would help families rebuilding their homes after disasters. Currently, the Small Business Administration provides homeowners, renters and personal-property owners with low-interest loans to help recover from a disaster.

The Tornado Family Safety Act of 2015, introduced by Cole, clarifies that SBA disaster loans can be used by homeowners for construction of safe room shelters within rebuilt homes.

“Oklahomans are no strangers to severe weather and the terrible destruction that can result from it,” said Cole. “Considering the yearly risk and unpredictability of tornadoes that exists, it is not a matter of ‘if’ but ‘when’ it will occur.

This legislation underscores the type of projects that are eligible for these SBA disaster loans, which includes loans for construction of safe rooms. Under current law, SBA can increase the size of a home disaster loan up to 20 percent of the total damage to lessen the risk of property damage by future disasters of the same kind.

...

http://www.emergencymgmt.com/disaster/Tornado-Family-Safety-Act-Introduced-Home-Rebuilding.html

(TNS) — Colorado will spend $1.2 million over the next two years on a "revolutionary" fire prediction system that uses atmospheric weather data to predict the behavior of wildfires up to 18 hours in advance.

Gov. John Hickenlooper signed House Bill 1129 on Wednesday afternoon at a fire station in Arvada, implementing one of several bills lawmakers drafted in response to wildfires in El Paso County and elsewhere.

"This bill will predict the intensity and the direction of fires 12 to 18 hours ahead of time. That is really important so we know where to direct our planes, the aircraft we had a bill for last year, and our firefighters," said Rep. Tracy Kraft-Tharp, D-Arvada, who introduced the bill. "This is really revolutionary."

...

http://www.emergencymgmt.com/disaster/Colorado-Invest-1-Million-Wildfire-Prediction-System.html

A period of upheaval is on the near-horizon for MSPs, and it’s going to be especially hard on providers overly focused on technology. They must adapt by shifting their focus to delivering business solutions, and seek opportunities in cloud and virtual desktop services.

“I think there’s going to be a lot of casualties over the next three to five years in the MSP space, and primarily it’s because many MSPs today have been started by technologists,” Tommy Wald, president of TW Tech Ventures in Austin, Texas, said in a recent interview with MSPmentor.

...

http://mspmentor.net/your-business/052115/msps-and-cloud-computing-how-evolve-success

It was only a matter of time before there was a serious security flaw affecting the Internet of Things (IoT). It comes by way of a vulnerability in NetUSB, which lets devices that are connected over USB to a computer be shared with other machines on a local network. The vulnerability, which could lead to remote code execution or denial of service if exploited, may affect some of the most popular routers in our homes and workplaces.

Details of the vulnerability were released by SEC Consult. According to Forbes, the weakness is somewhat rare, but it works this way:

When a PC or other client connects to NetUSB, it provides a name so it can be recognised as an authorised device. Whilst the authentication process is ‘useless’ as the encryption keys used are easy to extract … it’s also possible for an attacker who has acquired access to the network to force a buffer overflow by providing a name longer than 64 characters.

...

http://www.itbusinessedge.com/blogs/data-security/router-vulnerability-highlights-iot-security-risks.html

Fighting corruption has reached new heights on the global agenda, driven by the recognition that corruption fuels inequality, poverty, conflict, terrorism and failures of development.  Governments in India, Brazil, the UK, Canada, China and some other countries have followed enforcement of the U.S. Foreign Corrupt Practices Act by promulgating national anti-corruption laws that focus on the bribery of public officials by companies, generally with sweeping extraterritorial authority. The appropriate corporate response, we are told, is to build anti-corruption compliance programs; regulators even offer the private sector detailed guidance about best practices. All this has spawned a lucrative consulting industry dominated by investigation companies and accounting and law firms – what the Economist refers to as “FCPA Inc.” With little excuse for ignorance, it would seem that enterprises need only adhere to guidance from regulators and roll out the mandated programs.

It’s not working. Compliance officers tell of delayed rollouts, inadequate budgets, company-wide coordination problems and their own lack of organizational influence. Even when companies get past operational issues, the evidence suggests that a “tick-the-box” approach to compliance is inadequate. Many of the companies currently under investigation by the U.S. Department of Justice and the Securities and Exchange Commission already had hugely expensive, state-of-the-art compliance programs. A recent OECD review of successful corruption prosecutions cites involvement by senior management or Chief Executive Officers in more than 50 percent of global anti-corruption cases to date — revealing deliberately unethical decision making by executives who decisively outrank Chief Compliance Officers. This narrative of systemic degradation is at odds with the dominant “rogue employee under the radar” explanation of wrongdoing. It exposes a legal system that has mistakenly, or perhaps willfully, chosen to focus on a misleading proxy indicator of performance: individual accountability.

...

http://www.corporatecomplianceinsights.com/organizational-culture-corrupt-companies/

One of the things that IT security folks don’t appreciate about the proliferation of mobile computing devices everywhere is how trusting those devices are. Every mobile computing device just naturally assumes that a radio signal within its reach is a trusted source of Internet access.

It turns out, however, that digital criminals are starting to abuse that trust by setting up fake wireless networks to hijack those radio signals using a process commonly referred to as “commjacking.” Once a fairly expensive ruse to set up, there are now open source kits that can be had for as little as $29 that enable criminals to set up a wireless network that for all intents and purposes looks like any other open wireless network. Once a mobile device connects to that network the digital criminals that run it simple steal all the data they can, including everything from credit card numbers to any unencrypted emails.

...

http://mspmentor.net/mobile-device-management/052215/it-security-mobile-devices-vulnerable-commjacking

(TNS) — When a bridge falls, when a water main fails or when a train crashes, news crews and commentators report on the sorry state of our nation’s infrastructure. Policymakers on both sides of the aisle say we need to do something to fix our roads and rails, our ports and pipes. This flurry of activity lasts for a few days, but then little to nothing happens.

Why isn’t there more action?

Despite infrastructure’s fundamental role in the health and safety of the American people and the economy, the United States has underinvested for decades. Today, infrastructure spending as a share of gross domestic product is about 2.5 percent, much lower than the 3.9 percent in peer countries such as Canada, Australia and South Korea. The figure for Europe as a whole is closer to 5 percent and between 9 and 12 percent for China.

The McKinsey Global Institute estimates that the United States should spend at least an additional $150 billion a year on infrastructure through 2020 to meet its needs. This investment is expected to add about 1.5 percent to annual GDP and create at least 1.8 million jobs.

...

http://www.emergencymgmt.com/disaster/US-Infrastructure-Has-Been-Neglected-Decades.html

Wednesday, 20 May 2015 00:00

Managing the Hybrid Application Stack

The best part about moving data operations to the cloud is that you no longer have to worry about provisioning and managing infrastructure. The drawback, of course, is that you have to shift to a service/application-centric approach to management and then somehow integrate that with all of your legacy management systems.

Fortunately, hybrid data management is gaining a fair bit of traction in the development community as vendors seek to get the jump on what is likely to be the dominant enterprise data architecture going forward. According to BlueStripe’s Vic Nyman, the hybrid data center is likely to contain a broad mix of virtualized infrastructure, operating systems and container platforms, as well as a variety of database formats, third-party web services and distributed applications. To manage such diversity, the enterprise will need to deploy key functions such as dynamic application mapping and updating, seamless multi-platform visibility, real-time response time measurement and reporting – and this is before we can even think about expanding to microservices and application component aggregation.

...

http://www.itbusinessedge.com/blogs/infrastructure/managing-the-hybrid-application-stack.html

Wednesday, 20 May 2015 00:00

BMC’s Remedy for IT Obsolescence

Of the companies I follow, one stands out with the singular mission of assuring that IT doesn’t again become obsolete in the face of ever more powerful direct to line management offerings like Amazon Web Services. Most firms tend to treat Amazon’s offering as a competitor or potential customer and miss that it is actually a very different beast. It isn’t really going after IT as customers for the most part, it is rendering IT obsolete by going after IT’s customers directly. If we were talking about this in terms of sales channels, this would be like talking about what Amazon did to retail; it made the retail store obsolete in order to sell directly to their user customers. In effect, Amazon changed the game. BMC is the only enterprise vendor that has figured out that the proper defense isn’t to fight Amazon or to sell to Amazon -- it is to protect IT.

The MyIT effort validates this strategy and the new Remedy 9 platform is the latest in the company’s quiver of arrows designed to help IT defend against obsolescence.

In short, BMC’s goal is to make IT a better choice for employees than any cloud service, partially by embracing them, but mostly by driving IT to focus on making IT’s own customers more satisfied.

...

http://www.itbusinessedge.com/blogs/unfiltered-opinion/bmcs-remedy-for-it-obsolescence.html

The SMB Group released information on its State of SMB Adoption of Mobile Apps and Management Solutions recently. It was a relief to see that SMBs were finally recognizing the importance of mobile solutions to their businesses, with 55 percent of the small and 65 percent of the midsize businesses strongly agreeing that these are critical. However, Kapsersky Lab’s own report on BYOD shows that a surprising number of SMB owners “don’t see a danger” with their employees using personal devices at work.

The Kaspersky report provides data that shows that BYOD could be the real security issue for SMBs, according to CBR Online. In the report, 92 percent of those surveyed said they “keep sensitive corporate information on smartphones and tablets, which they use for both work and personal activities.” That is a dangerously high number of businesses that put a lot of trust in their mobile security efforts, despite the fact that they also think that “basic security tools provided within free solutions” are enough to protect that data. Most also say they don’t see a reason to budget more money toward better security.

...

http://www.itbusinessedge.com/blogs/smb-tech/mobile-adoption-high-on-smb-list-but-mobile-security-isnt.html

The task of staying on top of all of the alerts and alarms that security monitoring tools send out constantly is becoming an unsustainable burden to some IT departments. In balancing setting up and manning these alerts – sometimes millions of them -- while at the same time providing other mission-critical services to grow the business, something has to give. The problem has even been blamed in the massive 2014 Target breach, in which relevant alarms were not noticed in a timely manner.

Security monitoring tools are all but useless without human IT resources to follow up on them, and quickly. It’s become a specialized service area for some enterprises, who want to outsource the monitoring to experts who do nothing but, and know the ins and outs of setting thresholds and balancing monitoring of multiple systems.

Managed service provider Logicalis US has compiled five questions for CIOs considering bringing on a monitoring service provider to support IT’s security responsibilities.

...

http://www.itbusinessedge.com/blogs/governance-and-risk/keeping-security-monitoring-in-house-becoming-riskier-for-some-businesses.html

(TNS) — Under a new state law signed by Gov. Jay Inslee on Thursday, May 14, large railroads will be required to plan with the state for “worst-case spills” from crude oil unit trains, but exactly what that worst-case scenario looks like is not yet clear.

The law requires railroads to plan for the “largest foreseeable spill in adverse weather conditions,” but doesn’t define “largest foreseeable spill.”

In April, BNSF railway employees told Washington emergency responders that the company currently considers 150,000 gallons of crude oil – enough to fill five rail tank cars – its worst-case scenario when planning for spills into waterways. Crude oil trains usually carry about 100 rail tank cars.

...

http://www.emergencymgmt.com/disaster/Railroads-Required-Plan-Worst-Case-Oil-Train-Spill-Washington.html

(TNS) — When Mount St. Helens erupted 35 years ago Monday, killing 57 people and blanketing much of Central Washington in ash, officials were ill-prepared for the magnitude of the emergency.

“When the mountain blew, everyone was kind of out there on their own,” said Charles Erwin, emergency management specialist for the city of Yakima. “That’s what got the county started on doing disaster planning and coordinating with all the local jurisdictions.”

The explosion caused two different disasters on either side of the mountains. While the west side was dealing with mud and debris flows taking out bridges and roads, the prevailing winds pushed an estimated 520 million tons of ash eastward, turning Sunday morning in Yakima into midnight.

...

http://www.emergencymgmt.com/training/Planning-Coordination-Eruption-Mount-St-Helens.html

(TNS) — The more scientists learn, the more they are fine-tuning who is ordered to leave when a hurricane threatens and where and when officials open evacuation shelters.

And the result very likely will be that fewer, not more, people can expect to leave their homes, and still fewer will feel the need to use a hurricane shelter, officials said at last week's Florida Governor's Hurricane Conference.

The American Red Cross is doing a full review of its shelter guidelines, set to be finished in 2017. That's the same year the National Hurricane Center will start issuing a public watch and warning format that combines the traditional wind threats with storm surge. The timing is no coincidence.

...

http://www.emergencymgmt.com/disaster/New-System-Fewer-People-Evacuate-Hurricane.html

Once a month I use my blog to highlight some of S&R’s most recent and trending research. When I first became research director of the S&R team more than five years ago, I was amazed to discover that 30% to 35% of the thousands of client questions the team fielded each year were related to IAM. And it’s still true today. Even though no individual technology within IAM has reached the dizzying heights of other buzz inducing trends (e.g. DLP circa 2010 and actionable threat intelligence circa 2014), IAM has remained a consistent problem/opportunity within security. Why? I think it’s because:

...

http://blogs.forrester.com/stephanie_balaouras/15-05-18-forresters_security_risk_research_spotlight_the_iam_playbook_for_2015

It’s been clear for some time that the traditional storage area network (SAN) has been under siege in the data center. With server infrastructure becoming increasingly distributed, both at home and in the cloud, a centralized array supported by advanced storage-optimized networking is increasingly seen as a hindrance to data productivity.

But if storage is to be distributed along with processing, how do you overcome the obvious difficulties of aggregating resources and establishing effective tiering capabilities? And how can you effectively scale storage independently from increasingly virtualized server and networking infrastructure in order to satisfy diverse requirements of emerging data loads?

One solution is the server SAN, says TechRepublic’s Keith Townsend. By leveraging server and storage convergence, systems like EMC’s ScaleIO and Nutanix can run traditional workloads on virtualized cloud architectures while still providing the SAN functionality that the enterprise has come to rely on.  Indeed, performance of more than 1 million IOPS is already being reported across several dozen to several hundred nodes, and free or community-based distributions are reducing start-up costs to near zero.

...

http://www.itbusinessedge.com/blogs/infrastructure/diversity-of-data-requires-diversity-of-storage.html

No enterprise is immune to bad ideas. Some of them can be spectacularly bad, like deserting loyal customers in order to chase new markets that never materialise, or betting the company on a technology that never actually works. A company can have everything going for it and still get it wrong. The case of Webvan with its e-tailing advantages of lower costs and better services targeting the wrong customer group is just one example. However, this kind of failure is not caused by one bad idea alone, but by one bad idea being accepted and pursued by the organisation overall. In other words, it’s groupthink, a frequent enemy of business continuity.

...

http://www.opscentre.com.au/blog/bad-ideas-groupthink-and-business-continuity-antidotes/

University of Pittsburgh Medical Center (UPMC) recently informed patients that some of their personal information may have been compromised.

And as a result, UPMC topped this week's list of IT security newsmakers, followed by BakerHostetler, Juniper Research and The MetroHealth System.

What can managed service providers (MSPs) and their customers learn from these IT security newsmakers? Check out this week's list of IT security stories to watch to find out:

...

http://mspmentor.net/managed-security-services/052925/it-security-stories-watch-was-upmc-breached

Fraud is an increasingly serious threat for businesses around the world, eroding data integrity and security, consumer confidence and brand integrity. Based on the latest ACFE (Association of Certified Fraud Examiners) study, organizations lose 5 percent of revenue each year to insider fraud.

According to the study, the majority of insider fraud losses — as high as 80 percent — are caused by collusion of two or more employees, even though only 45 percent of the incidents are attributed to collusion. One reason why the losses are higher is that when more people are involved, there are more opportunities to commit fraud and it becomes easier to circumvent anti-fraud controls and conceal the fraud for longer.

Companies invest in implementing controls such as requiring that transactions above certain thresholds be authorized by a second employee and preventing the same person from re-activating an account and transferring funds. But just by coordinating their efforts, employees can work together to circumvent these measures.

...

http://www.corporatecomplianceinsights.com/employee-fraud-collusion-puts-companies-at-high-risk/

There’s been a lot in the news recently about the vulnerability of the electric power grid in the United States. Last month’s incident in which a severed transmission line in Maryland cut power to much of Washington came on the heels of a March USA Today reportabout “bracing for a big power grid attack.” That report spotlighted a coordinated attack in April 2013 on Pacific Gas & Electric's Metcalf substation in California, which resulted in $15 million in damage to its fiber-optic lines and transformers.

“The country’s aging power grid leaves millions vulnerable and could have devastating consequences for not only everyday Americans, but some of the nation’s largest enterprises,” said Robert DiLossi, director of crisis management at Sungard Availability Services, a cloud computing, disaster recovery, and managed hosting services provider in Wayne, Pa. In a recent email interview, DiLossi shared some enlightening tips for CIOs and other IT leaders on how to prepare for an attack on the power grid.

“Increasingly, chief information officers and security leaders at enterprises are turning to resiliency plans to mitigate the impact of any attempt or success at hacking into their IT systems,” DiLossi said. “They are considering or employing several defenses in the event an attack strikes the nation’s power grid.”

...

http://www.itbusinessedge.com/blogs/from-under-the-rug/tips-for-it-leaders-on-preparing-for-an-attack-on-the-power-grid.html

Applications accepted for ocean, fisheries programs through July
Resilience means bouncing back. (Credit: NOAA)

(Credit: NOAA)

Two new NOAA grant programs will help coastal communities and their managers create on-the-ground projects to make them more resilient to the effects of extreme weather events, climate hazards, and changing ocean conditions.

This builds on NOAA’s commitment to provide information, tools, and services to help coastal communities reduce risk and plan for future severe events.

NOAA’s National Ocean Service is supporting the effort with $5 million in competitive grant awards through the 2015 Regional Coastal Resilience Grant Program and NOAA Fisheries is administering the companion $4 million Coastal Ecosystem Resiliency Grants Program.

“Coastal communities around the country are becoming more vulnerable to natural disasters and long-term environmental changes,” said Holly Bamford, Ph.D., assistant NOAA administrator for NOAA's National Ocean Service performing the duties of the assistant secretary of commerce for conservation and management. “These new grant opportunities will help support local efforts to build resilience of U.S. coastal ecosystems and communities, while finding new and innovative ways to mitigate the threats of severe weather, climate change and changing ocean conditions.”

The National Ocean Service 2015 Regional Coastal Resilience Grant Program will help coastal communities and organizations prepare for and recover from adverse events while adapting to changing environmental, economic, and social conditions. The grants will be awarded to  organizations to plan and implement resilience strategies regionally to reduce current and potential future risks. Proposals are due by July 24.

The NOAA Fisheries’ Coastal Ecosystem Resiliency Grants Program will focus on developing  healthy and sustainable coastal ecosystems through habitat restoration and conservation. The winning proposals will demonstrate socioeconomic benefits associated with restoration of healthy and resilient coastal ecosystems, support healthy fish populations, and demonstrate collaboration among multiple stakeholders. Proposals are due by July 2.   

Each grant proposal may request between $500,000 to $1 million in federal funds for the Regional Coastal Resilience Grant Program and $200,000 to $2 million for the Coastal Ecosystem Resiliency Grants Program. Eligible funding applicants include nonprofit organizations, institutions of higher education, regional organizations, private (for profit) entities, and local, state, and tribal government.

Details on the grant programs can be found at the NOAA Fisheries Coastal Ecosystem Resiliency Grants webpage (http://www.habitat.noaa.gov/funding/coastalresiliency.html) and the NOAA Ocean Service Regional Coastal Resilience Grant Program webpage (http://www.coast.noaa.gov/resilience-grant/). To apply visit http://www.grants.gov/

NOAA’s mission is to understand and predict changes in the Earth's environment, from the depths of the ocean to the surface of the sun, and to conserve and manage our coastal and marine resources. Join us on FacebookTwitter, Instagram and our other social media channels.

(TNS) — Tuesday night's fatal derailment was the worst Philadelphia train disaster in decades. The timing seemed chillingly prophetic: Just one day before the crash, the city's Office of Emergency Management had held a "mass casualty workshop" with police, fire and health personnel.

Moments after Train 188 careened off the tracks, emergency calls went out across the city and scores of first responders rushed to the scene to find the mangled bodies of those killed and more than 200 injured and bloodied passengers.

Here's a look at how the city's response unfolded throughout Tuesday night and into Wednesday:

...

http://www.emergencymgmt.com/disaster/How-Philadelphia-Responded-to-Amtrak-Disaster.html

(TNS) — Disaster recovery just from extreme weather and wildfires cost American taxpayers $300 billion in the past decade, the White House's former "resilience" specialist told the general session of the 29th annual Florida Governor's Hurricane Conference.

"That is just what Uncle Sam spent," Josh Sawislak told the conference. He said the figure doesn't count billions in insured and uninsured losses by individuals, businesses and local governments. Nearly half of that was just from 2011 to 2013.

"So when someone tells me, 'We can't afford to pay for resilience,'" Sawislak said, "I immediately ask, 'How can we afford not to?'"

...

http://www.emergencymgmt.com/disaster/US-Disaster-Recovery-10-Year-Bill-300-Billion.html

When drive-by drills, known as lockdown in most of the country, were widely used in response to school shootings with little or no adaptation of tactics, we began down a path that ultimately led to the tragic shooting at Sandy Hook that took 26 innocent lives. There were stops along the way in places called Columbine, Virginia Tech, Aurora and many others. These were all opportunities to learn that our model for response was at great risk from those who would seek to use our plan (or lack of plan) against us.

Plans continued to emphasize single-option lockdown, with location dependency on classrooms for a response. Vague and largely unworkable mentions of reverse evacuations or reverse fire drills back to classrooms for active threats or terrorism inside the building, over facility evacuation, continued to be widely used. The single-option hiding concept became common practice in buildings, though every room was occupied. Shoving people into bathrooms, closets, under desks and into corners became recommended, despite the tragic effects of limiting movement. Being mobile in a crisis equals increasing survivability.

...

http://www.emergencymgmt.com/safety/Single-Option-Lockdown-Response-Failure-School-Shootings.html

Most IT organizations provide services to the business in several forms. According to author Terry Critchley, services are comprised of three things:

  • Products
  • Processes
  • People

Each of these things come together to ensure that required business functions are available. But every service has the potential for failure and outages even though today’s world demands that uptime be as close to 100 percent as possible. In this scenario, IT must use all of its technologies to provide this availability, including virtualization, cloud computing, disaster recovery, business continuity and strong security. Still, human factors can prevent services from being available, too.

...

http://www.itbusinessedge.com/blogs/it-tools/how-your-enterprise-can-provide-high-availability-it-services.html

(TNS) — The ER was already busy, close to full — gunshots, car wrecks, strokes — when the “get ready” call came in at 9:45 p.m.

By 10:30, they began arriving by police car, ambulance, anything.

By midnight, 54 had made it to Temple University Hospital, which treated more passengers from Amtrak’s Tuesday night disaster than any other emergency room.

The most critical patients were rushed into one of the three trauma bays just inside the ER door. Teams of doctors and nurses were assigned to each bay, responsible for stabilizing patients and moving them through with skill and speed, making room for the next.

...

http://www.emergencymgmt.com/health/Preparedness-Hospital-Staff-Philadelphia-Train-Derailment.html

The prevailing wisdom holds that cloud architectures will float comfortably on a layer of virtualization that itself will rest on commodity hardware. As long as underlying bulk resources are available in sufficient amounts, all of the fine-tuning and optimization for higher-level applications and services can be done on abstract, software-defined planes.

This isn’t necessarily wrong, but it isn’t the whole truth either – at least according to those who are developing next-generation, cloud-optimized hardware.

For the current crop of hardware vendors to survive much longer, it is hard to see how they can avoid devising cloud-facing product lines. According to IDC, about 30 percent of the IT hardware spend is in support of cloud infrastructure, up more than 14 percent from a year ago. The private cloud alone accounts for some $10 billion in revenue, generating annual growth of about 20 percent, while public infrastructure spending tops $16.5 billion and is growing at 17.5 percent per year.

...

http://www.itbusinessedge.com/blogs/infrastructure/hardware-still-slightly-relevant-in-the-cloud.html

CHICAGO – May is Building Safety Month, a public awareness campaign to help individuals, families and businesses understand what it takes to create safe and sustainable structures by increasing awareness about how building codes and code officials improve and protect the places where we live, learn, work, worship and play.

“We’re all at some level of disaster risk,” said Andrew Velasquez III, FEMA Region V administrator.  “It is important that we prepare now for the impacts that disasters can have on our homes, our businesses and in our communities.”

The power of natural disasters can be overwhelming. While you can't stop natural disasters from happening, there are steps you can take to increase your home's chance of survival, even in the face of the worst Mother Nature can dish out.

1. Reinforce your Residence. Consider retrofitting options, or steps to improve your home’s protection from natural disasters, including high wind events. One of the most common types of wind damage to a structure is called “uplift”— which occurs when a roof lifts and collapses back down on the house causing costly damage. Fortunately, you can minimize the chances of this happening by installing straps connecting the structural members of your roof to the wall studs or columns.

Other risk reduction ideas include:
a. Use shingles rated for 90+ mph wind and use a minimum of four nails per shingle.
b. Make sure windows and doors are properly shimmed and nailed into the framed opening, tying the window and door frames into the adjacent studs, and 
c. Install a garage door that is designed for higher wind speeds.

FEMA recommends consulting with a certified home inspector to determine if these are viable options for your home. For even more home strengthening options, click here.

2. Fortify Your Home’s Floors. Homeowners can secure their structure to the foundation by using anchors or metal straps. Your builder should ensure there are properly installed anchor bolt connections between the plate and the foundation at least every four feet to ensure maximum fastening to the foundation.

Consult with your local building code official as well as a certified home inspector to determine the best options for you. For more information on wind-resistant home construction techniques, click here.

3. Trim & Tighten. High velocity winds from thunderstorms and tornadoes can turn patio furniture, grills and tree branches into destructive missiles. In addition, if the area immediately surrounding your house contains trees, outbuildings, trash cans, yard debris, or other materials that can be moved by the wind, your house will more likely be damaged during a tornado or windstorm.

All storage sheds and other outbuildings should be securely anchored, either to a permanent foundation or with straps and ground anchors. The straps and ground anchors used for manufactured homes can be used as anchoring systems for outbuildings, such as garden sheds, which are not placed on a permanent foundation. Outdoor furniture and barbecue grills can be secured by bolting them to decks or patios or by attaching them to ground anchors with cables or chains. Trees should also be trimmed so they’re at a safe distance away from your home.
                               
4. Elevation is a Smart Renovation. Flooding is a real risk, and elevating your home and its critical utilities can significantly reduce the risk of water damage. Elevating your home may even reduce your flood insurance premiums. Contact your local floodplain manager to learn the flood risk and elevation requirements for your residence. For more information on elevation techniques to protect your home from flood damage, click here

5. Assure You’re Fully Insured. Take the time to review your insurance coverage. Are you adequately insured for the risks your community faces? Are you covered for wind, flood and sewer backup? Has your policy been updated to reflect the value of your home? For a list of questions to ask your insurance agent, click here. Many homeowners find out too late that their insurance coverage has not increased with the value of their home. Contact your insurance agent to get these questions answered and ensure your home is financially protected.

To learn more about Building Safety Month and how you can protect your home, business and valuables, visit www.iccsafe.org.  For even more readiness information follow FEMA Region V at twitter.com/femaregion5 and facebook.com/fema. Individuals can always find valuable preparedness information at www.Ready.gov or download the free FEMA app, available for Android, Apple or Blackberry devices.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at twitter.com/femaregion5, www.facebook.com/fema, and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at twitter.com/craigatfema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

Editor’s Note: This is part of a series on the factors changing data analytics and integration. The first post covered cloud infrastructure.

It’s a truism that technology changes quickly and ages fast — and yet, despite massive network and computer evolutions, not much changed for data until Big Data came along.

To be fair, for all practical purposes, Big Data was first seen as a natural extension of the relational database, but with larger amounts of data and faster processing speed. Almost immediately, though, vendors like IBM and research firms like Gartner pushed the definition of Big Data to include other data types — semi-structured and unstructured data, delivered at high speeds, which can mean real time, near-time and streaming or, as I privately call it, all time data.

...

http://www.itbusinessedge.com/blogs/integration/new-types-of-data-demand-new-infrastructure.html

Saturday, 16 May 2015 00:00

Risking It

The challenge of planning is significant; anyone who has ever been required to plan anything in detail will know of the problems and issues that even thinking about it planning is difficult and can quite easily spin beyond the controllable. Plans can be effective or useless for various reasons, and the translation of thoughts to realities can be fraught with issues.

In attempting to make informed judgements, the perceived effectiveness of response and protective measures has been traditionally based on a combination of anticipation, information and intelligence assessment and a suitable selection of mitigation measures.  However there is perhaps also an element of chance and luck in detecting and deterring any type of malicious activity and this has served to add to the range of variables which can complicate an attempt to manage risks.   The most thorough risk analysis will not be able to address all variables which will hamper the effectiveness of managerial processes in providing an adequate contribution to pre-emptively managed protective efforts.

...

https://buckssecurity.wordpress.com/2015/05/16/risking-it/

The data center has been the foundation of enterprise IT operations since the dawn of the computer age, so it is understandable that there is a lot of uncertainty now that it is undergoing the most monumental change in its history.

Indeed, many executives are still trying to wrap their heads around the idea of having no data center at all, or at best a rack or two of modular boxes devoted to maintaining access to external applications and resources.

But those who have been to the mountaintop say that the other side is indeed a lush, green valley in which advanced services and capabilities can be had at low cost and with little effort, and that the flexibility that comes from shedding fixed hardware assets more than makes up for the loss of direct control over infrastructure. The key, though, is to first realize that the new data environment does not serve the same purpose as the old, and then to learn how to leverage that app-centric, service-based environment for your business model.

...

http://www.itbusinessedge.com/blogs/infrastructure/peas-in-a-pod-a-new-data-center-and-a-new-business-model.html

It’s clear that our relationship to data is changing, both in terms of how we work with data and our relationship on individual levels. That, in turn, is triggering changes in the underlying technologies.

Integration technology in particular is in the spotlight these days. After all, you can use the data only as fast as you can integrate, wrangle or blend the data. That’s leading to a lot of talk from vendors about “modern integration” that’s less concerned with on-premise, batch integration and more concerned with real-time access for business users.

At Informatica’s recent customer conference, CEO Sohaib Abbasi identified four disruptive technology trends changing data. His opinion is more significant than most because he heads one of the industry’s leading integration vendors, and despite a thriving data integration market, that company was recently acquired.

...

http://www.itbusinessedge.com/blogs/integration/why-cloud-infrastructure-changes-your-data-integration.html

DENTON, Texas – People who live in Texas are urged to get ready now for the possibility of flooding, following days of rain and with more potential rain in the forecast.

The Federal Emergency Management Agency’s (FEMA) Region 6 office continues to monitor the flooding threat across parts of the state and stands ready to support state and local partners as needed and requested in any affected areas.

Know Your Risk Before a Flood:

•    Do your homework. Be aware of the potential flooding risks for the particular area where you live.
•    Familiarize yourself with the terms used to identify a flooding hazard. Some of the more common terms used are:

  •  A Flash Flood Watch: Flash flooding is possible.  Be prepared to move to higher ground; monitor NOAA Weather Radio, commercial radio, or television for information.
  • A Flash Flood Warning: A flash flood is occurring; seek higher ground on foot immediately.

Take Action Before and During a Flood:

•    Build an emergency kit and make a family communications plan.
•    Listen to local officials and monitor your local radio or television for information.
•    Do not drive into flooded areas. Turn Around; Don’t Drown. Two feet of rushing water can carry away most vehicles.
•    Do not walk through flowing water.  Six inches of swiftly moving water can knock you off your feet.
•    Wireless Emergency Alerts (WEAs) are now being sent directly to many cell phones on participating wireless carriers' networks.  WEAs sent by public safety officials such as the National Weather Service are designed to get your attention and to provide brief, critical instructions to warn about imminent threats like severe weather.  Take the alert seriously and follow instructions.  More information is available on WEA at www.fema.gov/wireless-emergency-alerts.


Visit www.ready.gov or www.nws.noaa.gov for more information on preparing for floods or other disasters.

 

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow us on Twitter at http://twitter.com/femaregion6 , and the FEMA Blog at http://blog.fema.gov

Thursday, 14 May 2015 00:00

How Would You Hire an Emergency Manager?

Let’s suppose you want to fill a position in your organisation by hiring an emergency manager. The role of this person is to coordinate the actions of different services responding to a sizable disaster, to translate strategy into tactics, and to keep senior officials or management informed of the situation and progress towards resolution. So far, so good – except this kind of person, or experience, doesn’t grow on trees. However, it is a role that is needed in many public sector areas, including utilities, health, education, airports and port authorities. You could place an ad asking for candidates, but what do you then need to know to evaluate applications?

...

http://www.opscentre.com.au/blog/how-would-you-hire-an-emergency-manager/

With so many of today's businesses dependent on SAP as the core technology platform for some of their most critical business functions, it would follow that IT organizations would dedicate significant effort in securing SAP systems. But the truth is that SAP and other enterprise resource planning (ERP) software remain largely forgotten by even the most security-conscious organizations today. And the attackers have found this gap.

For years now, security researchers have warned of hefty security vulnerabilities in SAP that make it possible to create ghost accounts, change records in some of the most sensitive financial tracking applications and use the platform to break into other connected systems. And while security researchers and consultants confirm that attackers are already exploiting these vulnerabilities for malicious purposes, these attacks have largely gone unreported to the public. That all changed this week.

...

http://mspmentor.net/managed-security-services/sap-vulnerability-showcases-need-managed-security

Thursday, 14 May 2015 00:00

High Availability IT Services

Reliability and Availability

This book starts with the basic premise that a service is comprised of the 3Ps—products, processes, and people. Moreover, these entities and their sub-entities interlink to support the services that end users require to run and support a business. This widens the scope of any availability design far beyond hardware and software. It also increases the potential for service failure for reasons beyond just hardware and software; the concept of logical outages.

...

http://www.itbusinessedge.com/itdownloads/infrastructure-management/high-availability-it-services.html

There’s been plenty of attention paid over the past few years to what appears to be a growing IT skills gap.  Managed service providers (MSPs) can help alleviate the pain of this this gap for customers by providing services that customers would normally handle inhouse. For instance, they can offer and manage cloud-based file sharing and other IT services.

In her recent article for FierceCIO.com, Sarah Lahav weighs in on the IT talent shortage.

“Whether the IT talent shortage is myth or reality, I believe IT leaders can agree on at least one thing: some roles are harder to fill than others,” says Lahav.  “The needs of IT and the business have shifted faster than educators and professionals adapt.”

...

http://mspmentor.net/infocenter-cloud-based-file-sharing/051415/msps-fill-it-roles-your-clients-can-t

Taking the whole concept of data security to its most logical conclusion, Secure Islands has come up with a method that automates the application of security to any piece of data, depending on how it’s classified, as that data is being generated.

Secure Islands CEO Aki Eldar says version 5.0 of the IQProtector Suite (IQP) adds what the company describes as a Data Immunization process. IQProtector automatically assigns security controls to data at the point that data is actually created, regardless of location. Those controls then attach themselves to that data wherever it is consumed.

Based on rights management technology developed by Microsoft, Secure Islands has different renditions of IQProtector for endpoints, servers, clouds and applications to make sure that wherever data is created, a security policy gets enforced.

...

http://www.itbusinessedge.com/blogs/it-unmasked/secure-islands-applies-security-controls-at-point-of-data-creation.html

When a disruptive incident impacts critical national or regional infrastructure, or when public safety is at stake, multiple emergency agencies are often involved in the response.

Those responders could be from federal or state agencies as well as local teams of EMT’s, police, firefighters and other volunteers.  Emergency response organizations specialize in a certain aspect of response based on their skill sets.  From coastguards, firefighters, bomb-disposable squads and EMT’s animal control and hazmat clean-up or cyber expert, those teams’ skills and actions are generally unique, well defined and perfected through regular practice.

In the event of multi-disciplinary emergency response, command, control and communication (between the responders) are critical for an effective – and efficient – response.  Protocols for collaboration among responders are defined by NIMS (the National Information Management System) of which the Incident Command System (ICS) is a critical component.

...

http://www.ebrp.net/automating-nims-ics-for-efficient-incident-response/

What do Edward Snowden, the U.S. PRISM scandal and the corporate data hack on Sony Corp. have in common? All involved breaches in data security and sovereignty. While the cloud offers many benefits--such as cost savings, scalability and flexibility--there are also added risks. Data security always tops that list of risks.

To combat these risks, it’s crucial for service providers to have a fundamental understanding of data security and data sovereignty. Use these 10 facts as your foundation to ensure you’re offering customers the best security, reliability and performance in the market.

...

http://mspmentor.net/blog/10-things-know-about-data-security-and-sovereignty-cloud

If disaster, such as a flood or power outage, struck right now, would you be prepared to recover your vital data and applications to continue business operations? Do you have a business continuity plan in place to make sure you’re never left in the dark – unable to get work done?

Learn more about the great work Keith and his team at Procyon Solutions are doing to help prepare businesses in Little Rock for any upcoming disaster.

Keith Jetton from Procyon Solutions knows the importance of having a business continuity plan in place.

“We take a different approach to business continuity than most other IT companies. We’re seeing lots of technology move to the cloud – starting with email, file sharing, and phones, all hosted in the cloud,” he said.

...

http://mspmentor.net/backup-and-disaster-recovery/051215/disaster-recovery-keeping-customers-ready-any-disaster

As a business continuity or disaster recovery professional you’ve probably put in a lot of effort setting up your emergency mass notification system. You’ve likely already:

  • Determined the different user types your system will support as well what security/permissions each user type will have.
  • Confirmed how to get your user/stakeholder information into the system...either via upload, integration with another software platform, or via self-registration of your users.
  • Set-up user groups, uploaded important crisis communication related documents.
  • Linked your ENS with the appropriate social media accounts
  • Integrated your ENS with various external notification devices such as digital displays, sirens, and desktop disruption.
  • Developed notification templates.
  • Tested the system, and more.

...

http://www.ermscorp.com/blog/have-you-promoted-your-emergency-mass-notification-system-you-should

As so many IT security experts and analysts have preached through the years, small to midsize businesses (SMBs) should be just as concerned with cybersecurity as large enterprises. It seems the warnings are finally sinking in. A recent survey by the Endurance International Group shows that 81 percent of SMBs are currently concerned about cybersecurity and 91 percent think about it “often.”

In a release, Hari Ravichandran, CEO of Endurance International Group, says it’s time for small businesses to take cybersecurity to heart, but perhaps more should be done:

...

http://www.itbusinessedge.com/blogs/smb-tech/smbs-finally-realize-they-can-be-targeted-by-cyberattacks.html

A great start to the Australasian BCI Summit in Sydney today. If you are reading this at the Summit please come and find me to say hello. If you are not able to attend the event you can still interact with attendees and the ideas being presented via the Twitter tag

The theme for the conference is intriguing, “Looking to the future, learning from the past” and it will be interesting to see if this realises the potential. Good start thus far!

...

http://blog.vrg.net.au/conferences/4-things-we-can-do-to-help-bc-evolve-towards-resilience/

 


Nearly nine in 10 financial services firms plan to increase their investment in risk management capabilities in the next two years in response to the emerging risks of cyber security and fraud, according to a new report from Accenture.

The Accenture 2015 Global Risk Management Study – based on a survey of more than 450 senior risk management executives in the banking, capital markets and insurance industries – found that 86 percent of respondents said their organizations plan to increase their investment in risk management capabilities in the next two years, with one in four (26 percent) planning to increase it by more than 20 percent. In addition, three in 10 respondents (29 percent) said their companies plan to increase by more than 20 percent their investment in cloud / software-as-a-service (SaaS) and big data and analytics.

The report found clear evidence of the increasing impact that cyber security and fraud is having on financial services firms’ business and the risk management function in particular.  For example:

  • More than one-third (34 percent) of respondents said that understanding cyber risk will be the most-needed capability in their risk function.
  • Nearly two-thirds (65 percent) of respondents said that cyber/IT risk will have an increased impact on their business in the next two years, with 26 percent saying that the increase would be significant.
  • More than eight in 10 respondents (82 percent) said that emerging risks, such as cyber and social media, account for more of the chief risk officer’s (CRO) time than ever before.

“The combination of market forces, advances in technology and customer demands are pushing financial institutions to become more digital and requiring a broader range of skills from today’s risk management professionals,” said Steve Culp, senior global managing director for Accenture Finance and Risk Services. “Financial services firms are struggling to keep pace with the demand for people with highly specialized skills, such as cyber risk experts, business analysts, security specialists and fraud experts. To fill these gaps, most firms will have to look outside of their organizations — and the competition for the right people is increasingly intense.”

The report indicates that the surging demand for talent by financial services institutions in recent years shows no signs of abating. While firms are focusing on enhancing their specialized skills, fewer than half (41 percent) claim to have extensive skills in understanding digital technologies. Only 10 percent said that their risk function has the resources needed in specialized areas like emerging risks.  Many respondents said that in the past two years, their recruiting has targeted cyber risk experts (cited by 48 percent of respondents) and fraud experts (36 percent), and 36 percent of firms said they have hired former hackers.

Rising impact of digital

In response to today’s low-growth, low-return environment, financial institutions are focusing on new paths to profitability. As a result, risk appetites are increasing, although in a targeted fashion.  More than four in 10 financial services firms (43 percent) said they have a higher risk appetite for developing new products than they had two years ago, and more than one-third (36 percent) have a greater appetite for taking on major digital initiatives. 

“At a time when the regulatory focus has never been keener, financial services firms are taking a hard look at their existing strategies and starting to identify where they want to extend their business to achieve growth,” Culp said. “The willingness to accept greater business risks will also expose financial services firms to emerging risks – including cyber, data privacy, reputational, social media and new conduct risks – requiring risk professionals to play an enhanced role.”

Nearly three-quarters (73 percent) of respondents said that managing emerging digital risks and the increased velocity, variety and volume of data challenge their ability to be effective. Fewer than one in 10 (9 percent) said that consistent and updated data is regularly available to decision makers across the organization.

Increased role of the risk function 

Increasingly, CROs seek to play a more strategic role in their companies. Only 36 percent of capital markets respondents and 29 percent of banks said that, when delivering regulatory change programs, their senior managers go beyond basic regulatory compliance, such as by integrating with ongoing change initiatives.  For firms that go beyond basic compliance, there is much greater coordination on regulatory issues between the risk function and the rest of the business.

At the same time, the majority of financial services firms have some distance to travel before risk management becomes fully aligned with broader strategic planning.  While more than eight in 10 respondents (83 percent) said they believe that risk management has contributed to enabling long-term profitable growth for their company, nearly three-quarters (73 percent) said that gaining the trust of the business is a top challenge to their effectiveness. Fewer than one in five respondents (17 percent) said that their companies have a framework that supports major strategic decision-making with input from risk management.

“CROs can help their institutions become digital leaders by capitalizing on the insights generated from the wealth of data they hold,” Culp said. “While many have said the increase in data has posed a challenge, risk teams can free up time by automating data collection and analysis in order to focus on more strategic management activities. Better data is required by regulation, but it will also help CROs advise their stakeholders on meeting key goals around risk-adjusted profitability and performance.”

www.accenture.com

Wednesday, 13 May 2015 00:00

Cyber Losses vs. Property Losses

The financial impact of cyber exposures is close to exceeding those of traditional property, yet companies are reluctant to purchase cyber insurance coverage.

These are the striking findings of a new Ponemon Institute  survey sponsored by Aon.

Companies surveyed estimate that the value of the largest loss (probable maximum loss) that could result from theft or destruction of information assets is approximately $617 million, compared to an average loss of $648 million that could result from damage or total destruction of property, plant and equipment (PP&E).

Yet on average, only 12 percent of information assets are covered by insurance. By comparison, about 51 percent of PP&E assets are covered by insurance.

...

http://www.iii.org/insuranceindustryblog/?p=4057

(TNS)East Naples might not be the place most people think of when they think of rising sea levels, but that's what Jerry Kurtz sees.

On the north side of U.S. 41, not far from the Walmart, a weir that controls water flows into Haldeman Creek and eventually Naples Bay is one of four aging weirs that sit on the county's front line against climate change.

With the National Oceanic and Atmospheric Administration predicting sea levels to rise as much as 2 feet by 2050 and by as much as 6.6 feet by 2100, the new weirs being planned need to be built to handle any extra water that might slosh their way, Kurtz said.

...

http://www.emergencymgmt.com/disaster/Florida-Doesnt-Have-Plan-Rising-Sea-Levels.html

(TNS) — Investigators rushed to the scene of a derailed Amtrak train in Philadelphia Wednesday morning as the death toll climbed to six after the deadly accident in one of the nation’s busiest transportation corridors.

Dawn showed the extent of the devastation from the Tuesday disaster with all seven cars of the Amtrak train askew, off the rails in a chaotic wreck. One car was seemingly collapsed like an accordion and three cars were overturned. The other three were a twisted mess.

Hundreds of rescue workers using heavy equipment were at the scene, searching for survivors.

“It is an absolute disastrous mess,” Philadelphia Mayor Michael A. Nutter told reporters. “I have never seen anything like this in my life.”

The train was carrying 238 passengers and five crew when it left Washington for New York Tuesday.

...

http://www.emergencymgmt.com/disaster/Train-Derails-Philadelphia-Killing-At-Least-5.html

Business users aren’t just technology savvy these days. They’re also increasingly data savvy, and that’s lead to a major shift in what business users expect when it comes to accessing and using data, according to data integration veteran Sachin Chawla.

“These guys don’t even exactly know the questions,” Chawla said during an interview with IT Business Edge. “They want to start playing with the data and then the questions will emerge as they do that, and the value will emerge as they do that. So it’s more about exploration than ‘Oh, tell me how much product we’ve sold in this region every month.’”

This represents a significant shift from the traditional approach, in which business users request reports that may take IT months to produce, Chawla said.

...

http://www.itbusinessedge.com/blogs/integration/savvy-business-users-want-data-access-without-it-bottlenecks.html

Building a lean, mean supply chain machine is the dream of many organisations. On the face of it, lean sounds like a good idea. By streamlining and simplifying processes, and by cutting out flab and wastage, enterprises can boost productivity and profitability, and of course end-customer satisfaction. Just the muscle without the adipose layers is the goal. Companies aim for ever fewer suppliers, fewer product touch points and faster operations. Yet there comes a point where a supply chain starts to look more like a skeleton than a living, evolving business organism. It is at this point that the slightest shock to the system can break it. In other words, the fragility of your supply chain becomes a major risk for your business continuity.

...

http://www.opscentre.com.au/blog/put-some-fat-back-in-your-lean-supply-chain-diet/

Tuesday, 12 May 2015 00:00

Ten crisis management tips

An unexpected crisis can ruin a hard-won reputation, decimate your bottom line, and put the future of your company in jeopardy. Having a strategic plan in place in case the worst happens is vital insurance for any company , according to Jane Kroese, PR director at KISS PR.

“Some managers are reluctant to undertake crisis planning: crisis is by its nature unpredictable, making it difficult to know where to start. Acknowledging that you could face an emergency is uncomfortable, and it’s not always clear where crisis planning should fit amongst your day to day tasks,” explains Jane.

“There are far too many companies that are not adequately prepared for a crisis. But crossing your fingers and hoping it won’t happen to you isn’t good enough. Even if you’re committed to the highest standards and always implement best practice, a crisis could come from an unexpected place: the actions of a member of staff, a sector-wide emergency or a problem with a supplier or distributor could impact your business too.”

“A crisis can be an opportunity. When we produce crisis strategies, we aim for the company’s reputation to be equal to the status it had before the crisis - if not better. With a strong plan you can not only avoid damage, but come out ahead. No one can control a crisis, but they are most open to positive influence through strong communications in their earliest stages. Having a good plan in place allows you to react quickly and appropriately.”

Here are KISS PR’s ten tips for crisis management:

1. Have a strong communications plan.  This will help maintain good relationships with all your stakeholder groups. These relationships are tested in a crisis, and these are the people you may need to call on for their support. Remember your stakeholders aren’t just your customers: they include your staff, neighbours and journalists.

2. Scan for potential risks and issues. If you have good communication with your stakeholders you can spot an issue when it emerges, and intervene before you have a crisis on your hands. Good issues scanning depends on monitoring developments in your sector, legislative changes, media attitudes and the behaviour of your competitors, and being responsive to your customers’ needs.

3. Identify your key spokespeople.  Ensure that all key spokespeople have been trained in handling crises and dealing with the media. Your spokespeople should be members of senior management who can keep calm under pressure and will be comfortable speaking to journalists at short notice.

4. Have a well co-ordinated crisis team. During a crisis all communications should be co-ordinated by the crisis team: advise your staff to direct external enquiries to them, and not to speak to the media on their own initiative! Appoint alternates for your team, in case someone is off that day or you have a long crisis and need to rotate your personnel. Remember it’s too late to learn the skills you need during the crisis – don’t wait until you have an emergency on your hands.

5. Have your crisis communications plan ready. Each crisis is different, but you can have your media lists, fact sheets and even holding statements prepared in advance. This will give journalists something to work from while you investigate the crisis and ascertain the facts. You want to be in as much control as possible from the start, and a pre-prepared media pack will help. Don’t forget to store copies of all your crisis materials off site in case there’s an emergency at your premises.

6. Regularly update your stakeholders and media throughout the crisis. Be proactive in approaching your media contacts and providing them with information: you want to be seen as the authoritative source of information on the crisis, and you don’t want the public getting their information from other - potentially prejudiced sources.

7. It’s OK to admit you don’t have all the answers yet. Tell people what you’re doing to investigate the crisis and when you expect to have the information they need. Don’t say anything you’re not certain of, or make promises you won’t be able to keep.

8. Act quickly to address any information you know to be wrong. Swift and direct clarification rectifies the situation. It’s important to keep on top of what’s being said about you during a crisis.

9. Online speculation means your crisis activity now needs to be 24/7. The internet is the first place your stakeholders will go when they’re looking for information on the crisis, and they will expect to be able to contact you directly on your social media channels. Resource will need to be directed to responding quickly, accurately and reassuringly to points made and questions asked across all your streams.

10. You need to give thought to how you will rebuild your reputation after a crisis. What would a crisis ‘win’ look like for your company? After the crisis has passed and your investigation has concluded it might become clear your company wasn’t at fault, and it’s to your advantage to communicate this effectively. Ask what you can learn from the crisis to re-position your company.

http://www.kisscom.co.uk/

Can military principles and processes really be applied to corporate crisis management? Jonathan Hemus thinks they can…

By Jonathan Hemus, managing director, Insignia

Managing crises is, hopefully, a rare experience for most organizations. For the armed forces it’s part of their daily lives. Crisis management terms that are bandied around in corporate circles (tactics, strategy, exercising, war-gaming) are well rehearsed techniques and practices deployed by the armed forces to manage life and death situations. But can military principles and processes really be applied to corporate crisis management? With the 'command and control' approach to management in disrepute, it would be easy to assume that what works in the armed forces would backfire in the commercial world.

Look more closely though and the parallels are clear: scenario planning (a military discipline) is a critical part of preparing to manage a crisis. Giving your 'troops' the training they need to work quickly, efficiently and effectively under intense pressure is a prerequisite for crisis management success. Rehearsing your team and plan with crisis simulation exercises in 'peacetime' is the only way of finding out whether it will work for real.

...

http://www.continuitycentral.com/index.php/news/business-continuity-news/209-feature1308

Tuesday, 12 May 2015 00:00

Where the Enterprise Is Cloud-Wise

How does the typical enterprise view the cloud, and will a consensus ever emerge as to how clouds are to be architected and utilized?

Believe it or not, we are still very early in the cloud transition, and the truth of the matter is, we could be a good two to three years away from seeing the cloud firmly established as the dominant form of IT infrastructure. In that time, expect to see a myriad of platforms, architectures, service configurations and other advancements, many of which will fail to gain traction or emerge as hot prospects only to fade over time.

But if you could take a snapshot right now, what would be the dominant themes within the cloud computing movement, and do they have the stuff to stand the test of time?

...

http://www.itbusinessedge.com/blogs/infrastructure/where-the-enterprise-is-cloud-wise.html

I wrote a post last week about a study commissioned by Dell and Intel that provided some enlightening information about employees’ technology adoption and expectations.

Beyond what was covered in that post, Steve Lalla, a Dell vice president and general manager who contributed the commentary, was also able to address how this type of research helps guide Dell’s strategy, and what’s changed since Dell last conducted this survey in 2011.

The 2014 “Global Evolving Workforce Study” was commissioned by Dell and Intel, and conducted by TNS, a global market research firm. As for how this type of research aids Dell in its strategic planning, Lalla said that Dell launched the initiative to fully understand exactly how technology is shaping the workforce of the future and in turn, help its customers respond to the challenges and opportunities of the evolving workforce. He listed three “actionable insights” for Dell and its customers that came out of the study:

...

http://www.itbusinessedge.com/blogs/from-under-the-rug/global-employee-study-guides-dells-flexible-work-force-strategy.html

Global insurers’ level of satisfaction with their enterprise risk management (ERM) performance grew by 10 percentage points over the last two years (63% compared to 53%). This was highlighted by a 16-percentage-point increase in Asia Pacific (51% compared to 35%) and less pronounced in North America and Europe (with a seven-point increase), according to Towers Watson’s Eighth Biennial Global Enterprise Risk Management Survey.

According to the survey, 74% of global insurers said their executives and board members view the risk management function of their enterprise as an important strategic partner that adds value to the business. Notably, carriers that share this view are almost twice as likely to say they’re satisfied (73% compared to 38%) with their company’s ERM performance compared to those that believe ERM is merely a provider of risk assurance (18%) or for regulatory compliance (8%).

Insurers’ opinions of their ERM program were determined by factors such as clear links to business goals. In fact, carriers with ERM functions that are well integrated into their business planning noted higher rates of satisfaction (82%) than those without an integrated strategic plan (53%). Similarly, those with a risk appetite framework linked to specific risk limits expressed higher rates of satisfaction (76%) than their peers with no framework in place (50%).

...

http://www.riskmanagementmonitor.com/erm-seen-as-a-strategic-advantage-by-global-insurers/

The data industry is naturally buzzing about the new Tesla Powerwall battery. As a relatively low-cost means to capture and store energy, it makes not only an effective back-up solution but also a means to utilize solar, wind and other renewable sources during long periods of inactivity.

But as with any solution, there are always a few trees in the forest, and with batteries we run the very real risk of simply trading one set of problems for another.

Tesla, of course, is not the first company to develop a high-capacity battery solution, nor is it the first to utilize lithium-ion (Li-ion) as the primary power source. But if initial claims are true, the company has come up with a reliable, easily deployable solution capable of hitting a very reasonable price point of about $350 per kWh, which should make many facilities managers jump for joy. These costs, however, do not include installation, maintenance and other factors, so organizations will need to do some number crunching before signing on the dotted line.

...

http://www.itbusinessedge.com/blogs/infrastructure/why-the-tesla-powerwall-battery-is-not-the-answer-to-data-center-energy-issues.html

Tech career news this week included taking a fresh look at roles in cybersecurity, imagining what a day without data would be like, new hiring problems in Silicon Valley and more.

Cybersecurity Hiring Hot – and Cool

Hiring in security-related IT positions has been strong for awhile now, and Ben Johnson, chief security strategist with Bit9 + Carbon Black, says demand will continue to be high for several reasons, not the least of which is that mainstream culture is making the job look cool. In “Latest Cybersecurity Crisis: Where’s the Talent?” Johnson shares advice for those who want to break into the area, and those responsible for doing the hiring, including how to leverage existing skill sets and how to redefine roles and team needs.

...

http://www.itbusinessedge.com/blogs/charting-your-it-career/it-career-news-cybersecurity-hiring-working-without-data-relieving-stress.html

Monday, 11 May 2015 00:00

Hail Claims Add Up During April

We’re reading about the economic and insurance impact of severe thunderstorms in the United States in April 2015, as reported by Aon Benfield’s latest Global Catastrophe Recap report.

Five separate thunderstorm events in central and eastern parts of the U.S. caused expected insured losses of $2 billion, including more than $750 million from one event alone.

What was the $750 million event?

A widespread multi-day severe weather outbreak that hit central and eastern parts of the U.S. from April 7-10, leaving at least 3 dead and dozens injured.

...

http://www.iii.org/insuranceindustryblog/?p=4055

E-commerce business models have many advantages over brick-and-mortar retailers, including lower overhead, more flexibility in product and price testing, and more opportunities to manage inventory at optimal levels based on shopper behavior and current web analytics. However, an e-commerce business can’t escape all the realities of merchants with physical storefronts—including shoplifters.

Here are six tips for preventing virtual shoplifters:

...

http://www.riskmanagementmonitor.com/tips-for-preventing-virtual-shoplifters/

(TNS) — The Department of Defense raised the security level Friday at military bases across the United States in response to growing concern that they could be targeted for attack.

Under Force Protection Condition Bravo — the third of five security levels — more guards may be deployed at base entrances, and people and goods entering bases are likely to be subjected to closer scrutiny.

A spokesman for U.S. Northern Command said it's the first time the security level has been raised nationwide since Sept. 11, 2011, the 10th anniversary of the attacks on New York and Washington.

...

http://www.emergencymgmt.com/safety/Security-Level-Military-Bases-Increased.html

For SAP, the rise of the Internet of Things (IoT) is not so much about connecting things to the Internet as it is automating business processes.

At the recent Sapphire Now conference, SAP outlined how it will make use of a lightweight implementation of the SAP HANA in-memory computing platform to push both transaction processing and analytics as far out to the edge as possible via a cloud-enabled IoT service running on top of SAP HANA.

But Michael Lynch, global co-lead for IoT at SAP, says that’s really only the first step. The second step is to then begin moving from the realm of predictive analytics to a world where prescriptive analytics enable business processes to be dynamically adjusted in real time. For example, the appearance of a tropical depression off the coast of North America would change flight schedules, which would then trigger the sending of an alert to passengers, and also dispatch a car service to pick up passengers to bring them to the airport at the new time.

...

http://www.itbusinessedge.com/blogs/it-unmasked/sap-outlines-strategy-for-melding-erp-and-iot.html

Transportation departments spent more than $1 billion since last October plowing highways, salting roads and coping with winter weather, according to a new survey.

The tally of 23 states, conducted by the American Association of State Highway and Transportation Officials (AASHTO), put the total cost at more than $1.13 billion. The full costs are higher, as several snowy states did not provide figures for the survey. 

This the first year that AASHTO conducted the survey. The most recent winter was milder in much of the United States than the one before, but the impact varied by region.

Pennsylvania spent the most of any state in the survey, with expenses of $272 million. The state transportation department estimates it took 2.5 million man hours to respond to the storms.

...

http://www.emergencymgmt.com/disaster/How-Much-Did-States-Spend-Battling-Winter.html

(TNS) — In 2008, a 7.9 earthquake left a path of destruction in the Chinese province of Sichuan, leveling whole communities and leaving as many as 88,000 dead.

The chaos and confusion was made worse because the temblor disabled more than 2,000 cellphone towers, leaving huge communication gaps that lasted weeks.

On Friday, Los Angeles became the first city in the nation to approve seismic standards for new cellphone towers, part of an effort to strengthen communications infrastructure in preparation for the next big quake.

...

http://www.emergencymgmt.com/disaster/Los-Angeles-Approves-Seismic-Standards-Cellphone-Towers.html

Sally Beauty Holdings (SBH) has begun investigating a data breach that may have affected 25,000 customer records.

And as a result, the professional beauty supplies company topped this week's list of IT security newsmakers, followed by Consumer Reports, Tiversa and Ponemon Institute.

What can managed service providers (MSPs) and their customers learn from these IT security newsmakers? Check out this week's list of IT security stories to watch to find out:

...

http://mspmentor.net/managed-security-services/051115/it-security-stories-watch-sally-beauty-gets-breached

(TNS) — Lawmakers and federal officials trying to overhaul the National Flood Insurance Program are considering dismantling a sprawling system that relies on more than 80 separate companies to sell policies, collect premiums and calculate damages after disasters.

The move, in response to allegations that claims were underpaid after superstorm Sandy, would dramatically reshape a government initiative that insures 90,000 homes and businesses on Long Island and 5.2 million nationwide.

Though the federal government underwrites flood insurance, it has long hired private companies including Allstate, Travelers and others to sell and manage policies. Those partnerships have allowed Washington to provide coverage without the staff and infrastructure of an entire insurance company.

...

http://www.emergencymgmt.com/disaster/Will-National-Flood-Insurance-Program-Be-Overhauled.html

Cloud security has always been a sensitive topic. For many years, security was listed as the number-one reason why companies shied away from adopting cloud technologies. Cloud security has improved considerably over the years, but a survey conducted by Perspecsys shows just how far we have to go, especially when it comes to understanding where and how data is protected.

While at RSA, the folks from Perspecsys surveyed more than 125 attendees about data control in the cloud and more than half (57 percent) said they don’t have a complete picture of where their sensitive data is stored. Perhaps more alarming, 48 percent of the respondents said they don’t have a lot of faith in their cloud providers to protect their data. And because of this lack of trust, cloud adoption is slowed.

Maybe we haven’t come that far in cloud security, or at least the perception of cloud security, after all. Although, I have to say, the findings in the Perspecsys survey are a lot more encouraging than the results of a Ponemon Institute study of a year ago that found, according to eSecurity Planet:

...

http://www.itbusinessedge.com/blogs/data-security/it-professionals-arent-sure-who-controls-data-in-the-cloud.html

KANSAS CITY, Mo. – With the potential for severe weather across the plains and several Midwestern states the remainder of this week and into the weekend, staff at the U.S. Department of Homeland Security’s Federal Emergency Management Agency’s (FEMA) Region VII office are coordinating with state and local officials in Iowa, Kansas, Missouri, and Nebraska and urge the public to prepare to stay safe.

 “With the threat of severe weather developing, we urge residents to listen to NOAA Weather Radio and local newscasts, monitor digital media feeds for updates and follow the instructions provided by local emergency officials,” said FEMA Region VII Administrator Beth Freeman. “As folks make their weekend plans, this severe weather threat is a reminder everyone needs to remain vigilant as we can’t always anticipate when or where a disaster might strike.”

Make A Plan!
Your family may not be together when a disaster strikes so it is important to plan in advance. For more information on creating your family’s emergency plan, visit http://www.ready.gov/make-a-plan.

Have an Emergency Supply Kit!
To prepare for power outages and the disruption of essential services, FEMA urges families to prepare an emergency supply kit for their homes and cars. For more information, visit http://www.ready.gov/build-a-kit.  When preparing a kit, remember water, medications, and items needed for the well-being of your pets.

Stay Informed!
Pay attention to and follow instructions from local emergency officials.

FEMA App Has Weather Alerts (NEW!)
Download the FEMA app (available in English and Spanish, for Apple, Blackberry and Android) to get severe weather alerts from the National Weather Service, https://www.fema.gov/mobile-app.

Social Media—A great monitoring tool!
Most local emergency managers, state and government agencies, including the National Weather Service, have an active social media presence and use it to provide fast, current and critical information before, during and after emergencies. Consider following the Facebook, Twitter or Instagram handles of your local emergency management office, as well as hospitals, schools and voluntary organizations serving your community.

If you don’t already have one, consider using a social media list to monitor the severe weather threat; how local officials are responding; and what they may ask of you and your family.  @FEMARegion7 on Twitter has created social media lists for Iowa, Kansas, Missouri and Nebraska. Subscribe to your state’s list, www.twitter.com/femaregion7/lists, or use it as a template to create your own. Learn and chat about creating Twitter and Facebook lists using #PrepList.

Tips for Severe Weather Safety!

If you have severe weather in your area, keep these safety tips in mind:

  • Become familiar with the terms used to identify a severe weather hazard and talk to your family about what you will do if a watch or warning is issued. Here are the terms you need to know:

WATCH: Meteorologists are monitoring an area or region for the formation of a specific type of threat (e.g. flooding, severe thunderstorms, or tornados).

WARNING: Specific life and property threatening conditions are occurring and imminent. Take appropriate safety precautions.

  • If there’s a tornado warning, you’ll need to know what to do no matter where you are. Learn more before the storms arrive, http://www.ready.gov/tornadoes.
  • DISTANCE TO SAFE ROOM MATTERS: While community safe rooms offer significant reassurance and protection during a severe weather event, always make the safe and certain choice about where to seek shelter – particularly if there is little time to travel to the location of the community safe room. It is always best to seek shelter in your basement or in the lowest possible structure in your residence if time and warning are limited when severe weather hits.
  • LOCATION MATTERS: Know your surroundings and your structures if you’re planning to attend an event, take vacation, visit family, or if you are staying in a location other than your home like a hotel, campground or cabin. Be sure to familiarize yourself with the facility’s emergency plans including: sirens and warnings, how to shelter in place, and steps to be taken in the event of an evacuation.
  • MOBILE HOMES: Mobile homes, even if tied down, offer little protection from tornadoes and should be abandoned. A mobile home can overturn very easily even if precautions have been taken to tie down the unit. Residents of mobile homes must plan in advance and identify safe shelter in a nearby building.
  • FLOODING: Be aware that flash flooding can occur within minutes and with little notice.  If there is any possibility of a flash flood, move immediately to higher ground.  Do not wait for instructions to move. Do not drive through flood water. When you see flood waters ahead: Turn Around, Don't Drown!
  • SAFETY AFTER THE STORM: Injury may occur when people walk amid disaster debris and enter damaged buildings. Wear sturdy shoes or boots, long sleeves and gloves when handling or walking on or near debris.

    Be aware of possible structural, electrical or gas-leak hazards in or around your home. Contact your local city or county building inspectors for information on structural safety codes and standards and before going back to a property with downed power lines, or the possibility of a gas leak. Do not touch downed power lines or objects in contact with downed lines. Report downed power lines and electrical hazards to the police and the utility company.  They may also offer suggestions on finding a qualified contractor to do work for you. 

 

Follow FEMA online at www.twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema.  Find regional updates from FEMA Region VII at www.twitter.com/femaregion7. Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.  The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

 

http://www.fema.gov/news-release/2015/05/07/fema-severe-weather-approaches-prepare-stay-informed-and-make-plan

undefined

In 2022, Qatar will host one of the biggest sporting events in the world - the FIFA World Cup. In doing so it will become the first Arab country to host such a prestigious tournament, and perhaps the smallest country ever to do so.

So how does a small desert country with a population of less than 2 million manage such an event? How does Qatar ensure that the immense investment required delivers a sustainable return once the final has been played? That is one of the roles of the Supreme Committee for Delivery and Legacy. The SCDL was set up with the aim of ensuring the "successful delivery of all infrastructure required for Qatar to host an amazing and historic FIFA World Cup that is in line with national development plans and leaves a lasting legacy for Qatar, the Middle East and the world."

National Resilience Capability also stands to benefit from the staging of this major international event. All organizations – private and public – will be inspired to work together, building stronger and more resilient Qatar as a result. Dorothy Crossan is the Head of the National Resilience Capability Programme within the SCDL and she will be discussing 'Business Continuity and Resilience – A National Perspective' at the BCI Middle East conference in May.

During her presentation, Dorothy will highlight the potential role of the private sector in supporting national resilience which is a key building block in delivering a safe and secure event. Organizations exist within a national framework and are affected by potential risks beyond their control, however they are in a position to help mitigate the effects of these risks on their staff and customers, their organization, and consequently the wider community. A shared understanding of risks, built on clear authoritative advice and the promotion of good practice within and between sectors promotes consistency in planning focussed on assessed threats. In this way every organization can contribute to strengthening national resilience, strengthening their own in turn.

Prior to her current position as Head of the National Resilience Capability Programme for Qatar’s Supreme Committee for Delivery and Legacy, Dorothy spent 25 years in the Metropolitan Police in the UK where she gained extensive experience in strategic planning on security matters, working at the National level. In 2011, she developed the London Security Resilience Framework to improve information-sharing, coordination and planning for protective security across the UK capital. She was closely involved in the development of London’s Cross-sector Safety and Security Communications (CSSC) programme, an innovative private sector engagement initiative developed for the London 2012 Olympics, still flourishing in legacy. She is a particular champion for the inclusion of private sector representatives in security exercises.

To learn more about what Dorothy has to say about national resilience, come along to the BCI Middle East Conference. There is a packed programme of activities throughout the two days of the conference so to find out more, or to book your place, click here.

Friday, 08 May 2015 00:00

Where The Cloud Is Heading for MSPs

In a continuously evolving IT environment, it’s important to always remain on the cutting edge. Where possible, it’s even more beneficial to remain a step ahead. In order for managed service providers (MSPs) and their clients to do so, they must be able to accurately forecast where the future of cloud storage and cloud-based file sharing is heading.

In the RightScale 2015 State of The Cloud Report, the enterprise cloud management company found that enterprises are increasingly implementing hybrid cloud strategies that encompass both public and private clouds. However, as discussed in a recent report from ZDNet, does RightScale’s cloud survey actually suggest that hybrid and public clouds are growing at the expense of private clouds?

...

http://mspmentor.net/infocenter-cloud-based-file-sharing/050815/where-cloud-heading-msps

To paraphrase the great humorist Mark Twain, rumors of the death of passwords have been greatly exaggerated. While people lament the challenges and problems posed by passwords, they remain a core authentication and security technology.

My colleague Andras Cser and I have been fielding so many client inquiries around passwords that we are undertaking a quantitative, anonymous survey from end user organizations to gauge their current password policies and usage. This online survey asks about your organization’s current password policies and challenge as well as the future role of passwords in your organization. We also are using the survey to gain perspectives on the future of passwords and how other technologies might replace passwords completely.

The survey is completely confidential, but participants who provide contact details will receive a complimentary copy of the report when it’s published later this year.

You can access the survey here:

http://forr.com/PWTrends2015

The security implications of the Internet of Things (IoT) are mind boggling. In many visions, the IoT is deeply enmeshed in the lives of users—even those who are doing their best to steer clear of it. So, the potential for mischief and malevolent behavior is great.

Bruce Schneier is one of the best known electronic security experts and in a Network World interview with Tim Greene, Schneier didn’t pull any punches on where the industry is on IoT security. In response to a question on the practical steps that can be taken, Schneier did the equivalent of throwing up his hands:

There’s nothing you can do. This is very much like the computer field in the ‘90s. No one’s paying any attention to security, no one’s doing updates, no one knows anything - it’s all really, really bad and it’s going to come crashing down.

...

http://www.itbusinessedge.com/blogs/data-and-telecom/the-industry-is-getting-serious-about-iot-security.html

The security implications of the Internet of Things (IoT) are mind boggling. In many visions, the IoT is deeply enmeshed in the lives of users—even those who are doing their best to steer clear of it. So, the potential for mischief and malevolent behavior is great.

Bruce Schneier is one of the best known electronic security experts and in a Network World interview with Tim Greene, Schneier didn’t pull any punches on where the industry is on IoT security. In response to a question on the practical steps that can be taken, Schneier did the equivalent of throwing up his hands:

There’s nothing you can do. This is very much like the computer field in the ‘90s. No one’s paying any attention to security, no one’s doing updates, no one knows anything - it’s all really, really bad and it’s going to come crashing down.

...

http://www.itbusinessedge.com/blogs/data-and-telecom/the-industry-is-getting-serious-about-iot-security.html

British Gas revealed that it will form a data science team this week, according to the UK site, V3. The reason may serve as a strategic case for establishing data science teams going forward: The company says the team will help more business users delve into and use its Hadoop data lake.

The announcement reflects a subtle shift in focus, from hiring a team to make Big Data feasible to using a team approach to democratize Big Data.

"We're setting up a data science team to assist our business users so they can fish in the lake themselves," Phil Crannage, head of applications development at British Gas, told V3.

...

http://www.itbusinessedge.com/blogs/integration/building-a-business-friendly-data-science-team.html

Even though 65 percent of small to midsize businesses (SMBs) have set up data backups on premise as part of a business continuity (BC) strategy, the time has come to consider more up-to-date options. Carbonite and IDC recently shared the results of their joint 2015 Business Continuity Study, which reveals some remarkable data on the subject.

It seems that SMBs have realized how important the cloud will be to current and future company business. Of the 700 SMBs surveyed, 81 percent are currently considering updating their BC strategies. Within the next year to two years, 72 percent of these businesses expect to boost their investments in BC technologies—which makes sense when you consider that more than 80 percent of these SMBs have had downtime in the past that cost “from $82,000 to $256,000 for a single event,” according to the report.

Mohamad Ali, Cabonite’s CEO, recently told website Talkin’ Cloud more about what SMBs need in a BC solution:

...

http://www.itbusinessedge.com/blogs/smb-tech/why-smbs-are-considering-the-cloud-for-bc.html

Many computing operations throw off lots of copies: prime offenders include backup, analytics, snapshots, cloning, and test/dev. And not only do you have many copies by many processes, each of these copies is proprietary to its generating application. It is not possible to re-use that data for multiple processes, leaving your storage landscape littered with duplicate data that cannot be leveraged or re-used. Not even cloud users get away scot-free; they are still paying for that storage space and bandwidth, and those copies will be exclusive to the process that created them.

For decades this siloed, crazy quilt environment has been business-as-usual because there was nothing much that people could do about it. Data protection, analytics, and testing systems all generated their own copies of data because they had to: it was the only way any of the processes could work.

This challenging state of affairs spurred Actifio to launch data copy management in 2009. The question they asked was: what if a single product could eliminate duplicate data across multiple processes by providing a single golden copy of that data for all of them? What if a single product could capture data copies from multiple applications, store a single copy of that data, and then virtualize it wherever it was needed by data protection and business applications? 

...

http://www.enterprisestorageforum.com/storage-management/data-copy-management-wants-to-crush-your-copies.html

Try this simple test, made possible thanks to the ubiquity of the smartphone and its on-board camera. First, imagine a crisis that would put your organisation in a difficult posture with the public. A generally applicable example is breach of your confidential business data, including your customer records. Now take your smartphone and record a selfie video of you making a supposedly public statement about the incident. Stop the recording and play it back. Give yourself a score for each of the following aspects: clarity of speech, clarity of statements made, credibility, and level of positive appeal to an angry public looking to lynch a suspect. Scores rather lower than you’d like? You’re on the way to discovering the crucial role of the spokesperson in a crisis.

...

http://www.opscentre.com.au/blog/the-critical-importance-of-the-spokesperson-in-crisis-management/

Boards are failing to navigate the changing risk landscape effectively, resulting in significant loss of value, according to research from leading players in the business community. As a result, corporate risk leadership needs rethinking and boards should consider appointing an executive voice of risk.

The above is one of the key points made in a new report, ‘Tomorrow’s Risk Leadership: delivering risk resilience and business performance’ which has been written by global business think tank Tomorrow’s Company and launched in collaboration with the Good Governance Forum members, Airmic, CIMA, IHG, Korn Ferry, PwC and Zurich.

The report challenges businesses and business leaders to consider whether the risk leadership in their organizations is sufficient to meet the demands of an increasingly fast-paced and interconnected world. While companies are usually strong at managing their core risks, all too often, the management of risk remains a siloed operation, detached from strategy.

The report’s key recommendation is that organizations consider establishing an executive voice of risk who leads the risk agenda, helps deliver the business model and drives business performance. The risk leader would be at or close to board level and should help boards to be more forward looking, enhance their decision-making capabilities and provide a corporate-wide view of risk.

The risk leader should have a strategic skillset and broad business knowledge to spot early-warning indicators of the genesis of an atypical crisis event and enable a more rounded approach to risk. Only then, according to the report, can a business truly drive resilience within the organization.

The report also says that setting the right risk culture is vital. It recommends taking an integrated approach to risk, defining the appropriate risk appetite for the organization, and creating the supporting culture and behaviours required.

Read the report.

Cyber insurance should become as common a purchase for UK businesses as property insurance within the next 10 years, according to the Association of British Insurers (ABI).

Speaking at the ABI’s conference on cyber insurance, Huw Evans, director general at the ABI, said:

"Cyber risk is growing rapidly. At the moment, despite more than 80 percent of large businesses suffering a cyber security breach in a 12 month period, only around 10 per cent have any form of cyber insurance."

...

http://www.continuitycentral.com/index.php/news/erm-news/199-news7528

Phoenix has published the results of a national survey of UK employees on their use of and attitudes towards workplace IT. One of the survey’s key findings highlights UK workers’ widespread use of their own electronic devices for work, posing a potential major threat to business security.

The survey, conducted with workers aged 18 and over, who use IT and electronic devices as part of their day-to-day business, across a wide range of industry sectors, revealed that, while over half (51 percent) primarily use their own devices, an incredible 59 percent of those workers have not used their company IT support to setup their devices. This indicates a significant number of devices being used in the UK economy that may not comply with corporate IT policies or have sufficient security measures in place.

Alistair Blaxill, managing director of Phoenix’s Partner Business, said: “Mobility is one of the most significant driving forces for the IT sector and an increasing number of people want to be fully connected to work all of the time. However, the emergence of BYOD in the workplace is creating a real challenge for IT departments, with workers using their own unmanaged devices to access corporate networks and sensitive data. The findings of our survey underline this trend in the UK and it reinforces the need for businesses to stay on top of how employees access IT and ensure that they are appropriately protected.

“We think the best way to achieve this shift is to look at the ways in which IT departments are interacting with workers. Employees’ attitudes to IT support are changing and they want instant, real-time solutions to their device issues. Our survey tells us that just 23 percent and 32 percent of workers received their IT support either primarily face-to-face or a mix of face-to-face and remotely respectively. Savvy employers are now looking to provide workers with an IT support service that mirrors the personal experience they receive outside of work when resolving issues with their own personal devices.”

http://www.phoenix.co.uk/

Thursday, 07 May 2015 00:00

The benefits of agentless backup

By Gabriel Gambill, senior systems engineer for EMEA, Quorum

Agentless backup is one of the latest buzzwords in disaster recovery and business continuity, but how much do we really know about it or what it means for organizations using it?

Most people probably know that agents are the small applications installed on a server to perform a particular function. For backup, the agent is installed onto the host server that the system administrator wants to back up. Agentless backup is, as its name suggests, backup without the use of such an agent.

In an effort to distinguish themselves from their rivals, several backup and recovery vendors claim to provide agentless backup. In many instances, however, these vendors inject an agent at the beginning of the process and remove it before the backup finishes in order to achieve application consistency. Strictly speaking, they aren’t providing agentless backup because they are still using an agent in parts of the process.

...

http://www.continuitycentral.com/index.php/news/technology/201-news7530

FRANKFORT, KY – Residents and business owners who applied for federal assistance resulting from the severe storms and flooding in April will hear soon from damage inspectors.

People who suffered losses in Bath, Bourbon, Carter, Elliott, Franklin, Jefferson, Lawrence, Madison, Rowan, and Scott counties may be eligible for assistance by registering with the Federal Emergency Management Agency (FEMA).

Following registration, FEMA usually schedules inspections within seven (7) to 10 days. An inspector first examines structural damage to a house or business, then assesses damage to appliances, such as the washer, dryer, refrigerator, and stove. The inspector also gathers information about serious needs, such as lost or damaged clothing. Homeowners should identify all known damages and tell the inspector if they have a septic system or a well.

Property owners need to show proof of ownership and occupancy. Renters need to show proof of occupancy. If insurance papers are available, residents should show them to the inspector.

Inspectors will ask applicants to show identification. At the same time, applicants should ask for identification from everyone identifying themselves as damage inspectors. All inspectors carry official photo identification.

“If an inspector is not wearing an identification card or badge, please make sure you ask to see it,” said Joe M. Girot, FEMA’s Federal Coordinating Officer for Kentucky.

Girot said it is also important to keep in mind that official inspectors do not charge for this service.

Those who have suffered losses as a result of the April storms, but have not yet applied for assistance are encouraged to do so as soon as possible.

The fastest and easiest way to register for assistance is online at www.DisasterAssistance.gov or by calling 1-800-621- 3362 (FEMA) or by web-enabled mobile device at m.fema.gov.  Disaster assistance applicants who have a speech disability or hearing loss and use TTY should call 1-800-462-7585 directly; those who use 711 or Video Relay Service may call 1-800-621-3362. The toll-free telephone numbers will operate from 7 a.m. to 10 p.m. eastern, seven days a week until further notice.

 

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

FEMA’s temporary housing assistance and grants for public transportation expenses, medical and dental expenses, and funeral and burial expenses do not require individuals to apply for an SBA loan. However, applicants who receive SBA loan applications must submit them to SBA loan officers to be eligible for assistance that covers personal property, vehicle repair or replacement, and moving and storage expenses.

For more information on Kentucky’s disaster recovery, visit www.fema.gov or http://kyem.ky.gov. On Facebook, go to http://www.facebook.com/KYEmergencyManagement. To receive Twitter updates: http://twitter.com/kyempio or www.twitter.com/femaregion4.

Cloud services and the steady increase in cloud-based file sharing shows that cloud services just continue to grow. Indeed, a recent report says enterprise cloud adoption increased by 43 percent in 2014. This is good news for managed service providers (MSPs) looking to onboard new clients and expand their offerings.

Skyhigh Networks, a global cloud security and enablement company, recently released their quarterly Cloud Adoption and Risk Report.  The report presents the state of the cloud industry, based on analysis of actual cloud usage from over 15 million enterprise employees and 350 enterprises. HeraldOnline.com chronicled the report, writing that, “with a full year of usage statistics, this latest edition of the report is the industry’s most comprehensive to date.”

Many of the usage statistics published in the report paint a terrific outlook for the cloud—and for MSPs.

...

http://mspmentor.net/infocenter-cloud-based-file-sharing/050715/report-enterprise-cloud-adoption-increased-43-2014

There is no stopping the evolution of technology, which seemingly occurs at warp speed. One technologically advanced industry that typically is not thought of as such, except when it is critically needed, is the life safety and emergency services industry.

Like others, the industry is pressured to do more with less because of shrinking tax revenues and limited grant program availability over the last decade. Yet public safety agencies are expanding their service offerings and providing better and faster emergency response because the mission matters. In many instances it is advanced technologies that are enabling emergency response entities to meet this challenge.

This is particularly true in the thousands of public safety answering points (PSAPs), which handle the nation’s 911 emergency calls. A PSAP is staffed by telecommunicators, or call-takers, who have been trained to field calls from the public and gather information related to an emergency situation. Telecommunicators also dispatch first responders to the emergency, including law enforcement, fire and emergency medical services (EMS). Dispatch operations entail taking the information received from the 911 call regarding the emergency situation and appropriately coordinating activity among the various first responders. Sometimes PSAPs are organized to segregate the dispatching of emergency services into dedicated groups corresponding to law enforcement, fire and EMS.

...

http://www.emergencymgmt.com/next-gen-911/ESInets-Are-a-Game-Changer-for-Public-Safety.html

(TNS) — People living in California and the West Coast still face the highest earthquake risk. But a new study says they are not alone.

That report found that close to half of all Americans — nearly 150 million people — are threatened by shaking from earthquakes strong enough to cause damage.

That figure is a sharp jump from the figure in 1994, when the Federal Emergency Management Agency estimated that just 75 million Americans were at risk from earthquakes.

One reason for the sharp increase in exposure to quake damage is population increases in areas prone to earthquakes, especially California, said William Leith, a co-author and USGS senior science advisor for earthquake and geologic hazards.

...

http://www.emergencymgmt.com/disaster/US-Earthquake-Damage-Risk-Beyond-California.html

Wednesday, 06 May 2015 00:00

Balancing IT Risk and Opportunity

For business managers, moving portions of our company’s most valued information assets into the public cloud, while compelling economically, raises a thicket of difficult risk and compliance questions.

·      From a business perspective, considering reputational and other risks, do the economic advantages outweigh the risks?

·      Can anybody in my company really answer:  if we move these processes and data into the cloud, will we still be fully compliant with all of the necessary “legs and regs” we must comply with?  How do we really prove that?

·      Frankly, our IT partners are hardly impartial in the decision; we’re allocating our IT shop’s funds to buy cloud services.  Are their security concerns perhaps a little overblown?

...

http://blog.metricstream.com/2015/balancing-it-risk-and-opportunity/

Although all London councils have disaster recovery procedures in place for electoral data, 40 percent have not tested them in the last 12 months, according to freedom of information requests made by disaster recovery specialists Databarracks.

The freedom of information requests were sent to all London Boroughs, the majority of which obliged with details on their business continuity practices, specifically in relation to electoral data.

Managing director of Databarracks, Peter Groucutt, says that 40 percent is an alarmingly high number to have failed to test, especially with the UK General Election taking place on 7th May. “It’s worrying that with the general election just a day away, many local councils have not tested that their procedures actually work in the event of a disaster. As expected, all councils that responded to our request had thorough backup and disaster recovery plans in place – which is excellent – but without testing, they could be proved useless at their time of need," said Mr Groucutt. “We always recommend performing a DR test at least once a year. At any time in the year councils are under scrutiny to keep sensitive data secure and systems running smoothly. So the run-up to a General Election, when the electoral roll is most important, it is vital to ensure your procedures are water-tight.”

Another concerning finding from the freedom of information requests is that the current RTOs (recovery time objectives) and RPOs (recovery point objectives) of many of the boroughs were relatively long.

Groucutt comments: “Most of the councils that did respond to us told us that their recovery time objective for electoral data was 24 hours, with some even as long as 7 days or in one case up to 2 weeks. It was also interesting to see that different councils have very different classifications for how critical the electoral register is. For some it is a ‘Priority 1’ system and requires the fastest recovery possible but for others there is no prioritisation, and for some the register is not included on their continuity list or would only be recovered on a ‘best-effort basis’. We put a lot of faith in IT infrastructure to just work. Imagine if a council thought its RPO was 30 minutes but when it came down to it, it was actually 48 hours? If they haven’t tested their DR capabilities, they really have no idea of how they’d cope should disaster strike at the very time that would cause most damage.”

www.databarracks.com

(TNS) -- Within a few hours of the devastating 7.8-magnitude earthquake hitting Nepal last Saturday, Facebook stepped in to help.

Users around the world with Facebook friends in the affected region started getting notifications that their friend was “marked safe.”

Later that afternoon, Facebook CEO Mark Zuckerberg explained why in a post on his timeline.

“When disasters happen, people need to know their loved ones are safe,” he wrote. “It’s moments like this that being able to connect really matters.”

The feature is called “Safety Check,” and it locates Facebook users in the region of a disaster site either by through the city listed on a user’s profile or from where they last used the Internet.

...

http://www.emergencymgmt.com/disaster/Social-Medias-Role-Disaster-Response-Expands.html

(TNS) — In the collapsed village of Sankhu, 12 miles east of Kathmandu, most residents sleep in tents, but ignore police warnings and enter caved-in brick buildings that lean precariously over mounds of rubble. As rescue teams wielded shovels last week to remove the last of 64 dead bodies, nearby residents salvaged bricks, stone blocks and timber to reuse for the eventual and inevitable rebuilding.

“We have to rebuild. As soon as possible,” said Gunkeshari Dangol, 45, standing in the alley next to the three-story brick house constructed by her grandfather. Her 10-year-old grandson lies entombed there until police can safely remove the child’s body.

In Sankhu and throughout Nepal, people are still counting losses. Death tolls may head to 10,000 or more. Six of Kathmandu Valley’s seven UNESCO World Heritage sites, more than 57 other temples and palaces, and hundreds of thousands of houses have been reduced to rubble or have suffered deep wounds. The government has asked international rescue teams to return to their countries, as hope for miracles has faded.

...

http://www.emergencymgmt.com/disaster/Rebuilt-Nepal-Will-Be-Better-Stronger-Remains-Question.html

According to a new study by Aon Risk Solutions, damage to brand and reputation was cited as the top overall concern facing organizations globally. The Aon Global Risk Management Survey also revealed that, for the first time ever, cyber risk had entered the top ten at number nine.

Aon’s global clients strongly felt that damage to brand and reputation ranked as a top concern across almost all regions and industries. This can be attributed to the growing challenges businesses are facing amongst the other risks found in the top ten, such as cyber risk, but also including business interruption, property damage and failure to innovate.

The eventual inclusion of cyber risk in the top ten is perhaps no surprise as both cyber attack and data breach have routinely featured as top three threats in the Business Continuity Institute’s annual Horizon Scan report. Damage to reputation being at number one and the entry of the cyber risk to the top ten further underscores the increasing importance of cyber risk as it has been regularly linked to brand and reputation issues in the wake of recent data breaches.

Stephen Cross, Chief Innovation Officer, Aon Risk Solutions said “The insights provided by this survey help us understand how risks are changing as the global environment evolves. It’s little surprise to see cyber risk enter the top ten at the same time we are seeing increasing concern about corporate reputation as the two issues are a great example of the interconnectivity of risk.”

Rory Moloney, Chief Executive Officer, Aon Global Risk Consulting, said “While new risks such as cyber have moved to centre stage, established risks like damage to reputation or brand, are taking on new dimensions and complexities. The interconnected nature of these risks reinforces the importance of strategic risk management in every organisation.

Failure to innovate/meet customer needs remained in sixth spot. Respondents in the technology industry indicated that this is the most significant risk to their business. Property damage also re-entered the top 10 global risk list for the first time since 2007, up from 17 in 2013. This risk was ranked highest by hotels and hospitality, non-aviation transportation and real estate. Unprecedented weather events in recent years have bundled this risk with the cause and effect of business interruption, which took the seventh spot on the 2015 list with reported losses down more than 10% from the 2013 survey.

The top 10 risks are:

  1. Damage to reputation/brand
  2. Economic slowdown/slow recovery
  3. Regulatory/legislative changes
  4. Increasing competition
  5. Failure to attract or retain top talent
  6. Failure to innovate/meet customer needs
  7. Business interruption
  8. Third party liability
  9. Cyberrisk (computer crime/hacking/ viruses/malicious codes)
  10. Property damage

What would you do if the files you rely on every day were unavailable?

download

Most of us become accustomed to storing much of the data we use – spreadsheets, forms, slide packs, photos and other documents – on ‘shared files’.  Whether it’s on a corporate “S: drive” or a SharePoint site, information stored on shared facilities is a productive and relatively inexpensive means of saving, retrieving & archiving documents we create, maintain and use.  Shared facilities are an alternative to saving files on our device’s “C: drive” (a Business Continuity no-no!), or on a USB device – both of which create access and security problems.

It is often a common assumption that –following a data center disruption – our SharePoint application or ‘S: drive’ will be restored concurrent with, or slightly following other mission-critical IT systems and applications.  That might be true; then again, it might be days or weeks before the shared files are restored.

...

http://www.ebrp.net/i-get-my-files-back-when-another-bcdr-conflict/

Recent 2015 audit surveys report some interesting findings about the current role of audit committees. They highlight not only how complex the world of risk management and oversight has become in the corporate world, but also the enormous breadth of responsibilities that the audit committee is expected to bear.

The requirements of internal audit will only continue to expand because, as PwC’s recent “2015 State of the Internal Audit Profession Study” shows, 60 percent of CAEs believe that within the next five years their internal audit function will need to be providing not only value-added services, but also proactive advice for the business.

Additionally, in KPMG’s recent “2015 Global Audit Committee Survey,” 74 percent of audit committee respondents said that more time is required to perform their role. Key areas of the internal auditor’s role that will require more time include:

...

http://www.corporatecomplianceinsights.com/can-internal-audit-support-growing-responsibilities-audit-committee/

Cloud deployments such as cloud-based file sharing and cloud storage have been growing at such a rapid rate, they are expected to become the largest percent of IT budgets as early as 2016. The industry is keeping up with this rapid growth by creating standards and guidelines for how cloud service providers and MSPs should operate.

A proposed international standard released earlier this year focuses on data privacy in public clouds – specifically in relation to business-to-business cloud usage – and how customers should maintain control of their personally identifiable information.

The new international standard, designated ISO/IEC 27018 is described by ISO as “an important first step for protecting PII in the cloud. It is built on previous ISO guidance and will continue to evolve along with [cloud service providers] to provide more secure services upon which businesses can grow.”

...

http://mspmentor.net/infocenter-cloud-based-file-sharing/050415/how-new-iso-cloud-service-standard-affects-msps

Tripwire, Inc., has announced the results of a study conducted by Dimensional Research on improving the cybersecurity literacy of Fortune 500 boards and executives. The study examined corporate executives’ view of cybersecurity risks, as well as measured their confidence and preparedness in the event of a security breach. Study respondents included 200 business executives and 200 IT security professionals at US companies with annual revenues of more than $5 billion.

Key findings include:

  • C-level executives are less confident (68 percent) than non C-level executives (80 percent) that cybersecurity briefings presented to the board accurately represented the urgency and intensity of the cyberthreats targeting their organizations.
  • C-level executives (65 percent) were less confident than non C-level executives and IT executives (87 percent and 78 percent respectively) in the accuracy of the tools their organization uses to present cybersecurity risks to the board.
  • 100 percent of C-level executives and 84 percent of non C-level executives consider themselves ‘cybersecurity literate,’ despite ongoing cyberattacks and high profile breaches.

“The lower level of confidence on the part of C-level executives reflects a sea change in the way that executives handle cybersecurity risks,” said Dwayne Melancon, chief technology officer for Tripwire. “The reality is that an extremely secure business may not operate as well as an extremely innovative business. This means executives and boards have to collaborate on an acceptable risk threshold that may need adjustment as the business grows and changes. The good news is that this study signals that conversations are beginning to happen at all levels of the organization. This is a critical step in changing the culture of business to better manage the ongoing and rapid changes in cybersecurity risks.”

While the results of the Tripwire study indicate an increased preparedness on the part of IT professionals, they expose the uncertainty at the C-level and point toward the need to increase literacy in cybersecurity and its attendant risks in the near-term. Competitive pressures to deploy cost-effective business technologies may affect resource investment calculations for security; these competing business pressures mean that conscientious and comprehensive oversight of cybersecurity risk at the board level is essential.

"I'm not surprised that C-level executives are less confident than their boards or IT executive staff,” said Melancon. “That lack of confidence comes, in large part, from the networking and informal benchmarking that takes place among C-level executives at the peer level. There is a lot of 'comparing notes' that happens between C-level peers. When this happens, you are able to get a more informed view of where you are in your overall cyber risk preparedness. This is in direct contrast to IT professionals who generally have a more insulated view of their own cyber risk, which can lead to a false sense of security. That difference in perspective – internal inputs vs. external inputs — may very well explain the confidence gap this survey highlights.”

To download the whitepaper of this study, please click here.

An old sports tenet says that you can’t tell the players without a scorecard. It is equally true that you can’t play the game without a playbook. Yet most emergency operations centers are doing just that.

EOCs all share one basic currency — information. At its core, an EOC is an information processing and dissemination mechanism that supports and coordinates operations in the field. So how information is analyzed, processed and acted upon often means the difference between life and death. But there is a systemic problem.

All too often, emergency operations plans and EOC standard operating procedures state that the operations center will establish and maintain situational awareness and disseminate a common operating picture. Unfortunately no one ever tells you how to do that. Why does that matter? Because every single decision EOC responders make depends on accurate, complete and current situational awareness and a common operating picture, otherwise known as SA/COP. But several issues complicate the problem.

...

http://www.emergencymgmt.com/training/5-Elements-Proactive-Situational-Awareness.html

Once a month, my co research director and partner in crime, Chris McClean, and I will use our blog to highlight one of the 26 people that collaborate to deliver our team’s research and services and always make Chris and I look really, really good. Each “Analyst Spotlight” includes an informational podcast and an offbeat interview with the analyst. This month’s Analyst Spotlight features our newest analyst, Martin Whitworth. Based in London and bringing experience as a CISO and Head of Security across several industries, Martin will cover the most pressing issues keeping CISOs reaching for another bourbon on the rocks, including security strategy, maturity, skills and staffing, business alignment, and everyone’s favorite pastime, reporting to the board.

...

http://blogs.forrester.com/stephanie_balaouras/15-05-04-forresters_security_risk_analyst_spotlight_martin_whitworth

All too often, I run into BCM and DR practitioners that talk about their ‘Awareness’ programs and what they do to get their message of BCM/DR awareness across to the rest of the organization. Let’s face it, we all have an Awareness component to our programs but it’s how the Awareness component is executed that will make the difference.

We tend to build our other components such as BIAs, Crisis Plans, Crisis Teams, Continuity Plans, Technology Recovery Plans and others, before we turn to the Awareness component. We tend to wait until we get to a specific point before we begin to focus on getting the BCM/DR message across. I think differently.

The BCM/DR awareness message starts the moment the practitioner begins their role. It’s up to them to educate and work with others in their organization to get the message out there when they start, not when they get near the end or when it seems there’s enough information to communicate. You can communicate awareness right away; there is no reason to wait in getting the message out there.

...

https://stoneroad.wordpress.com/2015/05/04/bcm-dr-everything-has-awareness-potential/

A guest post from researcher Enza Iannopollo.

Upcoming changes to privacy regulation in the EU as well as rising business awareness that effective data privacy means competitive differentiation in the market makes privacy a business priority today. And this is not only relevant for tech giants: protecting both customer and employee privacy is a business priority for companies of all sizes and across industries.

But where do you start? Many companies start by hiring a chief privacy officer. Some have built brand-new privacy teams that manage privacy for the whole firm, while others prefer a decentralized model where responsibilities are shared across teams. What are the pros and cons of each approach? Which organizational structure would better meet the needs of your firm?

...

http://blogs.forrester.com/heidi_shey/15-05-01-do_you_have_an_effective_privacy_organization

Eric Pickering is the deputy operations section chief for the New Orleans Office of Homeland Security and Emergency Preparedness. He has spent 12 years in emergency response, including serving as commander of the New Orleans CERT during Hurricane Katrina. He shared with Emergency Management some personal opinions about the responsibility and costs of mitigation and recovery.

Emergency Management: You said recently that emergency management is becoming federalized. How did this happen and what does it mean?

Eric Pickering: Actually it has been more nationalized and less federalized, meaning the states collectively. The world moves much faster than it ever did before, and most of us expect things instantly. That extends to disaster relief as well. We see people who want to help after a disaster and that’s a good thing.

...

http://www.emergencymgmt.com/disaster/Emergency-Management-Becoming-More-Nationalized.html

The enterprise has been working out its cloud transition strategies for well over two years now, but it seems that many decisions regarding deployment and usage models are still being made blindly.

While it’s true that the lack of real-world production experience makes it difficult to judge how the cloud will function, it nevertheless seems as if the enterprise is ready to trust the cloud with all forms of data even though there is still no clear understanding of the basic characteristics of the technology.

Cost is a prime example. The common perception is that the public cloud is significantly less expensive than private clouds and provides greater scale and flexibility to boot. But a recent analysis by 451 Research suggests that the differences may not be all that dramatic. According to the group’s findings, an OpenStack private cloud distribution will run about eight cents per virtual machine per hour, just slightly better than a commercial platform like VMware or Microsoft. But both come in far less than the $1.70 per application hour that is common on the public cloud, or even the 80 cents per app hour available on Amazon’s Reserved Instances platform.

...

http://www.itbusinessedge.com/blogs/infrastructure/what-does-the-cloud-really-cost-well-probably-never-know.html

WASHINGTON – Wildfires can occur anywhere in the country with the potential to destroy homes, businesses, infrastructure, natural resources, and agriculture. Last year, the United States experienced over 63,000 wildfires that burned more than three million acres. National Wildfire Community Preparedness Day is Saturday, May 2, and people across the nation will dedicate time to making their communities a safer place should a wildfire occur.

Wildfires can start in remote wilderness areas, national parks, or even your backyard.  They can start from natural causes, such as lightning, but most are caused by humans, either accidentally—from cigarettes, campfires, or outdoor burning—or intentionally. 

“When our citizens prepare and adopt the principles of fire-adapted communities, the loss of life and property from wildland fires is greatly reduced,” said United States Fire Administrator Ernest Mitchell.  

Protect your family and community from a wildfire by taking action before one happens.  On National Wildfire Community Preparedness Day, join your friends, family members, faith-based group or youth organization, and volunteer your time to improve your community’s ability to withstand and recover from a wildfire, which also may improve the safety of firefighters.

There are many ways to help protect homes, neighborhoods, businesses, and entire communities:

  • Reduce the amount of flammable materials and brush that can burn around your home or business;
  • Create a fire-free area within the first five feet of your home using non-flammable materials and high moisture-content plantings;
  • Maintain an area that is clear of flammable materials and debris for at least 30 feet on all sides from your home or business; and
  • Move wood piles and propane tanks to at least 30 feet from your home or business.

National Wildfire Community Preparedness Day is part of America’s PrepareAthon! a grassroots campaign for action to get people better prepared for emergencies through group discussions, drills and exercises.  You can take steps to prepare to reduce the devastating effects of any disaster by creating a family communication plan and practicing how you will evacuate and communicate with friends and family members in an emergency. Register your action at www.ready.gov/prepare.

Learn more about National Wildfire Community Preparedness Day. Visit the ready.gov and learn how to prepare for a wildfire.

 

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

http://www.fema.gov/news-release/2015/05/01/make-your-community-safer-national-wildfire-community-preparedness-day

It hasn’t even been a week since Nepal’s massive earthquake killed thousands and destroyed businesses, homes, roads and hospitals across the country. But already, the United Nations has called for $415 million in aid; more than $50 million has been pledged by 53 countries and foundations for immediate relief. Private donors, foundation and businesses will likely promise millions more.

Outsiders were similarly generous after the earthquake in Haiti, the Indonesian tsunami and Hurricanes Katrina and Sandy. This money is important — it enables emergency response teams like the ones I’ve been on to restore essential services and provide water, shelter and food.

But are these teams spending this money effectively? Are we doing the best we can to reach the most people as quickly as possible? Nobody knows.

...

http://www.washingtonpost.com/posteverything/wp/2015/05/01/we-have-no-idea-how-to-help-countries-like-nepal-recover-from-natural-disasters/

Business users are finding that the self-serve data and integration tools they craved are leading to more confusion and frustration, it seems.

“Last year the buzzwords were data discovery and governed data discovery—everyone wanted to learn as much as possible about those two concepts,” writes Rado Kotorov, vice president of Product Marketing for Information Builders. “Based on the excitement last year, it seemed that data discovery would replace all other styles of BI and analytics. But I found that the excitement over data discovery was replaced at this year’s Gartner summits by confusion and concerns.”

Since Gartner is all about bimodal IT this year — or what the rest of us have called self-service technology — the research firm’s answer to this is “bimodal BI.” The approach basically calls for separating data discovery and analytics from traditional BI reporting.

...

http://www.itbusinessedge.com/blogs/integration/self-serve-data-leading-to-shift-in-business-products-it-responsibilities.html

How should your clients back up their data? It may seem like a simple question, but the answer many MSPs provide--“a dedicated backup service, of course!”--may or may not be the right solution for every client. In reality, both business-grade file sync and traditional backup services have overlapping functionality when it comes protecting data against permanent loss. Ask your clients the following five questions to determine whether file sync or a dedicated backup solution is a better fit for their needs:

...

http://mspmentor.net/blog/file-sync-or-dedicated-backup-five-questions-msps-should-ask-determine-best-backup-solution-the

A study by research firm IDC carried out on  behalf of Carbonite has revealed that over 80% of small to medium sized businesses (SMBs) have experienced downtime in the past, and that the costs associated with this downtime conservatively range from $82,200 to $256,000 for a single event.

Small businesses are by no means exempt from disruption and the latest Horizon Scan report carried out by the Business Continuity Institute shows that business continuity professionals working for smaller organizations have concerns about the same threats that their counterparts in larger organizations have. What is potentially a greater danger for these SMBs however, is that they often have less capacity to absorb any disruption.

The survey does show that for many SMBs, the threats they face are not going unchallenged. The survey of 700 SMBs worldwide found that 81% of those currently using business continuity solutions are considering improvements to their strategies, while 72% plan to increase investments in business continuity over the next 12 to 24 months.

Small businesses are facing operational challenges stemming from persistent data growth, budgetary constraints and the need to produce more with less which is driving adoption of cloud computing, data analytics and mobility similar to their enterprise counterparts,” said Laura DuBois, Vice President of IDC’s storage practice. “To address these challenges, SMBs have signalled a need and intention to drive material spending on business continuity in the next 12 to 24 months.”

The main driver behind increased investment in business continuity is the threat of downtime which 76% of SMBs surveyed cited as the single biggest reason for purchasing business continuity solutions. The reason for this is clear as the study highlights that the average estimated cost for an hour of downtime for an SMB ranges from $8,220 to $25,600, and typically an unplanned event can last for as long as 24 hours – which could be devastating to a small business.

When it comes to disaster recovery, the stakes are higher for small businesses,” said Mohamed Ali, Carbonite’s President and CEO. “SMBs realize that a business continuity solution can mean the difference between staying in business or losing everything they’ve worked for, and the data shows they are investing accordingly."

http://www.thebci.org/index.php/about/news-room#/news/small-businesses-investing-more-in-business-continuity-115301

Where does the board’s role begin and end regarding risk? A company’s core objective is to create and increase wealth for its shareholders. Collectively, directors provide leadership toward this objective through two primary functions: 1) decision-making and 2) executive management oversight. Decision-making includes approving corporate policy, strategic goals, annual budgets, major expenditures, and the acquisition or disposal of material assets. It also includes evaluating and selecting the Chief Executive Officer (CEO) and approving the company’s risk appetite. Risk appetite is the amount of risk the organization is willing to accept in pursuit of objectives. While it is typically the CEO who recommends a risk appetite to the board, it is the board that should render the ultimate decision on how much risk is appropriate.

The second primary board function involves a fine line regarding the degree of management oversight. Too much, and the board could be micro-managing the company thus infringing on the CEO’s turf. Too little, and the board could lose its pulse on the status of the company’s risk management efforts. Here are five considerations to define a healthy balance between board oversight and management responsibilities pertaining to Enterprise Risk Management (ERM):

...

http://www.corporatecomplianceinsights.com/the-boards-role-with-risk-5-considerations-to-define-a-healthy-balance-within-erm/

Healthcare IT can be a profitable niche for MSPs, and it's an area that's grown rapidly since 2013. But it comes with its own set of complexities. Here's one place where MSPs can get help what they need to break into this market.

 

Recently we had the honor of interviewing visionary David Sims from South Carolina. He is the owner of the renowned website HIPAAforMSPS.com. This site was created to serve MSP’s who are looking to branch off into the Healthcare IT sector, but don’t know how to go about it.

Healthcare IT is an extremely profitable niche for MSPs to enter into because of its exponential growth since 2013. However, with such a lucrative niche comes a colossal obstacle.

...

http://mspmentor.net/vertical-markets/how-msps-can-get-hipaa-compliance-market

While at RSA, I had the chance to sit down with Piero DePaoli, senior director, Global Product Marketing, Information Security with Symantec. We talked about Symantec’s 2015 Internet Security Threat Report.

DePaoli’s “elevator pitch” summary of the report was broken down into three main categories: cyber attackers are leapfrogging defenses in ways that companies lack insight to anticipate; attackers are moving faster than defenses; and malware used for mass attacks is increasing.

In the first case, attackers leapfrogging defenses, Symantec found that large companies (defined for this study as having at least 2500 employees) are at a surprisingly high risk for a targeted attack. The study showed that five out of six companies were targeted in 2014, an increase of 40 percent from 2013. Smaller companies are at risk, too, with 60 percent of all targeted attacks hitting companies under 2500 employees.

...

http://www.itbusinessedge.com/blogs/data-security/a-conversation-about-symantecs-2015-internet-security-threat-report.html

State CIOs hope to secure more federal support for cybersecurity efforts, more details about FirstNet and more options for broadband grants as they meet with officials in Washington, D.C., this week.

Multiple state CIOs are meeting with officials from the White House, federal agencies and Congress Wednesday as part of the NASCIO Midyear Conference to focus attention on state-level IT issues and press for policy changes.

At the top of their priority list is more federal help on cybersecurity, where states are struggling both to fund cybersecurity programs and to lure qualified security professionals into the government workforce. CIOs will talk with White House Cybersecurity Coordinator Michael Daniel, federal lawmakers and representatives from the Department of Homeland Security about ideas for strengthening protection for state and local government information systems.

“Cybersecurity is the No. 1 policy issue for our members,” said Mitch Herckis, NASCIO’s director of government affairs. “The threat is growing and it’s difficult to address.”

...

http://www.emergencymgmt.com/safety/State-CIOs-Seek-Answers-on-FirstNet.html

The private cloud is the best way to bring enterprise applications and data to a scalable, flexible infrastructure.

The private cloud is a waste of money and will never compare to the public cloud.

With such stark differences of opinion throughout the IT industry, it’s no wonder most enterprises are in a quandary over how much, if anything, to invest in the private cloud.

But as I’ve mentioned in this space numerous times, it does not matter what your peers are doing or what they think. All that really matters is finding solutions to the problems that impede data productivity, and if the best solution happens to be on internal cloud infrastructure, so be it.

...

http://www.itbusinessedge.com/blogs/infrastructure/dont-give-up-on-the-private-cloud-just-yet.html

Despite the fact that we often see the terms used simultaneously, there actually are significant differences between business intelligence (BI) and data analytics.

If you’re a bit fuzzy on how they differ, Lillian Pierson recently posted a succinct video post explaining the key difference between business intelligence and data science (the rest of us would call that data analytics or Big Data analytics).

Pierson is the founder of Data Mania, a data science consultancy and education company, as well as author of “Data Science for Dummies” (2015). Previously, she worked as a project engineer consultant and a spatial data scientist. I highly recommend following her on Facebook, which is how I found this video.

...

http://www.itbusinessedge.com/blogs/integration/visualization-key-to-democratization-of-data.html

Combined with built infrastructure, natural habitats can protect shorelines from threats
Natural "green barriers" help protect this Florida coastline and infrastructure from severe storms and floods. (Credit: NOAA).

Natural "green barriers" help protect this Florida coastline and infrastructure from severe storms and floods. (Credit: NOAA).

The resilience of U.S. coastal communities to storms, flooding, erosion and other threats can be strengthened when they are protected by natural infrastructure such as marshes, reefs, and beaches, or with hybrid approaches, such as a “living shoreline” — a combination of natural habitat and built infrastructure, according to a new NOAA study.

The study, published in Environmental Science and Policy, assesses reports and peer-reviewed studies on the strengths and weaknesses of using built infrastructure, such as seawalls or dikes, natural infrastructure, or approaches which combine both. The study focuses on how these approaches help coastal communities reduce their risk of flooding and erosion, as well as additional benefits, and the tradeoffs when decision makers choose one type over another.

“When making coastal protection decisions, it’s important to recognize that built infrastructure only provides benefits when storms are approaching, but natural and hybrid systems provide additional benefits, including opportunities for fishing and recreation, all the time,” said Ariana Sutton-Grier, Ph.D., the study's lead author, member of the research faculty at University of Maryland and NOAA’s National Ocean Service ecosystem science adviser. “Natural and hybrid systems can also improve water quality, provide habitat for many important species, and mitigate carbon going into our atmosphere.”

Examples of coastal defenses including natural infrastructure, managed realignment, and hybrid approaches. (Credit: NOAA).

Examples of coastal defenses including natural infrastructure, managed realignment, and hybrid approaches. (Credit: NOAA).

Threats like coastal erosion, storms and flooding can reshape the shoreline and threaten coastal property. With approximately 350,000 houses, business, bridges and other structures located within 500 feet of the nation’s shoreline, erosion is a problem many U.S. coastal communities are addressing.

Coastal flooding caused by extreme weather events and sea level rise is of growing global concern. As noted in this study, in 2012 there were 11 weather and climate billion-dollar disaster events across the United States, including superstorm Sandy, causing 377 deaths and more than $110 billion in damages. While only two of those were coastal events, Sandy alone was responsible for nearly sixty percent of the damages, at $65 billion (the other, Hurricane Isaac, caused $3 billion in damage). Nationally, these made 2012 the second costliest year on record for weather disasters. Only 2005, which incurred $160 billion in damages due in part to four devastating coastal hurricanes, saw more.

“Coastal resiliency and disaster risk reduction have become a national priority, and healthy coastal ecosystems play an important role in building resilient communities,” said Holly Bamford, Ph.D., acting assistant secretary of commerce for conservation and management at NOAA, and co-author of the study. “We know that sea levels are rising and that coastal communities are becoming more vulnerable to extreme weather- and climate-related events. Now is the time to invest in protection to secure our coasts, but we need to make those investments wisely and with a full understanding of the costs and benefits of different approaches.”

Coral reefs protect shorelines from currents, waves, and storms. Healthy reefs have rough surfaces and complex structures that slow incoming waves — dissipating much of the force. (Credit: NOAA).

Coral reefs protect shorelines from currents, waves, and storms. Healthy reefs have rough surfaces and complex structures that slow incoming waves — dissipating much of the force. (Credit: NOAA).

The study points out that there is still a need for built approaches in some locations. However, natural or hybrid approaches can be used in many cases.

Some natural ecosystems can maintain themselves, recovering after storm events and reducing the cost of upkeep. Natural habitats such as coral reefs, marshes and dunes can act as buffers for waves, storms and floods. Natural ecosystems also can, in many cases, keep pace with sea level rise, while built infrastructure does not adapt to changing conditions.

“There is a lot of potential innovation with hybrid approaches,” said Katya Wowk, Ph.D., NOAA senior social scientist, and the third co-author of the study. “Hybrid approaches, using both built and natural infrastructure, often provide more cost-effective flood risk reduction options and alternatives for communities when there is not enough space to use natural coastal protection alone.”

Hybrid approaches, such as combining some habitat restoration with openable flood gates or removable flood walls, provide benefits while also providing more storm and erosion protection than natural approaches alone. The study highlights hybrid approaches in the New York City metro area and in Seoul, South Korea, to deal with their monsoon flooding events.

Recently planted rows of American beachgrass will help protect a dune in Sandy Hook, New Jersey. (Credit: NOAA).

Recently planted rows of American beachgrass will help protect a dune in Sandy Hook, New Jersey. (Credit: NOAA).

“One of the challenging aspects is that these approaches are very new, so we are still learning what works best in which situations and under what circumstances,” said Wowk.

The authors suggest that every location where hybrid and natural approaches are being implemented provide opportunities for monitoring so we can learn as much as possible about each approach, including longer-term cost effectiveness.

“There is no ‘one size fits all’ solution when it comes to what is best for a community in providing coastal protection from flooding,” said Bamford. “We all have to work to innovate, test, monitor, and develop a better suite of options that includes more natural and hybrid infrastructure alternatives for providing coastal protection to communities around the world.”

NOAA’s mission is to understand and predict changes in the Earth's environment, from the depths of the ocean to the surface of the sun, and to conserve and manage our coastal and marine resources. Join us on FacebookTwitter, Instagram and our other social media channels.

http://www.noaanews.noaa.gov/stories2015/20150429-noaa-study-finds-marshes-reefs-beaches-can-enhance-coastal-resilience.html

DENVER – Thursday, April 30, is America’s PrepareAthon! National Day of Action, a grassroots campaign for action to get families, organizations and whole communities better prepared for emergencies. The campaign offers easy-to-use preparedness guides, checklists, and resources to help individuals prepare for common natural hazards and to take action, including downloading alerts and warnings, holding a drill, or safeguarding critical documents.

Despite the devastation that tornadoes, wildfires, and other natural disasters have caused in recent years, nearly 60 percent of surveyed Americans have not participated in a preparedness drill or exercise at their workplace, school, or home in the past year. The Federal Emergency Management Agency’s (FEMA) Denver-based regional office joins the states of Colorado, Montana, North Dakota, South Dakota, Utah and Wyoming in encouraging the whole community to participate in the America’s PrepareAthon! campaign by performing one of these simple preparedness actions:

  1. Sign up for local text alerts and warnings and download weather apps to your smartphone.
    Stay aware of worsening weather conditions. Visit ready.gov/prepare and download Be Smart: Know Your Alerts and Warnings to learn how to search for local alerts and weather apps relevant for hazards that affect your area.
  2. Gather important documents and keep them in a safe place.
    Have all of your personal, medical, and legal papers in one place, so you can evacuate without worrying about gathering your family’s critical documents at the last minute. Visit ready.gov/prepare and download Be Smart: Protect Your Critical Documents and Valuables for a helpful checklist.
  3. Create an emergency supply kit.
    Bad weather can become dangerous very quickly. Be prepared by creating an emergency supply kit for each member of your family. Visit ready.gov/kit for information on what to include in your kit.
  4. Develop an emergency communication plan for your family.
    It’s possible that your family will be in different locations when a disaster strikes. Come up with a plan so everyone knows how to reach each other and get back together if separated. Visit ready.gov/make-a-plan for communication plan resources.

Every state in FEMA Region VIII has shown support for America’s PrepareAthon! this spring by aligning a variety of preparedness activities with the campaign. The National Weather Service in North Dakota, South Dakota and Wyoming held statewide tornado drills to prepare residents for severe spring and summer weather; nearly one million Utahns participated in earthquake drills during the Great Utah ShakeOut; and communities throughout Colorado and Montana will hold wildfire preparedness events on May 2 for Wildfire Community Preparedness Day, an America’s PrepareAthon! partner event.

For more information about America’s PrepareAthon!, visit ready.gov/prepare. Follow America’s PrepareAthon! on Twitter using the handle @Prepareathon and #PrepareAthon.

http://www.fema.gov/news-release/2015/04/29/americas-prepareathon-national-day-action-set-thursday

You could leap onto your desk, wave both fists in the air, and scream ‘Why, why, why?’ You could organise a whip-round in your company and invite colleagues to give generously to ‘help save our business continuity’. You could even just accept the cut. After all, whose budget isn’t being cut nowadays? Tempting as these options may seem, they do however suffer from (at least) one major drawback. They are unlikely to get your business continuity budget reinstated in full afterwards. You need a better plan. One that can see you through a rough period, help you get your budget back to where it should be, and even prevent a cut in the first place. Read on for further details.

...

http://www.opscentre.com.au/blog/so-they-cut-your-business-continuity-budget-now-what-do-you-do/

Wednesday, 29 April 2015 00:00

25 Reasons for Risk Management Failure

I recently spoke to directors and officers about oversight of risk management by boards of directors. I prepared a list of 25 reasons that risk management failure happens, based on my experience assisting boards, including boards that have failed and boards that cannot afford to fail. Almost all of what follows below is based on real examples. I have never encountered a risk management failure where the board was not at fault, based on what the board said or did, or failed to say or do.

Here are 25 reasons for risk management failure:

...

http://www.corporatecomplianceinsights.com/25-reasons-for-risk-management-failure/

(TNS) -- When Jordan Soto’s father called 911 from his cellphone while she was having a medical emergency, the call was routed to a dispatch center 30 miles away.

Soto lived within a quarter-mile from a Santa Barbara, Calif., fire station, but responders didn’t make it to her home in time, and the 24-year-old died from an accidental drug overdose.

“That shouldn’t have happened,” said Assemblyman Das Williams, D-Santa Barbara. “They got there when it was too late.”

A new California Assembly bill calls for a two-year study to improve accuracy in pinpointing locations of 911 calls made from cellphones. AB 510 seeks to explore ways to eliminate unnecessary delays in emergency care for people in need. The bill was unanimously approved this month by one Assembly committee and now heads to another.

...

http://www.emergencymgmt.com/next-gen-911/California-Moves-Eliminate-Delays-911-Response.html

WASHINGTON – A recent Federal Emergency Management Agency (FEMA) survey found that nearly 60 percent of American adults have not practiced what to do in a disaster by participating in a disaster drill or preparedness exercise at work, school, or home in the past year. Further, only 39 percent of respondents have developed an emergency plan and discussed it with their household. This is despite the fact that 80 percent of Americans live in counties that have been hit with a weather-related disaster since 2007, as reported by the Washington Post. With the number and severity of weather-related disasters on the rise, the America’s PrepareAthon! is an opportunity for individuals, organizations, and communities to take action to prepare for specific hazards through group discussions, drills, and exercises.

“When it comes to preparedness, practice makes perfect,” said FEMA Administrator Craig Fugate. “America’s PrepareAthon! is about taking action now to better prepare yourself, your family, and your community to be ready to respond to these events before they occur.”

America’s PrepareAthon! is a national community-based campaign that provides free, easy-to-use guides, checklists, and resources to get more people to take action to prepare every day. On April 30, individuals, families, workplaces, schools and organizations will come together to practice simple actions to stay safe before, during, and after emergencies relevant to their area. Examples include:

  1. Sign up for local text alerts and warnings and download weather apps to your smartphone.
  2. Develop an emergency communication plan for your family. This will help you be in touch if a disaster strikes and family members are in different locations.
  3. Collect important documents and keep them in a safe place. This will help you evacuate without delay and get back on track after the disaster passes.
  4. Gather emergency supplies. Pack a “go bag” to evacuate quickly and have supplies in the home to be safe without water or power.

Visit the America’s PrepareAthon! website, ready.gov/prepare to take action, be counted and spread the word.

America’s PrepareAthon! was established to provide a comprehensive campaign to build and sustain national preparedness as directed by Presidential Policy Directive-8. The campaign is coordinated by FEMA in collaboration with federal, state, local, tribal, and territorial governments, the private sector, and non-governmental organizations.

http://www.fema.gov/news-release/2015/04/28/sixty-percent-americans-not-practicing-disaster-fema-urges-everyone-prepare

In the children’s story, “The Three Little Pigs,” the Big Bad Wolf tried a frontal assault by blowing the first two pigs’ houses down. By the end of the story, the pigs had come together, and through the preparation and efforts of the third pig building a house of bricks, taken refuge in the brick house and withstood the Wolf’s attack. In today’s world with a global economy, e-commerce, and utilization of technology to do business, the Big Bad Wolf will not knock on the front door. Instead, the Big Bad Wolf sits at home in its den using a computer to hack the data network and steal customer information, back accounts, social security numbers, and money. A brick house in today’s business environment is a strong and robust cybersecurity program. From direct deposits and online shopping to phishing and identify theft, the benefits and risks from increasing reliance on electronics and technology add another lawyer of compliance that businesses, ownership, management, and industries must not only recognize but immediately integrate and sustain for continued success and survival. This is why cybersecurity programs are necessary and invaluable to any company’s success and survival.

Cybersecurity is no longer a concern for just financial institutions, government agencies, or multi-national conglomerates. Any business involved in utilizing technology and electronics to engage with its customers and enter the business marketplace is subject to attack. Every day thousands of companies big and small and in various market and industry sectors are besieged by cybercriminals. By being proactive, committed, and vested in cybersecurity, a company, regardless of size, market, or industry, can prepare, implement, and sustain best practices, policies, and procedures that will help it defend against cyberattacks. Although not exhaustive, and priorities can change dependent upon risk and exposure, three primary areas a company can start with are active monitoring and assessments, implementation of the U.S. Commerce Department’s National Institute of Standards and Technology (NIST) Cybersecurity (CS) Framework, and employee training.

...

http://www.corporatecomplianceinsights.com/building-a-house-of-bricks-how-to-build-the-strongest-cyber-security-program/

(TNS) — When tornadoes like the one that struck Moore last month are imminent, forecasters can often warn residents about them a few days in advance.

But weather researchers at the National Oceanic and Atmospheric Administration’s National Severe Storms Laboratory and elsewhere are working on a new method they hope will allow emergency responders to prepare weeks ahead of time when tornadoes are likely.

Harold Brooks, senior research scientist at the Norman-based laboratory, said scientists could be a few years away from being able to release seasonal forecasts for tornadoes. Rather than predicting individual outbreaks, those forecasts would predict how likely tornadoes were over the course of a few weeks or an entire season, he said.

“The important experiments have been done,” Brooks said.

...

http://www.emergencymgmt.com/disaster/Seasonal-Tornado-Forecasts-Could-Soon-be-a-Reality.html

At the Qonnections 2015 Global Partner 2015 conference today, Qlik unveiled an update to its data visualization platform that adds self-service capabilities while at the same time providing simpler access to external data sources.

In addition, Qlik unveiled an implementation of the Qlik Analytics Platform aimed specifically at developers and announced the general availability of multiple services on Qlik Cloud, an implementation of the Qlik platform running on Amazon Web Services (AWS) that is designed to make it easier for end users to share data.

Josh Good, director of product marketing for Qlik, says Qlik Sense 2.0 extends the company’s core QIX Associative Indexing Engine technology in ways that make it simpler to visualize data and create reports, while still giving IT organizations the level of governance needed to meet regulatory requirements.

...

http://www.itbusinessedge.com/blogs/it-unmasked/qlik-extends-reach-of-data-visualization-software.html

(TNS) — Monday’s predicted sunny skies will make the events of April 27, 2011, seem like a distant memory, but those who are responsible for emergency response services will ever be watchful.

Four years ago Monday, three tornadoes tore through Cullman County, Ala., bringing a day of destruction to communities across the area. The sunrise tornado in the Hanceville area started the disaster. After a lull, an EF-4 tornado came through downtown Cullman and another came into Fairview and other areas of the county.

Immediately following the tornado outbreak, which devastated Tuscaloosa and many other areas of the state, residents began rebuilding, and as Cullman Mayor Max Townson recalls, an economic surge began to take place.

...

http://www.emergencymgmt.com/disaster/Alabama-Countys-Resurgence-Tornado-Outbreak-2011.html

It occurs to me that as the Internet of Things emerges as a topic of increasing relevance to CIOs, one of the things they’re going to need to be concerned about is standards. As the cloud-to-cloud integration that is necessarily associated with IoT becomes more commonplace, that integration will entail the adoption of certain standards that may or may not be in place at this point. So where is all of this heading?

I had the opportunity to discuss this topic with Shane Dyer, CEO of Arrayent, an IoT  platform provider in Redwood City, Calif. To kick off the discussion, I asked Dyer what role industry associations like the IPSO Alliance, the Cloud Computing Association, and the Cloud Industry Forum are playing in advancing cloud-to-cloud integration, and how effective they’ve been in this regard. He said Arrayent’s customers at this point aren’t asking them to conform to or recommend any cloud-to-cloud integration standard, which tells him that standards organizations working in this area could improve their market education and visibility efforts:

...

http://www.itbusinessedge.com/blogs/from-under-the-rug/cloud-to-cloud-integration-to-enable-iot-what-about-standards.html

Tuesday, 28 April 2015 00:00

When the Local Data Center Meets the IoT

Big Data and the Internet of Things (IoT) seem all but unstoppable these days, so the only question that remains is how the data center will evolve to handle such a large and diverse load.

To many, the cloud will become a crucial resource regardless of any lingering doubts over security and availability. There is only so much a single data center can handle, and unless the enterprise plans on going broke buying new hardware, the vast majority of Big Data and IoT storage and processing will have to take place on third-party infrastructure.

This is not necessarily bad news for the current IT vendor community, though, as it will likely lead to a data center building boom. According to IDC, data center capacity among service providers will jump more than seven-fold between now and 2019 as the cloud community seeks to provide the anytime, anywhere, anyhow connectivity and context that are the hallmarks of the IoT. The development of large capacity facilities will be tied to additional compute and storage deployment at the edge, as well as increased use of analytics and intelligent platforms designed to bring the management burdens of such a diverse infrastructure under control.

...

http://www.itbusinessedge.com/blogs/infrastructure/when-the-local-data-center-meets-the-iot.html

The close relationship between the Internet of Things (IoT) and Big Data is an intuitive one. The IoT will create a ton of information, which is precisely what Big Data is designed to handle. They really are different sides of the same coin.

Even things that seem to be made for each other don’t go together without a lot of work, however. Outscale technical writer and blogger Will Hayles uses a guest column at Datamation to describe the two intersecting techniques. The biggest companies have the money to hire people to plan well into the future. They are developing an understanding of the nexus of Big Data and the IoT. Other companies must get wise as well, he writes:

While larger enterprises like Coca-Cola, General Electric, and Domino’s Pizza have managed to tap into its value, most businesses will have to wait some time before they can really enjoy the advantages of embedded sensor technology. In the meantime, it’s imperative that those businesses prepare by adopting a big data strategy - and looking into analytics technology.

...

http://www.itbusinessedge.com/blogs/data-and-telecom/get-ready-for-the-marriage-of-big-data-and-the-iot.html

Within the next five years, the number of people connected to the Internet is forecast to rise to over 7 billion. The number of things hooked up to the web is projected to be around 50 billion. While the Internet of Things (IoT) still has to fulfil certain promises, the base is already there. From wearable fitness trackers to office building intrusion detection, the range of items being linked to the web is already wide. The natural and growing reflex is to consider the risk involved and appropriate risk management. But which kind of risk are we talking about?

...

http://www.opscentre.com.au/blog/the-internet-of-things-and-the-two-faces-of-risk-management/

NEW ORLEANS—Seventy-nine percent of companies are aligned with their risk management reporting structure, however, only 27% of risk professionals believe that emerging risks will be a company priority in the coming year, according to the 12th annual “Excellence in Risk Management Survey” released here by Marsh and RIMS.

In the last five or six years, “We have seen significant narrowing of the gap, where there is better alignment of what risk managers and risk executives are providing their organization and what their C-suite and management is looking for and needing in this riskier world that we all live in,” said Brian Elowe, a managing director at Marsh and co-author of the report. Findings are based on more than 300 responses to an online survey and a series of focus groups with leading risk executives.

...

http://www.riskmanagementmonitor.com/survey-finds-alliance-with-organizations-and-risk-reporting-structures/

Aon Risk Solutions has published its annual list of the key risks as identified by its clients across the globe. For the first time cyber risk has entered the top 10 at number 9 , reinforcing its emergence as a key risk factor. Damage to brand and reputation was cited as the top overall concern facing global organizations, further underscoring the increasing importance of cyber risk as it has been regularly linked to brand and reputation issues in the wake of data breaches.

Aon’s global clients strongly felt that damage to brand and reputation ranked as a top concern across almost all regions and industries. This can be attributed to the growing challenges businesses are facing amongst the risks found in the top 10 list, such as cyber risk, but also including business interruption, property damage and failure to innovate.

The 1400 survey respondents to the Aon Global Risk Management Survey included CEOs, CFOs and Risk Managers providing comparative insight into different perceptions of risk. Typically, financial and economic risks including commodity price risk, economic slowdown and technology failure were seen as damaging at C-suite level with risk managers focused on liability-related risks such as cyber, property damage and third party liability.

...

http://www.continuitycentral.com/index.php/news/erm-news/182-news7615

Batteries are a common site at most data centers, but while they typically form the heart of emergency backup architectures, there are growing signs that they could emerge as primary, or at least co-primary, power sources as well.

This trend seems to be part and parcel to the steadily increasing use of hydro, solar and other renewables to power the data center, as well as the rise of low-power, modular infrastructure in cloud-facing, hyperscale facilities.

Microsoft, for one, has been experimenting with a number of battery technologies for a while now, ostensibly to lower operating costs of its Azure cloud. In one project, the company has come up with a new lithium ion design called the Local Energy Storage (LES) unit, according to tech journalist Timothy Prickett Morgan. The system features the normal Panasonic cell that powers microservers and other devices, but rather than hang it off the side of the server, Microsoft dropped it into the switched mode power supply in the Open Cloud Server architecture. In this way, power can go directly to existing circuits without additional wiring and components. This also removes the battery from the path between the power source and the motherboard, ultimately reducing the load on bulk capacitors in backup power systems. The batteries cost only a few dollars when purchased in bulk and are estimated to cut operating costs by about a quarter.

...

http://www.itbusinessedge.com/blogs/infrastructure/renewable-energy-is-driving-advanced-power-storage-solutions.html

Monday, 27 April 2015 00:00

Nobody Puts Big Data in a Corner

It’s easy to type cast analytics. After all, it so easy fits in with BI that we tend to want to think about Big Data as a tool for business analysts, finance and IT leaders. But nobody puts Big Data in a corner, and a recent DC Velocity article shows why.

If you’re unfamiliar with the magazine/website, DC Velocity covers supply chain and logistics, and the piece is actually a republished CSCMP Supply Chain Quarterly journal article. The point of the article is to show how Big Data analytics can be useful to supply chain leaders, but it actually makes the case for why all managers should educate themselves on analytics.

“Without a full understanding of what the field of analytics is about, supply chain managers may be missing out on many opportunities—both for their companies and for themselves,” the article states.

...

http://www.itbusinessedge.com/blogs/integration/nobody-puts-big-data-in-a-corner.html

Wireless Emergency Alert (WEA) messages need to be longer, URLs should be included, message order must be changed and more outreach is needed, according to a new study conducted for the U.S. DHS.

The Comprehensive Testing of Imminent Threat Public Messages for Mobile Devices study used focus groups, interviews, post-incident surveys and experiments to thoroughly examine WEA messages. With $980,000 provided by the Commerce Department to DHS’ Science and Technology (S&T) Directorate, the study was conducted by the National Consortium for the Study of Terrorism and Responses to Terrorism (START) at the University of Maryland. The study’s principal investigator, Brooke Fisher Liu, said the empirical-based guidance “can potentially help alert originators improve how they currently craft and disseminate WEAs.” 

Denis Gusty, a program manager with DHS S&T, said he was not surprised by any of the research findings, but hopes stakeholders will read the report and make adjustments where appropriate by putting the information into practice. Suggested changes relative to message length and content are already under consideration by key stakeholders charged with making WEA recommendations to the FCC through the Communications Security, Reliability and Interoperability Council.

...

http://www.emergencymgmt.com/disaster/Longer-Messages-Needed-Wireless-Emergency-Alerts.html