Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Bonus Journal

Volume 29, Issue 5

Full Contents Now Available!

Industry Hot News

Industry Hot News (6940)

DRJ-LogoI have a hunch that your to-do list is growing by the hour as we head into 2017, and I have an even stronger hunch that reviewing and updating the employee handbook hasn’t made it to the list. As much as I hate to say it, you’d be well-advised to add it.

I drew that conclusion after a recent interview with Rob Wilson, president of Employco USA, a human resources outsourcing firm in Westmont, Illinois. Wilson makes a compelling argument around the importance of the executive team — including the CIO — taking the time to ensure that the employee handbook is everything it needs to be. Wilson highlighted the areas that IT execs need to focus on as they carry out this exercise:

For the CIOs, one of the bigger areas for them would be electronic use — what your policy is on social media usage, as well as computer technology usage in the workplace. All of that has to be spelled out: Is it okay for people to be streaming movies at their desks? What’s your cell phone usage policy? Are they company phones or are they individual phones, and what’s the protocol for usage of each? In some companies, people use their own cell phones, and in other cases, you’re supplying them. There is a big difference between the two, and how you use them, and what the rules should be.

...

http://www.itbusinessedge.com/blogs/from-under-the-rug/why-you-need-to-add-updating-the-employee-handbook-to-your-2017-to-do-list.html

BCI-LogoThe Business Continuity Institute

The Business Continuity Institute's Good Practice Guidelines emphasize the importance of validating business continuity plans through exercising, maintenance and review. In fact, such is its important that the entire theme of Business Continuity Awareness Week 2014 was based on testing and exercising. It confirms whether a plan is fit for purpose, and it's far better to find out that it isn’t fit for purpose during an exercise rather than a live incident.

In the latest edition of the BCI's Working Paper Series, Luke Bird MBCI focuses on improving desktop exercises, and poses numerous challenges to business continuity practitioners, suggesting concrete, actionable recommendations to enable organizations to obtain more value out of these exercises. His paper contributes to practice as it focuses on the delivery of desktop exercises, enabling fellow practitioners to consider their own arrangements and introduce improvements.

In the paper, Luke notes that for many organizations, it could be argued that there is an unhealthy focus on the event itself and less so on the required planning, metrics and outputs. This begs the question: are we actually clear on how to get the most value out of these events? The paper explores some of the associated challenges with delivering the desktop exercise, including the absence of sector-specific methodology, data capture techniques, participation issues and exploring the culture of fear.

The paper concludes that there is certainly some scope for improvement in how to deliver a desktop exercise. Unfortunately, professionals in the industry are very limited with the available guidance because it is either cross-sector (too generic), niche (too specific) or not widely shared. There is also little in the way of available literature which helps to describe what ‘good’ is. As such, how can the exercise be truly benchmarked to assess improvement over time?

Download your free copy of 'The desktop exercise - a wasted opportunity?' to understand more about desktop exercises and the role they play in the validation phase of your business continuity programme.

It’s always an editorial dilemma – Do we start with the event with the biggest business continuity impact? The event that was the most unbelievable? For 2016, we have some difficult choices, including the massive cyberattack of the toasters, the most powerful man in the world (soon) trying to carve up the Internet, and a smartphone threatening the health of a national economy.

As you’ve probably already noticed, the common factor is technology. 2016 was rather quieter on the natural disaster front, but let’s go through the things that caught our attention over the last 11 or 12 months.

...

http://www.opscentre.com/2016-business-continuity-review/

Friday, 16 December 2016 00:00

Yahoo Breach Redux

DRJ-LogoYou’ve probably heard this already, but the Yahoo breach is back in the news, and not in a good way. The original breach involved 500 million users. Now comes news of a separate breach that involved more than a billion accounts. This breach happened in August 2013. Let that sink in a moment. If you have an account with Yahoo servers, your information has likely been floating out there for more than three years without you knowing.

And there’s more, eSecurity Planet reported:

"Separately, Yahoo previously disclosed that its outside forensic experts were investigating the creation of forged cookies that could allow an intruder to access users' accounts without a password," the company stated. "Based on the ongoing investigation, the company believes an unauthorized third party accessed the company's proprietary code to learn how to forge cookies."

...

http://www.itbusinessedge.com/blogs/data-security/yahoo-breach-redux.html

MIR3-LogoYou’ve followed all the necessary steps to complete your cyber-response plan, and the call comes in that a breach has occurred … what do you do? It’s showtime!

Detect

Your security operation team will move into action as soon as an event is detected.

Record

When an event is detected, it must always be recorded. Events do not always lead to incidents, and incidents do not always lead to breaches, but all breaches start with an event. Use your human intelligence; report who saw what, and when. The type of event will determine who is needed to take action and what action to take; this could range from a quick review to a much longer investigation.

...

http://www.mir3.com/using-cyber-response-plan-real-life-attack/

DRJ-LogoThis series is dedicated to providing direction for applying Project Management principles to starting a Business Continuity or Disaster Recovery (BC/DR) Program.  This is the first installment of a multi-part series.  In this installment we will focus on the Project Initiation phase.  Subsequent segments will be aimed at additional phases of starting a BC/DR Program, on improving an existing BC/DR Program, and on elevating a mature program to a new level of efficiency and effectiveness.

Starting a Business Continuity Program

Launching a BC/DRBC/DR Program requires its own plan.  This is not a plan as in a recovery or response plan, but a plan in the sense of a project plan.  Starting a BC/DR is no different than starting any project, and success essentially hinges on your project management skills.  You may want to reach out to the Project Management Office (PMO) if you are fortunate enough to be part of an organization that has one.  The PMO may be able to provide an experienced project manager who can assist by applying current project management theory and techniques to the initiative.  If your organization does not have a PMO, or a resource is not available, then gaining a basic understanding of project management is the starting point.

There are many available information sources for project management principles.  The Project Management Institute (PMI) http://www.pmi.org/ is the leading authority in the field.  The PMI offers training and certification and most community colleges and universities offer courses in project management.

...

http://www.fairchildconsult.com/single-post/2016/12/15/Starting-a-Business-ContinuityDisaster-Recovery-BCDR-Program

Thursday, 15 December 2016 00:00

Natural Catastrophe Losses Increase in 2016

DRJ-LogoTotal global insured losses from natural catastrophes and man-made disasters in 2016 rose to at least $49 billion in 2016, 32 percent higher than the $37 billion recorded in 2015.

Preliminary estimates from Swiss Re sigma put insured losses from natural catastrophe events at $42 billion in 2016, up from $28 billion in 2015, but slightly below the annual average of the previous 10 years ($46 billion).

Man-made disasters triggered an additional $7 billion in insurance claims in 2016, down from $9 billion the previous year.

...

http://www.iii.org/insuranceindustryblog/?p=4691

Thursday, 15 December 2016 00:00

Travelling at the Speed of IT Security

DRJ-LogoEinstein, move over. There is a new universal constant now, one that governs all IT-driven activity, which by now is almost everything that goes on in the known world.

Forget about light and photons. We’re talking about the concept that no data travels faster than the speed of IT security.

Or perhaps that IT security can be made to keep up with the ever-increasing speed of information, which would certainly give it the drop on light. So, what is this new metaphysical marvel and how does it work?

The big change in IT security currently is the move from a boundary-oriented model to a boundary-less model.

Data no longer resides obediently within the corporate perimeter. Today, it’s out there in the cloud, on employees’ mobile devices, and travelling the worldwide web.

...

http://www.opscentre.com/travelling-speed-security/

FEMA LogoBATON ROUGE, La. – Natural beauty, history and culture don’t immediately come to mind when people think of FEMA, but the agency’s disaster recovery efforts may affect natural and cultural resources.

Following August’s unprecedented flooding in Louisiana, FEMA’s Office of Environmental Planning and Historic Preservation has been working to ensure the state’s rich natural and cultural resources are taken into consideration as it recovers. EHP routinely evaluates impacts to historic structures, archaeological resources, wetlands, floodplains, threatened or endangered species, and air/water quality.

FEMA EHP provides the technical expertise to ensure legal compliance and informed decision making for the agency and the local community undergoing recovery. Compliance with laws and regulations ensures recovery efforts that affect resources are understood and avoided, minimized, or mitigated where possible. Several laws that EHP routinely complies with include the National Environmental Policy Act, the National Historic Preservation Act, the Endangered Species Act, and the Clean Water Act. In carrying out their duties, EHP collaborates with resource agencies such as the Louisiana Division of Historic Preservation, the U.S. Fish and Wildlife Service, and the U.S. Army Corps of Engineers Regulatory Division.

For more information about FEMA’s work, visit FEMA online at www.fema.gov, www.facebook.com/fema, www.twitter.com/fema and www.youtube.com/fema.

DRJ-LogoPut yourself in your employee’s shoes for a moment. You wake up in the morning to snow that has been steadily falling for the past few hours. You check Facebook and see that your friends are complaining about icy roads and walkways. The Weather Channel says several more inches are anticipated throughout the day. You are supposed to report to work at eight, but have no idea whether or not the office is open. You have no messages on your phone, and your calls to the office go to voicemail. What do you do?

This is a very real situation experienced by many employees, often with less-than-desirable outcomes for employees and businesses alike. In best case scenarios, employees safely report to work; the office is open; and the day proceeds as normal—albeit with icy return trips looming ahead.

Other scenarios, however, are not so simple. In some cases, employees may stay home because they assume the office is closed and end up missing a scheduled shift or important meeting. In others, employees may report to work only to encounter the frustration of a closed office upon arrival. And in worst cases, employees attempt to report to work, but end up getting into accidents on the way in.

...

http://blog.sendwordnow.com/does-your-organization-have-an-inclement-weather-plan

Wednesday, 14 December 2016 00:00

Risk Limitation – Real World Examples

DRJ-LogoIn recent blogs we have discussed various aspects of risk mitigation, including risk acceptance, risk avoidance, risk limitation, and risk transference. This week’s blog will focus primarily on the area of risk limitation, the most common risk management strategy used by businesses.

You will recall that risk mitigation is defined as taking steps to reduce adverse effects. We have previously discussed the concepts of risk acceptance, risk avoidance, and risk transference.

Risk acceptance (a conscious decision to take no action to limit the risk) is the opposite of risk avoidance (the decision to take action that is intended to avoid any exposure to the risk). Risk avoidance is usually the most expensive of all risk mitigation options, while risk acceptance is typically chosen because the cost of other risk management options may outweigh the cost of the risk itself. Risk transference acknowledges the risk, but involves handing off that risk to a willing third party.

...

https://www.mha-it.com/2016/12/risk-limitation-real-world-examples/

FEMA LogoTALLAHASSEE – Although the registration deadline for Hurricane Matthew ends on December 16, 2016, survivors are reminded that FEMA and the U.S. Small Business Administration (SBA) will still be available to answer questions and provide assistance to applicants with unmet needs or needs not met by insurance settlements.

While not everyone who applies for federal disaster assistance will qualify for aid, the appeals process will make sure you receive every bit of the federal disaster aid for which you are legally eligible.

An applicant has 60 days from the date on FEMA’s determination letter to file an appeal. The determination letter describes the amount and type of assistance being offered.

A determination letter may state the application is missing information such as verification of occupancy of the damaged property, documentation of disaster damage, proof of identity or what is covered under an insurance policy.

If addresses or phone numbers change they should be updated with FEMA as soon as possible. Missing or erroneous information could result in delays in getting a home inspection or receiving assistance.

If you disagree with FEMA’s decision or have questions about the appeals process call the FEMA helpline at 800-621-3362 (voice/711/VRS-Video Relay Service) (TTY: 800-462-7585). Multilingual operators are available (press 2 for Spanish). The toll-free lines are open 7 a.m. to 11 p.m. seven days a week until further notice.

More information on the FEMA appeals process can be found in the FEMA booklet, “Help after a Disaster: Applicant’s Guide to the Individuals & Households Program.” This free booklet is available in numerous languages for download at fema.gov/help-after-disaster.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property, offering low-interest disaster assistance loans to businesses of all sizes, private nonprofit organizations, homeowners and renters.

FEMA Other Needs Assistance (ONA) grants may cover uninsured losses for furniture, appliances and other personal property, even vehicles. Survivors may not be considered for this type of assistance unless they have completed and returned an SBA loan application. Some types of ONA — medical, dental and funeral expenses — are not SBA dependent, and completing the loan application is not required.

Volunteer, faith- and community-based organizations may also be available to fill gaps in recovery. FEMA encourages you to contact these groups as they may provide essential long-term recovery resources through disaster recovery.

For more information on Florida’s disaster recovery, visit fema.gov/disaster/4283, twitter.com/femaregion4, facebook.com/FEMA, and fema.gov/blog, floridadisaster.org or #FLRecovers. For imagery, video, graphics and releases, see www.fema.gov/Hurricane-Matthew.

###

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain,and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-3362 (voice, 711/VRS - Video Relay Service) (TTY: 800-462-7585). Multilingual operators are available (press 2 for Spanish).

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing This email address is being protected from spambots. You need JavaScript enabled to view it., or visiting SBA’s website at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

Over the years, the topics of business continuity and disaster recovery have become much needed strategies for all businesses alike. More and more businesses are realizing the positive contributions these strategies are providing to their business and revenue. Statistics prove that business continuity and disaster recovery are necessary in today’s ever-growing world of technology.

...

http://www.bcinthecloud.com/2016/12/business_continuity_and_disaster_recovery_luxury_or_necessity/

Wednesday, 14 December 2016 00:00

BCI: Communicating in a crisis

BCI-LogoThe Business Continuity Institute

In our globally connected world, most organizations have staff that travel overseas, making it more important than ever for those organizations to have an effective emergency communications plan in place in order to contact geographically dispersed staff during a crisis. This is especially important given that the latest Emergency Communication Report, published by the Business Continuity Institute, revealed that one out of three organizations (32 percent) report their employees travel to ‘high risk’ countries.

The Emergency Communications Report, supported by Everbridge, a global software company that provides critical communications and enterprise safety applications, did however deliver the encouraging news that most organizations (84 percent) do have some form of plan in place, although it did highlight that for those that don’t, two thirds (64 percent) felt that only a business-affecting event would incentivise them to develop one – most people would consider this too late.

With increasing physical security challenges experienced by organizations due to rising levels of concern surrounding workplace violence and acts of terrorism, as identified in the BCI’s latest Horizon Scan Report, being able to communicate effectively with staff may have the added advantage of increasing safety.

Further findings from the report include

  • One third of organizations (32 percent) report that at least 100 employees travel internationally
  • The top reasons for triggering emergency communications are: unplanned IT and telecommunications outages (42 percent), power outages (40 percent), adverse weather (39 percent), facilities management incidents (23 percent), cyber security incidents (22 percent), and natural disasters (22 percent)
  • The top processes used for emergency communications are: internal emails (79 percent), text messaging (70 percent), manual call trees (56 percent), emergency communication software (50 percent), and website announcements (46 percent)
  • More than half of organizations (55 percent) use 3 or more emergency communications processes
  • Around 3 out of 10 organizations (29 percent) do not have training and education programmes
  • Around 7 out of 10 organizations (69 percent) stated that their emergency communications plan had been activated during the last year, other than during an exercise
  • A tenth of organizations (10 percent) take more than 60 minutes to activate their emergency communications plan
  • More than 6 out of 10 organizations (62 percent) are not confident about their preparedness for a location-specific security incident (e.g. workplace violence, act of terrorism)
  • More than a tenth of organizations (11 percent) do not feel they have top management support when it comes to developing emergency communications plans

Patrick Alcantara DBCI, Senior Research Associate at the BCI and author of the report, commented: “A robust emergency communications capability is a crucial, often life-saving, component of incident response. This becomes more important considering ever changing threats which often impact on the physical safety and well-being of employees and customers. This timely study affirms how organizations strive to improve their emergency communications capability, as well as look at opportunities to ensure reliable messaging and response.

Imad Mouline, Chief Technology Officer at Everbridge, commented: “This year’s findings indicate that global businesses are increasingly aware that true resiliency is a company-wide initiative that involves taking accountability for the safety of all staff—whether they are located in the office, at home or on the road. While it’s not surprising to see shared interest in emergency communications across business continuity, IT, security, facilities and other disciplines, it’s clear that organizations are still seeking solutions to optimize their response plans for a mobile workforce, and for the growing frequency and complexity of critical events and security incidents.

Training, education and exercising are good ways to improve emergency communications plans, yet many organizations still have gaps in their training and education programmes related to emergency communications plans which serve as a barrier to embedding this capability. There are also gaps in exercising these plans.

The human element of emergency communications has a significant role in its success. Lack of understanding from recipients is the top reason in failing to deliver effective emergency communications. There is a need for organizations to plan their messages and deliver these in a concise and sustained way in order to raise response levels and direct recipients to perform required actions that may save lives during an incident.

If you would like to find out more about the 2016 Emergency Communications Report, or if you have any questions, then register for our webinar on the 17th January at 1430 GMT, when Patrick Alcantara (The BCI) and Owen Miles (Everbridge) will be discussing it in more detail. Click here to register.

BCI-LogoThe Business Continuity Institute

Organizations recognising the need for an emergency communications plan in order to initiate secure and reliable communications to geographically dispersed staff during a crisis

CAVERSHAM, UK –  In our globally connected world, most organizations have staff that travel overseas, making it more important than ever for those organizations to have an effective emergency communications plan in place in order to contact geographically dispersed staff during a crisis. This is especially important given that the latest Emergency Communication Report, published by the Business Continuity Institute, revealed that one out of three organizations (32 percent) report their employees travel to ‘high risk’ countries.

The Emergency Communications Report, supported by Everbridge, a global software company that provides critical communications and enterprise safety applications, did however deliver the encouraging news that most organizations (84 percent) do have some form of plan in place, although it did highlight that for those that don’t, two thirds (64 percent) felt that only a business-affecting event would incentivise them to develop one – most people would consider this too late.

With increasing physical security challenges experienced by organizations due to rising levels of concern surrounding workplace violence and acts of terrorism, as identified in the BCI’s latest Horizon Scan Report, being able to communicate effectively with staff may have the added advantage of increasing safety.

Further findings from the report include

  • One third of organizations (32 percent) report that at least 100 employees travel internationally
  • The top reasons for triggering emergency communications are: unplanned IT and telecommunications outages (42 percent), power outages (40 percent), adverse weather (39 percent), facilities management incidents (23 percent), cyber security incidents (22 percent), and natural disasters (22 percent)
  • The top processes used for emergency communications are: internal emails (79 percent), text messaging (70 percent), manual call trees (56 percent), emergency communication software (50 percent), and website announcements (46 percent)
  • More than half of organizations (55 percent) use 3 or more emergency communications processes
  • Around 3 out of 10 organizations (29 percent) do not have training and education programmes
  • Around 7 out of 10 organizations (69 percent) stated that their emergency communications plan had been activated during the last year, other than during an exercise
  • A tenth of organizations (10 percent) take more than 60 minutes to activate their emergency communications plan
  • More than 6 out of 10 organizations (62 percent) are not confident about their preparedness for a location-specific security incident (e.g. workplace violence, act of terrorism)
  • More than a tenth of organizations (11 percent) do not feel they have top management support when it comes to developing emergency communications plans

Patrick Alcantara DBCI, Senior Research Associate at the BCI and author of the report, commented: “A robust emergency communications capability is a crucial, often life-saving, component of incident response. This becomes more important considering ever changing threats which often impact on the physical safety and well-being of employees and customers. This timely study affirms how organizations strive to improve their emergency communications capability, as well as look at opportunities to ensure reliable messaging and response.

Imad Mouline, Chief Technology Officer at Everbridge, commented: “This year’s findings indicate that global businesses are increasingly aware that true resiliency is a company-wide initiative that involves taking accountability for the safety of all staff—whether they are located in the office, at home or on the road. While it’s not surprising to see shared interest in emergency communications across business continuity, IT, security, facilities and other disciplines, it’s clear that organizations are still seeking solutions to optimize their response plans for a mobile workforce, and for the growing frequency and complexity of critical events and security incidents.

Training, education and exercising are good ways to improve emergency communications plans, yet many organizations still have gaps in their training and education programmes related to emergency communications plans which serve as a barrier to embedding this capability. There are also gaps in exercising these plans.

The human element of emergency communications has a significant role in its success. Lack of understanding from recipients is the top reason in failing to deliver effective emergency communications. There is a need for organizations to plan their messages and deliver these in a concise and sustained way in order to raise response levels and direct recipients to perform required actions that may save lives during an incident.

Notes:

  • Download a full copy of the report by clicking here.
  • Note to the online survey: This report features 661 responses from 71 countries.

About the Business Continuity Institute

Founded in 1994 with the aim of promoting a more resilient world, the Business Continuity Institute (BCI) has established itself as the world’s leading Institute for business continuity and resilience. The BCI has become the membership and certifying organization of choice for business continuity and resilience professionals globally with over 8,000 members in more than 100 countries, working in an estimated 3,000 organizations in the private, public and third sectors.

The vast experience of the Institute’s broad membership and partner network is built into its world class education, continuing professional development and networking activities. Every year, more than 1,500 people choose BCI training, with options ranging from short awareness raising tools to a full academic qualification, available online and in a classroom. The Institute stands for excellence in the resilience profession and its globally recognised Certified grades provide assurance of technical and professional competency. The BCI offers a wide range of resources for professionals seeking to raise their organization’s level of resilience, and its extensive thought leadership and research programme helps drive the industry forward. With approximately 120 Partners worldwide, the BCI Partnership offers organizations the opportunity to work with the BCI in promoting best practice in business continuity and resilience.

The BCI welcomes everyone with an interest in building resilient organizations from newcomers, experienced professionals and organizations. Further information about the BCI is available at www.thebci.org.

About Everbridge

Everbridge, Inc. (NASDAQ: EVBG), is a global software company that provides critical communications and enterprise safety applications that enable customers to automate and accelerate the process of keeping people safe and businesses running during critical events. During public safety threats such as active shooter situations, terrorist attacks or severe weather conditions, as well as critical business events such as IT outages or cyber incidents, over 3,000 global customers rely on the company’s SaaS-based platform to quickly and reliably construct and deliver contextual notifications to millions of people at one time. The company’s platform sent over 1 billion messages in 2015, and offers the ability to reach more than 200 countries and territories with secure delivery to over 100 different communication devices. The company’s critical communications and enterprise safety applications include Mass Notification, Incident Management, IT Alerting™, Safety Connection™, Community Engagement™, Secure Messaging and Internet of Things, and are easy-to-use and deploy, secure, highly scalable and reliable. Everbridge serves 8 of the 10 largest U.S. cities, 8 of the 10 largest U.S.-based investment banks, all four of the largest global accounting firms, 24 of the 25 busiest North American airports and 6 of the 10 largest global automakers. Everbridge is based in Boston and Los Angeles with additional offices in San Francisco, Beijing and London. For more information, visit www.everbridge.com, read the company blog, http://www.everbridge.com/blog, and follow on Twitter and Facebook.

Tuesday, 13 December 2016 00:00

The Future Of B2B Mobile Enterprise Services

DRJ-LogoBusiness-to-business (B2B) ecosystems facilitate the continuous exchange of information and collaboration. B2B ecosystems will play a central role for all businesses because they form the basis for redefining approaches toward innovation, knowledge management, supply-chain optimization, product development, sales, and marketing.

While the ultimate focus of these ecosystems is to create customer value, their more immediate effect is to drive operational agility in service of customers. Mobility will be a central enabler for these B2B digital ecosystems. Why?

...

http://blogs.forrester.com/dan_bieler/16-12-13-the_future_of_b2b_mobile_enterprise_services

FEMA LogoSAVANNAH, Ga. — Hurricane Matthew storm survivors applying for FEMA assistance may easily overlook a small detail that can result in a letter of ineligibility.

Common reasons for a determination of ineligibility include:

  • Lack of verification of occupancy of the damaged property;

  • Proof of identity;

  • No documentation of disaster damage;

  • Coverage by an insurance policy.

    In the case of an insurance denial, notify FEMA of the insurance settlement, and the case will be reviewed again. In other situations, provide the requested information.

If the letter says “Ineligible,” the letter will contain a code with an explanation for the denial. If the explanation is unclear, call the FEMA Helpline at 800-621-3362 (voice, 711 or Video Relay Service) or TTY 800-462-7585 for the deaf or hard of hearing.

An application’s status may also be checked at DisasterAssistance.gov. Click on the big “Check Status” link at the far right of the home page.

Letters indicate the amount of any approved grant and how the money should be used. Using the grant for purposes other than as indicated may prevent additional assistance.

Applicants from the 10 eligible Georgia counties have 60 days from the date on FEMA’s decision letter to file an appeal on ineligibility or amount of the grant. The letter must explain the reason for the appeal and include:

  • Applicant’s full name

  • Applicant’s FEMA registration number

  • Disaster number (4284)

  • Address of the applicant’s pre-disaster primary residence

  • Applicant’s current phone number and address

  • Documentation supporting the appeal, such as contractor repair estimates, insurance settlement letters, proof of residence and proof of ownership.

  • Applicants are strongly encouraged to include the following signed statement: “I hereby declare under penalty of perjury that the foregoing is true and correct.” Other options are to submit a copy of a state-issued ID card or to notarize the letter. However, be aware that if the notary stamp is embossed and not colored, it may not scan to be readable.

Mail or fax the letter as follows:

  • By mail:

FEMA

National Process Service Center

P.O. Box 10055

Hyattsville, MD 20782-7055

  • By fax:

800-827-8112

Attention FEMA

For updates on Georgia’s Hurricane Matthew response and recovery, follow @GeorgiaEMA and @FEMARegion4 on Twitter and visit gemhsa.ga.gov and fema.gov/disaster/4284.

DRJ-LogoYour digital intelligence strategy and implementation is struggling to keep up with your device-hopping customers.  You’re trying.   And it’s difficult – so many obstacles.   But you face the Digital Dilemma, introduced by colleague Nigel Fenwick:  your customers’expectations of digital experience keep rising.  When any digital experience they have with you doesn’t meet their expectations, their perception of the value your firm provides falls … which leads to risk of customers taking their business elsewhere.  Ouch.   So, tackle the Digital Dilemma head on.  Focus your digital intelligence strategy like a laser on the customer experiences that matter most to your business outcomes.  How?  With an actionable digital intelligence strategic plan.  Here are 3 of the key components your strategic plan must include.

...

http://blogs.forrester.com/cinny_little/16-12-13-do_you_have_a_digital_intelligence_strategy_that_will_win

DRJ-LogoThe retail industry is constantly evolving. So why wouldn’t a retailer’s risk function keep pace? Jackie Hourigan Rice, Chief Risk and Compliance Officer at Target, discusses the importance of flexibility, alignment and empathy in developing a risk program that helps the retailer be more resilient — no matter what the future may hold in store.

“You need to be flexible. It’s not about the process; it’s the impact.”

...

http://corporatecomplianceinsights.com/podcasts/resilient-episode-6-jackie-hourigan-rice-creating-smart-risk-culture/

DRJ-LogoFor security to work most efficiently in any organization, everybody has to be on board. I don’t mean they have to simply support the idea of good security practices, rather, they must actually have awareness of the greatest threats and risks to the organization, recognize what security procedures are necessary to address those threats and risks, and understand how to prevent falling into security traps. I’d also say that the higher up the organizational ladder one goes, the more essential it is to know specific regulations and the direct impact of security violations. Turning a blind eye to security or willingly ignoring the consequences of a potential attack is inexcusable as we go into 2017.

Yet, a recent survey conducted by Liaison Technologies found that senior executives are uninformed about the security and privacy regulations that their organizations are required to follow; 47 percent admit they don’t even know what compliance standards are applicable to their specific organization or industry. Another 25 percent say they don’t know who within the organization is responsible for security matters. And this specific statistic really surprised me, as reported by CSO:

Just three percent of respondents said that PCI DSS applied to their organization, a number that Liaison says is "surprisingly small" because it is a security standard that "applies to all entities that store, process or transmit cardholder data."

...

http://www.itbusinessedge.com/blogs/data-security/senior-executives-uninformed-about-security-regulations.html

DRJ-LogoOne of the major challenges for Business Continuity Management (BCM) professionals and organizations is ensuring that their Business Impact Analysis (BIA) is kept current and update to date.  The problem with keeping the BIA’s up to date is that there is no process that integrates the BIA into the existing organizational functions.  It’s something that is done once a year – a single point in time – and due to competing initiatives, is usually performed quickly by department representatives so they can focus on the activities they are responsible for and have direct impact upon their unit’s functions and direct reports.  Ultimately, they focus on the things that impact their year-end performance and BCM isn’t usually one of them.

BCM must meet with an organizations IT Change Management, Organizational Change Management and Project/Program Management Office (PMO) representatives to develop a process that ensure that a Business Impact Analysis (BIA) is incorporated into their processes.  This means that for each project in flight completes a BIA which details what the change is, what the impact is upon existing processes and what the end result will be once the change has been implemented.  This allows for BCM to review the proposed (and often confirmed) changes to perform an analysis to existing BCP contingencies and strategies, assumptions, resources requirements (people, facility, IT etc.) and any other item that may have an impact upon BCM plans and processes.

...

https://stoneroad.wordpress.com/2016/12/10/business-impact-analysis-bia-organizational-integration-project-change-impacts/

Monday, 12 December 2016 00:00

Control in the Chaos

Emergency Management Market Skyrockets

AlertMedia-LogoWhen we heard the report based on new market research that the incident and emergency management market is projected to reach $114 billion by 2021, we weren’t surprised. But what people may not realize is why the market is exploding. The report notes the growth is due to “changing climatic conditions, increasing government regulations and norms, extensive usage of social media to spread information, and increased threats of terrorist attacks.”

Pretty sobering. Every one of those key drivers are out of our immediate control. We don’t like to feel out of control. In fact, the feeling of being out of control is a leading cause of anxiety and depression. It can lead us to act irrationally or at the very least, make us irritable. The truth is, we feel safe when we are in control.

...

https://www.alertmedia.com/control-in-the-chaos/

Monday, 12 December 2016 00:00

Becoming a Crisis Communications Champion

DRJ-LogoIf you’re an American football fan, it’s an exciting time of the year. The college playoff field is shaping up, ultimately leading to the championship game in January. Professional football teams in the National Football League are beginning to eye the ultimate prize—a Super Bowl win. It’s the time of year where excellence is on clear display.

Whatever your sport or passion, there are likely teams you admire because of their outstanding achievements or their ability to overcome adverse situations. Perhaps, during this season, we can take some inspiration from these “heroes” and apply them to our work in business resiliency and crisis communication. Consider these thoughts on what it takes to be a champion crisis communicator.

...

http://blog.sendwordnow.com/becoming-a-crisis-communications-champion

BCI-LogoThe Business Continuity Institute

In a survey about the experience of handling major losses undertaken Vericlaim and Alarm, more than half of respondents “rated the practical assistance offered by a BCP (Business Continuity Plan) following a major incident as one or two out of a possible score of five”. In other words, the BC Plans of the organisations responding to the survey were found to be not particularly helpful when responding to a major loss!

This finding seems to have been rather under reported by the business continuity community who are usually so forward in explaining the importance of having a BC Plan and extolling the virtues of BC in improving resilience. Personally, I find it a damning indictment of the BC profession.

One of the things that constantly both amuses and horrifies me is how far most BC Plans are from the description given in the Business Continuity Institute’s (BCI’s) Good Practice Guidelines. This states that a BC Plan should be “…focused, specific and easy to use…”, and that the important characteristics for an effective BC Plan are that is direct, adaptable, concise, and relevant.

Over the years I have had the pleasure of seeing hundreds, if not thousands, of BC Plans from a wide variety of organisations, and I can safely say that more than 90% of these plans do not fit in with this description. They tend to contain lots of information that is irrelevant to the purpose of responding to a major incident, and seem to be written more for the benefit of the organisation’s auditors than for use by people who need to take action to reduce the impact of the incident on the organisation.

As a BC consultant, I keep trying my best to improve BC Plans, but I’m constantly being knocked back by people who tell me that all sorts of things need to be put into their BC Plans, more often than not because of an audit or review undertaken by a third party.

For far too long this situation has been allowed to continue unchallenged. It cannot do so for too much longer without the BC profession losing credibility.

Mel Gosling FBCI is the Principal Business Continuity Consultant at Merrycon Ltd.

BCI-LogoThe Business Continuity Institute

Confidence among security practitioners in their organization's ability to asses cyber risk is in decline as global cyber security confidence fell six points over 2016 to earn an overall score of 70%, a 'C-' on the report card. This is according to a new study by Tenable Network Security,

The 2017 Global Cyber Security Assurance Report Card indicates that the overall decline in confidence is the result of a 12-point drop in the 2017 Risk Assessment Index, which measured the ability of respondents to assess cyber risk across 11 key components of the enterprise information technology (IT) landscape.

For the second straight year, practitioners cited the 'overwhelming cyber threat environment' as the single biggest challenge facing IT security professionals today, followed closely by 'low security awareness among employees' and 'lack of network visibility (BYOD, shadow IT)'.

Today’s network is constantly changing - mobile devices, cloud, IoT, web apps, containers, virtual machines - and the data indicates that a lot of organizations lack the visibility they need to feel confident in their security posture,” said Cris Thomas, strategist, Tenable Network Security. “It’s pretty clear that newer technologies like DevOps and containers contributed to driving the overall score down, but the real story isn’t just one or two things that need improvement, it’s that everything needs improvement.

It is clear from this why cyber attacks and data breaches rank as the top two concerns for business continuity professionals, as identified in the Business Continuity Institute's latest Horizon Scan Report, which revealed that 85% and 80% of respondents to a global survey expressed concern about these two threats materialising. It is perhaps for that reason cyber security was chosen as the theme for Business Continuity Awareness Week 2017.

2017 Overall Cyber Security Assurance Report Cards by Country

  • India: B (84%)
  • United States: C+ (78%)
  • Canada: C (75%)
  • France: C (74%)
  • Australia: C- (71%)
  • United Kingdom: D (66%)
  • Singapore: D (64%)
  • Germany: D- (62%)
  • Japan: F (48%)

2017 Overall Cyber Security Assurance Report Cards by Industry

  • Retail: C (76%)
  • Financial Services: C- (72%)
  • Manufacturing: C- (72%)
  • Telecom: C- (70%)
  • Health Care: D (65%)
  • Education: D (64%)
  • Government: D (63%)

DRJ-LogoCHICAGO – Dangerously low temperatures and snow are in the forecast and the U.S. Department of Homeland Security’s Federal Emergency Management Agency (FEMA) wants individuals and families to be safe when faced with the hazards of winter weather.

“Subfreezing temperatures and snowstorms can be dangerous and even life-threatening for people who don't take the proper precautions,” said Janet M. Odeshoo, acting regional administrator, FEMA Region V.  “It is important for everyone to monitor their local weather reports and have a plan now for how to stay safe in severe winter weather conditions.”

During snowstorms and extreme cold weather, you should take the following precautions:

  • Stay indoors as much as possible and limit your exposure to the cold.
  • Dress in layers and keep dry.
  • Check on family, friends, and neighbors who are at risk and may need additional assistance.
  • Know the symptoms of cold-related health issues such as frostbite and hypothermia and seek medical attention if health conditions are severe.
  • Bring your pets indoors or ensure they have a warm shelter area with unfrozen water.
  • Make sure your vehicle has an emergency kit that includes an ice scraper, shovel, blanket and flashlight – and keep the fuel tank above half full.

You can find more information and tips on being ready for winter weather and extreme cold temperatures at http://www.ready.gov/winter-weather.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. 

###

Follow FEMA online at twitter.com/femaregion5, www.facebook.com/fema, and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at twitter.com/craigatfema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

DRJ-LogoWASHINGTON, DC —The Federal Emergency Management Agency (FEMA) has issued a Notice of Funding Opportunity (NOFO) for the fiscal 2016 Program to Prepare Communities for Complex Coordinated Terrorist Attacks (CCTA Program).  The CCTA Program provides $35.94 million to state, local, tribal, and territorial jurisdictions to improve their ability to prepare for, prevent, and respond to complex coordinated terrorist attacks in collaboration with the whole community.

Selected state, local, tribal, and territorial jurisdictions will receive fiscal 2016 CCTA Program funding specifically to build and sustain capabilities to enhance their preparedness for complex coordinated terrorist attacks, by achieving the following: identifying capability gaps, developing and/or updating plans, training to implement plans and procedures, and conducting exercises to validate capabilities.

Awards will be made on a competitive basis to applicants who present an ability to successfully meet the requirements described in the NOFO.  FEMA encourages interested jurisdictions of various types, sizes, and capabilities to apply.

The application period will remain open until 11:59:59 p.m. EST February 10, 2017.  The fiscal 2016 CCTA Program Notice of Funding Opportunity (NOFO) is located online at: http://www.fema.gov/grants as well as on http://www.grants.gov Catalog of Federal Domestic Assistance (CFDA) number 97.133.

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

DRJ-LogoLike the heavyweight classics Ali vs. Frazier and Tyson vs. Holyfield, a battle is raging between cloud storage and on-premise storage. Who will be left standing at the end? Which hand will the referee hold aloft in victory? Or will it forever be a disputed decision with fans demanding a rematch?

In this article, we'll look at eleven areas where public cloud storage offers an advantage.

...

http://www.enterprisestorageforum.com/storage-services/cloud-storage-vs.-on-premise-11-reasons-to-choose-the-public-cloud-1.html

In a new report based on research from UK national weather service the Met Office, Lloyd’s has found that extreme weather events may be modeled independently. While extreme weather can be related to events within a region, these perils are not significant correlated with perils in other regions of the world.

The study’s key findings include:

...

http://www.riskmanagementmonitor.com/lloyds-finds-extreme-weather-can-be-accurately-modeled-independently/

Thursday, 08 December 2016 00:00

Business Intelligence Skills

So you have gone through the Discover and Plan of your Business Intelligence (BI) strategy and are ready to staff your BI support organization. What skills, experience, expertise and qualifications should you be looking for?

...

http://blogs.forrester.com/boris_evelson/16-12-08-business_intelligence_skills?cm_mmc=RSS-_-BT-_-63-_-blog_1737

COLUMBIA, S.C.--Two months after the presidential disaster declaration for storm and flood damage relief from Hurricane Matthew in South Carolina, federal assistance has climbed to $116.9 million.

That total includes:

  • More than $33.8 million in Individual Assistance disaster recovery grants from the Federal Emergency Management Agency (FEMA) for homeowners and renters. More than 44,700 individuals and households have applied for disaster assistance from FEMA.
  • More than $31.6 million in low-interest disaster loans from the U.S. Small Business Administration (SBA) for businesses of all sizes (including landlords), private nonprofit organizations, homeowners and renters.
  • More than $38.4 million in flood insurance payments from the National Flood Insurance Program (NFIP).
  • More than $13.1 million in Public Assistance obligations to reimburse local governments for eligible costs of responding to the floods and repairing or rebuilding public facilities.

Recovery highlights include:

  • The $33.8 million in disaster recovery grants from FEMA including more than $28 million in Housing Assistance to help homeowners and renters with temporary housing and essential home repairs and more than $5.8 million in Other Needs Assistance, including grants for the replacement of damaged vehicles and personal property, as well as reimbursements for serious disaster-related needs not covered by insurance.
  • The SBA has approved 922 low-interest disaster loans, including 865 home loans, 39 business loans and 18 Economic Injury Disaster Loans for small businesses. SBA disaster loans may cover repairs or rebuilding, as well as the cost of replacing lost or disaster-damaged real estate and personal property.
  • A total of the 24 Disaster Recovery Centers (DRCs) and Mobile Disaster Recovery Centers (MDRCs) have been opened by the State and FEMA. They have assisted more than 7,600 survivors. As of today, five DRCs remain open in Beaufort, Georgetown, Hilton Head, Mullins, and Sumter. To find a DRC location near you, and its hours, download the free FEMA app on your mobile device or visit asd.fema.gov/inter/locator.
  • In addition, the SBA opened three Business Recovery Centers to enable storm-impacted businesses to meet individually with SBA representatives and find out how a low-interest disaster loan can help them recover.
  • FEMA-contracted housing inspectors have completed more than 31,500 inspections of disaster-damaged homes to verify damage and eligibility for FEMA assistance.
  • A total of 202 Disaster Survivor Assistance (DSA) personnel visited nearly 55,000 homes in storm-damaged neighborhoods. They are equipped with laptop computers to register survivors with FEMA and to answer their questions about disaster assistance.
  • The NFIP, which is administered by FEMA, has paid out partial and advanced payments totaling $38 million to 6,610 policyholders.
  • Hazard Mitigation Community Education Outreach experts have advised more than 4,400 survivors how to rebuild their homes stronger and safer after the floods. They have been present at DRCs and MDRCs and at hardware and lumber stores.
  • To date, $13.1 million has been obligated in Public Assistance grants to reimburse local, state and tribal governments and certain private non-profits for 75 percent of their disaster-related expenses and repairs, providing financial relief for hard-hit communities. The state and the applicant split the remaining 25 percent.

Although Public Assistance funds go to local governments and certain nonprofits, they benefit everyone—communities, cities and the state. Those federal dollars help pay for efforts to keep people and property safe. Public Assistance funds also clean up disaster-related debris, put roads, utilities and public works back in order and repair or replace public structures. In many cases, local taxpayers would otherwise have to pay the costs that FEMA Public Assistance grants are covering.

More than 44,700 individuals and households have applied for disaster assistance from FEMA. Residents of 24 counties are eligible for Individual Assistance: Allendale, Bamberg, Barnwell, Beaufort, Berkeley, Calhoun, Charleston, Chesterfield, Clarendon, Colleton, Darlington, Dillon, Dorchester, Florence, Georgetown, Hampton, Horry, Jasper, Lee, Marion, Marlboro, Orangeburg, Sumter andWilliamsburg.

Those 24 counties also are eligible for Public Assistance, along with Kershaw and Richland.

Survivors can apply online at DisasterAssistance.gov or by phone at 800-621-3362 (voice, 711 or relay service) or 800-462-7585 (TTY). The toll-free lines are open 7 a.m. to 10 p.m. seven days a week until further notice. Multilingual operators are available.

Survivors who have questions about their flood insurance policies and coverage should contact the NFIP call center at 800-621-3362 between 9 a.m. and 7 p.m. Monday through Friday. Specialists can help with service claims, provide general information regarding policies and offer technical assistance to aid in recovery.

For more information about SBA loans, call SBA’s Disaster Assistance Customer Service Center at 800-659-2955, email This email address is being protected from spambots. You need JavaScript enabled to view it., or visit http://www.sba.gov/disaster. TTY users may call 800-877-8339. Applicants may also apply online using the Electronic Loan Application (ELA) via SBA’s secure website at https://disasterloan.sba.gov/ela.

For more information about the disaster recovery operation, please visit fema.gov/disaster/4286 or the South Carolina Emergency Management Division at scemd.org/recovery-section/ia.###

All FEMA disaster assistance will be provided without discrimination on the grounds of race, color, sex (including sexual harassment), religion, national origin, age, disability, limited English proficiency, economic status, or retaliation. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). If you have a speech disability or hearing loss and use a TTY, call 800-462-7585 directly; if you use 711 or Video Relay Service (VRS), call 800-621-3362.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow us on Twitter at https://twitter.com/femaregion4 and the FEMA Blog at http://blog.fema.gov.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing This email address is being protected from spambots. You need JavaScript enabled to view it., or visiting SBA’s website at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

Thursday, 08 December 2016 00:00

Why IT Strategy Fails and What to Do About It

IT strategy – hmm, that sounds good! It suggests you know what you’re doing, and that those invoices from your IT suppliers correspond to something of value to the business.

However, IT strategy and the plans that go with them sometimes don’t achieve the results you wanted. Here are 10 reasons why failure happens and 10 suggestions for avoiding it.

...

http://www.opscentre.com/why-it-strategy-fails-and-what-to-do-about-it/

DURHAM, N.C. –FEMA has approved almost $82 million in federal assistance to help North Carolina survivors recover from the recent floods that followed Hurricane Matthew. While assistance is tax-free and you don’t have to repay grants, FEMA urges you to use the funds wisely and only for disaster-related expenses.

FEMA also encourages you to keep your receipts for three years to show how the funds were spent. After every major disaster FEMA conducts audits of disaster assistance payments to ensure taxpayer dollars were properly provided by the agency and appropriately used by recipients. It’s important to remember that federal law prohibits duplicating disaster assistance from other sources.

When you are awarded a grant FEMA will send you a letter listing the approved uses, including:

  • Home repairs (e.g., structure, water, septic and sewage systems).

  • Rental assistance for a different place to live temporarily.

  • Repair or replacement of a flooded essential vehicle.

  • Medical care for an injury caused by the disaster.

  • Repair, cleaning or replacement of clothing or specialized tools.

  • Necessary educational materials (e.g., computers, school books, supplies).

  • Moving and storage expenses related to the disaster.

  • Child care and funeral expenses.

You may spend your FEMA grant in any approved way that helps you achieve the goal of permanent, safe, sanitary and functional housing.

  • Rental assistance grants are provided for temporary housing when a disaster leaves your home uninhabitable or inaccessible.                                                                             
  • As a homeowner or renter, you can choose to rent an apartment, house, mobile home or some other temporary rental unit.
  • If you intend to seek continued rental assistance, you will need receipts to show you used the grant for rent.

You should not use disaster grants for regular living expenses – such as utilities, food, medical or dental bills not related to the disaster, nor for travel, entertainment or any discretionary expense not related to the disaster.

When you get any letter from FEMA, read it carefully. If you have any questions, call the FEMA Helpline at 800-621-3362 for voice, 711 and Video Relay Service. If you are deaf, hard of hearing or have a speech disability and use a TTY call 800-462-7585. You can also visit a Disaster Recovery Center. Find the nearest DRC by going online to www.fema.gov/drc.

For more information on North Carolina’s recovery, visit fema.gov/disaster/4285  and readync.org. Follow FEMA on Twitter at @femaregion4 and North Carolina Emergency Management @NCEmergency.

By now firms are deep into their big data investments — and frustrated. Too many new and rapidly evolving technologies are built on an open source and named after a bunch of zoo animals. The term insight platform has struck a chord with technology buyers exactly because it offers a path out of this mess. In fact, insight platform was the number-one emerging technology in terms of investment and interest in Forrester’s Q3 2016 Global State Of Enterprise Architecture And Portfolio Management Online Survey.

...

http://blogs.forrester.com/brian_hopkins/16-12-07-want_to_create_action_from_big_data_look_at_enterprise_insight_platform_suites?cm_mmc=RSS-_-BT-_-62-_-blog_2705

DevOps velocity mandates change velocity

Enterprises today are focusing on delivering applications faster to drive customer experiences and drive business transformation to meet rising expectations. For some, faster delivery is simply faster time to disappointment where the delivery process is shoddy and speed is the only metric. Speed without quality in an oxymoron – and extremely dangerous. The automation of the process known as Application Release Automation (ARA) is one of the critical impediments in the DevOps journey for I&O organizations today. ARA tools are designed to remove errors from manual processes by standardizing and automating the movement of applications with middleware and infrastructure – the critical final step in the delivery pipeline of applications to deliver customer value.

...

http://blogs.forrester.com/robert_stroud/16-12-07-velocity_with_quality_mandates_a_model_based_approach_to_ara_tools_and_devops?cm_mmc=RSS-_-BT-_-65-_-blog_10604

Thursday, 08 December 2016 00:00

FEMA: Private Nonprofits Encouraged to Apply

VIRGINIA BEACH, Va. – Private nonprofit (PNP) organizations in Virginia may be eligible to receive federal assistance in recovering from losses connected with Hurricane Matthew, officials of the Virginia Department of Emergency Management (VDEM) and the Federal Emergency Management Agency (FEMA) said. The deadline for applying is December 15, 2016.

Private nonprofits can request an application packet for disaster assistance by calling (804) 839-8992 or e-mail This email address is being protected from spambots. You need JavaScript enabled to view it. between the hours of 7 a.m. to 6 p.m. Monday through Friday, or file online at VirginaPA.org and submit a request for public assistance.

The Public Assistance program provides grant funds to eligible municipalities, government agencies and qualified private non-profit organizations for costs of debris removal, emergency protective measures, road repairs, repair of water control facilities, and restoration of buildings, utilities and recreational facilities. While public assistance is oriented to public entities and can fund the repair, restoration, reconstruction, or replacement of a public facility or infrastructure damaged or destroyed by a disaster, certain PNPs may qualify for help as well.

Eligible PNPs include educational, utility, irrigation, emergency, medical, rehabilitation, and temporary or permanent custodial care facilities (including those for the elderly and disabled), and other PNP facilities that provide essential services of a governmental nature to the general public.

PNPs that provide "critical services," which include power, water (including water provided by an irrigation organization or facility), sewer, wastewater treatment, communications and emergency medical care, may apply directly to FEMA for a disaster grant. All other PNPs must first apply to the Small Business Administration (SBA) for a disaster loan. If the PNP is declined for an SBA loan, or the loan does not cover all eligible damages, the applicant may re-apply for FEMA assistance.

The eligible cities are Chesapeake, Franklin, Norfolk, Portsmouth, Suffolk, Virginia Beach, and the counties of Isle of Wight and Southampton.

Thursday, 08 December 2016 00:00

Cyber Crime is Professional

In 2016, we have seen the largest cyber bank theft in history, hacking of emails in the U.S. presidential election and a massive denial-of-service attack linked to the Internet of Things.

Attackers – ranging from nation-states to organized criminal gangs – have moved well beyond crude, scattergun approaches to defeat weak security. Today they are skilled, determined and focused – and quite possibly already inside an organization’s network, either because they’ve breached it or because they are an employee or partner with access. They are varied in motivation, capability and tactics.

BAE Systems recently conducted a survey that reveals the majority of information technology professionals (97 percent) believe business security and defense is a priority for their organizations. Yet more than half (54 percent) admit they assess cyber threats just once a week or less. The recent survey of 200 IT professionals at U.S. organizations also revealed:

...

http://corporatecomplianceinsights.com/cyber-crime-professional/

It’s a fact of life in modern business and industry: You’ll amass more data by the end of the month than you likely did over an entire 12 months just a few years ago. The bottom line is that data isn’t going away any time soon, and it grows in quantity and importance with each passing day. Managing that data has evolved as a crucial aspect of conducting business, akin to HR or R&D. How effectively you manage your organization’s data will dictate a lot about your business, impacting virtually every aspect of your enterprise, not least your level of productivity and your bottom line.

Traditional data storage systems have been useful — to a point. The operative term here being ‘traditional.’ Limitations on performance, scaling and efficiencies have made outmoded data filing cumbersome, ineffective, and costly. Enter the panacea: migrating existing servers and storage to a cloud-based storage environment. Managing data at the cloud level is analogous to exchanging a single-engine turboprop for a wide-bodied supersonic jet aircraft. The benefits are numerous, tangible, and once you’ve migrated, you’ll wonder how you ever managed your data up until now.

The first think you’ll notice with cloud data storage is a dramatic increase in productivity and performance. Faster, state-of-the-art storage translates to better response times over outmoded systems. It also means faster batch processing, allowing you to process more orders in less time more efficiently. In addition, you’ll experience faster search times and enhanced storage structures, giving customers faster access to information.

...

http://www.siasmsp.com/managing-data-growth-in-the-cloud/

Millions were affected by the Dyn DDoS Attack a few weeks ago including service providers hosting on Dyn and their site's potential visitors. It was a lesson that showed many online services that they can't rely on a single provider for their authoritative DNS (domain name system) since outages can and do occur.

Maintaining uptime is critical since being unavailable online essentially equates to closing your doors in brick and mortar terms. No sales, no new customers, no "showroom." Not only does an outage hurt your revenue, it damages your brand in ways that aren't easily quantified. Customers can't get to your site to buy or view products/services and so forth.

As critical as DNS is, it's an underlying Internet technology that not many people pay too much attention to until it's not working. This graphic really sums up the importance of DNS and how it acts as the foundation of your online presence.

Think about your Internet presence as a house or building that contains your web server, email servers, FTP server, API, VOIP Phone system etc. This house relies on two things: your domain name and DNS before any other service can be setup.

Your domain name is just like the plot of land you build on - without your parcel of land, you have nowhere to build. The domain name must be registered and in good standing before anything will work. Once the domain name is secured, you need to build the foundation before you can build your house.

If your foundation is weak and unreliable, your house can crumble to the ground. This foundation is your DNS - a reliable way of answering queries to your domain name and pointing visitors to your online resources, including your web server. Without a strong DNS service in place, there's a risk of losing the entire house and all its contents. The true moral of the story is that companies should never skimp on their foundation when building their Internet house.

Here are a few additional steps to make sure your company's business has a solid DNS foundation.

1 - Don't Put All Your DNS Eggs in One Basket

Amazon, LinkedIn, Yelp, Paypal and many other smart online marketers realize that using a single DNS provider is simply too risky. They have added secondary and sometimes even tertiary DNS providers to increase reliability and decrease the chances of a DNS outage.

Secondary DNS isn't a cure all, but it spreads out your bandwidth across multiple managed providers to reduce the chances of prolonged downtime. In the event of an attack against a single DNS provider, your secondary and/or tertiary provider will still be serving up your DNS with virtually zero impact. This also can help if you experience a DDoS attack against your domain name since the larger DNS footprint will require a larger attack to take it all down.

2 – Essential DNS Features

If you are serious about your business, use a managed DNS provider. DNS hosting by your domain name registrar or Web hosting company is typically sub-standard and in many cases doesn't allow you to even enable DNS backup options such as Secondary DNS. Zone file exports and other ways to backup your DNS zones are also typically missing. Speed, uptime and expertise about DNS as well as advanced features such as Load Balancing, GEO DNS and others are also typically missing from these built-in DNS providers. When evaluating a potential DNS partner, you'll also want to inquire about their customer service. A great DNS company will have a group of experienced professionals available via multiple channels – ie. phone, chat, etc. – 24-hours a day.

3 - Monitor from multiple sources and use Smart IT Alerting

Some monitoring and alerting companies stopped sending out alerts when Dyn was attacked. The reason was because so many businesses and services were relying on Dyn that when it went down, the flood of monitoring alerts overwhelmed the system. There was a log jam that meant that none of Dyn's customers learned about the outage until its customers began complaining publicly. Monitoring platforms helps diagnose issues immediately and not receiving these messages extends the outage and makes troubleshooting more difficult. Using multiple monitoring services adds a level of redundancy in case one major DNS is taken down.

The efficacy of monitoring IT operations is measured by the speed in which notifications are sent and received. From there, the real work begins when employees start to diagnose and eventually take steps to remediate the issue. Alerting, reacting and fixing the problem is a logistical symphony and can often bottleneck the process. The success – or failure – of a company to address a critical issue often lies in those first few hours. Gaining immediate notice of a catastrophic downtime event can be the difference between a company being unavailable for an hour or days. IT leaders must install comprehensive policies and communications plans to rally critical employees quickly no matter what time of day or night. Simple items such as updated contact information for both mobile and landlines, secure conference call bridges and recorded voice alerts can reduce the time it takes to reduce the mean-time-to-fix and save the company millions in lost sales and decreased brand reputation.

The average cost of an outage can be upwards of $100,000 or more per hour depending on the size of the organization and online revenue stream. Attacks like the one we saw at Dyn are only the beginning of what we will see likely see on a more regular basis now that hackers are starting to take out their new IoT toys out for a spin. Businesses can help mitigate the risks of this new cyberattack type by distributing their DNS across multiple platforms and investing in smart monitoring and alerting platforms.

https://www.cloudfloordns.com

If your organization has never fired anyone, has never laid anyone off, has only single employees that have never been married or divorced, and have no significant others in their lives, then you don’t have to worry about Work Place Violence (WPV) or an Active Shooter. If your organization does NOT fit this profile, then you need to prepare for an Active Shooter. Management needs to understand that they are personally liable for not providing for the safety and security of their staff (OSHA 1910-34139). Several executives have been convicted under that statute and are serving time in jail.

Management needs to educate their staff regarding how to act during an active shooter incident. An employee needs to know:

...

http://www.disaster-resource.com/index.php?option=com_content&view=article&id=2841

The length of time victims wounded in school shootings and terror attacks must wait for help from an EMT could be minutes or hours—during which time they could bleed to death. This has happened in a number of cases, including a shooting at an Orlando nightclub in June, when a woman bled to death while waiting for help to arrive.

These incidents have prompted the Department of Homeland Security’s Stop the Bleed campaign, a nationwide initiative to empower individuals to act quickly and save lives in emergency situations. Bystanders are asked to take simple steps to keep an injured person alive until medical care is available. Security guards, custodians, teachers and administrators are being trained at schools and other places to administer first aid until help arrives.

...

http://www.riskmanagementmonitor.com/fed-program-pushes-for-life-saving-training-for-shootings-terror-attacks/

Your organization's actual ability to respond to and recover from an event is directly related to employee readiness across the organization.

It is important to note that too many times we train only those directly involved in key recovery positions and do not train the lower levels of the organization. To determine employee readiness, or how well employees are prepared, ask people across the organization if they know what BCP is or what they are supposed to do in an emergency. If possible, ask not only individual contributors, but senior management as well.

It is important to note that too many times we train only those directly involved in key recovery positions and do not train the lower levels of the organization. To determine how well employees are prepared, ask people across the organization if they know what BCP is or what they are supposed to do in an emergency. If possible, ask not only individual contributors, but senior management as well.

Employee readiness must be heightened both at work and at home. If people are not available because of their personal situation, they cannot assist with any business recovery. Remember, individuals will be most concerned about themselves and their family (and rightfully so). If their personal situation is not safe or stable, they will be distracted at best, or unavailable at worst.

...

https://www.mha-it.com/2016/12/employee-readiness-2/

Wednesday, 07 December 2016 00:00

The Key Elements of the Hybrid Cloud

The hybrid cloud is evolving along a strange sort of dichotomy as the year comes to a close: It is getting easier to deploy but more challenging to optimize.

This is partly due to the fact that the enterprise itself is tasked with managing multiple types of workload – everything from traditional business applications to mobile computing and device-driven analytics. But it also points to the fact that the hybrid cloud is not a single entity but a collection of components that must work together near-flawlessly in order to provide the seamless data experience that users expect.

Tech writer Alan Joch noted on BizTech recently that the emergence of turnkey solutions and hybrid management tools is making it easier to deploy distributed cloud environments. Leading IT vendors have taken to leveraging both their home-grown systems portfolios and third-party contributions to craft hybrid architectures that can be easily launched and then quickly scaled to production-level environments. VMware’s Cross-Cloud Architecture, for example, provides for consistent deployment models, security policies and governance across multiple clouds and can be delivered under the company’s Cloud Foundation architecture that incorporates legacy platforms like vRealize, vSphere and NSX software-defined networking.

...

http://www.itbusinessedge.com/blogs/infrastructure/the-key-elements-of-the-hybrid-cloud.html

Having an adjuster with the National Flood Insurance Program (NFIP) come to your home isn’t the same as having your homeowner’s insurance agent or a FEMA inspector assess your damages.

FEMA Individual Assistance (IA), homeowners insurance and flood insurance are three different programs.

Homeowner and business insurance policies usually don’t cover flood damage. They generally do not. Disaster officials recommend:

  • If you have flood insurance, call your agent right away.
  • If you have homeowners insurance, call your agent right away.
  • If you had damages and haven’t registered with FEMA, do so right away.

Receiving a flood claim inspection, registering with your city’s emergency management agency, registering with the Virginia Department of Emergency Management (VDEM), the Red Cross, or with any other charitable organization is NOT the same as registering with FEMA or having a homeowner’s or flood insurance policy.

If you have dual insurance, you need to contact both your homeowners insurance and your NFIP flood insurance agent as well as register with FEMA to initiate individual recovery assistance. The deadline to register with FEMA is January 3, 2017. The deadline to file a flood-loss claim is February 7, 2017.

The deadline date for filing an NFIP flood insurance claim has been extended from 60 to 120 days from the date the flood damage occurred. After contacting your flood insurance agent, the claims process begins with your sending in ‘proof of loss’ paperwork. The flood claim process commonly follows this timeline: 

  • An adjuster will usually call you within 24 to 48 hours after you notify your agent about the flood damage.

  • Once contacted, a claims adjuster will visit to open the claim. In disasters such as Virginia, some adjusters may have hundreds of policy holders to service.

  • Policyholders have 120 days after the date of the loss to file proof of loss paperwork. This sworn statement may have to be notarized.

    • For instance, if you send in your proof of loss at 28 days, it can take at least 14 to 20 days more after that to review and process for payment.

    • It can take another 20 days to process the claim for payment—and at times only a partial payment can be made.

  • If you have a mortgage, regulations require that homeowner payment checks be issued in both the lender and homeowner’s name. Usually a bank or lender will require a construction contract or proof of pending repairs before releasing the money to you.

To date, NFIP in Virginia has received 2,231 claims with an estimated payout of nearly $25 million due to Hurricane Matthew.

Some damages not covered by your NFIP insurance may be eligible for coverage under your homeowners insurance, FEMA individual assistance program, or the U.S. Small Business Administration (SBA). You must be registered with FEMA to find out if you are eligible for additional assistance not covered by your insurance policies.

If you receive an SBA loan application, complete and submit it to the SBA, even if you don’t want a loan. Sometimes unanticipated expenses come up as your recovery process nears conclusion.

Information about claims, what to do, how to file, and what proof of loss is needed can be found in the NFIP online booklet “The NFIP Flood Insurance Claims Handbook” at http://go.usa.gov/x89kz. In most cases, there is a 30-day waiting period for a new flood insurance policy to take effect. To learn more about this program, contact your insurance agent or the NFIP at 888-379-9531, or visit www.floodsmart.gov.

Call the FEMA helpline to register, register online at www.DisasterAssistance.gov, or get additional information: 800-621-3362, or TTY at 800-462-7585. You can also visit your nearest Disaster Recovery Center (DRC). Location addresses can be found at www.FEMA.gov/DRC.

An unplanned outage is one of the worst things that can happen to a data center – and to your business  According to a 2016 Ponemon Institute study, a data center outage costs businesses an average of $8,851 per minute. The report also found that since 2010, the average total cost of a data center outage is up 38 percent – to $740,357. Although it’s impossible to completely eliminate outages, you can take steps to mitigate the consequences of downtime and ensure business continuity.

Here are nine ways to mitigate the risk of an extended data center outage and help ensure business continuity:

...

http://www.datacenterknowledge.com/archives/2016/12/06/nine-steps-organization-can-take-mitigate-downtime/

We know you know, but to save you the mental effort of fleshing these acronyms out into full-length descriptions, here’s what they stand for. BCM is business continuity management. ITSCM is IT service continuity management. And BIA is business impact analysis.

These three items are linked together by the need to keep organizations operational in adverse circumstances. You probably got that immediately.

But they are also linked by the need to trim expenses down to only what is necessary, a connection that is sometimes rather less obvious. Here’s how it works.

Let’s start with BCM. This is the overall management of continuity for the business, meaning the organization as a whole. As much of business is driven by IT, IT service continuity management is typically a major component of BCM

...

http://www.opscentre.com/bcm-itscm-bia-alphabet-soup-chance-save-money/

Would it surprise you to know that up to 90 percent of the U.S. workforce says they would like to telecommute at least part time? Some aren’t waiting for permission, but gradually changing the perception of what’s acceptable office protocol.

Plenty of companies are offering remote working options to their employees, but there are some stalwarts who believe the most productive employees “come” to work every day. Still, other companies draw the line at sales execs or field techs. IDC forecasts the U.S. mobile worker population will grow at a steady rate to nearly 106 million by 2020. Unless sales and field technician positions explode, this means many jobs will move from the traditional office locale to an alternative site or sites.

Some of the hesitation to open this can of worms is that employees will slack off if not under constant supervision. Data security and communication are other concerns, although these are becoming less of an issue thanks to modern technology, such as cloud computing and employee communication software. The key, however, is to leverage existing and emerging technologies, set expectations, communicate frequently, and devise a measurement benchmark to evaluate performance.

...

https://www.alertmedia.com/5-reasons-its-time-to-let-employees-work-remotely

A survey of more than 1,400 risk professionals at large organizations in the U.S. or Canada that have purchased a commercial insurance policy from one of the profiled insurers or brokers throws up some interesting results.

It finds that as rates across the U.S. commercial property/casualty insurance market continue to decline, the key variables in driving overall commercial insurance customer satisfaction are insurer profitability and broker expertise.

The J.D. Power study, conducted in conjunction with RIMS (the risk management society), found a distinct correlation between customer satisfaction and insurer profitability, as measured by total commercial combined financial ratios.

...

http://www.iii.org/insuranceindustryblog/?p=4681

The Business Continuity Institute - Dec 05, 2016 16:26 GMT

At the most recent meeting of the Business Continuity Institute's Board of Directors, James McAlister FBCI formally became the new Chairman of the BCI, taking over from David James-Brown FBCI whose two years in office has come to an end.

James is a former police officer with over 30 years of experience in business continuity, civil protection, emergency planning, security, firearms, public order and training. He has advised and contributed to many operations and exercises throughout the UK and internationally including political party conferences, major sporting events, VIP visits, counter terrorism operations, public order events and environmental / man-made emergencies. James has won a number of prestigious awards including the Public Sector Business Continuity Manager of the Year Award at the BCI European awards in 2014.

On taking up the post, James commented: "David James-Brown has left the Institute in a much better position than it has ever been in before. We are financially stable, have a wider global presence, offer more member services, and provide more research papers. Possibly his greatest legacy is yet to be realised in the Institute's new customer relationship management system which doesn't go live until next year. I would like to thank David on behalf of all the membership for his dedication, loyalty, hard work and leadership over the last two years and wish him well as he returns to his successful consultancy business."

As announced previously, Tim Janes Hon. FBCI now becomes the new Vice Chair of the BCI after being voted in by his fellow members of the Global Membership Council, and Roberto Grosso Ciponte MBCI becomes the new Membership Director, also voted in by those on the Global Membership Council.

To view the full Board of Directors at the BCI, click here.

RALEIGH, N.C.Survivors of the flooding that followed Hurricane Matthew should make or solidify a plan to move from temporary accommodations to more permanent housing as part of their recovery.

If you are living in a hotel paid by FEMA under the Transitional Sheltering Assistance program, remember this assistance is short-term. The program is scheduled to end Saturday, Jan. 7, 2017.

Two ways to search for housing online:

  • NCHousingHelps.org helps people displaced by Hurricane Matthew locate available, affordable rental housing. This free service can be accessed online 24 hours a day and through a toll-free, bilingual call center, Monday through Friday, 9 a.m. to 8 p.m., at 877-428-8844
  • The FEMA Housing Portal (https://asd.fema.gov/inter/hportal/home.htm) is intended to help individuals and families who have been displaced by a disaster find a place to live. The portal consolidates rental resources identified and provided by federal agencies, such as the U.S. Department of Housing and Urban Development, U.S. Department of Agriculture, U.S. Veterans Administration, private organizations, and the public to help individuals and families find available rental units in their area.

If you lived in public housing, or a multi-family Section 8 apartment, or had a Housing Choice Voucher before Hurricane Matthew:

  • You may be eligible for disaster assistance from U.S. Housing and Urban Development (HUD). Contact the housing provider that assisted you before the disaster and contact HUD at 336-851-8058 or email at This email address is being protected from spambots. You need JavaScript enabled to view it..

If you need homeowner information and assistance from HUD regarding foreclosure or questions about the next steps with your home:

  • Contact a HUD-approved housing counseling agency by calling 800-569-4287. You do not have to have a FHA loan to meet with a HUD-approved housing counseling agency, and there is never a fee for foreclosure prevention counseling.

The deadline for registering for FEMA’s Individual Assistance is Monday, Jan. 9, 2017. If you have not yet registered, you are urged to do so as soon as possible.

There are three ways to register with FEMA:

  • Online at DisasterAssistance.gov.
  • Call the FEMA Helpline at 800-621-3362 for voice, 711 and Video Relay Service. If you are deaf, hard of hearing or have a speech disability and use a TTY, call 800-462-7585.
  • Download the FEMA Mobile App and apply.

After you register with FEMA, the U.S. Small Business Administration may contact you. SBA is the primary source of funds for property repairs and replacing lost contents following a disaster. The deadline to apply for a low-interest disaster loan from SBA is also Monday, Jan. 9, 2017.

  • There is no requirement to take out a loan if one is offered from SBA. If you are approved for a disaster loan, you have 60 days to decide whether to accept the loan. If you are not approved for a loan you may be considered for certain other FEMA grants and programs that could include assistance for disaster-related car repairs, clothing, household items and other expenses.

Voluntary organizations in your community may be able to help you find a more permanent place to live. You may seek referrals for unmet needs by calling United Way at 211. You can find a list of organizations currently assisting survivors at North Carolina Voluntary Organizations Active in Disaster.

For more information on the North Carolina recovery, visit fema.gov/disaster/4285 and readync.org. Follow FEMA on Twitter at @femaregion4 and North Carolina Emergency Management @NCEmergency.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-3362 or TTY at 800-462-7585.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow FEMA on twitter at @femaregion4. Download the FEMA app with tools and tips to keep you safe before, during, and after disasters.

Dial 2-1-1 or 888-892-1162 to speak with a trained call specialist about questions you have regarding Hurricane Matthew; the service is free, confidential and available in any language. They can help direct you to resources. Call 5-1-1 or 877-511-4662 for the latest road conditions or check the ReadyNC mobile app, which also has real-time shelter and evacuation information. For updates on Hurricane Matthew impacts and relief efforts, go to ReadyNC.org or follow N.C. Emergency Management on Twitter and Facebook. People or organizations that want to help ensure North Carolina recovers can visit NCdisasterrelief.org or text NCRecovers to 30306.

The U.S. Small Business Administration (SBA) is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps homeowners, renters, businesses of all sizes, and private non-profit organizations fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Customer Service Center by calling (800) 659-2955, emailing This email address is being protected from spambots. You need JavaScript enabled to view it., or visiting SBA’s Web site at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call (800) 877-8339.

RALEIGH, N.C. – North Carolina survivors who registered with FEMA for disaster assistance after Hurricane Matthew are encouraged to stay in touch with the agency to resolve issues, get updates on your application or provide additional information.

It is especially important for you to update FEMA with any insurance documentation information or settlements. FEMA disaster assistance covers only basic needs and cannot duplicate insurance payments.

You can also call the helpline to:

  • Receive information on the home inspection process

  • Add or remove a name of a person designated to speak for you

  • Find out if FEMA needs more information about your claim

  • Update FEMA on your housing situation

  • Get answers to other questions about your application

To update your status call the FEMA Helpline at 800-621-3362 for voice, 711 and Video Relay Service. If you are deaf, hard of hearing or have a speech disability and use a TTY, call 800-462-7585.

If you are changing addresses, phone numbers or banking information you should notify FEMA. Incomplete or incorrect information could result in delays in receiving assistance.

When calling the helpline you should refer to the nine-digit number you were issued at registration.  This number is on all correspondence you receive from FEMA and is a key identifier in tracking assistance requests.

For more information on the North Carolina recovery, visit fema.gov/disaster/4285 and readync.org. Follow FEMA on Twitter at @femaregion4 and North Carolina Emergency Management @NCEmergency.

###

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-3362 or TTY at 800-462-7585.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow FEMA on twitter at @femaregion4. Download the FEMA app with tools and tips to keep you safe before, during, and after disasters.

Dial 2-1-1 or 888-892-1162 to speak with a trained call specialist about questions you have regarding Hurricane Matthew; the service is free, confidential and available in any language. They can help direct you to resources. Call 5-1-1 or 877-511-4662 for the latest road conditions or check the ReadyNC mobile app, which also has real-time shelter and evacuation information. For updates on Hurricane Matthew impacts and relief efforts, go to ReadyNC.org or follow N.C. Emergency Management on Twitter and Facebook. People or organizations that want to help ensure North Carolina recovers can visit NCdisasterrelief.org or text NCRecovers to 30306.

The U.S. Small Business Administration (SBA) is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps homeowners, renters, businesses of all sizes, and private non-profit organizations fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Customer Service Center by calling 800-659-2955, emailing This email address is being protected from spambots. You need JavaScript enabled to view it., or visiting SBA’s Web site at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

How could all those precisely formulated Information Technology Infrastructure Library recommendations lead to anything but success? Well, we can give you six possibilities right now.

They fall neatly into two categories with half of them being problems that could affect any organizational change, and half of them being issues more specific to ITIL.

First, let’s tackle the specific issues. Number one on our list is trying to implement ITIL as though it was a standard like ISO 27002 for security.

...

http://www.opscentre.com/6-ways-go-road-itil-hell-avoid/

Thursday, 01 December 2016 00:00

An Orchestrated Cloud Is an Effective Cloud

In the old days, IT was tasked with managing infrastructure, primarily by controlling the physical devices that moved, processed and stored data. In the abstract cloud era, the name of the game is orchestration of the disparate systems and platforms that data invariably encounters as it makes the journey from raw information to valuable knowledge.

But while many of the actual orchestration processes will be automated using increasingly intelligent algorithms, IT still has a job to do in not only crafting the policies that will govern data and application movement but in selecting and provisioning a robust orchestration platform from an increasingly diverse set of vendor solutions.

According to Markets and Markets, the cloud orchestration sector is on pace to nearly triple by 2021, growing from $4.95 billion today to $14.17 billion, with a compound annual growth rate of 23.4 percent. The key driver, of course, is to craft the most efficient, effective use of cloud resources, although demand for self-service provisioning and high-speed application support is also part of the mix. As the digital economy unfolds, service fulfillment will come to dominate the IT landscape and companies that can provide rapid, reliable infrastructure at a moment’s notice will derive greater profitability with tighter margins and foster stronger brand loyalty among users.

...

http://www.itbusinessedge.com/blogs/infrastructure/an-orchestrated-cloud-is-an-effective-cloud.html

Thursday, 01 December 2016 00:00

Atlantic Hurricane Season: The Long View

As the 2016 Atlantic hurricane season officially draws to a close just days after Hurricane Otto became the latest calendar year Atlantic hurricane on record to make landfall, the question on everyone’s lips is: are the seasons growing longer?

For if Otto, which struck southern Nicaragua as a Category 2 over Thanksgiving, is the last hurricane of the 2016 season, it will mark the end to the longest hurricane season on record the Atlantic Ocean has seen, according to NOAA.

The 2016 season had an early beginning—well ahead of its June 1 official start—when Hurricane Alex became the first Atlantic hurricane in January since Hurricane Alice in 1955.

...

http://www.iii.org/insuranceindustryblog/?p=4677

The Business Continuity Institute - Dec 01, 2016 16:24 GMT

We have recently seen two significant cyber attacks on big businesses hitting the news, and these are just the ones we know about. The ability for hackers to gain access to systems through technical means is not to be underestimated, and specialists work tirelessly to build and maintain secure systems that are now integral to our business and personal lives.

What is often forgotten is the vulnerability of the very people who use and operate these systems, who by definition are often the easiest way for a hacker to secure the information they need to profit from their activity. People are the biggest weakness when it comes to cyber security and how many of us are regularly trained and updated on methods and the importance of protecting information?

Data security is vital to the success of your business, yet working practices in many organisations still demonstrate a lack of awareness and understanding:

How many of us have seen the ‘Post-it note’ approach to ensuring we don’t forget that important password stuck to the very computer terminal holding all the company data?

How many of us really understand the capability of hackers to contact our call centres and encourage our staff to release that extra bit of customer information?

There is no complete solution to this and we must all work on the basis that we will at one point or another be subject to a cyber attack, this is just a reality of the world we now live in and the risk versus reward for those who engage in this activity. To protect ourselves both personally and professionally, we must ensure that our organisations remain up to date and strong in terms of technical resilience, but just as important is ensuring our people are aware of the types of methods used by hackers to illicit information and build the resources for an attack.

We must have strong control measures in place for passwords and other access information and ensure our staff fully appreciate the potential impact if we get this wrong, but equally we must ensure our people understand the many other methods used, some of which are incredibly clever. The damage caused can be fatal for a business with complete loss of confidence from your hard earned customer base.

Chris Regan AMBCI is the Director of Blue Rock Risk Limited, a specialist crisis and risk management consultancy which runs a programme called Cyber Aware that focuses completely on the people side of cyber security. Chris works with both private and public sector clients to help them plan, prepare and respond effectively to a wide range of crisis and risk issues. Chris can be contacted by email at This email address is being protected from spambots. You need JavaScript enabled to view it. or by telephone 0117 2440154.

Wednesday, 30 November 2016 00:00

BCI: The maturing world of business continuity

The Business Continuity Institute - Nov 30, 2016 16:31 GMT

It’s been two years since winning the BCI Global Newcomer of the Year Award, and just as long since I featured in the Business Continuity Institute’s '20 in their 20s' publication, so I’ve decided to re-read my contribution to see what’s changed.

In 2014 it was clear to me that the academic world of business continuity was rapidly maturing. My undergraduate degree had a BC-specific module much like many other courses at the time. The BCI was also developing its very own diploma, and you only had to do a quick search online to realise the growing number of universities offering BC-dedicated postgraduate courses, and see just how popular the subject was becoming.

Add to this the emergence of the Business Continuity Management Academic Journal and it’s easy to see how some individuals were embarking on an exclusively theoretical BC journey for several years before ever even working a single day in the field. As a junior professional at the time I was becoming concerned about not having the right skills to take the next step in my career.

Professional immaturity and hindsight

So what has changed? On a personal level, my views on the development of junior professionals in our field has matured and I certainly see things differently now. At the time I remember being particularly frustrated by what felt like a lack of structured development and clear direction available to me. The BCI mentoring scheme was in its infancy at the time and I was probably one of the first to sign up along with the available mentors. My BC mentor wasn’t really sure what to do with me as the process was meant to be 'self-driven' by the mentee, and I wasn’t sure where to take it so I didn’t get very far with that. I’m pleased to say the mentoring framework by the BCI has made steady progress over the last couple of years and I have now signed up to the Mentor-Match scheme as a mentor should anyone wish to have me!

In 2014 I was also desperate for a competency self-assessment to help me understand exactly where to improve. I had already passed the CBCI with merit, but I still wasn’t any clearer on personal strengths and weaknesses other than that I could remember the contents of the Good Practice Guidelines. It’s because of this perceived lack of support, validation and long term development goals that I started to wonder if becoming a BC professional was even a real career.

I realise now of course that I rather naively expected the industry to mark out every inch of my career path and to explain to me at checkpoints how I was doing. I’ve since spoken to many undergraduates during my guest lectures over the last two years and I’ve come to realise that I’m not alone in this assumption. In fact, I get the impression that a number of people out there still have this level of expectation which I think needs to be levelled. This is a very self-driven process!

However, before even embarking on a career in BC/resilience, many students and graduates are looking to the industry for a solid step by step development structure, providing them with a warm cosy feeling that they have long term career journey ahead of them. I think this expectancy is partially driven by the current wealth of graduate recruitment schemes available which clearly offer this kind of structure (just take a look at the PwC, KPMG schemes etc). Although I’m yet to see any major firms offering a scheme specifically involving BC.

I also think the universities are partly responsible. They all look to reassure their students of life beyond the books by suggesting that there is a structure in place for them to develop which isn’t always the case. I’ve had some conversations with students who genuinely believe they will be guided by the hand through their career, which we all know simply doesn’t happen in the way they think.

I also expected too much from the BCI, senior colleagues and mentors. Their time and resources are extremely limited and so their efforts are essentially wasted if not used in the right way. Again, I fell into the trap of assuming the seasoned veterans would tell me exactly what I needed to do. I still believe we need to think smart and redesign the development journey for our members but that also requires us spell out what a BC professional actually looks like and how to get there. I think this alone is a major challenge given the emergence of popular concepts such as organizational resilience and cyber. We are still very much in the process of finding our place in that particular evolution so it might be a touch too difficult to fully define what is essentially a moving target.

More recently, there were some worthwhile discussions at BCI World 2016 during the #hire2retire session which looked at the business continuity career path. I would urge everyone to take a look. A very good insight from these discussions was captured by PwC’s Rebecca Robinson who recognises the need to remain flexible, but also to get out there and broaden your experience. Again this goes back to being a sell-driven professional.

Self-driven career positioning

If anything, the last two years have taught me the importance of self-driven career development. I needed to undertake some self-evaluation and decide on what direction I needed to take. My main aim for the future is to become a highly effective resilience manager with a good understanding of the threat landscape for the business in which I work. It’s because of this approach that I started to identify some seriously worrying knowledge gaps (namely IT security or cyber). I started to notice that more and more of my business disruptions/major incidents at work specifically related to IT/data breaches or threats thereof. I found myself constantly at the whim of the Chief Technology Officer and other technical staff to assure me that controls were in place, which of course found to be lacking when incidents really did occur.

I’ve spent the last year being immersed into cyber security so I can get ahead of the game. I’ve retrained in, CompTIA Security +, CSX – Cyber Security Fundamentals and CRISC and I now work closely on new and emerging technology in banking networks. I’m already stronger for the experience and I can comfortably challenge the views expressed by those in the business who are deemed technical who often try to bamboozle other management with 'tech-speak'. Ultimately this will make me a more effective resilience manager in the future when the right role comes my way. 

Luke Bird MBCI received the 2014 BCI Global Award for Best Newcomer and is a self published author in business continuity and has several articles published on the BCI and Continuity Central websites. He has successfully delivered and maintained a full programme of ISO 22301 certification and fully completed a series of major Work Area Recovery rehearsals around the UK . Luke is also widely known for his 'BlueyedBC' brand where he uses his online presence to share learning and experience among professionals in the industry and often attends universities to provide guest lectures to undergraduates studying the discipline.

Risk avoidance is the elimination of hazards, activities and exposures that can negatively affect an organization’s assets. Whereas risk management aims to control the damages and financial consequences of threatening events, risk avoidance seeks to avoid compromising events entirely.

When determining your risk mitigation strategies, don’t confuse the strategies of risk avoidance or risk acceptance with risk ignorance. Risk ignorance is a situation where the knowledge about the risk (and any underlying phenomena and processes) is poor. Just because there are no remediation strategies currently in place does not mean that a conscious decision has been made to accept the risk.

We perform assessments regarding risk and risk impact on a daily basis. We then use those assessments to determine our choice of action. A good example is wearing a seat belt. We might observe that experienced drivers are more likely to understand the risks inherent in car travel, and thus choose to wear seat belts, whereas the less experienced driver (think teenagers) may have to be reminded constantly of those risks– at least in my house. These are contrasting examples of risk avoidance (seat belt use) and risk ignorance (no seat belt use). Neither should be confused with risk acceptance (car travel is dangerous, but I don’t want to wrinkle my clothes, so I’m not going to wear my seat belt).

...

https://www.mha-it.com/2016/11/defining-risk-avoidance/

Today, many organizations are taking a look at cloud from a new lens. Specifically, organizations are looking to cloud to enable a service-driven architecture capable of keeping up with enterprise demands. With that in mind, we’re seeing businesses leverage more cloud services to help them stay agile and very competitive. However, the challenge revolves around uptime and resiliency. This is compounded by often complex enterprise environments.

When working with cloud and data center providers, it’s critical to see just how costly an outage could be. Consider this – only 27% of companies received a passing grade for disaster readiness, according to a 2014 survey by the Disaster Recovery Preparedness Council. At the same time, increased dependency on the data center and cloud providers means that overall outages and downtime are growing costlier over time. Ponemon Institute and Emerson Network Power have just released the results of the latest Cost of Data Center Outages study. Previously published in 2010 and 2013, the purpose of this third study is to continue to analyze the cost behavior of unplanned data center outages. According to the new study, the average cost of a data center outage has steadily increased from $505,502 in 2010 to $740,357 today (or a 38 percent net change).

Throughout their research of 63 data center environments, the study found that:

...

http://www.datacenterknowledge.com/archives/2016/11/29/mission-critical-cloud-designing-enterprise-cloud/

As the Atlantic, eastern Pacific and central Pacific 2016 hurricane seasons end today, NOAA scientists said that all three regions saw above-normal seasons.

For the Atlantic, this was the first above-normal season since 2012. The Atlantic saw 15 named storms during 2016, including 7 hurricanes (Alex, Earl, Gaston, Hermine, Matthew, Nicole, and Otto), 3 of which were major hurricanes (Gaston, Matthew and Nicole). NOAA’s updated hurricane season outlook in August called for 12 to 17 named storms, including 5 to 8 hurricanes, with 2 to 4 of those predicted to become major hurricanes.

Five named storms made landfall in the United States during 2016, the most since 2008 when six storms struck. Tropical Storm Bonnie and Hurricane Matthew struck South Carolina. Tropical Storms Colin and Julia, as well as Hurricane Hermine, made landfall in Florida. Hermine was the first hurricane to make landfall in Florida since Wilma in 2005. 

Atlantic hurricane season

Several Atlantic storms  made landfall outside of the United States during 2016: Tropical Storm Danielle in Mexico, Hurricane Earl in Belize, Hurricane Matthew in Haiti, Cuba, and the Bahamas, and Hurricane Otto in Nicaragua.

The strongest and longest-lived storm of the season was Matthew, which reached maximum sustained surface winds of 160 miles per hour and lasted as a major hurricane for eight days from Sept. 30 to Oct. 7. Matthew was the first category 5 hurricane in the Atlantic basin since Felix in 2007.

Matthew intensified into a major hurricane on Sept. 30 over the Caribbean Sea, making it the first major hurricane in that region since Poloma in 2008. It made landfall as a category 4 major hurricane in Haiti, Cuba and the Bahamas, causing extensive damage and loss of life. It then made landfall on Oct. 8 as a category 1 hurricane in the U.S. near McClellanville, South Carolina.

Matthew caused storm surge and beach erosion from Florida through North Carolina, and produced more than 10 inches of rain resulting in extensive freshwater flooding over much of the eastern Carolinas. The storm was responsible for the greatest U.S. loss of life due to inland flooding from a tropical system since torrential rains from Hurricane Floyd caused widespread and historic flooding in eastern North Carolina in 1999.

“The strength of Hurricane Matthew, as well as the increased number of U.S. landfalling storms this season, were linked to large areas of exceptionally weak vertical wind shear that resulted from a persistent ridge of high pressure in the middle and upper atmosphere over Caribbean Sea and the western Atlantic Ocean,” said Gerry Bell, Ph.D., lead seasonal hurricane forecaster at NOAA’s Climate Prediction Center. “These conditions, along with very warm Caribbean waters, helped fuel Matthew’s rapid strengthening.”

Eastern and central Pacific Hurricane Seasons

The eastern Pacific hurricane basin, which covers the eastern Pacific Ocean east of 140 degrees West, produced 20 named storms during 2016, including 10 hurricanes of which 4 became major hurricanes. July through September was the most active three-month period on record for this basin. NOAA’s eastern Pacific hurricane season outlook called for 13 to 20 named storms, including 6 to 11 hurricanes, 3 to 6 of which were expected to become major hurricanes.

Pacific hurricane season

The central Pacific hurricane basin covers the Pacific Ocean west of 140 degrees West to the International Date Line. This basin saw seven tropical cyclones (includes tropical depressions and named storms) during 2016. All seven became named storms, and included three hurricanes of which two were major hurricanes. Tropical Storm Darby made landfall on the Big Island of Hawaii, marking the first time in recorded history that two storms in three years struck the Big Island (Darby in 2016 and Iselle in 2014). NOAA’s central Pacific hurricane season outlook called for 4 to 7 tropical cyclones. That outlook did not predict specific ranges of named storms, hurricanes and major hurricanes.


NOAA's mission is to understand and predict changes in the Earth's environment, from the depths of the ocean to the surface of the sun, and to conserve and manage our coastal and marine resources. Join us on Twitter, Facebook, Instagram and our other social media channels.

In Henry IV Part 1, Owen Glendover, the leader of the Welsh rebels, joins the insurrection against King Henry. Glendower, a man steeped in the traditional lore of Wales, claims to command great magic. Therefore, mysterious and superstitious, he sometimes acts in response to prophecies and omens. In the play, Glendover boasts to Hotspur, “I can call the spirits from the vastly deep.” Hotspur deflates Gelendover with, “Why, so can I or so can any man; But will they come when you call them?”

Any business owner or senior leader can call the same spirits of strategy from the vastly deep, but business outcomes tattle. They tell us that too often the spirits don’t come. Or, they come, but no one knows what to do with them once they’re there. Successful leaders realize they can’t command magic, but they can create a magical alchemy to turn the raw materials of a strategy into gold and then tie the succession plan to it. Here’s how:

...

http://corporatecomplianceinsights.com/10-ways-to-tie-a-strong-strategy-to-an-equally-strong-succession-plan/

Can these two items coexist? Business continuity is about keeping things going, whereas business transformation is often about breaking things (figuratively, if not literally) to get out of a rut and into a new, more competitive mode of business.

The quick answer is to go beyond the superficial meaning of the word “continuity” and apply business continuity in a context of change, not stagnation. In practice, this means watching out for a number of challenges.

Because business transformation is seldom an option (every enterprise must go through it at some point), let’s consider four steps to making it happen and see how business continuity gets involved at each step.

...

http://www.opscentre.com/business-continuity-business-transformation/

(TNS) - As Ohio State University students and faculty dealt with a campus attack today, the Ohio Senate this week could pass a bill that would reduce the penalty from a felony to a misdemeanor for carrying a gun on a college campus.

House Bill 48, which passed the Republican-controlled House a year ago, 68-29, also would allow universities to adopt policies permitting people to carry concealed handguns on campus.

According to authorities, the man who unleashed an attack at Ohio State today used his vehicle to run people over, and then wielded a butcher knife. He was killed by a campus police officer.

The bill was already scheduled for a possible Senate committee vote on Wednesday morning, prior to the attack at Ohio State. It is set for two hearings this week, and the full Senate could take up the bill as early as Wednesday afternoon, if leaders so choose.

...

http://www.emergencymgmt.com/safety/Ohio-lawmakers-may-reduce-penalty-for-carrying-gun-on-college-campuses.html

The Florida Keys Mosquito Control District voted to approve the use of genetically modified mosquitoes in a trial that will examine whether releasing the mosquitoes in Monroe County will reduce the area’s Aedes aegypti population.

I must confess, this makes me think of all of the “great” ideas that have gone bad over the years….invasive plants introduced in order to curb some other plant ( remember Kudzu??) or Eucalyptus trees in the west planted for railroad ties and now are major fire risks in many locations.  Not good….so what about a genetically modified mosquito…what could possibly go wrong?!?!?

The genetically engineered mosquitoes, referred to as self-limiting Friendly mosquitoes (Oxitec), are male mosquitoes modified to produce offspring that do not survive past the late larval or early pupal stage. A small survey conducted in 2015 showed that most respondents in Monroe County did not support the insect control method; however, residents voted on Nov. 8 to approve its use in the area.

...

https://ems-solutionsinc.com/blog/florida-genetically-modified-mosquitoes-effort-curb-zika/

A recent CTERA survey of 400 IT decision makers and IT specialists found that 36 percent of respondents said the loss of data in the cloud would be more catastrophic than their data center crashing, and 14 percent said it would cost them their jobs.

At the same time, 67 percent of respondents deploy more than 25 percent of their applications in the cloud, and 37 percent plan to grow their cloud use by 25 percent or more.

Fifty-four percent of respondents are using a hybrid cloud strategy that leverages both on-premises and cloud services.

Still, 66 percent of respondents say there's less focus on backing up cloud data due to an assumption that the cloud is inherently more resilient than on-premises applications.

...

http://www.esecurityplanet.com/network-security/36-percent-of-it-pros-say-loss-of-data-in-the-cloud-would-be-catastrophic.html

(TNS) - Though there have been no reported cases of disaster relief money being used fraudulently in Brunswick, the Georgia Emergency Management and Homeland Security Agency (GEMHSA) issued a statement this week cautioning Hurricane Matthew survivors to use recovery assistance only for its intended purposed.

“FEMA and GEMHSA work together all year round in preparedness, response, recovery and mitigation,” said Robert Porreca, a FEMA spokesperson.

According to Porreca, officials are reminding Georgia Hurricane Matthew survivors that improperly using the money could be a violation of the declaration survivors sign to receive the grants and could result in denial of future assistance.

Once approved for disaster grants, those who apply and are approved for disaster assistance receive FEMA aid by way of a check or direct deposit to their checking account. The money is accompanied by a letter from FEMA about the grant and how it can be spent.

...

http://www.emergencymgmt.com/disaster/FEMA-encourage-disaster-grant-recipients-to-use-funds-for-intended-purpose-as-Dec-deadline-nears.html

SAVANNAH, Ga. – Georgia disaster survivors living in the 10 counties affected by Hurricane Matthew do not have to wait for an insurance settlement to apply for federal assistance.

Survivors have until Dec. 16, only three weeks away, to register with FEMA.

Registration is encouraged even if survivors are uninsured or have policies that don’t cover temporary housing while they’re repairing or rebuilding their homes. Waiting for an insurance settlement could mean missing out on federal grants or other resources.

Even if a survivor is insured, the policy may not cover everything. Providing FEMA with insurance information could mean consideration for additional assistance.

Federal assistance is available to eligible individuals and households in Bryan, Bulloch, Chatham, Effingham, Evans, Glynn, Liberty, Long, McIntosh and Wayne counties. Damage or losses from Hurricane Matthew must have occurred Oct. 4-15.

Many of those with Hurricane Matthew damage have already filed claims through their insurance carriers. Recovery officials suggest they register with FEMA even while waiting for an insurance settlement.

Once registered, applicants with insurance policies covering storm-related loss and damage are mailed a "Request for Information" as part of FEMA’s verification process to avoid duplicating insurance payments. By law, federal assistance cannot duplicate assistance provided by other sources.

Applying for disaster assistance is a two-step process that ensures consideration for all FEMA programs and the U.S. Small Business Administration disaster loans. First, register with FEMA. Second, complete and return the SBA loan application, if one is offered. There is no charge to apply for the loan and if approved, no obligation to accept it.

Disaster survivors may register the following ways:

For updates on Georgia’s Hurricane Matthew response and recovery, follow @GeorgiaEMA and @FEMARegion4 on Twitter and visit gemhsa.ga.gov and fema.gov/disaster/4284

# # #

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Wednesday, 23 November 2016 00:00

FEMA: Coping with Holiday Stress after a disaster

TALLAHASSEE, Fla. – The holiday season can be a stressful time. For individuals and families looking to rebuild from recent disasters, the approaching holiday may be especially difficult. 

Taking care of yourself and staying in touch with your family and friends during the holidays is an important part of maintaining your physical and mental health as you continue to recover from the Florida hurricanes. 

Some signs of disaster-related stress may include: 

• Feeling sad during a holiday season when you are seeking a new home or dealing with memories of a lost loved one. 
• Feeling lonely, especially when holiday activities are reminders of happier times with those who will be missing from this year’s festivities. 
• Feeling physically and mentally drained. 
• Having difficulty making decisions or concentrating on tasks at hand. 
• Experiencing changes in appetite or sleep patterns. 
• Increasing alcohol or substance abuse. 
 
Establishing a comfortable routine is helpful, but takes time. Here are some actions to undertake: 
• Ensure that you have a safe place to stay. 
• Maintain a balanced diet and drink plenty of water. Too much holiday "cheer" can increase your stress. 
• Get adequate sleep and rest. 
• Stay positive. Remind yourself of how you have dealt successfully with difficulties in the past. 
• If you have children, be patient and give them extra time and affection. 
• Take each day one day at a time. Live in the present without burdening yourself with the things that you need to do in a week or a month. 
 

Ways to ease stress include: 

• Talk with someone about your feelings of anger, sorrow or other emotions, even though it may be difficult. 
• Seek help from professional counselors who deal with post-disaster stress.
• Do not hold yourself responsible for the disastrous event. 
• Use existing support groups of family, friends and religious institutions. 
• Honor your holiday traditions, but be flexible and prepare for new activities. 
 

Help can be found by visiting the Substance Abuse and Mental Health Services Administration (SAMHSA) Disaster Distress Helpline website at http://www.samhsa.gov/find-help/disaster-distress-helpline/contact-us, or by calling 1-800-985-5990 (press for Spanish). The national hotline is dedicated to providing year-round immediate crisis counseling for individuals experiencing emotional distress related to any natural or human-caused disaster. You can also Text "TalkWithUs" to 66746 (Spanish speakers, text Hablanos to 66746) to connect with a trained crisis counselor. 

For more information on Florida’s disaster recovery, visit fema.gov/disaster/4280, fema.gov/disaster/4283, twitter.com/femaregion4, facebook.com/FEMA, and fema.gov/blog, floridadisaster.org or #FLRecovers. For imagery, video, graphics and releases, see fema.gov/Hurricane-Matthew. 

### 

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. 

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-3362 (voice, 711/VRS - Video Relay Service) (TTY: 800-462-7585). Multilingual operators are available (press 2 for Spanish

There’s saving money, and there’s really saving a lot of money.

 

The distinctions aren’t always clear to budget enthusiasts who may sometimes enjoy drilling a little too deep to achieve arbitrary percentages of cost reductions by only trying to make the tiniest of trims here and there.

For instance, it’s not hard to thinly slice away at a few employee perks, maybe not send as many people to conferences/networking events, or switch from occasional catered employee lunches to less frequent potlucks. Some companies have considered minor cuts to hours, based on the hope that productivity won’t change drastically at 32 hours a week instead of 40, and they won’t have to pay as much in benefits.

...

http://www.datacenterknowledge.com/archives/2016/11/23/reduce-costs-improve-efficiency-infrastructure/

If your data recovery plans are lengthy, detailed, and/or “bare metal” based, requiring comprehensive operating system, database and application recovery steps, then they are almost certainly out of date and not functional. If that is the case, then you should probably revisit your recovery strategy and ensure that it meets your business needs (that is a topic for a different blog). Even if your plans are not “bare metal” based recovery, they are probably not functional.

With the current technologies (e.g., virtual servers, virtual storage, storage-based replication, application-based replication, disk to disk backup), data recovery plans should be very different from what they were even 10 years ago when these technologies were first becoming more common.

To make your data recovery plans functional, you should ensure that the following are items are included:

...

https://www.mha-it.com/2016/11/data-recovery-plans/

Tuesday, 22 November 2016 00:00

FEMA: How to Get Prepared for the Holidays

I don’t know about you, but right now all of my social media feeds are full of photos of early holiday decorations, descriptions of many communities’ first snows, and chatter over what stores are going to have the best sales on Black Friday. It’s the week before Thanksgiving and so these things have essentially become tradition.

That first snow? That just happened in places like my hometown in New York and in the southeast. Schools were closed or had delayed openings. It’s served as a rude awakening that it’s not summer anymore. (I know that I was definitely one of the people that were in denial about winter coming.)

With that inevitably happening and the holiday season about to start in just a matter of days, there are a few simple things that you can do right now to get yourself ready.

  1. If you’re heading out to visit family or friends, pack a few extra things like a first aid kit, a flashlight, and a spare charger for your phones or tablets. Those could come in quite handy in case of any kind of weather or delay in travel.
  2. If you’re the one preparing a delectable feast for Turkey Day (or any of the other upcoming holidays), make sure you’re being safe by keeping kiddos away from sharp objects and hot surfaces and cooking your bird all the way through. (Pro Tip: Our friends over at foodsafety.gov have some really helpful advice for making sure your meal is not only safe, but delicious as well.)
  3. Check out the Holiday Social Media Toolkit to help your friends and family be in the know about how they can have a safe and great holiday too.

This time of year is a wonderful one (even though many of us aren’t quite fans of the drop in temperatures) to spend with your friends, family, and loved ones. We would love to encourage you to do three more things: Be safe, eat well, and have a lovely holiday season.

--Jessica Stapf, Digital Storyteller at FEMA

https://www.usfa.fema.gov/prevention/outreach/cooking.htmlThanksgiving safety tip graphic

The Business Continuity Institute - Nov 22, 2016 17:03 GMT

The Business Continuity Institute is delighted to announce that Tim Janes Hon. FBCI will be the new Vice Chair of the Board of Directors at the Institute, as voted for by his fellow members of the Global Membership Council. Tim takes over from James McAlister FBCI who becomes Chair following the end of David James-Brown FBCI’s two years in charge.

Tim, a Director at Risk Management Design in Australia, has previously served as one of the Membership Directors on the BCI Board, and as the representative for Australasia on the BCI's Global Membership Council.

On taking up the new role, Tim commented: "This is an exciting time to be elected as the new Vice Chair of the BCI. We have a new Executive Director and great plans for enhanced member services and international growth. Recent world events have shown how political, social and economic ‘certainties’ can be overturned. I think these conditions together, will present many opportunities for our profession to show how we help organisations to manage through unfamiliar, disruptive challenges. My goal is to help the BCI to provide practical and effective support for all members in this dynamic global environment."

Sixty-six percent of the general population has been traumatized at some point. Eighty percent of workers feel stressed on the job. When you combine a traumatic experience and stress, the risk for adverse workplace behaviors can be high. To combat this, emergency managers can collaborate with leadership and human resources to improve resiliency components and decrease stress among their teams.

There are different definitions of trauma. For example, the University of Maryland defines trauma as “an experience that causes physical, emotional, psychological distress or harm. It is an event that is perceived and experienced as a threat to one’s safety or to the stability of one’s world.” The Substance Abuse and Mental Health Services Administration (SAMHSA) defines trauma as “experiences that cause intense physical and psychological stress reactions, which could be a single event, multiple events, or a set of circumstances experienced by an individual as physically and emotionally harmful or threatening, and have long lasting effects to the individual.”

...

http://www.emergencymgmt.com/health/Trauma-and-How-It-Can-Adversely-Affect-the-Workplace.html

Tuesday, 22 November 2016 00:00

Ethics and Your IT Sourcing Strategy

IT servers, enterprise applications, data centres and cloud services might seem world away from other sectors traditionally attracting attention in terms of a ethical sourcing strategy.

Yet many of the same issues like bribery, coercion, extortion, favouritism, and illegal sourcing are also potential risks in IT sourcing, both directly and indirectly.

Apple’s problems with Foxconn, its manufacturer of iPhones, illustrates the problem. Riots and suicides in the Taiwanese company’s workforce also tarnished Apple’s reputation. An IT sourcing strategy has to take ethical procurement into account if it wants to avoid similar problems.

...

http://www.opscentre.com/ethics-sourcing-strategy/

An Example of What Not to Do

More organizations are realizing the benefits of mass communications and have implemented at least some type of solution to enable instant notifications with their  employees. With so many people using mobile phones, it’s obvious that these notifications must involve mobile communication. Text alerts are gaining in popularity but not all text notifications are helpful. In fact, some can be detrimental to public safety.

Take, for instance, the New York City and New Jersey bombings that occurred earlier this year. Kudos to the states for having an emergency alert system in place to notify its residents of such threats, but instead of celebrating its success, it has become a case study in how NOT to send out mass notifications.

The FCC’s Wireless Emergency Alert (WEA) system was used to send short text messages to cell phone users in the NYC area alerting them to watch out for a bombing suspect named Ahmad Khan Rahami. Can you spot why this text was completely ineffective and even dangerous?

...

https://www.alertmedia.com/the-right-way-and-the-wrong-way-to-send-out-mass-notifications/

Successful IT project teams require a good balance of resources with different skills and perspectives. The best technical SME’s are creative problem solvers with experience operating in complex and nuanced environments. Great business PMs foster trusted relationships with stakeholders and ensure that their technical counterparts are supported. A powerful business tool is created when a unified team dynamic is fostered between the two skillsets.

A poorly aligned team can not only be stressful to manage; it also exposes the business to higher levels of risk. In these situations, organizations are susceptible to the following negative outcomes, among others.

  • Rushed changes that don’t fully factor in people or technology impacts
  • Delayed delivery because risks are too high and ownership is unclear
  • Products that don’t focus on quality or usability

...

http://www.enaxisconsulting.com/managing-technical-projects-without-a-technical-background/

It's hard to believe Cyber Monday is only a week away. For many traditional and ecommerce retailers, Cyber Monday is the most significant online shopping day of the year. And it won’t stop there. Online shopping over the next few weeks will provide a significant boost to many companies’ bottom lines.

Monitoring and communicating information about IT outages and failures associated with online retail shopping can be a daunting task. At any time of the year, IT professionals are under intense pressure to safeguard the security of their organization’s data and physical facilities, and to ensure information continues flowing in the event of a disruption.

...

http://blog.sendwordnow.com/cyber-monday-brings-communication-challenges-for-it-departments

According to PhishMe Inc.'s 2016 Q3 Malware Review, the proportion of phishing emails that deliver some form of ransomware reached 97.25 percent in the third quarter of 2016.

Locky ransomware executables were the most commonly-identified file type in the third quarter, PhishMe found. "Locky will be remembered alongside 2013's CryptoLocker as a top-tier ransomware tool that fundamentally alterered the way security professionals view the threat landscape," PhishMe CTO and co-founder Aaron Higbee said in a statement. "Not only does Locky distribution dwarf all other malware from 2016, it towers above all other ransomware varieties."

And while just 2.75 percent of phishing emails delivered non-ransomware malware, the diversity of malware samples in those emails far exceeded that of the ransomware campaigns.

...

http://www.esecurityplanet.com/network-security/over-97-percent-of-all-phishing-emails-deliver-ransomware.html

Monday, 21 November 2016 00:00

BCM & DR: Know Your Requirements!

Have you ever been in the situation where you ask your significant other what they want for dinner but receive the response that sounds non-committal and open ended?  They don’t care what it is; they’ll eat whatever you make only to say they weren’t in the mood for what it was you made for them?  It happens allot I’m sure, just as it happens in the BCM / DR world. 

Some IT groups (those responsible for IT Technology Recovery) just start throwing around ideas and thoughts of what they believe they need or want and start making determinations and decisions without fully investigating what it is they really need.  They start speaking for the clients and customers – their business – and moving forward based on what they believe if required only to get further down the path and find out that what they set up or have started in progress, doesn’t and won’t meet the need of their business.  They didn’t investigate the requirements; the very things that will determine what path they need to take in setting up a Technology Recovery Plan (TRP).

...

https://stoneroad.wordpress.com/2016/11/20/bcm-dr-know-your-requirements/

The Business Continuity Institute - Nov 21, 2016 16:35 GMT

Two thirds of organizations aren’t prepared to recover from a cyber attack, according to a new study by the Ponemon Institute on behalf of Resilient (an IBM Company), and only a third of organizations feel they have a high level of cyber resilience.

The Cyber Resilient Organization Study found that 75% of respondents admit they do not have a formal cyber security incident response plan (CSIRP) that is applied consistently across the organization. Of those with a CSIRP in place, 52% have either not reviewed or updated the plan since it was put in place, or have no set plan for doing so. Additionally, 41% say the time to resolve a cyber incident has increased in the past 12 months, compared to only 31% who say it has decreased.

"This year’s cyber resilience study shows that organizations globally are still not prepared to manage and mitigate a cyber attack," said John Bruce, CEO and co-founder of Resilient. “Security leaders can drive significant improvement by making incident response a top priority – focusing on planning, preparation, and intelligence.

The study also uncovered common barriers to cyber resilience. The majority – 66% – say “insufficient planning and preparedness” is the top barrier to cyber resilience. Respondents also indicate that the complexity of IT and business processes is increasing faster than their ability to prevent, detect, and respond to cyber attacks – leaving businesses vulnerable. This year, 46% of respondents say the “complexity of IT processes” is a significant barrier to achieving a high level of cyber resilience, up from 36% in 2015. 52% say “complexity of business processes” is a significant barrier, up from 47% in 2015.

It is perhaps this lack of preparedness that contributes to cyber attacks and data breaches featuring as the top two concerns for organizations according to the Business Continuity Institute's latest Horizon Scan Report. This report revealed that 85% and 80%, respectively, of respondents to a global survey expressed concern about the prospect of these two threats materialising.

The Cyber Resilience Report, also published by the BCI, revealed that two thirds of organizations experienced a cyber security incident during the previous year and 15% experienced at least 10. This shows that the cyber threat is very real and organizations must take it seriously and prepare themselves to combat against it more effectively.

While companies are seeing the value of deploying an incident response plan, there is still a lag in having the appropriate people, processes, and technologies in place,” said Dr. Larry Ponemon. “We are encouraged that this is becoming a more important part of an overall IT security strategy.

The Business Continuity Institute - Nov 21, 2016 09:49 GMT

This news item contains embedded media. Open the news item in your browser to see the content.

That unmistakable feeling that the world just got unstable is becoming a way of life in NZ, but you never get used to the nightmare that is an earthquake. It seems almost comical to chuck a Senior Business Continuity Consultant into an earthquake, then be evacuated due to a tsunami risk - exactly what we preach daily!

The one that hit our two-story house at Waikuku Beach just after midnight on Monday 14th November, felt like it was never going to stop. As a Crisis Management Consultant, I frequently talk about my experiences in the Christchurch 2010/11 earthquake and the stress that each aftershock brings, because you never really know how long it's going to last. This was no aftershock, this was the real deal and it just wouldn’t stop, 40 seconds of the ground turning to jelly then, 2-3 minutes of it trying to settle into its new bed beneath our feet. Remember in the 80's when those water beds came out and destroyed everyone's backs? Well, it felt like my home had been placed on one of those and we were told to brace.

Survival mode kicks in, following the standard drill; drop, cover, hold. A quick inspection for damage, a couple of broken ornaments but no rushing water, no cracks in the walls. Initial impact assessment complete. Time to get the incident team together, me and the wife! Sorry old habits die hard, processes just kick in and stuff gets done, yes I'm an incident nerd!

Things are not good, but are we in a crisis yet? If we are then this definitely has the characteristics of a sudden crisis:

  • Unpredictable, unexpected: Fast asleep in dreamland this was certainly unexpected.
  • High degree of instability: we were certainly all over the place for the first five minutes, is this really happening again after the five years of torment already?
  • The immediate potential for extreme negative results: Things seem OK in our world but we had no idea that most of NZ were feeling this one. My flight to wellington later in the day was looking doubtful.
  • Immediate management attention, time and energy: With the realisation of a real threat of tsunami, my attention was now focusing on our escape plan.
  • Often brings about organisation change: Living at the beach is losing its charm, my wife is looking for higher ground!

Being in the business and being an earthquake veteran the 'grab bag' is always ready to go. The basics in tow - torch, gas cooker, first aid kit, water, tins of beans, battery charger, sleeping bag etc, and of course, dog food! So when the tsunami alert was given we were ready to go. We had a plan and we were just about to put it into effect.

But planning and doing are two different things, again something I've spent many years trying to teach. The realisation when we drove out of our drive joining the rest of the fleeing villagers, that we might not see our house again, can't be simulated in an exercise. Not that I have made my wife practice our evacuation procedures, I'm not that much of a nerd! But I was working hard to recall my training on the human impact of a crisis. Magnified by the fact that our animal family was one short, the cat was nowhere to be seen! Despite trying to follow what you've been taught and what we know as professionals, emotions start to sink in. Driving away in the pitch black with our lovely, peaceful house fading into the background in my rear view mirror, not knowing whether it would handle the night ahead.

Impact assessment complete, the team assembled, communications complete to my son in Wellington and our recovery strategy initiated, we relocate to an alternate location. Classic 5 initial steps to managing your crisis.

Of course, these actions relate to recovering your business, but why not relate them to your own preservation too? Having a plan, any plan is always a good idea. In a night of unknowns and real stress, it certainly helped to focus my mind. After seven hours of sitting in our truck on a hill with the dogs, not knowing if the five-meter wave predicted was coming, it was a relief when we got the all clear to head home.

Time now to put my business continuity for my business into action. My clients in New Zealand (Wellington, Christchurch, Nelson and Tauranga) were dealing with their own issues, so our meetings were put on hold. But my Australian clients would still need attention. My Maximum Allowable Outage (MAO) 24 hours, for my critical process Respond to client enquiries and issues, was not under threat.

Lessons learned:

Every incident is different, this was real - not a test, but we can still learn from it. We can always do things better. My fuel tank on the truck had dropped below half full. Always keep it above half.

Don’t panic, it really doesn’t help. Your employees or your wife won't appreciate it, people need to be led by a strong confident leader.

Make a decision. The tsunami alarm didn’t work, some people stayed. The radio said leave because that was the advice from Civil Defense. Better to get ahead of the game, you can always come back if it’s a false alarm.

Have a good plan for the pets, they have to come and they don’t always want to. The cat needs a cat box, he will run off the first chance he gets.

Have your grab bag ready to go. Check it frequently, stuff can go out of date.

Have a plan, any plan. Remember the 7 Ps. Prior preparation and planning, prevents piss poor performance!

The gas cooker was on full noise on the tailgate of the Hilux 4x4 for the first brew of the day and I have internet connectivity, we are literally 'cooking on gas'. Normal business has resumed, even if I am standing in a paddock of cows overlooking the Canterbury Plains!

Until next time, Plan, do, check, act… (I should know!)

Brad Law MBCI is a Senior Business Continuity Consultant working for Risk Logic.

Friday, 18 November 2016 00:00

BCI: Political risks are on the rise

The Business Continuity Institute - Nov 18, 2016 16:36 GMT

There has been a dramatic increase in political risks according to a new study carried out by Sword Active Risk, and this has largely been attributed to the outcome of the UK Brexit vote and the US Presidential election.

In the UK, 44% of organizations cited the political situation, and subsequent implications, as the biggest potential challenge or unknown to their business, in stark contrast to last year when supply chain and cyber security were the most significant risks being faced by companies. In the US, this year a third of companies saw the domestic political situation and supply chain as the biggest risk, when last year it was geopolitical, and physical/construction risks that were seen as more important.

Keith Ricketts, Vice President of Marketing at Sword Active Risk commented; “While both of these events were on the horizon last year, no one predicted that they would turn out quite as they have done, with the UK voting to leave the EU, and Donald Trump becoming US President. After the financial challenges of 2008 and the global recession, there was a feeling that many markets were getting back to a more even keel. This is a stark reminder that unexpected events beyond the control of companies can come out of the blue and have a dramatic impact.

Political change featured as an emerging trend in the latest edition of the Business Continuity Institute's Horizon Scan Report, with 42% of respondents to a global survey identifying it as something for business continuity professionals to watch out for. However, this report was published prior to either of these events occurring so it will be interesting to see where it features in the 2017 report, the survey for which is currently live.

(TNS) - More than a month after Hurricane Matthew’s winds and waves sunk boats and destroyed docks and marinas, questions remain as to who is responsible for cleaning up debris in local waterways and marshland areas.

While Beaufort County, S.C., is partnering with local municipalities and state agencies on efforts to remove storm debris from roadways, that’s not yet the case for debris in the water.

“For marine debris, we are not as far along in the removal process as we are with debris along the roads,” county stormwater manager Eric Larson said earlier this week. “We are working with state agencies trying to determine who is going to take the lead on this.”

...

http://www.emergencymgmt.com/disaster/Hurricane-Matthew-debris-clogs-Beaufort-County-waterways-Who-will-clean-it-up.html

Friday, 18 November 2016 00:00

Is Data the New Oil?

Intel CEO Brian Krzanich recently made the controversial statement that data is the new oil. The implication is that data is trending and gaining in power. However, I’d argue that data has always had the potential to be more powerful than oil and that what is changing isn’t its value but our ability to make use of it. Regardless of how you approach this argument, Intel is in a good position to benefit from this change, but likely needs to play an even bigger role to assure its survival, and ours.

Let’s chat about that this week because I don’t think we talk about the downside of data enough to prevent it.

...

http://www.itbusinessedge.com/blogs/unfiltered-opinion/is-data-the-new-oil.html

If you really want to be prepared for a cyber incident, you need to establish a response team (CIRT) ahead of time. Your team should be made up of everyone you can think of that can help detect, diagnose and isolate a incident. Your team members should be identified beforehand, but as each event is unique, your team may change depending on the type of incident. Your cyber-response team is different than your broader incident management team, though they do work together.

Members of your team should include:

...

http://www.mir3.com/build-cyber-incident-response-team/

Friday, 18 November 2016 00:00

BC & DR Pros, We Need Your Help!

Posted by Stephanie Balaouras on November 17, 2016

 

Each year, Forrester Research and the Disaster Recovery Journal team up to launch a study examining the state of business resiliency. Each year, we focus on a particular resiliency domain: IT disaster recovery, business continuity, or overall enterprise risk management. The studies provide BC pros, DR pros, and other risk managers an understanding of how they compare to the overall industry and to their peers. While each organization is unique, it's helpful to see where the industry is trending, and I’ve found that peer comparisons are always helpful when you need to understand if you’re in line with industry best practices and/or you need to convince skeptical executives change is necessary.

This year’s study will focus on IT disaster recovery or resiliency (my preferred term). We’ll examine the overall state of DR maturity including organizational trends, reporting lines, staffing levels, progress towards active-active data center configurations, adoption of advanced technologies for application failover and data replication, current recovery time and recovery point capabilities, and the most common causes of downtime. In our last three surveys, the number one cause downtime has been power outages, let’s see if the trend holds or if will see a new emperor of downtime like DDoS attacks.

For DRJ readers, the results and a summary analysis will be available on their website in January, and if you attend the upcoming DRJ Spring World 2017, I'll be there to deliver the results in person. For Forrester clients, myself and Naveen Chhabra will write a series of in-depth reports that will examine each of the survey topics in depth during the next several quarters. If you feel this data is valuable to the industry and you’re a DR, BC, or ERM decision-maker or influencer, please take 15 to 20 minutes to complete the survey. All the results are anonymous. We don’t even need your email address unless you’d like a complimentary Forrester report (and I promise we won’t use your email address for any other purpose).

Click here to take our survey.

The Business Continuity Institute - Nov 18, 2016 09:11 GMT

Incredible as it may seem to your average, dyed-in-the wool business continuity professional, the fact is that the majority of 'normal' business people don't find the subject of business continuity management particularly enthralling.

Why is this? There are, after all, some elements of the business continuity process that are, at the very least, vaguely interesting and, in some cases, actually quite challenging or thought-provoking.

One reason may be the way that it's usually packaged. How often do we see the person leading the process begin by a) spouting doom and gloom about all the terrible things that might befall our organisation and b) spending hours describing the business continuity lifecycle? You know the one. It usually comes with a diagram comprising a circle surrounded by words like analysis, strategy, plans, testing, maintenance and so forth. And many a seasoned business continuity professional has been known to rattle on about this process for hours on end.

Then there's the business impact analysis, usually the first activity, other than sitting through the aforementioned presentation, that the business people are asked to participate in. Unfortunately, most business impact analyses are about as exciting as watching paint dry. And when you consider that most people have an awful lot of other things vying for their time and attention, is it really any wonder that they don't fully engage with a programme that starts like this?

But it doesn't have to be like that. Whilst the various elements of the business continuity lifecycle have to be addressed in some form if the resulting capability is going to be worth anything, they don't have to be approached in a way that makes people switch off from the outset.

There are a number of things that can be done to make the business continuity programme more interesting and engaging. Examples include :

  • Starting with an exercise rather than a business impact analysis. And maybe using a format for the exercise that's entertaining or light-hearted, rather than doom-laden and pressurised. It might, for instance, include an element of competition, or the event might be structured like a game or a quiz show, rather than yet another meeting or navel-gazing session.
  • Using such games and competitions throughout the programme to stimulate discussions about important issues. You might, for instance, pit teams against each other and award points or prizes for the winners or those who correctly identify whatever it is that you want them to.
  • Engaging with the creative people in your marketing team to come up with some interesting, thought-provoking awareness materials or to create a 'brand' for the programme.

There's no law that says business continuity management has to be dull - it just happens that way in many organizations. Whilst the above suggestions won't necessarily result in a laugh-a-minute romp that people shun their other day-to-day activities to participate in (and, let's face it, what other business activities are like that?), it might make them more inclined to get involved.

So why not give it a go in your organization? All it requires is a bit of creativity. And, yes, there may be a bit more effort involved in the planning and preparation, but if you can engage people that effort will be repaid many times over in results compared with the more typical, same-old-same-old, dull-as-dishwater business continuity approach.

Andy Osborne is the Consultancy Director at Acumen, and author of Practical Business Continuity Management. You can follow him on Twitter and his blog or link up with him on LinkedIn.

Listen carefully. Do you hear it? That eerie hissing noise? It’s not a plumbing issue. It’s the sound of your data — growing exponentially by the nanosecond. With every breath and every blink of an eye, your data continues to grow, subtly yet inexorably. Think snow: The flakes fly, first one, and then another, and another, then grow to a torrent seemingly before your eyes. What was a clear, clean sidewalk has swiftly become a mountain of white stuff. It’s a lot like data: You know it’s collecting, yet when you turn your concentration to other things, suddenly you find you’re buried in information.

Whatever business you run, product or service you provide, data growth is a fact of your life. How it affects your life and your bottom line has everything to do with how you assess your data storage needs, and how effectively you respond to data expansion within your organization. Like snow, even the most accurate forecast won’t solve your shoveling problem unless you’re proactive about handling it.

How did it ever get this way with data? It’s simple, and it isn’t. First, almost every organization has an insatiable appetite for data. We crave it, create it, store it, scrutinize it, and continue to make more of it. In fact, the prestigious research company Gartner, Inc., points out that the average IT department’s data grows at the incredible rate of 40% per year. By this accounting, your storage capacity will need to double over the next year to 18 months!

...

http://www.siasmsp.com/data-is-multiplying-by-leaps-and-bounds-how-you-harness-it-makes-a-world-of-difference/

Are you weighing the benefits of cloud storage versus on-premises storage? If so, the right answer might be to use both–and not just in parallel, but in an integrated way. Hybrid cloud is a storage environment that uses a mix of on-premises and public cloud services with data mobility between the two platforms.

IT professionals are now seeing the benefit of hybrid solutions. According to a recent survey of 400 organizations in the U.S. and UK conducted by Actual Tech, 28 percent of firms have already deployed hybrid cloud storage, with a further 40 percent planning to implement within the next year. The analyst firm IDC agrees: In its 2016 Futurescape research report, the company predicted that by 2018, 85 percent of enterprises will operate in a multi-cloud environment.

Hybrid has piqued interest as more organizations look to the public cloud to augment their on-premises data management. There are many drivers for this, but here are five:

...

http://www.datacenterknowledge.com/archives/2016/11/17/five-reasons-adopt-hybrid-cloud-storage-data-center/

Thursday, 17 November 2016 00:00

12 Reasons Risk Management Fails

Risk management has gained increased attention and interest in recent years, both from industry professionals and academics. The main focus of thorough risk management is the continuous identification and treatment of the potential risks. Its objective is to add maximum continual value to all the activities within the organization. In addition, in developed and emergent countries, capital markets have become more significant and as a result, nonfinancial corporations and banks have recognized that the number, type and extent of their threat landscape and inherent risks have increased significantly. Finally, a wave of unpredictable payment-related enhancements can be considered both a source of risk and a method to mitigate.

Risk management has also gained attention considering the ongoing and widely publicized failures having roots in its erroneous implementation. Risk management failures prohibit organizations from meeting their goals, thus determining repetitive – and sometimes of exponential magnitude – business and project failures. Although the risk management approach varies among firms, enterprise risk management is an organizational pivot point in achieving corporate goals. Risk and performance are inevitably connected. By establishing a reliable and controlled process for managing risks, organizations can determine the predictability of their outcome. Enterprise risk management enables enhanced decision-making, consequently enabling significant cost savings. Additionally, if properly implemented, risk management connects risks across various levels in the organization and, in leveraging other processes such as program management, enables threat-to-opportunity conversion.

...

http://corporatecomplianceinsights.com/12-reasons-risk-management-fails/

Thursday, 17 November 2016 00:00

Your Incoming Text Messages Are Going to Change

Think you get a lot of emails? Your text messages are about to explode as well, at least that’s what I’m predicting. Why? Because more and more organizations are beginning to understand what you and I have known all along: texting is the quickest and easiest way to communicate.

Texting personal messages between friends, groups, and colleagues have become an American mainstay. I say “American” because countries like Japan and Korea rarely text. Instead, they prefer instant messaging apps. But that’s another blog for another time. The purpose of this blog is to help you understand that these interpersonal texts are most definitely going to become a little less personal.

...

https://www.alertmedia.com/your-incoming-text-messages-are-going-to-change/

Thursday, 17 November 2016 00:00

The Functional Business Impact Analysis (BIA)

Creating a functional Business Impact Analysis (BIA) can be a daunting task for any organization.  As a foundational requirement of any continuity program, it must be completed in order for you to understand risk and drive the development of plans, identification of recovery strategies, and implementation of solutions. 

As a company, MHA has conducted well over 2,000 BIA interviews. Our goal is to make sure that the information gathered and the process used are built around ensuring the functionality of the BCM Program.  Over the years, we have developed a highly-refined process to plan, conduct and report the results of a formal BIA.  That process allows for 3.5 to 4.0 hours of a business unit’s time to complete the BIA.  This includes 45 minutes to complete the pre-work, 2.5 hours or less for the interview, and 0.5 hours to validate the results.   Often, organizations are now asking us to finish interviews in as little time as possible – often in the 1 – 1.5 hours time frame!

We have learned that while it is possible to perform a BIA efficiently, it is still a time consuming process, especially when the data is significantly out of date ( > 2 years). Your questionnaire should be in compliance with best practices, but be tightly focused, have limited questions, and be objective. The goal is always a functional outcome, not just “checking the box.”

...

https://www.mha-it.com/2016/11/functional-business-impact-analysis-bia/

Stakeholders demand that companies grow, but at the same time, they expect growth to be managed to make sure the brand is not tarnished. That means enabling value as well as protecting value, which comes down to striking the appropriate balance between risk agility and risk resiliency.

For many years, risk management has focused on protecting the brand and keeping the company out of trouble. But if it’s done right, risk management is about playing not only defense but offense as well—it’s about value protection and value enablement.

...

http://www.riskmanagementmonitor.com/creating-a-strong-defense-and-offense-in-your-risk-management-program/

The human and economic costs of extreme natural disasters on poverty are much greater than previously thought and insurance is one of the resilience-building tools that could help, according to new analysis from the World Bank.

In all of the 117 countries studied, the report finds that the effect of floods, windstorms, earthquakes and tsunamis on well-being, measured in terms of lost consumption, is larger than asset losses.

It estimates the impact of disasters on well-being in these countries is equivalent to global annual consumption losses of $520 billion, and forces 26 million people into poverty each year. This outstrips other estimates by 60 percent.

...

http://www.iii.org/insuranceindustryblog/?p=4660

The Business Continuity Institute - Nov 17, 2016 11:33 GMT

How time flies, I cannot believe it’s been two years since I contributed to the Business Continuity Institute’s20 in their 20s’ publication. I’ve been in my current role for just over a year, working as a Payments Risk Manager. Whilst I no longer work with the business continuity team in Operational Resilience, BC still features as part of my remit and I am accountable for BC to the Payments Division. This includes ensuring our testing capabilities are mapped, mission critical activities are documented but also, starting to consider the resiliency of our payment services we offer as an organization.

I’d say my outlook on BC remains unchanged in the sense that I entirely value the importance of a good BCM framework and the responsibilities that support it. Equally, culture is something I massively champion in my current role and needless to say, ‘always on’ is the expectation which helps culture to evolve and mature. In my opinion, the financial services industry has responded brilliantly to the challenges faced by customer expectation, and resiliency is a key factor to ensuring we always meet those needs. Whether it be bolstering third party relationships with robust governance, to installing huge change programmes to improve IT and value chain resiliency, every financial services organization is switched on to protecting their corporate objectives as we move swiftly into the arena of innovation and digital payments.

I’ll always have a fond place in my heart for business continuity and maybe one day, I’ll find myself in a BC exclusive role again… but for now, I’m having too much fun in Payments!

Within an organization of size, you’re always going to struggle to get culture right for different initiatives. The general top down approach works well, but there’s a lot to be said for cross collaboration over different divisions and peer level interdependencies. The market also has a great stake in the corporate objectives, be it throwing the light on conduct and good customer outcomes or a competitor experiencing a widespread incident. Those ‘big ticket items’ will always prompt activity and focus and, in a way, the culture of the organization has no choice but to move with the times.

For BC in particular, it can be tough to get traction if the business has experienced calm waters for a while. The problem with that is, it doesn’t necessarily bring a call to action to the forefront of people’s minds and culture can suffer as a result. However, we’re in a different world now to where we were as an industry five years ago – IT estates are not only crucial but expectant to be fully resilient to ensure the customer expectation is met, and businesses have been purposefully carving out strategies to evolve business and IT resilience; within which, BC is a core component. In doing so, embedding the culture of business continuity becomes less cumbersome, more like a business-as-usual activity and a key part of everyone’s role.

Scarlett Morgan has worked for Nationwide Building Society for many years and in that time has worked in operations, transformation, business continuity, payments risk and technical services. In her new and current role, Scarlett works as a Development Specialist in Payments, driving process improvements and embedding corporate governance into the functions of the team.

Wednesday, 16 November 2016 00:00

Three Trends Driving Digital Business Innovation

The conventional paradigm for value creation is being abandoned, and IT organizations are struggling in the face of three major challenges. We need to look at how to extract value from an ever-growing mass of data spread across disparate sources. We must find strategies to cope with the impact and opportunity that the Internet of Things (IoT) brings. And, we need to adapt to evolving work habits and a mobile workforce.

The Promise of Big Data Analytics

This is the third generation of transformative change in IT in recent years. There’s been a shift from bespoke applications serving specific business purposes to enterprise resource planning (ERP) ushering in an era of more integrated software that helped us to better manage the execution of our businesses.

Now, with big data analytics, we’re looking for insights in all the wonderful transactional data we’ve been gathering for years. Failures in data governance and data model definition are making it difficult for analytics. In many cases, the data is simply too diverse and disparate. The full potential benefits will only be realized when we connect it together.

...

http://www.datacenterknowledge.com/archives/2016/11/16/three-trends-driving-digital-business-innovation/

This week I read an article about Canada’s struggle to unify its emergency alert system. Major Canadian cities frequently use differing systems and often those systems are unintegrated, causing the mass alert system to be inefficient and even dangerous with its omissions. As the author put it, “…the audiences for those warning are often scattered across a vast region, and the organizations that broadcast them can differ as much as the methods they use to communicate.”

While this is speaking about Canadian cities, it struck me how similar their challenges are to just about any organization worldwide. Organizations, too, struggle to find an emergency alert system that works not just for some, but for all. With so many companies comprised of a dispersed workforce that use differing devices and channels, the issue becomes less about the emergency message and more about how to get it to every employee, near and far. Leaving even one employee in the dark could mean the difference between life and death.

...

https://www.alertmedia.com/which-mass-alert-system-can-reach-the-most-people/

According to a recent study, more than 40% of businesses have experienced a ransomware attack in the last year. Of these victims, more than a third lost revenue and 20% had to stop business completely.
 
Unfortunately, the news continues to go from bad to worse. Ransomware developers are now going after the crown jewels of many organizations - their production databases. For the uninitiated, let’s explain why this is such a big deal. In today's digitalized world, massive amounts of data are being gathered every day and stored in production databases, such as Oracle, Microsoft SQL Server, and MySQL. They are so ubiquitous, that they really form the bedrock for most web applications -- sending and fetching data about customers, purchases, traffic, and website movements to and from the database. These databases are so critical that it's common for businesses to hire professional, certified database administrators just to manage these systems and keep them operational.
 
So, when these production databases get infected by ransomware, it can threaten an organization on a number of levels. The business costs fall into a few categories and they typically far outweigh the cost of the actual ransom, including:
...

SAVANNAH, Ga. – Officials urge Georgia’s Hurricane Matthew survivors to use their federal disaster aid for its intended purpose.  Improperly using the funds could be a violation of the declaration survivors sign to receive the grants and could result in future assistance being denied.

Once approved for disaster grants, Georgia survivors receive FEMA aid via check or an electronic direct deposit to their checking account. They receive a letter from FEMA providing information about the grant and how the money can be spent.

Before survivors receive their grants, they must sign a declaration and a release certifying that all funds will be spent on the expenses for which they are intended.

These grants are for repairs, temporary housing and other approved, essential disaster-related costs. Disaster recovery officials are available to help survivors understand the way grants should be spent after they receive the funds. Georgia survivors who have questions about their grants should call FEMA’s Helpline at 800-621-3362.

Federal officials caution that the funds may be deposited into bank accounts before letters announcing the grants are delivered to survivors.

Housing funds may be used for:

  • Rental assistance. Applicants who have a continuing need for temporary rental assistance must turn in valid lease and utility receipts to receive additional assistance.

  • Reimbursement for lodging expenses directly related to the disaster.

  • Repairs to windows, doors, water and ventilation systems or other structural elements to return a home to a safe and functional condition.

  • Rebuilding a disaster-damaged home.

    Recipients of FEMA’s Other Needs Assistance program grants may use the funds for:

  • Essential personal property, specialized tools for employment, household items, appliances and vehicle repair or replacement.

  • Disaster-related medical, dental, moving and child-care expenses.

    Applicants should be sure to update their personal information including addresses, phone numbers and bank accounts. If FEMA does not have the correct contact information, disaster survivors may miss letters or phone calls about their applications for assistance or payment status.

    FEMA grants cannot duplicate payments from other sources. For example, if a grant recipient receives an insurance settlement covering expenses already paid for by FEMA, those duplicated funds must be returned to FEMA.

    Federal assistance is available to eligible individuals and households in Bryan, Bulloch, Chatham, Effingham, Evans, Glynn, Liberty, Long, McIntosh and Wayne counties. Damage or losses from Hurricane Matthew in Georgia must have occurred Oct. 4-15.

    Survivors are encouraged to keep their information updated by logging into their account:

  • Online at DisasterAssistance.gov (also in Spanish).
  • Download the FEMA mobile app (also in Spanish).
  • Call the FEMA Helpline at 800-621-3362 (FEMA). Persons who are deaf, hard of hearing or have a speech disability and use a TTY may call 800-462-7585. Toll-free numbers are open daily from 7 a.m. to 11 p.m. Help is available in most languages.

For updates on Georgia’s Hurricane Matthew response and recovery, follow @GeorgiaEMA and @FEMARegion4 on Twitter and visit gemhsa.ga.gov and fema.gov/disaster/4284

# # #

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Tuesday, 15 November 2016 00:00

Have No Fear, Notification Systems are Here!

How well does your organization communicate?  If the answer is not too great, then let me share a solution that could help you.  Notification software is a rapidly growing area in business continuity.  These dynamic structures allow you to reach your employees by personal or work contact information, fax, and even SMS text. Notification software includes a plethora of features, such as reaching employees based on geographic location, if a specific population is impacted by regional events.  Time is of the essence when your organization is critically impacted.  These advancements in communication not only allow companies to locate and confirm their employees safety but enables anytime, anywhere communication.

There are endless benefits to having emergency notification systems implemented within your organization.  A few of those benefits include:

...

http://www.bcinthecloud.com/2016/11/have-no-fear-notification-systems-are-here/

Yes, building risk culture is that easy! Before I explain, let me first clear up a few weird misconceptions about risk culture that have been floating around in nonfinancial companies:

Making decisions under uncertainty is not natural

Back in the 1970s, scientists had a breakthrough in understanding how the human brain works, what influences our decisions, how cognitive biases impact on our perception of the world and so on. Daniel Kahneman and Vernon Smith received a Noble prize in Economic Sciences back in 2002 “for having integrated insights from psychological research into economic science, especially concerning human judgment and decision-making under uncertainty.” I am amazed at how many risk managers and consultants continue to simply ignore this research. Identifying, analyzing and dealing with risks is against human nature. Stop kidding yourself. The sooner we, as a professional community, accept this, the easier it will be to integrate risk management into decision-making.

...

http://corporatecomplianceinsights.com/building-risk-culture-is-easier-than-making-hot-dogs/

VIRGINIA BEACH, Va. —Even if you have homeowners’, renters’ or flood insurance, you are urged to register with the Federal Emergency Management Agency (FEMA). Registering with FEMA is a primary step in qualifying for disaster assistance after contacting your insurance agent to see if disaster damage is covered.

In the aftermath of Hurricane Matthew, FEMA is advising survivors who live in Chesapeake, Newport News, Norfolk or Virginia Beach with property damage to contact both their insurance company and FEMA. Tuesday, Jan. 3, 2017 is the last day to apply to FEMA for disaster assistance.

If you are a homeowner or renter with insurance and your home or personal property was damaged by the storm:

  • You must contact your insurance agent to file a claim with your insurance company.

  • You should be prepared to fully describe to your agent the damage caused by the storms.

  • You should keep a record of all contact you have with the agent and the insurance company.

  • You should keep a record of the claim number and the date you called to make the claim.

  • Always keep all damage repair receipts.

  • FEMA will send you a letter requesting insurance claim documentation, such as a decision letter (settlement or denial) from your insurance company, in order to further process your application.

FEMA cannot duplicate benefits that are covered by insurance, but you may be eligible for help with losses not covered or those in excess of your insurance coverage. However, you will not be considered for this assistance until FEMA receives a decision letter from your insurance company.

Homeowners and renters may be eligible for FEMA Other Needs Assistance (ONA) grants to help with uninsured or underinsured expenses and serious needs caused by the disaster, including:

  • Medical

  • Dental

  • Child care and

  • Funeral cost

Survivors who register and receive a Small Business Administration (SBA) low-interest disaster loan application should return the application. SBA applicants are not obligated to accept a loan; however, completing the application may make available additional FEMA assistance. Applicants who may not qualify for a SBA loan may be eligible for Other Needs Assistance.

FEMA encourages both insured and uninsured survivors who sustained disaster-related damage or losses to apply by phone (voice, 711 or relay service) at 800-621-3362 (TTY users should call 800-462-7585) or online at DisasterAssistance.gov. The toll-free lines are available from 7 a.m. to 11 p.m., seven days a week. Multilingual operators are available. Jan. 3, 2017 is the last day for survivors to file an application.

The Business Continuity Institute - Nov 14, 2016 00:01 GMT

Organizations exposed to significant risk due to lack of workplace recovery arrangements

Caversham, UK – A disconnect exists between business continuity professionals and end users when it comes to workplace recovery, according to a report published by the Business Continuity Institute and supported by Regus Workplace Recovery. The global study showed that, while only 12% of business continuity experts confirm their organization lacks a workplace recovery arrangement, 31% of end users claimed their employers don’t have any arrangements in place, or they are unaware of what they are.

The Workplace Recovery Report noted that even organizations with workplace recovery arrangements in place face risk and uncertainty when it comes to actual recovery plan implementation. One of every five experts feel uncomfortable that their organization’s employees will execute their work area recovery solution as planned, while 17% of end users are not comfortable they can carry on services in the case of an area-wide event.

Other findings of the report include:

  • 37% of end users are either unaware or unable to provide feedback on their organization’s workplace recovery arrangements
  • 26% of end users and 16% of experts feel that their organization’s business continuity priorities are not fully consistent with end user priorities
  • Three quarters of end users consider themselves critical, while 64% of experts believe only 20% of employees fall in this category
  • Nearly four out of every five end users believe that there is a workplace recovery plan for them in the case of a disruption
  • Work-from-home received less consideration as a workplace recovery approach from experts than from employees (26% vs 44%)
  • 45% of end users are not happy to work from home for more than two weeks
  • When deciding whether to work from an alternative location or from home, 32% of employees base their decision on ease of reaching alternative sites, while 20% focus on access to key enterprise systems, and 15% on having appropriate office infrastructure

The success of a chosen strategy such as workplace recovery depends on its proper implementation by staff, led by a capable business continuity or resilience team. The results reveal that experts have a basic level of confidence in the capability of staff to effectively execute workplace recovery during disruption. However, there are still gaps in awareness and implementation that need to be addressed.

The safety of employees remains a key priority for both workplace recovery experts and end users. This needs to be articulated by practitioners as it can facilitate staff buy-in into workplace recovery and enable embedding of business continuity throughout the organization. While priorities among experts and end users differ down the line, it is useful to communicate the importance of workplace recovery as a chosen strategy in appropriate language and along staff priorities.

Many employees also reveal a preference for working from home during an incident. This may be related to their desire to be close to their families during a crisis – a fact that should be strongly considered prior to selecting a single recovery facility that is a long distance from where the employee lives. This also carries significant implications to organizations such as ensuring that employees’ homes are conducive to such an arrangement from a business continuity, risk or health and safety perspective.

Patrick Alcantara DBCI, Senior Research Associate at the BCI and author of the report, commented: “When executed properly, in line with a holistic business continuity programme, workplace recovery can help build resilience within organizations. As part of business continuity strategy for many organizations, it is important to benchmark workplace recovery leading to better planning and implementation. The BCI Workplace Recovery Report aims to respond to practitioner demand and provide much needed insight in this subject, and we would like to thank Regus for supporting this work.

Joe Sullivan, Managing Director for Workplace Recovery at Regus, commented: “With natural disasters impossible to predict and an increased risk from other world events, the need to have an established workplace recovery plan is greater than ever. We feel that when disaster strikes, ensuring your people have a secure and productive work environment is harder than recovering your IT. We need to understand how employees will react in the aftermath of a crisis – this research starts to take a look at these behaviours and it is the first of its kind to do so.

Download a copy of the Workplace Recovery Report by clicking here.

About the Business Continuity Institute

Founded in 1994 with the aim of promoting a more resilient world, the Business Continuity Institute (BCI) has established itself as the world’s leading Institute for business continuity and resilience. The BCI has become the membership and certifying organization of choice for business continuity and resilience professionals globally with over 8,000 members in more than 100 countries, working in an estimated 3,000 organizations in the private, public and third sectors.

The vast experience of the Institute’s broad membership and partner network is built into its world class education, continuing professional development and networking activities. Every year, more than 1,500 people choose BCI training, with options ranging from short awareness raising tools to a full academic qualification, available online and in a classroom. The Institute stands for excellence in the resilience profession and its globally recognised Certified grades provide assurance of technical and professional competency. The BCI offers a wide range of resources for professionals seeking to raise their organization’s level of resilience, and its extensive thought leadership and research programme helps drive the industry forward. With approximately 120 Partners worldwide, the BCI Partnership offers organizations the opportunity to work with the BCI in promoting best practice in business continuity and resilience.

The BCI welcomes everyone with an interest in building resilient organizations from newcomers, experienced professionals and organizations. Further information about the BCI is available at www.thebci.org.

About Regus

Regus is the world’s largest provider of flexible workspace solutions and workplace recovery services, with a mission to enable individuals and businesses to work where they want, when they want, how they want, and at a range of price points. Leveraging a global network of 3000 business centres in 900 cities across 120 countries, their solutions are designed to meet the needs of today’s global, mobile and remote workforce.

The Regus Dynamic Workplace Recovery solution has revolutionised workplace recovery by enabling businesses to choose where and how to recover after an event, and was awarded the 2016 BCI European and Asia Awards for Continuity and Resilience Innovation.

Regus was founded in Brussels, Belgium, in 1989 and is based in Luxembourg. It is listed on the London Stock Exchange and is a constituent of the FTSE 250 Index. To learn more about how we are changing the world of workplace recovery, please visit

www.regusworkplacerecovery.com

There’s no question that there is a need for solid cybersecurity awareness training. Yet, how effective is it, really? A couple of studies I’ve seen recently make it seem like you can provide all of the cybersecurity education you want, but it won’t make any difference if your employees are ignoring whatever they are taught.

Research from CEB found that 90 percent are not following cybersecurity policies that are meant to prevent data breaches and other security threats, and doing so willingly. One of the biggest rule breakers is the use of shadow IT, with employees using their own devices and applications without company permission or approvals. For the employees, it’s about convenience, familiarity and better productivity. For IT and security staff, it’s a potential cybersecurity nightmare. As Brian Lee, Data Privacy practice leader with CEB, told Infosecurity Magazine:

Employees will often work around controls — especially ones they feel are onerous — as a way to make their job easier. This 'rationalized noncompliance' can not only increase privacy risks, but even jeopardize corporate strategy and ultimately growth.

...

http://www.itbusinessedge.com/blogs/data-security/cybersecurity-training-and-policies-are-useless-if-ignored.html

On October 21, 2016, the U.S. was the victim of a massive, malicious and blindsiding assault—without a foreign machine gun, grenade launcher or tank so much as touching American soil. How is that possible? Because we’re not talking not about a physical attack, but about a cyber attack. And here’s the worst part: While this recent event might have been the largest of its kind to date, it’s not going to be the last.

Understanding the Attack

So how did cyber attackers manage to take down the internet? That’s where it gets really scary. They used malware to infect the personal devices of hundreds of thousands of unsuspecting people, then used them to flood a middleman website, Dyn, with so much traffic that users were unable to access their online destinations, including prominent websites like Spotify, Amazon, Twitter, PayPal and Netflix. A Dyn spokesperson described the attack, which was conducted in three waves throughout the day and involved “tens of millions of IP addresses all hitting Dyn servers at the same time,” as “well-planned and sophisticated.”

The disruption wasn’t just inconvenient, it was also costly. According to CNN, the attack may have amounted to as much as $110 million in lost revenue and sales for the impacted businesses.

...

http://blog.sendwordnow.com/a-cyber-attack-may-be-headed-your-way-are-you-ready

What is your company’s level of Active Shooter Preparedness? How ready are you for the unthinkable?

With active shooter incidents on the rise, it is more important than ever that companies are prepared for this threat. However, recent research from Everbridge and Emergency Management and Safety (EMS) Solutions shows that is not the case, with 69 percent of organizations viewing active shooter as a top threat, yet only 23.1 percent responding that they’re fully prepared. How can you ensure your organization is prepared for this significant evolving threat?

It doesn’t matter whether you are a business continuity, security, crisis manager, crisis communications or human resource professional…this narrative has something for everyone. Everyone has skin in the game.

...

https://ems-solutionsinc.com/blog/7-best-practices-active-shooter-preparedness/

Key Drivers

I recently saw an article from Campus Safety magazine that discussed how college campuses are attempting to maximize the ROI of their alert systems. This isn’t a surprise, as it has become mandatory for schools to have some sort of mass communication system in place for emergencies. Sadly, school campuses from elementary through college have lost their sense of security after so many stories of campus violence. We’ve all mourned the tragedies of Sandy Hook, Columbine, and Virginia Tech. There have been 142 school shootings in the U.S. since 2013 and nearly every state has been affected…see the above map.

On top of everything schools have to contend with each year , these horrific crimes have quickly placed campus security at the top of the priority list. The mass notification system market is responding and is expected to grow to nearly 10 billion USD by 2021, due in part to the growing demand for public safety and increased awareness for emergency communication solutions.

..

https://www.alertmedia.com/mass-texting-software-becoming-standard-protocol-for-emergency-notification/

Master data and Big Data sit on opposite ends of the data spectrum. They look different, are managed differently, and ultimately serve different purposes. However, with the proper enterprise data practices in place, these two seemingly unrelated data sets working in tandem can add value to each other, thus becoming greater than the sum of their parts.

Master data is slow changing data. Master Data refers to attributes such as name, address, phone number, emails, contacts of your customers or attributes and features of a product. Master data can also be used to slice and dice transactional data, in order to better understand a company’s business operations and opportunities. Master data is typically small – the largest online retailers may have a master customer list that is a few millions rows of data, but for the most part, master data is much smaller in scale. Master data is also significantly cleansed and is scrubbed periodically to ensure its accuracy. On the opposite end of the spectrum is Big Data. Known for its massive volume, variety and velocity, big data is generally acquired from external sources with little or no room for cleansing or scrubbing it.

Master data and big data do share one important similarity – They can both serve as great assets for those organizations that pay close attention to them. More and more companies are expanding their horizons by exploring the vast world of unstructured data from external sources, such as social media, mobile, chats and other online interactions. As a result, there is a growing challenge within these organizations to monetize the benefits, and thoroughly understand what the data is telling them beyond insights at an aggregate level.

...

http://www.enaxisconsulting.com/big-data-and-master-data-better-together/

Friday, 11 November 2016 00:00

Automation And Sharing Are Common Themes

After years of shunning automation and information sharing efforts, the security industry is now embracing them. Every vendor conference I attended this fall talked about the need to automate some security functions in order to increase security teams' efficiency and ability to quickly detect and respond to incidents. The vendors also focused on the need to break down the silos and share information across the security and IT organizations, between vendors, and throughout the security community.

Why the change? The pace of attacks along with the continued stress of resource-constrained organizations are forcing security leaders to find new solutions.

Automating some security processes helps to fill the infamous cybersecurity skills gap and provides faster threat response. Most of the automation comes in the form of orchestrating processes which support threat investigation and hunting. Automated mitigation functions like process stopping, user quarantining, IP blocking, etc. are also possible through integrations between security analytics solutions and security controls.

After years of shunning automation and information sharing efforts, the security industry is now embracing them. Every vendor conference I attended this fall talked about the need to automate some security functions in order to increase security teams' efficiency and ability to quickly detect and respond to incidents. The vendors also focused on the need to break down the silos and share information across the security and IT organizations, between vendors, and throughout the security community.

Why the change? The pace of attacks along with the continued stress of resource-constrained organizations are forcing security leaders to find new solutions.

Automating some security processes helps to fill the infamous cybersecurity skills gap and provides faster threat response. Most of the automation comes in the form of orchestrating processes which support threat investigation and hunting. Automated mitigation functions like process stopping, user quarantining, IP blocking, etc. are also possible through integrations between security analytics solutions and security controls.

...

http://blogs.forrester.com/joseph_blankenship/16-11-09-automation_and_sharing_are_common_themes

The Business Continuity Institute - Nov 11, 2016 15:20 GMT

Winning a BCI Award, whether regional or global, is a considerable achievement. It demonstrates your dedication to the industry and reflects the effort you have put in, either as an individual or as an organization. BCI Award winners act as a shining light to those around them, giving them something to aspire to and work towards. To win a BCI Award on a regular basis however, that takes something extra special.

The Business Continuity Institute is pleased to announce that the latest inductee to the Hall of Fame is ContinuitySA, the winners of three consecutive Business Continuity Provider of the Year Awards at the BCI Africa Awards.

"Winning this award for three consecutive years was a huge honour for ContinuitySA because it represents affirmation not only from our peers but also our clients. Becoming members of the BCI's Hall of Fame provides a welcome, permanent record of that achievement, and we are most grateful to the Institute for this accolade," says Michael Davies, CEO of ContinuitySA. "I wish to recognise the fact that our place in the Hall of Fame is testimony to the fantastic people of ContinuitySA past and present – this is recognition of the massive contribution they have made to our success and to the industry as a whole."

The BCI’s Hall of Fame, set up in 2015, is for those who have not only displayed a high standard of achievement, but have done so consistently. As such, only those who have won three BCI Awards within the same category will be permitted to enter.

The Business Continuity Institute - Nov 10, 2016 16:27 GMT

At a Gala Dinner at the Novotel London West Hotel, the Business Continuity Institute presented its annual Global Awards to recognise the individuals and organizations who have excelled throughout the year.

The BCI Global Awards consist of nine categories – eight of which are decided by a panel of judges with the winner of the final category (Industry Personality of the Year) being voted for by their peers.

The BCI hosted regional awards throughout 2016 with the best in business continuity and resilience from different regions across the world being celebrated in front of their peers. The Global Awards ceremony is the culmination of the awards calendar with each of the regional winners competing to be crowned the global winner. Those celebrating at the end of the evening were:

Continuity and Resilience Consultant
Paul Trebilcock FBCI, Director, JBT Global

Continuity and Resilience Professional Private Sector
Linda Laun AFBCI, Chief Continuity Architect, IBM

Continuity and Resilience Professional Public Sector
John Ball AFBCI, Business Continuity Coordinator, Surrey and Sussex Police

Continuity and Resilience Newcomer
Tamara Boon AMBCI, Business Continuity Manager, Adidas Group

Continuity and Resilience Team
Belfius Bank Belgium Business Continuity and Crisis Management Team

Continuity and Resilience Provider (Service/Product)
Fusion Risk Management Inc and the Fusion Framework BCM Software

Continuity and Resilience Innovation
Westpac Group Protective Services, Education and Awareness Team

Most Effective Recovery
VTB Capital Plc

Industry Personality
Brian Zawada FBCI, Director of Consulting Services at Avalution Consulting

In my two years as Chairman of the BCI it has been a great privilege to present the Global Awards, and to celebrate the strength and depth of talent we have in the industry," said David James-Brown FBCI, Chairman of the BCI. "The entries this year were again of an extremely high calibre and all the winners can justifiably be proud of their achievement. Those who didn't win their category are still global finalists and should be rightly proud of their achievement. The awards demonstrate that we are graced with talented people striving for excellence in what they do. There is no higher accolade in Resilience than a BCI Global Award. Thank you and well done to all the 2016 finalists.

Others celebrating on the night included Jane Grey CBCI who won the Alan Reid Education Award for achieving the highest score out of the 1284 people who sat the CBCI exam during the previous year, while Christopher Lewis DBCI won the Gold Award for being the top BCI Diploma student.

Merit Awards went to Mohan Menon AFBCI and Jim Barrow MBCI, while Achievement Awards went to Gianna Detoni AFBCI and Howard Kenny FBCI - all in recognition of the work they have done on behalf of the Institute in their local communities.

James Crask became an Honorary Member of the BCI, while Peter Power and Lesley Grimes both became Honorary Fellows - all three being awarded for the commitment they have shown to the Institute throughout their distinguished careers.

Enhanced focus on internal controls by corporate boards and regulators sometimes appears to be a post-financial crisis phenomenon. Those tasked with designing, executing and assuring the resiliency of a corporation’s internal control infrastructure sometimes struggle with articulating the business case for it, as well as defining the business need for internal controls. It is, hence, important to recognize and understand what “controls” are and their value in achieving desired outcomes.

Controls have been utilized for millennia as a means to assure that objectives are met within a range of tolerable outcomes. They have been developed and deployed to reduce uncertainty (or unwanted deviations) within a process or system to achieve a desired outcome. In the third century B.C., Ktesibios’s water clock in Alexandria, Egypt kept time by controlling the water level in a vessel. Today, internet protocol thermostats are available to remotely regulate and control temperature in our homes. There are applications of controls all around us that have become a ubiquitous part of our daily lives. Without effective and reliable controls, it is difficult to ensure outcomes, and this is particularly true for complex processes and systems in the exchange-listed options space.

...

http://corporatecomplianceinsights.com/resilient-risk-management-internal-control-infrastructure-matters/

Wednesday, 09 November 2016 00:00

Earthquake Spike in Oklahoma Linked to Fracking

A magnitude 5.0 earthquake that rocked Cushing, Oklahoma, on Nov. 6 damaged part of the city’s downtown district, but left no major damage to bridges or highways.

Early reports indicate the damage is not insignificant. A 16-block area in the hard-hit downtown has been cordoned off because of the danger posed by unstable structures and broken glass. No serious injuries or fatalities have been reported, however. Power in Cushing was out for less than an hour following the quake, and several gas leaks were attended to.

The city, which has a population of 7,900, is noted as the world’s largest oil storage terminal and has experienced 19 earthquakes in just the past week, raising safety concerns. As of last week, the town’s tank farms held 58.5 million barrels of crude oil, according to the U.S. Energy Information Administration. The number of earthquakes in the area has also risen exponentially. During the first half of this year, 618 temblors of M2.8 or greater have shaken Oklahoma.

...

http://www.riskmanagementmonitor.com/earthquake-spike-in-oklahoma-linked-to-fracking/

In developing functional disaster recovery strategies and plans, planners should consider these 10 ideas to ensure effectiveness:

  1. Don’t confine yourself to traditional methods or thoughts. For example, you may develop the documentation during an exercise while the individuals are performing the tasks. Participants can note the steps and take screen shots while performing the actions.
  2. Maintain risk management, conduct risk assessments, and develop a risk management culture. Your risk profile will drive changes to the defined strategies and requirements. Mitigation of risk may allow for less complex or lower cost solutions. It also creates a “risk and continuous improvement” environment vs. a “recovery is a project with an end” based culture.

...

https://www.mha-it.com/2016/11/developing-disaster-recovery-strategies/

Tuesday, 08 November 2016 00:00

What Now for the Hybrid Cloud?

It may have taken a little while, but a critical mass of enterprises has now developed private cloud architectures at sufficient scale to start thinking about tying them to public resources to create the so-called hybrid cloud.

And in traditional IT fashion, it turns out that the reality of this moment is quite a bit different from the expectation. Not only are hybrids more complicated than originally thought, there is growing suspicion that the rationales for creating them in the first place are not all they were cracked up to be.

In the first place, it is becoming clear that cloud architectures – whether public, private or hybrid – will not follow the standard generic infrastructure model of legacy infrastructure. Rather, hybrids will be built from the ground up with specific use cases in mind, which means they will differ in both form and function depending on the applications and processes they are to support.

...

http://www.itbusinessedge.com/blogs/infrastructure/what-now-for-the-hybrid-cloud.html

Tuesday, 08 November 2016 00:00

CDC: This is Your Brain on Emergencies

There’s a fire in your building. Your plane is about to crash. A woman beside you on the street suddenly collapses.

What do you do?

Well, that depends. Every one of us is at risk for these kinds of unexpected intrusions into our day-to-day lives. What you do about it depends on whether or not you’re prepared – not just physically, but also mentally.

In any situation, some things are likely to be out of your control: the size of the fire; who’s flying the plane; what’s wrong with the woman. Some things, however, are up to you. Being aware of how you might react can go a long way toward making a bad situation better.

Know thyself

In a crisis, your brain is going to want to make decisions, and not always the best ones. The good news is there are steps you can take to be a better decision-maker in emergencies. There is science behind the way people react to stressful situations, and we can use it to our advantage.

Science tells us that people behave in high stress incidents in certain ways. What you do will be dependent in large part on what your stress level is. If your heart rate soars above about 175 beats per minute, you’re more likely to go into shutdown mode and not be able to think clearly or act. A technique called “combat breathing” (inhale through your nose, hold, exhale through your mouth, hold) has been shown to reduce your heart rate by 20-30 beats per minute. Controlling your emotion and stress level will help as you go through the decision-making process.

A Perfect Stranger FEMA video‘A Perfect Stranger’ tells the story of Kinneil and Angelia and the event that brought the two women together.

During the decision-making process, your mind will most likely move through three stages:

  • Denial
  • Deliberation
  • Decisive action

Knowing these stages – and preparing for them ahead of time – can help you recognize and deal with what’s going on around you more effectively.

Denial: This is not happening

Have you ever heard gunfire in your neighborhood and blamed it on a firecracker? That’s denial. And it’s perfectly normal. We don’t want to believe bad things are happening. We don’t want to panic or look silly.

In emergencies, we often look to people around us for cues about what we should do. (Is everyone else running and screaming, or are they sitting quietly in their chairs? Are others stopping to help?) This is known as social proof. Social proof is a psychological phenomenon that happens whenever people aren’t sure what to do. We assume others around us know more about the situation, and so we do what they do, whether it’s the right thing or not.

We also know that a person is less likely to take responsibility when others are present. We assume that other people are responsible for taking action, or that they’ve already done so. This is called diffusion of responsibility, and it means you’re actually more likely to get help when you’re with a single person than when you’re in a large group of people.

We are all susceptible to believing these things, which make it easy to deny that 1) an emergency is really happening, or 2) we need to do something about it.

Deliberation: What are my options?

Once you’ve recognized the emergency, you’ll begin to consider your options. If you’re smart, you’ve already started this process before the emergency happens. Maybe you participated in a fire drill at work, or you counted exactly how many rows there are between you and the emergency exit on the plane, or you took a first aid class in your community. The more you’ve prepared, the more options you’ll have to work with.

One thing you can do to prepare everywhere you go is called scripting. All it requires is a little bit of imagination. Pay attention to your surroundings and see what’s available to you. Check for exits (and consider windows as possible exits). Be nosy, especially when it concerns your safety. Then run different scenarios in your head. Where would you go if you had to get out? Who would you call if you needed help? What will you do if there’s a fire? A robbery? A bomb threat? Think about the possibilities ahead of time.

Everybody hates the idea that we practice for emergency events. Fire drills… ugh. But it’s practice, and practice helps you understand what to do or how to react when you don’t have a lot of time. Not only can practice save your life, but if you know how to save yourself, emergency responders on the scene can use their time and effort to save others. You’re one less person who needs saving, and that saves lives.

Decisive action: It’s go time!

You’ve acknowledged there’s a problem. You’ve considered your options. The next step is to take decisive action. With all the information you have, what are you going to do next?

Before you take action:

  • Calm yourself
  • Shift your emotion. If you do get mad, use that anger as energy.
  • Stay fit – if you’re more fit, you’re likely to be more rational

Now is the time to put your plans into motion. Go to the exit, call for help, take cover, give CPR… whatever you’ve decided to do.

In most crisis situations, there is no definite right or wrong. There is no perfect way – only the best we can do. The most important thing is to do something. In almost every case, an imperfect plan is better than no plan, and action is better than inaction.

Remember, if you depend on everyone else to take care of you, you’re leaving the most important person out. Don’t wait to make a plan. Know yourself, know your situation, and be prepared to save your own life.

References and Resources

  • Advanced Law Enforcement Rapid Response Training, Texas State University, Civilian Response To An Active Shooter Event (CRASE).  
  • Ripley, Amanda (2008).  The Unthinkable: Who Survives When Disaster Strikes And Why. New York. Three Rivers Press.
  • Video: “A Perfect Stranger” (FEMA)
  • Video: The Bystander Effect
  • Podcast: Stress Response

Complacency puts them at legal and professional risk, LeClairRyan attorney Christopher Wiech says in recent blog post

ATLANTA, Ga. — When cyber criminals attack retailers and other businesses – potentially placing the data of millions of people at risk – C-level executives like CEOs and CIOs may lose their jobs and could be exposed to crippling lawsuits, warns Christopher A. Wiech, a partner in national law firm LeClairRyan’s Atlanta office.

There may be a lack of understanding and communication across the C-Suite when it comes to cybersecurity practices, says Wiech, a member of LeClairRyan’s Privacy and Data Security Practice who explores these issues in a recent blog, The C-Suite’s Perspective on Cybersecurity and Liability. His post appears in the firm’s Information Counts blog, which focuses on privacy, data security, information technology, e-commerce and other digital issues.

A good defensive plan begins with an understanding of how your organization gathers, stores, accesses and utilizes its data, Wiech notes. “Also be aware of any government regulations that apply, as well as industry or other standards that address data gathering, storage, protection and use, like PCI (Payment Card Industry) data compliance standards,” he advises. “You need to be diligent, because your actions will be closely scrutinized in the event of a hack or other data breach.”

...

http://corporatecomplianceinsights.com/c-level-executives-may-liable-cyber-breaches/

Tuesday, 08 November 2016 00:00

Don’t Ignore Winter’s Fury: Back Up Now

As the end of year nears, businesses typically revise their fourth-quarter plans, check their progress in accomplishing annual goals, and start working on budget proposals for the following year.

Fall is a time of reflection, and MSPs should capitalize on this by bringing up business continuity strategies with clients. Winter isn’t far off and, as we reminded you in the spring, businesses will take weather patterns into consideration when planning budgets and reviewing business continuity plans.

It’s the perfect time to ask clients: “If a snowstorm shuttered your business tomorrow, how confident are you that you’ll recover your data?”

...

http://mspmentor.net/blog/don-t-ignore-winter-s-fury-back-now

The Business Continuity Institute - Nov 08, 2016 13:32 GMT

Tea. Biscuits. Gin. Tonic. Ant. Dec.

Some things are just made for each other.

They fit together. They are seamless. And they just plain work.

That is the concept at the heart of Daisy Group’s next generation business continuity offering, ‘Continuum’ – which is putting always-on infrastructure and service availability front and centre in UK’s digital transformation journey.

Business continuity has its roots in IT disaster recovery; recovering technology after fire, flood or other such disastrous events. Recovery was often measured in days and hugely reliant on manpower and deep technical expertise to succeed;

Then it became more holistic. More about the business. The people. The buildings. The detailed plans required to recover the processes and services needed to ensure the business could continue; and yet still it was focused on recovery, more than achieving truly continuous operations.

Organizational resilience became the next iteration; the ability of an organization to anticipate, prepare for, and respond/adapt to change and sudden disruptions. Many perceive resilient as ‘cannot fail’ and have abandoned the concept of planning for recovery, or securing a failsafe. For others, achieving and maintaining resiliency is a huge task – where do you start? And at what cost?

‘Continuum’ from Daisy changes everything.

No longer an insurance type approach to disasters; this next generation of BC is more resiliency meets business agility; each aspect operating above a safety net of all that is good from years of IT disaster recovery and business continuity expertise and experience.

Daisy’s Managing Director of Business Continuity - Mike Osborne - explains: “I like to think of it as joining the dots between the need to build a resilient, digital organization, whilst still maintaining the discipline of planning and testing for recovery that provides an ultimate backstop.

Continuum takes into account resilient system design using IT/Cloud dependency mapping; cyber protection and proactive monitoring; always-on connectivity; critical data protection and workplace availability. All of which support normal operations and fully functional recovery in the event of the worst case scenario. It blends modern resilient technology solutions and traditional business continuity assets to allow for a seamless transfer between businesses as usual and business during an incident.

It means one organization owning the entire SLA – whether day to day or in a disaster - all of a business’ digital components are umbrellered beneath the cohesive infrastructure of a single, capable, reliable, service availability partner.

Daisy Group – the UK’s largest independent provider of converged B2B communications and IT infrastructure services and a leading UK provider of business continuity services - launched the new offering this week at BCI World in London, the global event for business continuity professionals.

It represents a seismic shift in the way business continuity has been traditionally provisioned. Whilst the technology and workplace infrastructure delivered by Continuum includes the support of operations in a disaster, it can also flex to support peaks in demand and changing work patterns. Continuum moves away from the insurance mentality of planning and investing solely to recover from disasters; instead placing the investment emphasis on end-to-end digital resilience and increased business agility.

Osborne concludes: “Embracing the relentlessness of technological change is a prerequisite for businesses wishing to grow. Yet in doing so they also introduce new risks, new competitors and heightened customer expectations.

They have to be connected and protected. They have to be always on. And they have to have an agile workforce. But, more than ever today, they have to ensure that all of their inter-dependent digital components are seamlessly joined up, available and when necessary, recoverable.

In short, whether triggered by disaster or not, when one component stops working, the others kick-in to support the whole. That is what ‘Continuum’ is all about.

Daisy are Platinum Sponsors of the BCI World Conference where you can visit them on Stand 47 to find out more about ‘Continuum from Daisy’. The BCI World Conference and Exhibition takes place on the 8th and at the Novotel London West Hotel. The largest business continuity conference and exhibition in the UK, BCI World has a packed programme as well as an exhibition hall promoting all the BC products and services you need.

The Business Continuity Institute - Nov 08, 2016 00:01 GMT

Ineffective management of supply chains is leaving organizations open to severe disruptions and the high financial costs incurred as a result

CAVERSHAM, UK – One in three organizations has experienced cumulative losses of over €1 million during the last year as a result of supply chain disruptions. That is according to a report published today by the Business Continuity Institute and supported by Zurich Insurance Group.

The report showed that, despite a decrease in the percentage of organizations that experienced at least one disruption (70% from 74%), those organizations suffered more of them, with the percentage of organizations that experienced at least eleven disruptions during the year increasing from 7% to 22%.

The increased cost of disruption could be attributed to significant increases in the loss of productivity (68% up from 58% in 2015), cost of working (53% up from 39%) and damage to brand or reputation (38% up from 27%), all as a result of supply chain disruptions. 43% of organizations do not insure these losses meaning that they are bearing the full brunt of the cost themselves.

Arguably one of the reasons for the increase in the number of disruptions for many organizations is that fewer of them are maintaining adequate visibility over their supply chain, with the percentage of organizations that do so decreasing from 72% in 2015 to 66% this year. This could have major consequences when it comes to managing the supply chain and ensuring that disruptions are minimised.

The report concludes that ensuring supply chain visibility remains one of the biggest challenges to organizations with the data showing increased dependencies between suppliers and downstream organizations, reinforcing the need for organizations to understand their supply chain in more depth, identify key suppliers and improve reporting of disruptions.

The report also highlights that top management commitment is required in driving supply chain resilience and performance. The findings affirm how leadership input can significantly influence good practice and help build an appropriate organizational culture and structure.

Other findings of the report include:

  • 41% of disruptions occur with the immediate supplier, compared to 50% last year, however 40% of respondents report that they do not analyse the source of disruption.
  • The percentage of organizations reporting losses in excess of €1 million from a single incident remains static at 9%.
  • Unplanned IT and telecommunications outage remains the top cause of disruption with loss of talent/skills moving up to 2nd place from 6th in 2015. The remaining members of the top five causes of disruption were outsourcer failure, transport network disruption and cyber-attack/data breach.
  • The top five consequences of disruption are loss of productivity, increased cost of working, customer complaints received, service outcome impaired and damage to reputation/brand.
  • Only a little over a quarter of respondents (27%) report high top management commitment to supply chain resilience, a worrying decrease from 33% last year.
  • Just under three quarters of respondents (73%) report having business continuity arrangements in place to deal with supply chain disruptions.

Patrick Alcantara DBCI, Senior Research Associate at the BCI and author of the report, commented: “Our study reinforces observations about the growing cost of supply chain disruptions and its negative impact on an organization’s reputation. More than ever, it is important to focus on supply chains, identify areas of risk, and deploy appropriate arrangements which increase resilience. Business continuity has an essential role to play in this. Our research abundantly shows how business continuity professionals, working with their supply chain counterparts, can build supply chain resilience and direct management efforts in this area.

Nick Wildgoose, Global Supply Chain Product Leader at Zurich Insurance Group, commented: “Adequate supply chain resilience is a prerequisite for improving organisational performance. You need senior management support to achieve this, in terms of breaking down the organisational silos and providing appropriate resources. The businesses that invested in this area have recognised there is a compelling business case to do this and are seeing the benefits.

For the last eight years, the BCI Supply Chain Resilience Report in partnership with Zurich Insurance Group has provided valuable insight into supply chain disruption and benchmarked the business continuity arrangements of organizations in this area. It has also demonstrated how specific key behaviours reinforce good practice and build an organizational culture contributing to supply chain resilience and performance.

Download a copy of the Supply Chain Resilience Report by clicking here.

About the Business Continuity Institute

Founded in 1994 with the aim of promoting a more resilient world, the Business Continuity Institute (BCI) has established itself as the world’s leading Institute for business continuity and resilience. The BCI has become the membership and certifying organization of choice for business continuity and resilience professionals globally with over 8,000 members in more than 100 countries, working in an estimated 3,000 organizations in the private, public and third sectors.

The vast experience of the Institute’s broad membership and partner network is built into its world class education, continuing professional development and networking activities. Every year, more than 1,500 people choose BCI training, with options ranging from short awareness raising tools to a full academic qualification, available online and in a classroom. The Institute stands for excellence in the resilience profession and its globally recognised Certified grades provide assurance of technical and professional competency. The BCI offers a wide range of resources for professionals seeking to raise their organization’s level of resilience, and its extensive thought leadership and research programme helps drive the industry forward. With approximately 120 Partners worldwide, the BCI Partnership offers organizations the opportunity to work with the BCI in promoting best practice in business continuity and resilience.

The BCI welcomes everyone with an interest in building resilient organizations from newcomers, experienced professionals and organizations. Further information about the BCI is available at www.thebci.org.

About Zurich Insurance Group

Zurich Insurance Group (Zurich) is a leading multi-line insurer that serves its customers in global and local markets. With around 55,000 employees, it provides a wide range of general insurance and life insurance products and services. Zurich’s customers include individuals, small businesses, and mid-sized and large companies, including multinational corporations, in more than 170 countries. The Group is headquartered in Zurich, Switzerland, where it was founded in 1872. The holding company, Zurich Insurance Group Ltd (ZURN), is listed on the SIX Swiss Exchange and has a level I American Depositary Receipt (ZURVY) program, which is traded over-the-counter on OTCQX. Further information about Zurich is available at www.zurich.com.

Bullish IT decision makers are migrating their data to the cloud in record numbers. But in their enthusiasm, are they also underestimating the magnitude of the challenges that lurk over the horizon?

Until now, any such concern hasn’t slowed down the momentum of cloud adoption. Lingering holdouts are moving off the sidelines in droves to engineer the cloud-based digital transformation of their operations. Nowadays the argument that the cloud should be an essential part of an enterprise’s business model isn’t controversial; it’s the conventional wisdom.

But at the same time, many companies still struggle to prepare for a range of potential obstacles they will need to hurdle when it comes to building digital organizations. For example, when Gartner surveyed IT professionals in 30 nations, it found that most IT departments remain unprepared for sundry digital business challenges.

...

http://mspmentor.net/cloud-services/don-t-get-caught-unprepared-meet-cloud

As recent as last week, the California DMV suffered a 17 hour power outage which shut down business for two days across most sites. Many companies are unprepared for business disruptions caused by power outages, and are often unaware of the true costs and impact on their operations.

For added business continuity safeguards, take advantage of disaster recovery workspace and multi-data center platforms to ensure complete nationwide redundancy of IT systems.

...

http://www.cyrusone.com/blog/avert-disaster-dont-get-left-dark/

(TNS) — As the one-month anniversary of Hurricane Matthew's brush with Volusia and Flagler counties approaches on Monday, more than $18 million in assistance has been provided to residents and businesses through two federal programs.

Local and federal agencies are reminding businesses, non-profits and local governments that a variety of assistance is available, but at least one application deadline is quickly approaching.

So far, FEMA has provided more than $11 million to Florida homeowners and renters who have registered for help after Hurricane Matthew.

...

http://www.emergencymgmt.com/disaster/Help-available-for-disaster-recovery-for-businesses-non-profits.html

Three years after Target missed alerts warning them about a massive data breach, the amount of threat information coming in from security systems is still overwhelming for many companies, according to new reports, due to a lack of expertise and integration issues.

Seventy percent of security pros said that their companies have problems taking actions based on threat intelligence because there is too much of it, or it is too complex, according to a report by Ponemon Research released on Monday. In particular, 69 percent said that their companies lacked staff expertise. As a result, only 46 percent said that incident responders used threat data when deciding how to respond to threats, and only 27 percent said that they were effective in using the data.

"There's too much data to really make sense of if you have a limited resource staff of security operations center analysts or threat analysts," said Travis Farral, director of security strategy at Anomali, which sponsored the report. "It can be overwhelming to sit and figure out which of these 100,000 things to look at first."

It takes a special kind of person to be able to do this, he added.

...

http://www.csoonline.com/article/3138003/security/flood-of-threat-intelligence-overwhelming-for-many-firms.html

By Jeff Ton, EVP of Product & Service Development at Bluelock

Ton JeffOver the past few years, the cloud computing marketplace has grown exponentially. Spending on cloud services has increased and the industry has grown more than traditional IT, and it only continues to move in that direction.

While many cloud computing organizations see these rising industry trends as a positive outlook for the future of their business, at Bluelock, we realized that such fast growth in the market was going to create some major challenges for us in the future — good challenges that we were excited about, but obstacles to overcome, nonetheless.

Bluelock began to evaluate the playing field and came to the conclusion that, in order to continue our growth as intended, we needed to carve out a niche for ourselves and hone our expertise in a smaller segment of the marketplace. While competition in an industry often means you're doing something right, setting yourself apart from competition is key when it comes to major growth and establishing industry authority.

To establish our niche, we didn't simply sit down one day and announce, "From this point forward, Bluelock's niche is fill-in-the-blank." Instead, we took a look at our clients, to whom we were providing quality IT service, and asked ourselves, "Where are we offering up the most value? What problem are we solving for them that they can't find anywhere else?"

The importance of finding a niche in the market came to light for the Bluelock team while I was actually still in leadership at Goodwill Industries of Central Indiana. Like any business in today's day and age, Goodwill had been needing a backup and disaster recovery solution for our data. As a nonprofit company with a tight budget and a small IT staff, we had been spending a lot of money on a service that required several of our key administrators to be frequently off-site for testing, patches or updates to our recovery systems.

While our first year and initial tests with a traditional DR plan had been successful, the next year, we experienced changes in personnel which added two additional months of preparation for recovery tests. The year after that, the same thing occurred, leaving our Goodwill team straddled between two different working environments and unable to work on other strategic initiatives that were key to the business's growth.

When Goodwill came to Bluelock, the Bluelock team was able to provide us with Disaster-Recovery-as-a-Service (DRaaS) that could be administered by an IT professional, was compatible with VMware environments and allowed for scalable automated performance. By switching from a physical DR solution to a DRaaS solution with Bluelock, we saved $25,000 — a significant sum when you're in the nonprofit sector.

Through working with clients like Goodwill and many others, the Bluelock team learned that their unique selling point was also their niche — affordable DRaaS services that help free up IT teams to do the work that truly matters. Since my transition from my role at Goodwill to my current role at Bluelock, I've truly seen a continued emphasis on surveying clients and honing in on their greatest impacting solutions. Through this focused attention, we've established our niche in a market where differentiation is the key to survival.

If you're considering shifting your organization into more of a niche-driven business, there are a few questions you should ask yourself:

Is there an element of our business that customers and clients gravitate towards?
Think about your different product or service offerings. If there's one that clients and customers buy or request more often than the others, that's a good place to start. Unfortunately, your most popular product or service is not always the product or service you want to spend your time working on. Try not to let any personal bias get in the way of the hard numbers and facts when it comes to deciphering your niche.

Is your most popular product or service also your most expensive?
If so, it may make focusing on that particular niche easier. However, you need to look at the competition. Is your offering at a price point that is equivalent to your competitors? If not, you need to understand why. Can you articulate clearly the value difference between your product and the others in the market? Is it a market being commoditized? If so, you may need to consider offering a more commoditized version in addition to your premium version.

Even if the product or service is not among your most expensive, you will need to address the competition question and the market questions. If the market for the product or service truly is becoming commoditized, you have to ask if you can still be profitable in that segment as you scale. In the end, you have to answer "do I want to be the Walmart or Nordstroms in this space", both successful, but entirely different markets.

Does your niche align with the overall vision, goals and values of your organization?
Carving out our niche in DRaaS made sense for us at Bluelock for many reasons, but one of the main reasons was because it fully aligned with where we were headed and wanted to go as a company. Keep your long-term vision in mind when selecting a niche and unless you've done heavy research and planning, don't select a niche out of left field.

Once you've landed on your niche, or at least what you think your niche might be, test it. By focusing on a smaller segment of the market, you might open the flood gates to more business, or you might find that business is drying up and it's time to pivot once again. Either way, focus on providing as much value as possible to your clients and customers and you'll set yourself apart in a saturated market.

Wednesday, 09 November 2016 00:00

Four Ways to Simplify Your Performance Management

Using the newly released SteelCentral solutions

I don’t know if you’re like me, but twice year—spring and fall—I declutter. I go through my closets, garage, and basement and clean up, donate, give away, recycle, and throw away everything that no longer belongs. For example, I donate clothes that no longer fit, I haven’t worn in a year or more, or I just don’t like any more. It’s liberating.

Riverbed SteelCentral has had a fall cleaning of sorts, only it’s much, much bigger and better than my annual fall cleaning. We’ve consolidated and integrated several products. Actually, we’ve rebuilt several of them from the ground up, and that is going to allow you to simplify your performance management significantly.

...

https://www.riverbed.com/blogs/four-ways-to-simplify-your-performance-management.html

Tuesday, 08 November 2016 00:00

Office 365, at Warp Speed

Beam me up Scotty, the Internet is so slow on this insurgent planet I can barely make any headway on this SharePoint presentation that I am collaborating on with my crew. That crazy transporter, and those crazy little flip communicators. I was always filled with wonder watching the Star Trek crew materialize out of thin air. One second about ready to get pummeled by some wild interplanetary beast, then the next second transported back on the starship with Captain Kirk making a beeline to the cocktail lounge and understandably so, having your molecules optimized like that must have been a tad uncomfortable.

Although the transporter is something that has not made it mainstream, those little flip communicators are now part of our everyday lives. There were plenty of intermittent problems with those communicators over the course of the show however. Transport to 2016, the reality of our current world is that we transport data (and lots of it) over our own galaxy, also known as the internet and just like the problems with those communicators, we have plenty of issues transporting voice and data communications over distances.

...

https://www.riverbed.com/blogs/office-365-at-warp-speed.html

Monday, 07 November 2016 00:00

Cookbook for Successful Cloud Adoption

There is a fundamental change in thinking that's needed if you want to succesfully adopt the cloud. What is it and how do you make it happen? Let's find out...

In my last blog, I talked about cloud being the forcing function to break down silos in IT. It’s an aspiration for any organization—and I speak from experience. To reiterate, cloud agility and cloud workflow will leave you in the dust if you are not ready. The business units have the ability to completely circumvent traditional IT when it comes to adopting cloud workflows. So, it’s keep up or die. The good news is that technology and ease of use in the form of SD-WAN is finally here. The days of banging away on keyboards to make the change are gone.

...

https://www.riverbed.com/blogs/cookbook-for-successful-cloud-adoption.html

I’d like to imagine that one day my grandkids will be reading about artificial intelligence (AI) in their digital history books or via cranial implants or whatever the equivalent is in the future. Just few chapters after Newton’s apple or Apollo 13, they’d scour details about the early days of AI. Future generations will likely look back at early AI efforts with a wiser, aged perspective. Because, and let’s not lie: making AI commonplace will take a lot of work. And nobody will feel this pressure more than IT’s back-end folks.

First, consider the scale of this new era, which, by the way, is upon us now. Gartner has ranked AI among 2017’s top strategic trends. In everything from self-driving cars to virtual assistants, AI will have an increasingly important role. But it’s not only consumers who will be affected. Gartner also believes 50% of all analytics in 3-5 years will be AI-powered. Any decision that requires business intelligence can benefit—that’s certainly plenty of enterprise use cases! Just look at customer service, where businesses can use natural language processing to facilitate better interactions, and also analyze user patterns to create better customer profiles. There’s also talk of enterprise resource planning (ERPs) solutions, the most legacy of applications, being revolutionized and rendered more efficient. And while I believe near-term AI efforts will focus on “augmentation” rather than pure “replacement” of business decisions, it’s critical for businesses to look beyond just the near-term.

...

https://www.riverbed.com/blogs/artificial-intelligence-future-depends-on-SD-network-IT.html

When hackers breached the networks of Kansas Heart Hospital in Wichita last May, locked data files and demanded payment for decryption keys, hospital administrators decided it most expedient to just buy some Bitcoin, pay the modest ransom and get the facility back to work.

But after paying off the perpetrators of the May 18 ransomware attack, the criminals released only part of the records, then demanded more money for the rest.

...

http://mspmentor.net/technologies/don-t-pay-ransomware-hackers-kaspersky-lab-says

Product recalls can go one of two ways. In the first, worst-case scenario, a product is determined to be dangerous or defective; its manufacturer ignores or reacts sluggishly to the issue; people are unnecessarily put at risk; and consumer trust is irreparably damaged. In the best-case alternative, meanwhile, the manufacturer assumes responsibility; takes quick action; and minimizes harm to both consumers and its reputation alike.  What one thing can ensure that your company ends up in the latter category, not the former? A product recall communication plan.

Product Recalls on the Rise

While product recall problems are not exactly new, they’re rising in number. So why don’t companies have plans in place to deal with them when they arise? As a Harvard Business Review article on recall management pointed out more than a decade ago, “In the frenzy of a product launch, the last thing most managers think about is how to get a new product back if something goes wrong.”

Unfortunately, things can and do go wrong—to the tune of 6.5 recalls a day in this country, according to USA Today.  And when they go wrong in our digital, social era, they do so in a far more catastrophic way than they did 50 or 20 or even 10 years ago.

...

http://blog.sendwordnow.com/does-your-business-have-a-product-recall-communication-plan-in-place

The Business Continuity Institute - Nov 04, 2016 15:41 GMT

When it comes to assessing an organization’s ability to recover from a disaster, a significant disconnect exists between C-Suite executives and IT professionals. While nearly 7 in 10 CEOs, CFOs or COOs feel their organization is very prepared to recover from a disaster, according to a study by Evolve IP, less than half of IT pros (44.5%) are as confident.

The Disaster Recovery and Business Continuity Survey found that DR compliance was a clear driver of confidence in the ability to recover IT and related assets in the event of an incident. In fact, 67% of respondents in banking, 58% in the government sector and 55% at technology companies feel very prepared. Of these, DR compliance was noted as a requirement by 97%, 73.5% and 71% respectively. The healthcare industry remains an outlier however: despite a high percentage of respondents noting DR compliance requirements (89%), just over half of respondents at healthcare organizations feel very prepared to recovery from an outage or incident.

The report also highlights that organizations need to expect the inevitable as approximately one third (33%) of companies reported having suffered from at least one incident or outage that required disaster recovery. Hardware failure / server room issues remain the leading cause of an outage, reported by 48% of respondents.

Deliberate attacks being the cause of an incident or outage were cited twice as often compared to the 2014 survey. This year, 13% of respondents noted attacks as the cause of an outage, up from 6.5%, while other top causes include power outages (28%), environmental disasters (25.5%) and human error (19%).

It is perhaps the reality of the threat, as experienced by the IT professionals, that have consistently placed cyber attack, data breach and IT/telecoms outage as the top three concerns for business continuity professionals according to the Business Continuity Institute's Horizon Scan Report.

In the years Evolve IP has conducted the survey, we’re assured by the fact that companies are becoming increasingly aware of the need to protect critical business assets from a major outage: malicious or unintentional, human error, hardware failure or a natural disaster,” said Scott Kinka, Chief Technology Officer and Founding Partner of Evolve IP. “More companies are avoiding risky backup policies considered “good enough” in years past, using backup tape or replicating data to a secondary mirror site less than 50 miles from their main data center, for instance. Instead, we’ve seen notable growth in the number of companies developing a disaster recovery plan and educating themselves to the benefits of new DR approaches like DRaaS.

By Liz Bardetti

Extensive preparations were made in the wake of Hurricane Matthew, and many victims are still suffering from this natural disaster. The storm was labeled a Category 3 hurricane, meaning winds reached nearly 130 mph, causing significant damage. Hurricane Matthew took the lives of 500 people in Haiti, and at least 22 known victims in the U.S. There is still substantial flooding throughout Florida, Georgia and both Carolinas, with thousands of people still without power.

The nation watched the disaster of Hurricane Matthew unfold, and many people are trying to find ways to help the victims. As an employer, you have the ability to bring your employees together and help support the victims in need. The main steps to remember when trying to find ways your team can give back to Hurricane Matthew victims are to realize money is the best donation for this circumstance, do your research and keep on giving.

Give Cash via a Payroll Deduction Campaign (and match it!)
It’s important for people to note that they should resist the urge to go to the disaster site. It’s dangerous to go into the aftermath, and people rushing to the site can cause problems. If everyone decides to go to the disaster site it will cause traffic, also noting that gasoline supplies in the area are already hindered.

Instead of immediately offering physical volunteer help (which will be needed at a later time, after everything has cleared), encourage your team to offer monetary donations. Food, clothing and supplies are all generous donations, however, volunteers will have to divert their attention to sort through supplies. Monetary donations are flexible and available for use immediately upon the disaster. A small contribution from everyone on your team can make a big difference to someone who has lost their home or is suffering from medical issues. As an employer, you can double or even triple the contributions using our corporate philanthropy software.

For example, the Bristol-Myers Squibb Foundation partnered with organizations to provide relief and support to the impacted communities using corporate philanthropy software. The Foundation is using their employee giving program to match gifts made to disaster relief programs in aid of Hurricane Matthew victims. See how these internal portal pages align employees with their employers to make a bigger impact.

Do your research
The shared value your employees can create with your leadership needs to be properly accounted for and go to an organization that is really helping.  Following Hurricane Sandy, many donations were sent to disaster relief scams. You can contact the Better Business Bureau, or simply head to their website, and determine if an organization is legitimate. Below is a list of some credible organizations already assisting with the Hurricane Matthew efforts:

There are many other credible organizations out there, and to make the process easier many employers are turning to corporate philanthropy software. To make the most of your team’s giving resources, it’s easiest to have a platform in which team members can contribute uniformly.

For instance, the Anthem Cares Fund has teamed up with the American Red Cross in response to this time of need. Anthem associates have been donating through the Associate Giving Program that CyberGrants offers, and donations are 100% matched!

CyberGrants offers a user-friendly platform in which team members can donate specifically for Disaster Relief. Your team can donate to Hurricane Matthew efforts within minutes. CyberGrants also offers real-time giving to your team, so you can each submit monetary gifts via PayPal and give money straight to an organization’s bank account!

Keep on giving ... and giving ... and giving!

Hurricane season started in May, and continues through November. This year is expected to be one of the most active hurricane seasons due to warmer sea surface temperatures around the world. As there may be more hurricanes for the Caribbean and Southeastern United States ahead, your team can help make an impact by continuing to give.

CSR Software can be helpful when trying to improve team contribution. CyberGrants offers a mobile optimized platform, which can be personalized and improves employee participation. Features include Matching Gifts, Payroll Campaign (can pull “selected amount” from paycheck on a recurring basis, or can be a one time deal), and even searching events that your team could participate in once the disaster of Hurricane Matthew has cleared.

Hurricane Matthew has taken a great toll on the Southeastern United States and the caribbean, and it’s important for these victims to receive the assistance they need. It’s necessary that before you jump right into something that you may not intend, its best to remember: give cash, do your research, and keep on helping.

About Liz Bardetti:
Seasoned advertising and marketing professional with 15+ years experience, including work for Gatorade, Welch’s and most recently, CyberGrants. CyberGrants is the preferred CSR software provider to the best philanthropic corporations around the globe. Our clients represent over 50% of the Fortune 100 and nearly one-third of all corporate giving. In the last twelve months alone, CyberGrants helped 250 customers give $6.5 billion plus more than 50 million volunteer hours to over 400,000 non-profit organizations.

Thursday, 03 November 2016 00:00

Rethinking Security – Never Assume

I’ve been thinking back on my conversation with a cybersecurity pro named Stuart that I covered earlier in “The Frightening State of Unseen Security Breaches,” and his approach to not just protect the file and email servers but wrap everything with monitoring. The one thing that I’ve seen kill companies over and over again -- the thing he was addressing -- is the assumption that everything you aren’t looking at is OK. It actually cost me a job once.

We can actually see assumptions working against the presidential candidates as I write this. Someone in Hillary Clinton’s camp evidently thought a way around a disclosure demand was to use their husband’s computer, and Donald Trump seems to assume that what is said “off the record” is off the record. Had either of these assumptions not been made, the race for the White House would be very different at the moment.

What made Stuart’s approach with Varonis unique is that he wasn’t assuming anything; he created a solution that was comprehensive enough that he never has to. And I think there is an important lesson here that I’ve learned a number of times.

...

http://www.itbusinessedge.com/blogs/unfiltered-opinion/rethinking-security-never-assume.html

Data is the lifeblood of business. So a slow data transfer rate makes it harder to analyze, back-up, and restore data. Many organizations have to battle data latency on a daily basis, hampering their ability to deliver new digital products and services, be profitable, handle customer relationships, and retain operational efficiency. Data latency is a serious business issue that needs to be addressed. In contrast, network latency is a technical issue; but they both correlate with each other.

...

http://www.datacenterknowledge.com/archives/2016/11/03/reduce-data-network-latency-others-fail/

What does it take to keep your clients' information and infrastructure safe today? Part of the answer involves understanding "dumb" cybersecurity threats, meaning those that don't rely on sophisticated hacks to steal data or take control of devices.

In the popular imagination, the malicious hackers who wreak havoc on computer networks and data are unshaven geniuses. They invent brilliant, sophisticated solutions for defeating the mechanisms that are supposed to keep information safe.

...

http://mspmentor.net/technologies/cybersecurity-today-keeping-clients-secure-dumb-hackers

The man in question is Nassim N. Taleb. He coined the term “black swan” in risk management to describe events that are unforeseeable, even highly unlikely, yet that happen and in doing so change the course of history.

World War One was such a Black Swan; so was the arrival of the Internet. Now, Nassim Taleb may not have looked at the specific case of IT risk management, but observations he made with his colleagues Daniel Goldstein and Mark Spitznagel carry over well from the general to the particular.

...

http://www.opscentre.com/risk-management-seen-man-black-swan/

Thursday, 03 November 2016 00:00

An Urgent Need – Deep Learning In The C-Suite

A character in Ernest Hemingway’s novel The Sun Also Rises is asked “how did you go bankrupt?”, he replied, “gradually and then suddenly”. Just the same, many C-Level executives become irrelevant in the age of smart machines “gradually and then suddenly”.  The pace of technology advancement, propelled by boundless low cost computing and storage resources, is accelerating at a velocity that far surpasses previous decades. This rapid advancement in technology is instigating change across many, if not all, corporate functions, from sales to operations. Smart machines are progressing from early stage infancy to adolescence, promising to take the place of not only the labor force population that performs routine jobs, but also knowledge workers – a segment of the workforce that has historically been immune from such disruption.

The potential benefits of technology acceleration are now becoming evident in our everyday lives. We need to look no further than our highways and financial institutions. Uber just completed its first self-driving truck shipment that included 50,000 cans of Budweiser. Bank of America just announced their introduction of an artificial intelligence-based chatbot named Erica, that has both cognitive and predictive analytics capabilities to help customers pay debt, check balances and save money.

A responsible C-Suite leader has an obligation to understand the bearings the smart machine era will likely pose to their business and workforce.  Ignoring or avoiding the tidal wave of change may very well be the ultimate career limiting move (CLM). Thus, C-Level executives should undergo deep learning. In general, a machine’s deep learning approach mimics how humans learn: First, by ingesting general concepts and then by using experiences (data), cultural surroundings and training to build knowledge and insight over time. Through employing some of the principles used in deep learning, the modern executive can remain relevant and ultimately, gainfully employed in the smart machine age.

...

http://www.enaxisconsulting.com/an-urgent-need-deep-learning-in-the-c-suite/

Thursday, 03 November 2016 00:00

The Data Center in the IoT Era

The Internet of Things is poised to make major changes to enterprise infrastructure, not only to deal with staggering volumes of information but to foster the dynamic connectivity to, from and between legions of digital devices.

While much of the load will be handled by dedicated analytics engines and so-called “data lakes,” the impact will be felt on the traditional data center as well, given that the insights gleaned from all this information must be incorporated into ongoing digital processes.

So exactly how will the data center need to evolve in the IoT era?

...

http://www.itbusinessedge.com/blogs/infrastructure/the-data-center-in-the-iot-era.html

COLUMBIA, S.C. (Saturday, Oct. 29) — Following initial application review by the Federal Emergency Management Agency (FEMA), South Carolina survivors who have applied for disaster assistance will receive a “letter of eligibility.” Applicants may be told they are eligible for disaster assistance or that they have been determined ineligible.

If you are eligible, the letter explains the amount of your grant and how it is to be used. If the letter says you are ineligible, the grant amount reads “0”, but in many cases that is not the last word.

FEMA officials in South Carolina report that the most common reasons for denial of assistance in Hurricane Matthew are:

  • Insufficient storm-related damage to affect the habitability of the damaged home. FEMA will provide assistance to assure your home is habitable – that it is safe, functional and sanitary.
  • Survivors have chosen to remain in their damaged homes while repairs are being made. In these cases they may be eligible to receive assistance for repairs, but are ineligible for housing assistance.
  • Duplication of applications. Two people (husband and wife, for example) have applied for assistance for the same damaged home. Only one application per household is allowed.

A letter may indicate your application is missing information such as verification of occupancy or proof that the damaged property was your primary residence at the time of the Hurricane Matthew storms and flooding that began Oct. 4, 2016.

If you are instructed, you can simply submit missing documentation to FEMA online, by mail or fax, or by visiting a Disaster Recovery Center (DRC). You can find the location of the nearest DRC by visiting  DisasterAssistance.gov .

Applicants who do not receive a letter or who have questions about their determination of denial should call the FEMA Helpline at 800-621-3362 for an explanation, or visit their FEMA account at DisasterAssistance.gov.

A copy of “Help After a Disaster” will be included with your letter of determination. The booklet explains additional assistance that may be available to survivors and answers questions about filing an appeal.

Any applicant that has been denied assistance may file an appeal. Call the FEMA Helpline at 800-621-3362 or visit a DRC for more information about the appeal process. You can submit your appeal and the required documentation online at DisasterAssistance.gov.

In South Carolina, the “One SC Fund” supports and directs funds to nonprofit organizations providing disaster relief & recovery assistance. For more information, visit  yourfoundation.org/community-impact/one-sc-fund-sc-flood-relief/. Survivors in the state who need food, clothing, and shelter are urged to call 2-1-1, and for storm clean up to call 800-451- 1954.

For more information, visit the South Carolina Emergency Management Division at  scemd.org/recovery-section/ia .

All FEMA disaster assistance will be provided without discrimination on the grounds of race, color, sex (including sexual harassment), religion, national origin, age, disability, limited English proficiency, economic status, or retaliation. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). If you have a speech disability or hearing loss and use a TTY, call 800-462-7585 directly; if you use 711 or Video Relay Service (VRS), call 800-621-3362.

You can  receive weather alerts, safety tips and learn about disaster resources by downloading the free FEMA App, available for Apple, Android, and Blackberry mobile devices. Visit  fema.gov/mobile-app  for more information.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow us on Twitter at  https://twitter.com/femaregion4 and the FEMA Blog at http://blog.fema.gov.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing This email address is being protected from spambots. You need JavaScript enabled to view it., or visiting SBA’s website at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

Thursday, 03 November 2016 00:00

FEMA: By the Numbers

COLUMBIA, S.C. (Thursday, Oct. 27) – In the three weeks since Hurricane Matthew struck South Carolina spawning damaging storms and floods, the Federal Emergency Management Agency (FEMA) and U.S. Small Business Administration have approved more than $21.8 million in disaster assistance grants, loans and flood insurance payments.

As of the close of business Oct. 26, FEMA had approved $15.2 million through its Individuals and Households Program, and nearly $5 million in National Flood Insurance Program payments.

Additionally, the U.S. Small Business Administration has approved 42 low-interest disaster loans for

$1,670,500.

Survivors have until Dec. 13, 2016 to complete the FEMA application process. The State of South Carolina and FEMA encourage anyone with housing needs caused by the devastating storms and floods of Hurricane Matthew to register for disaster assistance.

  • Visit DisasterAssistance.gov.
  • Call toll-free 800-621-3362 (voice, 711 or video relay services) or 800-462-7585 (TTY). Lines are open daily until further notice.
  • Visit a Disaster Recovery Center (DRC) for help. Eight DRCs are operating in Orangeburg (2), Marion (2), Williamsburg, Dorchester, Horry and Florence counties. Representatives from FEMA, SBA and various state agencies are on hand to answer questions.

All FEMA disaster assistance will be provided without discrimination on the grounds of race, color, sex (including sexual harassment), religion, national origin, age, disability, limited English proficiency, economic status, or retaliation. If you believe your civil rights are being violated, call 800-621-3362 or 800-462-7585(TTY/TDD).

You can  receive weather alerts, safety tips and learn about disaster resources by downloading the free FEMA App, available for Apple, Android, and Blackberry mobile devices. Visit fema.gov/mobile-app for more information.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow us on Twitter at https://twitter.com/femaregion4 and the FEMA Blog at http://blog.fema.gov.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster- damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing This email address is being protected from spambots. You need JavaScript enabled to view it. or visiting SBA’s website at  www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

According to the results of a recent survey of 1,072 security industry professionals, 73 percent of respondents admit they aren't using threat data effectively to pinpoint cyber threats.

The top reasons for that lack of effectiveness include lack of staff expertise (69 percent of respondents), lack of ownership (58 percent), and lack of suitable technologies (52 percent).

The survey, sponsored by Anomali and conducted by the Ponemon Institute, also found that just 46 percent of respondents are using threat data at all in deciding how to respond to malicious activity.

...

http://www.esecurityplanet.com/network-security/73-percent-of-security-pros-arent-using-threat-intelligence-data-effectively.html

(TNS) - On a March evening in 1933, the Newport-Inglewood fault ruptured violently along the Huntington Beach coast. The quake brought down scores of buildings from Santa Ana to Compton, with Long Beach hit particularly hard.

The Long Beach quake, the deadliest in Southern California history, focused attention like never before on the seismic dangers the region faces.

But a new study suggests that the quake may have been caused by another factor: Deep drilling in an oil field in Huntington Beach.

...

http://www.emergencymgmt.com/disaster/Southern-Californias-deadliest-quake-may-have-been-caused-by-oil-drilling-study-says.html

Wednesday, 02 November 2016 00:00

High Density Compute is Here; Are You Keeping Up?

The connected lifestyle is here, and whether you are reaching consumer or business users, the growth in the use of devices and data is staggering.  In the U.S., the number of devices and connections is expected to grow from 7.3 per person in 2015 to over 12 per person in 2020. Video continues to grow according to Cisco’s VNI with business internet video growing 4.2 fold between 2015 and 2020 reaching 4.8 exabytes, and consumer video 3.1 fold to reach 29.1 exabytes by 2020.  This will have a big overall impact on the data center as more than 83 percent of all data center traffic will be in the cloud by 2019.

To meet the rapid growth in data usage, high-density data centers will be critical in order to scale to support cloud, big data IT and new data-intensive technologies.  And since data centers are all about power and cooling, high density is how you maximize the usage of both of these.

...

http://www.datacenterknowledge.com/archives/2016/11/02/high-density-compute-keeping/

After you have spent the time needed to develop Business Continuity and Disaster Recovery plans, training and testing are your next steps. Training those who will use the plan, especially secondary resources who may not have participated in its development, is critical to the success of your efforts, as is the validation of the functional capability and accuracy of your plans.

Training for business continuity is used to familiarize people with the plan elements and processes, and to reinforce basic knowledge of the plan. Having a team well versed in the initial steps of the BC/DR plan will help to ensure an effective and early response. Regardless of how you implement training and testing, there are specific elements that must be covered:

...

https://www.mha-it.com/2016/11/training-for-business-continuity/

SAVANNAH, Ga. – Georgia disaster survivors who suffered damage or loss from Hurricane Matthew and were referred to the U.S. Small Business Administration could lose some income-based FEMA grants if they don’t complete and submit SBA’s loan application.

FEMA’s Other Needs Assistance grants may cover uninsured losses for furniture, appliances and other essential personal property, even vehicles. Survivors will not be considered for this type of assistance unless they complete and return the SBA loan application. The information on the application is used to determine eligibility for income-based assistance.

Disaster survivors in Bryan, Bulloch, Chatham, Effingham, Evans, Glynn, Liberty, Long, McIntosh and Wayne counties are encouraged to register with FEMA and, if referred, complete and submit an SBA loan application, even if they don’t want a loan. The application is used to check eligibility for additional grants.

SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. The SBA offers low-interest disaster loans to businesses, private nonprofit organizations, homeowners and renters.

Survivors should start the loan process as soon as possible, and those who qualify for an SBA loan are under no obligation to accept it.  If approved and the loan is not accepted, the survivor may be ineligible for additional federal assistance.

Submit an SBA loan application even if you are waiting for an insurance settlement. Survivors do not have to wait for an insurance settlement. A survivor’s insurance policy may not cover all the replacement, repair and rebuilding costs. A disaster loan is available to cover the difference.

To repair or help rebuild a primary residence, a homeowner may borrow up to $200,000 from SBA. Homeowners and renters may borrow up to $40,000 from SBA to replace personal property.

Businesses may borrow up to $2 million for any combination of property damage or economic injury. SBA offers low-interest working capital loans (called Economic Injury Disaster Loans)

to small businesses and most private nonprofit organizations of all sizes having difficulty meeting obligations as a result of the disaster.

Damage from Hurricane Matthew must have occurred Oct. 4-15. Survivors can register with

FEMA the following ways:

The filing deadline to return SBA loan applications for physical property damage is Dec. 16. The deadline to return economic injury applications is July 17, 2017.

For more information about SBA loans, call SBA’s disaster assistance customer service center at 800-659-2955, email This email address is being protected from spambots. You need JavaScript enabled to view it. or visit sba.gov/disaster. TTY users can call 800-877-8339.  Applicants may also apply online using the electronic loan application via SBA’s secure website at disasterloan.sba.gov/ela.

Disaster survivors may also visit any disaster recovery center where SBA customer service representatives can answer questions, help complete loan applications and close loans. For the nearest location go to asd.fema.gov/inter/locator/home.htm.

For updates on Georgia’s Hurricane Matthew response and recovery, follow @GeorgiaEMA and @FEMARegion4 on Twitter and visit gemhsa.ga.gov and fema.gov/disaster/4284.

Wednesday, 02 November 2016 00:00

The Frightening State of Unseen Security Breaches

I get a semi-regular update from Varonis on what it’s seeing in accounts, and this last briefing was particularly frightening. So much so that I asked to speak to one of the firm’s customers, which had uniquely moved its implementation of Varonis’ tool, from IT management and compliance and email and file servers, to every server the company had in order to assure compliance and catch breaches that other firms were missing.

What I think is particularly concerning is that breaches are now being identified that most companies aren’t even aware are happening. This suggests that a lot of you may be on the verge of a Yahoo-level event that may have actually already occurred. And, like Yahoo, once that kind of a breach is discovered, the whole “ignorance is bliss” thing that most firms seem to be operating on will be proven false.

Let’s talk about some of the discoveries.

...

http://www.itbusinessedge.com/blogs/unfiltered-opinion/the-frightening-state-of-unseen-security-breaches.html

Wednesday, 02 November 2016 00:00

CDC: Tips on Cleaning Mold After a Flood

IMG_1277_banner

moldReturning to your home after a flood is a big part of getting your life back to normal. But you may be facing a new challenge: mold. What can you do to get rid of it?  How do you get the mold out of your home and stay safe at the same time? CDC has investigated floods, mold, and cleanup, and offers practical tips for homeowners and others on how to safely and efficiently remove mold from the home.

In 2005, thousands of people along the Gulf Coast were faced with cleaning up mold from their homes after Hurricanes Katrina and Rita. One of our first concerns was to let homeowners and others know how they could clean up mold safely. After Hurricane Sandy in 2012, we teamed up with other federal agencies to provide practical advice on mold cleanup. This guidance outlines what to do before and after going into a moldy building, how to decide if you can do the cleanup yourself or need to hire someone, and how you can do the cleanup safely.

Prepare to Clean Up

It isn’t necessary to identify the type of mold in your home, and CDC doesn’t recommend routine sampling for mold. If you are susceptible to mold, there may be a health risk; therefore, no matter what type of mold is present, it needs to be removed.

Before you start any cleanup work, call your insurance company and take pictures of the home and your belongings. Throw away, or at least move outside, anything that was wet with flood water and can’t be cleaned and dried completely within 24 to 48 hours. Remember – drying your home and removing water-damaged items is the most important step to prevent mold damage.mold_infographicv3

Protect Yourself

We offer specific recommendations for different groups of people and different cleanup activities. This guidance educates people about the type of protection (think: gloves, goggles, masks) you need for different parts of your mold cleanup. It also identifies groups of people who should and should not be doing cleanup activities.

Be Careful  With Bleach

Many people use bleach to clean up mold. If you decide to use bleach, use it safely by wearing gloves, a mask, and goggles to protect yourself. Remember these four tips to stay safe:

  • NEVER mix bleach with ammonia or any other cleaning product.
  • ALWAYS open windows and doors when using bleach, to let fumes escape.
  • NEVER use bleach straight from the bottle to clean surfaces. Use no more than 1 cup of bleach per 1 gallon of water when you’re cleaning up mold. If you are using stronger, professional strength bleach use less than 1 cup of bleach per gallon of water.
  • ALWAYS protect your mouth, nose, skin, and eyes against both mold and bleach with an N-95 mask, gloves, and goggles. You can buy an N-95 mask at home improvement and hardware stores.

You can take steps to keep yourself and others protected while cleaning up mold after a flood. Make sure to follow CDC’s recommendations so you can return home safely.

Resourcesmold2

Every fall Forrester’s Security & Risk team comes together to make a set of predictions on the issues that will have the greatest impact on our clients in the next year. We don’t make broad, Nostradamus-like predictions like “There will be a breach at a large company in a great city.”  Instead, we go out of our way to make detailed predictions that force us to take strong stances, can easily prove wrong or right and are actionable by security and risk professionals. Before we provide a sneak peek into our 2017 predictions, it’s worth looking back and grading our 2016 predictions. 2016 was a particularly tumultuous year for cybersecurity. News agencies kept themselves busy as companies and public figures struggled with breaches, companies experienced embarrassing downtime and individuals felt their privacy rights slip away. The result? Cybersecurity has now vaulted from the boardroom to the Senate floor and to the Presidential debate stage. So how'd we do?

...

http://blogs.forrester.com/amy_demartine/16-11-01-grading_forresters_2016_cybersecurity_predictions_plus_a_sneak_peek_into_our_2017_predictions

Wednesday, 02 November 2016 00:00

BCI: The necessity of organizational buy-in

The Business Continuity Institute - Nov 02, 2016 09:37 GMT

In preparing to enter the business continuity industry, I could foresee that technological advances and organizational buy-in were going to be the greatest challenges for business continuity professionals. I interviewed at dozens of organizations across the United States before accepting a Business Continuity and Information Security position at one of the leading financial institutions.

I still firmly believe that organizational buy-in is paramount to a business continuity programme’s success. Lacking robust continuity plans will cause an organization to have difficulty recovering from an incident - if they can recover at all. By investing in business continuity professionals and programmes, an organization is providing the opportunity for thorough plans and recovery tactics. I have found that in my division, business continuity is heartily supported by senior management and that is essential to our success.

As a continuity planner, my job entails working with business areas to ensure they are meeting the continuity standards and requirements. Having a capable business continuity programme allows the business areas to understand and comply with the resiliency requirements. The business areas we support hold greater stock in our testing and resiliency requests knowing that senior management is backing our initiatives.

In my capacity working with both Business Continuity and Information Security I maintain that technological advances pose challenges for continuity professionals, though I concede that my views have changed based on my experience. While social media, the cloud, and virtualization are still very prominent challenges for organizations, I believe that automation of processes and appropriate and ethical use of access is of greater concern. Automated processes remove human error, though if systems are down, the business would need this issue resolved within their Recovery Time Objectives. Having manual workarounds in place to guarantee that recovery will be successful is imperative to ensure critical tasks are completed. Ethical and appropriate use of access can result in fines, legal issues, and public embarrassment. Ensuring that users are neither sharing passwords nor over-provisioning their access mitigates these risks.

While organizational buy-in is still a challenge for business continuity professionals, I am fortunate to be working in a division that has recognized the importance of this field, and encourages growth and understanding from its businesses. Our CEO has emphasized the importance of identifying and mitigating risk and as such seeks to limit human error and strictly control access. Interviewing at so many organizations throughout the country allowed me to see the varying emphasis companies place on business continuity programmes. As such, business continuity professionals may still need to fight for their place in an organization, though I hope that companies who are not fully invested in business continuity programmes are able to see the benefits of those who are leading their industries.

Tanya Fischer AMBCI currently holds a position as a Continuity Analyst at a financial institution in Eastern Massachusetts. As a Continuity Analyst, Tanya supports business continuity plans for numerous Business Units throughout North America and EMEA. Still fairly new to the field, she has an optimistic outlook for business continuity professionals! Tanya holds an MSc in Emergency Management with a concentration in Homeland Security from Adelphi University. Tanya was also an original contributor to the Business Continuity Institute's '20 in their 20s' publication.

Tuesday, 01 November 2016 00:00

FEMA: Help for Renters

COLUMBIA, S.C. – With so much attention given to businesses and homeowners, survivors who are renters may think they are not eligible for disaster assistance even though they suffered losses from the storms and floods spawned by Hurricane Matthew. But they are.

Like homeowners, renters must first register with the Federal Emergency Management Agency (FEMA):

  • Go online to DisasterAssistance.gov
  • Call toll-free 800-621-3362 (711, voice or video relay services) or 800-462-7585 (TTY). Lines are open daily from 7 a.m. to 10 p.m. until further notice.
  • Visit one of the nine Disaster Recovery Centers (DRCs) operating in Beaufort, Dorchester, Florence, Horry, Marion, Orangeburg and Williamsburg counties. Find the DRC closest to you at “Quick Links” on DisasterAssistance.gov. Representatives from FEMA, the U.S. Small Business Administration and various state agencies are on hand to answer questions.

Registering with FEMA is the first step toward qualifying for disaster assistance, which may include grants to help renters and homeowners pay for temporary housing, personal property replacements and other serious disaster-related needs not covered by insurance.

After registering with FEMA, renters may also be eligible for low-interest loans from the U.S. Small Business Administration (SBA). SBA offers such loans to businesses of all sizes, private non-profit organizations, and homeowners as well as renters. SBA loans to renters may cover the cost of repairing or replacing lost or disaster-damaged personal property.

For more information on SBA loans, call SBA’s Disaster Assistance Customer Service Center at 800 659-2955 or 800 877-8339 for TTY; email This email address is being protected from spambots. You need JavaScript enabled to view it.or visit  http://www.sba.gov/disaster. Applicants may also apply online at https://disasterloan.sba.gov/ela for the Electronic Loan Application on SBA’s secure website.

All FEMA disaster assistance will be provided without discrimination on the grounds of race, color, sex (including sexual harassment), religion, national origin, age, disability, limited English proficiency, economic status, or retaliation. If you believe your civil rights are being violated, call 800-621-3362 or 800-462-7585(TTY/TDD).

You can  receive weather alerts, safety tips and learn about disaster resources by downloading the free FEMA App, available for Apple, Android, and Blackberry mobile devices. Visit fema.gov/mobile-app for more information.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow us on Twitter at https://twitter.com/femaregion4 and the FEMA Blog at http://blog.fema.gov.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster- damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing This email address is being protected from spambots. You need JavaScript enabled to view it., or visiting SBA’s website at   www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

BSI has launched BS ISO 37001, ‘Anti-bribery management systems: requirements with guidance for use’, a standard to aid the prevention and detection of bribery in organizations.

BS ISO 37001 assists organizations with turning the legal requirements of the 2010 UK Bribery Act into practical measures, by providing guidance on how to put the right controls in place. The standard sets out the requirements for an organization or business looking to set up a management system to prevent and detect bribery within an organization – and how to confront bribery should it arise.

Managing the risks posed by bribery is high on the agenda of many organizations globally. BS ISO 37001 covers the many forms of bribery which can damage an organization, including bribery of individual personnel; bribery of the organization by another party; bribery by the organization itself; and indirect bribery from a third party.

The standard provides a system for organizations to use to avoid funds being misappropriated, and safeguards against projects being undermined and not carried out with due diligence. Critically, BS ISO 37001 sets out how to maintain an effective anti-bribery system once it is in place, and reviewing and improving these safeguards periodically.

Anne Hayes, Head of Market Development for Governance and Resilience at BSI, said: “In a 24 hours news cycle, any association with bribery can be fatal for the reputation of an organization. It’s critical for public and private sector organizations to be seen to have a strong system of leadership in place to weed out corruption, root and branch. BS ISO 37001 is a tangible way for organizations of all sizes to demonstrate to their employees, suppliers and the public at large that they are managed with integrity and have the necessary safeguards in place to tackle bribery if it arises.” 

Should an organization fall foul of a bribery scandal by a rogue employee, BS ISO 37001 can be used to demonstrate to clients and contractors that the organization is committed to a comprehensive anti-bribery policy.

www.bsigroup.com

According to some sources, only 10% of any business strategy plans are ever effectively implemented.

With IT becoming more closely aligned with business, it seems that statistic might apply to IT strategy too. If this prediction sounds just too gloomy, chin up because there could be a silver lining to the cloud of despondency that is fast settling upon you.

You can increase your chances of getting into that fortunate 10% (those whose strategy plans give results), by avoiding the IT planning mistakes that follow.

...

http://www.opscentre.com/4719-2/

The recent hacking of software vendor Continuum sent shockwaves through the managed service provider (MSP) community and raised prickly questions about who’s liable when cyberattackers breach toolsets and gain access to the networks of MSPs and their clients.

In the Continuum attack – revealed to partners in early August and more broadly this month – hackers breached a legacy IP scanner tool, resulting in unauthorized administrative superuser accounts being created inside the networks of an undisclosed number of MSP customers.

...

http://mspmentor.net/msp-mentor/vendors-or-msps-who-should-pay-when-hackers-strike

To help security and risk professionals navigate the complex landscape of privacy laws around the world, Forrester created a data privacy heat map that highlights the data protection guidelines and practices for 54 different countries. Earlier today, we published the 2016 version to the tool, as well as a free version with access to only the U.K. and U.S. ratings. We have updated the map every year since it’s initial publication in order to keep pace with the constantly-evolving landscape of global data privacy laws.
 
As we roll out the 2016 update and reflect back on the past 5 years of annual assessments, three high-level trends emerge:
...
Tuesday, 01 November 2016 00:00

4 Essential IoT Security Best Practices

Securing the Internet of Things is an especially hot topic right now thanks to some bad botnets -- and, of course, some major IoT vulnerabilities.

This month the Mirai botnet waged the world's largest DDoS attack in history against Dyn, a major domain-name server. The attack wreaked havoc across the entire internet, taking down major sites, gaming networks and other online services over the course of three massive waves throughout the day before Dyn was finally able to beat the hackers back.

...

http://www.esecurityplanet.com/network-security/4-iot-security-best-practices.html

Tuesday, 01 November 2016 00:00

Cyberattacks a Growing Threat for Healthcare

Because of the high value of medical records and healthcare databases to criminals, they pose ever more attractive targets. In fact, a number of reports have shown that cyberattacks are costing the healthcare industry billions of dollars annually, with a median loss of $150,000 per incident. Cybersecurity risks in healthcare have also drawn attention to the vulnerability of hospitals, clinics and other healthcare providers.

The infographic below, which is part of a series by Advisen and Hiscox, looks at:

  • The frequency of Health Insurance Portability and Accountability Act (HIPAA) violations over the past five years
  • The median loss in healthcare cyberattacks
  • The percentage increase of protected health information (PHI) losses between 2006 and 2011 for printed records, servers, laptops, desktop, website, portable data storage devices, and other sources.

...

http://www.riskmanagementmonitor.com/cyberattacks-a-growing-threat-for-healthcare/

http://www.riskmanagementmonitor.com/cyberattacks-a-growing-threat-for-healthcare/
Tuesday, 01 November 2016 00:00

Next Colorado Threat: Erosion, Floods

(TNS) - Firefighters battling the Junkins Fire are getting the upper hand after firing operations have had “a major positive impact on the fire” and work is set to begin on assessing damage to the watershed. According to a Sunday update on the 18,403 acre fire, “The elimination of fuels close to the fire lines are now protected,” which led to a slight increase in acreage of the fire.

Aircraft operations made several reconnaissance passes over the fire throughout the burn period and only interior smokes were spotted. Fuels within the fire line will continue to burn, the statement said.

A Burned Area Emergency Response team, made up of officials from several federal agencies, is ready to start work to identify and manage potential risks to resources, such as erosion problems that could impact the watershed or increase flooding. Once the team determines whether there are imminent post-wildfire threats to human safety, property or natural resources, officials will take immediate action to manage the unacceptable risks, according to a report.

...

http://www.emergencymgmt.com/disaster/Next-Colorado-Threat-Erosion-Floods.html

The Australian Red Cross Blood Service recently apologized after 550,000 blood donors' personal information was mistakenly exposed online.

The breach appears to be the largest in the country's history.

The information exposed included the names, genders, email addresses, mailing addresses, phone numbers, and birthdates of people who donated blood between 2010 and 2016. It also included answers to the question, "In the last 12 months, have engaged in at-risk sexual behavior?"

The data was accessible from September 5 to October 25, 2016, and was accessed on October 24, 2016 by someone scanning for security vulnerabilities, who notified Troy Hunt of the data breach notification service Have I Been Pwned of the flaw.

...

http://www.esecurityplanet.com/network-security/australian-red-cross-data-breach-exposes-550000-peoples-personal-information.html

I’ve been in IT for over 25 years and spend much of my time rubbing elbows with IT pros that specialize in certain parts of the industry. So, when I talk a lot (and I do) about backups, there’s sort of an assumption that the IT pro I’m interacting with has the basics down.  

But, as those of you in SMBs know, it’s never that easy. You have so many hats (including backup) to wear, that you often need a little push in the right direction so that you don’t need to try and reinvent the wheel as it were.

So, what’s the right way to plan out your backup strategy for small business?

...

http://mspmentor.net/blog/step-step-guide-backup-strategy-small-business

Monday, 31 October 2016 00:00

Turning Telcos into Cloud Providers

The world’s telecommunications carriers are set on becoming cloud providers as well, and the enterprise is the prime customer.

With abstract networking technologies like SDN, NFV and OpenStack on the table, telcos are quickly building the kind of flexibility into their networks that support agile delivery of a wide range of cloud services. At the same time, they are partnering with service providers, software developers, infrastructure vendors and anyone else who can round out their offerings to provide full software-defined data center (SDDC) platforms at scale.

In the U.S., both Verizon and AT&T are vying to become the dominant figure in cloud networking services. Verizon recently inked a deal with Oracle to provide interconnect services to improve latency across distributed hybrid architectures. According to ZDnet, Verizon will link its Secure Cloud Interconnect with Oracle’s FastConnect platform to provide pre-provisioned resources on-demand and enable the kind of rapid connectivity required of highly dynamic data environments. The system will be overseen by Verizon’s Dynamic Network Manager that maintains connectivity between traditional IT resources and public clouds from AWS, Microsoft, Google and others.

...

http://www.itbusinessedge.com/blogs/infrastructure/turning-telcos-into-cloud-providers.html

Monday, 31 October 2016 00:00

How the CIO's Role Is Changing--a Lot

Those in the role of chief information officer have seen a lot of changes in terms of roles, responsibilities and duties. This has been especially true in the last few years, as the cloud and its associated technologies have become more prevalent.

Indeed, the job title of the CIO is one that is morphing to meet new requirements from all areas of business. Overseeing everything from rogue cloud usage to business units developing their own cloud environments can be a lot to manage. At the same time, these groups, under increased pressure to improve business cost savings and do more with less, may not be aware of, or care about, the security issues they could potentially be exposing the company to in the pursuit of these goals.

This situation has culminated into a perfect storm of pressure for these business units. All areas of the company are being tasked with making things happen ahead of the competition, doing more with fewer resources and creating virtually instantaneous results. Each of the business units is responsible for its own budget and getting the most bang for the buck. Why consult outside the unit--with IT and the CIO?  The perception is that if they control their own budgets, they should control their own "IT Destiny."

...

http://mspmentor.net/blog/how-cios-role-changing-lot

BATON ROUGE, La. — Request funds to make your structure safer and stronger within 60 days after your community notifies you it is substantially damaged.

If you’re rebuilding or repairing a substantially damaged home or business, your community may require you to elevate or make other changes. Substantial damage applies when the cost of restoring a structure equals or exceeds 50 percent of its pre-damage market value, but some communities have more restrictive regulations.

Your National Flood Insurance Program (NFIP) policy may provide up to $30,000 to update your structure so it meets local floodplain management regulations. You must first submit a signed Increased Cost of Compliance (ICC) Proof of Loss form to your insurance company.

Provide a contractor’s estimate for the proposed ICC-eligible measures to your home or business and copies of construction permits. Your insurance company needs these to consider an ICC claim.

Structures that comply with floodplain management regulations have an enhanced ability to withstand storms and floods. Examples of ICC measures include elevation, relocation and floodproofing.

You have six years from the date of loss to complete the chosen and approved ICC measures.

Go online to the Louisiana Department of Transportation and Development’s website at www8.dotd.la.gov/lafloods/community_contacts.aspx to find your community’s floodplain administrator or permitting official if you want to learn more about the substantial damage determination process.

The U.S. Small Business Administration (SBA) may be another source of funds to make your home or business safer and stronger.

If your loan application is approved, you may be eligible for additional funds to pay for improvements that will protect your property against future damage. The funds would be in addition to the amount of the approved loan.

For more information, call the SBA at 800-659-2955 or TTY 800-877-8339. You may also go online to sba.gov/disaster.

Indegy Labs researchers recently discovered a vulnerability [PDF] in Schneider Electric's Unity Pro management software for industrial controllers. The flaw could be leveraged to execute code remotely on any computer running the software.

"Since Schneider Electric is one of the largest industrial control equipment providers, this vulnerability is a major concern," the researchers noted.

The researchers discovered the vulnerability almost six months ago, and disclosed it privately to Schneider Electric at the time, according to Kaspersky Lab.

...

http://www.esecurityplanet.com/network-security/schneider-electric-patches-major-ics-vulnerability.html

Does your organization use risk management for its fundamental benefits, or has it been implemented more for regulatory or compliance reasons? Oliver Vistisen calls on organizations to make a reassessment of their risk management approach…

Risk management has come a long way since its origins as a financial instrument for the insurance industry. Now, it’s a mainstream corporate function – due in large part to regulations that have been brought in by various industrial and governmental institutions seeking to tackle some of the major calamities of recent times.  From the global financial crisis to BP’s Deepwater Horizon disaster, risk management and regulatory compliance play major roles in establishing why crises have happened, and how they can be prevented from occurring again.

As is the case with emerging technologies, there have been multiple early adopters and pioneers. However, the majority are jumping on the risk management bandwagon either because it’s become fashionable, or because they are being told to do so by industry bodies: not because they have an in-depth understanding of what risk management is; and how it could best be applied to their organization. Nor do many fully appreciate the benefits of doing so.

...

http://www.continuitycentral.com/index.php/news/erm-news/1516-risk-management-making-it-more-than-a-regulatory-exercise

Monday, 31 October 2016 00:00

The Keys to Corporate Resiliency

One of the most critical responsibilities of an executive is building corporate resilience through an effective crisis management process. Corporate resiliency is derived from three specific processes: awareness, action and preparation. Most executives recognize the impacts of known events such as, fires, floods, cyberattacks, workplace violence, etc., and have developed plans for dealing with such events.

Crises arise from being faced with an unknown or unimaginable event for which there is no mitigation strategy. The inability to effectively deal with an event, known or unknown, subsequently impacts reputation, employee morale and company value. 

Corporate resiliency, in its simplest terms, is an organization’s ability to return to a normal operational tempo — including throughout its entire web of suppliers, manufacturers, distributors, retailers, transportation carriers and the other participating partners — after some period of time following an incident. Creating corporate resiliency contains two unknowns that are imperative to understanding and developing an actionable planning process: What constitutes normal operational tempo? What is the period of time?

...

http://www.emergencymgmt.com/disaster/The-Keys-to-Corporate-Resiliency.html

Monday, 31 October 2016 00:00

Consider the Risks

On average, it takes just 82 seconds before a phishing campaign gets its first click; 23% of phishing recipient’s open messages and 11% open attachments, releasing malware and viruses or allowing hackers into the system to rob companies blind.

CyrusOne’s report examines six vulnerabilities in enterprise security, along with measures to protect it.

Download our recent executive report >
Are Your Own Employees Putting Your Business at Risk?

The Business Continuity Institute - Oct 31, 2016 12:37 GMT

By NASA Earth Observatory image by Joshua Stevens, using MODIS data from the Land Atmosphere Near real-time Capability for EOS (LANCE)

The ravages of Hurricane Matthew, the costliest Atlantic hurricane since Superstorm Sandy, are prompting businesses to rethink their natural hazards preparedness. More than one in four respondents to a survey of employees in the areas affected by the storm claimed they believe their companies will increase investment in this area.

The study, conducted by FM Global, also showed that, while respondents gave their companies mostly A’s and B’s for pre-storm preparedness, nearly two out of five employees (38%) said Hurricane Matthew interrupted normal business operations, and over a quarter (26%) of employees said their companies lost customers or orders as a result of the storm.

Adverse weather has consistently been a top ten threat for business continuity professionals, according to the Business Continuity Institute’s annual Horizon Scan Report. In the latest edition, more than half of respondents to a global survey expressed concern about the prospect of this type of disruptive event materialising. When you analyse the results further to only include respondents from countries where these types of events are relatively frequent, countries such as the United States, the level of concern increases considerably.

Horizon scanning is a fundamental part of business continuity planning,” said Patrick Alcantara DBCI, Senior Research Associate at the BCI and author of the Horizon Scan Report. “Investment needs to be put into preparing for disruptive events prior to them occurring, not after. Organizations need to assess the threats they could be exposed to in the future, and then put measures in place to ensure they can still function should they occur.

Hurricane Matthew was a catastrophic event of major proportions, and disruptions of all kinds were to be expected,” said Brion Callori, senior vice president of engineering and research at FM Global. “However, we do believe the majority of loss is preventable, and tools and solutions exist to both understand what might occur during a hurricane and be prepared to mitigate the effects. We applaud new investment in resilience since it could make all the difference in the fate of a business, including revenue, market share, shareholder value and reputation. It’s only a matter of time before the next severe storm strikes.

Whether you expect to witness a creepy clown in your neighborhood or have nightmares of Michael Myers chasing you, Halloween is a night to celebrate things that scare us and make the hair stand up on the backs of our necks. Disaster recovery testing reduces the number of things that can scare us – on Halloween and all through the year.

The Critical Role of Disaster Recovery Testing

For those of us responsible for anticipating the unexpected and keeping your business operations running no matter what, uncertainty over having an “accurate” disaster recovery plan in place and identifying critical applications really can haunt us. Like a character being followed in a slasher film, we’re always looking over our shoulder, stuck with a nagging suspicion that something critical may have been overlooked.

...

https://www.iwco.com/blog/2016/10/28/importance-of-disaster-recovery-testing/

The Business Continuity Institute - Oct 28, 2016 09:51 BST

Ebola, Bird Flu, Swine Flu, SARS. There have been several times in recent years when the news headlines have been filled with stories of pandemics occurring in some part of the world, or at least are threatening to. Some never materialise into anything more substantial than a threat, but the fear of the potential impact still remains.

The latest Horizon Scan Report by the Business Continuity Institute put human illness in 13th place on the list of disruptive events that business continuity professionals are most concerned about. 38% of respondents to a global survey expressed concern about the prospect of this threat materialising, although this was a decrease from 2015 when it was in 8th place with 42% expressing concern.

So how prepared are we to deal with a pandemic outbreak and the impact it could have on our organizations. Do we know what impact it could have? In the latest edition of the BCI's Working Paper Series, Dezheng Yuan AFBCI uses three simplified financial models to elaborate on the impact of pandemic transmission speed to the business continuity of organizations and advised solutions. In his paper, Dezheng explains how slower pandemic transmission speed could enable more effective cross-region back-up plans of organizations which could reduce financial losses.

Among other things, Dezheng concludes that, even if the final morbidity and mortality rates remain the same, the efforts paid to delay the spread of the infectious diseases are still justified from the viewpoint of business continuity management.

"Concerns about the wholesale outbreak of disease are not that far-fetched considering the historical record which makes Dezheng Yuan’s paper relevant", says Patrick Alcantara DBCI, Senior Research Associate at the BCI and Editor of the Working Paper Series. "His methodology is relatively more technical than most of the works we have published in this series but lends itself well to practical solutions which he enumerates at the end of his piece. Indeed, his work demonstrates the depth of thinking in our professional community which we aim to feature in this publication."

Download your free copy of 'The effect of pandemic transmission speed on business continuity' to understand more about the potential impact a threat a pandemic could have on your organizations, and what you can do to mitigate against it.

ATLANTA, Ga. — As companies seek to cut costs and improve efficiency, a growing number of businesses encourage or allow their employees to use their own digital devices at work. “Navigating the IT, privacy, security and intellectual property issues was difficult enough before Bring Your Own Device (BYOD) became common,” says attorney and engineer Janine Anthony Bowen, a shareholder in national law firm LeClairRyan’s Atlanta, Ga. office. “But as the trend surges – and the law catches up with it – companies should carefully review their BYOD policies.”

Challenges range from liability for unpaid overtime to stiff legal penalties for failing to preserve data that may be subject to the eDiscovery process, adds Bowen, a member of LeClairRyan’s Privacy and Data Security Practice.

...

http://corporatecomplianceinsights.com/as-byod-trend-surges-employers-should-keep-up-with-changing-laws/

Friday, 28 October 2016 00:00

Hurricane Matthew: What Went Wrong?

When Hurricane Matthew swept through the Southeastern United States earlier this month, it left behind extensive debris, thousands without power, and many people living in shelters. In North Carolina, Florida, Georgia and South Carolina, meanwhile, a total of 17 people lost their lives.

Today’s storm forecast models are more advanced than ever before. So how is it that so many residents were caught unprepared when Hurricane Matthew swept into their towns earlier this month? The truth is that storms are notoriously unpredictable, and while forecasts can help, they ultimately only go so far. Let’s take a closer look at what went wrong with Hurricane Matthew, along with highlighting the single best way to protect yourself, your loved ones, and the members of your community when a storm is on its way.

...

http://blog.sendwordnow.com/hurricane-matthew-what-went-wrong

Until recently, the conventional wisdom about data storage was that on-premise solutions don’t offer the flexibility or cost savings of the cloud. Enterprises may have concerns about handing over control of their data and IT infrastructure to a cloud provider because they worry about security, but they’re willing to put these concerns aside if they think they can get the scale and storage they need — at a good price.

Depending on your business, this might have been true in the past: If you weren’t dealing with big data sets, sought low latency, and wanted to save money, the cloud may have been the right choice. Spinning disks didn’t offer the performance needed, and flash drives were too expensive to use in bulk.

Recent changes in the storage market have weakened the argument that storage in the public cloud is the only cost-effective option. Your data center doesn’t necessarily have to be built in the cloud if you’re trying to get that magic combination of cost effectiveness and performance. Here’s what’s happening in the data storage market that should factor into your decision making:

...

http://www.datacenterknowledge.com/archives/2016/10/27/storage-innovations-spur-second-look-cloud-premise-options/

There’s no longer any question that AI (artificial intelligence) is transforming the business world, and this is great news when it comes to successfully maintaining a corporate infrastructure modeled on the three pillars: governance, risk management and compliance (GRC).

Until now, the demands of GRC have been coupled with a spiraling need to increase productivity and cut costs in a hypercompetitive marketplace, turning this near impossible feat into a never-ending and often losing battle. But with the introduction of cutting-edge AI and NLP (natural language processing) technologies into the workplace, companies are discovering they can turn impossibility into reality.

Artificial intelligence has become an indispensable tool for humans to gain support in pretty much every aspect of running a business, and the methodology behind effective GRC is no exception. Much of a company’s compliance and regulatory measures center on the need for better decision-making; automating the processes that contribute to timelier, more informed decisions are a primary objective of emerging AI solutions.

...

http://corporatecomplianceinsights.com/exploring-upside-evolving-ai-business-solutions/

Earlier this year, a ransomware attack shut down the Lincolnshire County Council’s computer systems. For a week, members were reduced to using pens and pencils after the council refused to pay the $500 ransom demanded by the attackers.

It was a vivid example of the disruption that ransomware can cause security executives, who are girding to contend with targeted ransomware attacks against current and planned cloud deployments.

No surprise there as malicious hackers, clearly creatures of habit, seek out the most promising targets. While the cloud has proven its security critics wrong up until now - it’s actually a lot more secure than many thought a few years ago  - targeted ransomware attacks against the cloud are on the increase.

...

http://mspmentor.net/cloud-services/why-ransomware-attackers-really-really-cloud-computing

Thursday, 27 October 2016 00:00

Is Our Business Continuity Program a Sham?

You test, you plan, and you document, but is your business continuity program a sham?

It’s a question a senior executive of a client recently asked me. Sadly, the answer to his question was a resounding “yes!” In many cases, we find that the pretty picture painted by the BCM team is not what it seems when you get up closer and pull the covers back.

Why are so many programs in this state?  Well, here are 10 reasons:

...

http://www.mha-it.com/2016/10/is-our-business-continuity-program-a-sham/

The recent DDoS attacks have shone a bright spotlight on the security problems within the Internet of Things. The attacks are also a reminder that cloud security is still a work in progress.

That’s not to say that the cloud isn’t secure; instead, the problem may be the way we think about security and the cloud, as InfoWorld explained:

With DDoS attacks, the tendency is to focus on organizations directly affected. Thus, when hacktivists target financial services or gaming sites, the victims are those trying to access those applications. The information is intact, albeit temporarily unavailable.

With Dyn, however, the target was core internet infrastructure, which means any organization that relies on Dyn or works with a service provider dependent on Dyn is affected.

...

http://www.itbusinessedge.com/blogs/data-security/the-relationship-between-iot-cloud-security-and-ddos.html

Of all the ways in which advanced analytics and machine intelligence can impact the enterprise business model, perhaps none is more crucial than its effect on IT itself.

As infrastructure becomes more distributed and data loads become more complex, IT must become more adaptive, even to the point where it exceeds a technician’s ability to collect operating data, figure out what it all means and implement the required changes. So before organizations turn Big Data loose on functions like sales, marketing and compliance, it makes sense to implement it on the infrastructure and operational layers of the data environment itself.

This can be done in numerous ways. Power management firm Eaton recently launched the PredictPulse Insight platform that uses a cloud-based analytics engine to track power distribution throughout the data center to predict failures and optimize efficiency. The system ties into the PredictPulse remote monitoring service to produce a more predictive, proactive model of energy management. Users are provided with real-time data over an online dashboard that details alarm settings, performance metrics, service history and a host of other points, all of which can be accessed by either a traditional web portal or a mobile app.

...

http://www.itbusinessedge.com/blogs/infrastructure/how-to-deploy-advanced-analytics-in-the-enterprise-start-with-it.html

Thursday, 27 October 2016 00:00

The Era of the Smart Data Center

What does it take to run a smart data center?

For many businesses, the data center is the heart of software technology—the “thing” enabling businesses to do more, efficiently expand their capabilities, and maintain the information necessary to run their business properly. A smart data center is needed to support the demands and application deployment models, such as the Internet of Things (IoT), cloud, platform-as-a-service, software-as-a-service, and other models on the verge of becoming mainstream. As business needs evolve, companies are demanding more from their data centers.

Are data centers up to the challenge?

...

http://www.datacenterknowledge.com/archives/2016/10/26/era-smart-data-center/

Thursday, 27 October 2016 00:00

Preparing for Colder Weather

As some parts of the Northeast experience their first frost/freeze of the season, this is a good time to make some cold weather preparations.

NOAA’s recently issued U.S. Winter Outlook said the development of La Niña, the climate phenomenon and counterpart of El Niño, is expected to influence winter conditions this year.

La Niña favors drier, warmer winters in the southern U.S. and wetter, cooler conditions in the northern U.S. but because forecasters expect it to be weak and short-lived, we probably shouldn’t bet against snow.

...

http://www.iii.org/insuranceindustryblog/?p=4640

U.S. regulators unveiled draft cybersecurity standards  aimed at protecting the U.S. financial system in the event of a technology failure or cyberattack. The plan, authored by the Federal Reserve, the Federal Deposit Insurance Corp. and the Office of the Comptroller of the Currency, would strengthen the way agencies oversee how large U.S. banks and foreign banks operating in the U.S. with $50 billion or more in assets manage and address threats to cybersecurity.

The draft plan would impose the toughest restrictions on firms considered to pose the greatest risk to the financial system. Those firms would have to prove they can get their core operations running within two hours of a cyberattack or major IT failure. The new rules also would apply to nonbank financial companies deemed systemically risky by a panel of regulators.

...

https://ems-solutionsinc.com/blog/regulators-tighten-cybersecurity-standards-us-banks/

The Business Continuity Institute - Oct 27, 2016 09:41 BST

Clearly it is embarrassing, and we’ve all heard about the huge fines that have been imposed on some organizations following a data breach, but what is the long term impact of such an event? A study conducted by Thales e-Security has showed that the vast majority of people would reduce or eliminate the use of an organization’s products or services following a data breach, and only 16% of respondents would continue to use an organization’s products or services as usual.

According to the UK-based study, one in five people (20%) would withhold custom altogether from an organization that had been breached, while over a third (37%) stated they would only use their products and services if there were no other alternatives.

This major rejection of organizations that have been breached demonstrates why business continuity professionals are concerned about this type of threat. In fact, the Business Continuity Institute’s latest Horizon Scan Report identified data breach as the number two threat (after cyber attack) with 80% of respondents to a global survey expressing concern about the possibility of such an incident occurring.

It’s important for firms to recognise just how much of their customer base might be lost in the wake of breach incidents,” said Sol Cates, vice president of technology strategy at Thales e-Security. “With more than half of respondents saying that they would either immediately stop using an organization’s products or services altogether, or use them only if they have no other choice, effective security controls specifically placed around data to prevent and minimise damage from data breaches become an absolute requirement.

The survey also questioned respondents on what they would be most concerned about following a breach of their personal information. Nearly half (46%) stated that money being stolen from their bank account was the main concern, while two in five stated that it was having their identity stolen.

The theft of money from someone’s bank account as the result of a breach is a very tangible fear, but realistically it is much less likely than other outcomes,” continued Cates, “The implications of identity theft should pose far more of a concern, as they can be extremely painful and long lasting, with clean-up from incidents taking months or even years, and having long term effects on using and obtaining credit when it is really needed. Once your data is ‘in the wild’, your life is never the same.

Digital Realty Trust uses more renewable energy than any other data center provider, followed by Equinix, according to the US Environmental Protection Agency.

Companies that use providers like Digital and Equinix are increasingly interested in data center services powered by renewable energy, partly because of their own corporate sustainability programs and partly because energy generated by sources like wind and solar has gotten a lot cheaper in recent years. In response, the providers have been sourcing more renewables to address the demand.

 

recent survey of consumers of retail colocation and wholesale data center services by Data Center Knowledge, found that 70 percent of these users consider sustainability issues when selecting data center providers.

...

http://www.datacenterknowledge.com/archives/2016/10/25/data-center-providers-use-renewable-energy/

Wednesday, 26 October 2016 00:00

Field Tested and Ready

Bockistan lies in ruins.

A magnitude 7.8 earthquake has rocked the country, killing hundreds. Large apartment buildings have collapsed, communications are out, airports and seaports are closed, electricity is dead, and water isn’t flowing.

Into this situation come 42 Americans ranging in age from their early 20s to their late 50s, full of enthusiasm and determination to do good and carrying bags of gear. But they’re entering an unfamiliar world in a state of disaster, full of cultural pitfalls and government red tape.

What’s more, this is their final exam — not to add any pressure.

...

http://www.emergencymgmt.com/training/Field-Tested-and-Ready.html

Wednesday, 26 October 2016 00:00

CDC: How We Decide What to Say in Emergencies

A few years ago, there was an outbreak of Salmonella infections among people who ate peanut butter and products containing peanut paste, like crackers and cookies. People were scared. They needed to know which products were affected. Were they in their grocery store, or worse, already in their kitchen? They also needed facts about Salmonellainfection: what are the symptoms, and how dangerous is it?

Fact: You can’t protect your health if you don’t know what to do and how to do it.

This is the reason I spend my days helping people get the right messages about their health at the right time. During the Salmonella outbreak linked to peanut butter, we worked to quickly gather information and science from lots of sources and get it to the people who needed it. But there’s more to communicating about health than just moving information around. There’s a science behind what we do.

First things first

Before I start writing, I take a minute to put myself in the audience’s shoes. Who are they, and what do they need to know to protect themselves? I begin with the what, why, and how – the basics everyone needs to take the first steps.

In an emergency, geography is also important. If there’s an outbreak or a flood, not everyone may be affected. People need to know if they’re close to the incident or far away, and what the likelihood is that it will affect them.

But we don’t just consider what we need to say. We also look at the best ways for people to hear it. We know that people with different backgrounds will take in health information differently. What people do about a threat depends on several things, including who they are, who we are, and how we talk about it. This is where the communication science comes in.

Applying the science7 things to consider when communicating about health

In my job, we apply a system where we look at the different aspects of getting health information to people who need it. There are seven things we consider when we communicate about health:

  • Trust: Will people trust the information? Who is the best source to put the information out?
  • Information: What information is necessary, and how will people find it? How much is enough, or too much?
  • Motivation: How relevant is the information is to the people we’re trying to reach?
  • Environment: What are the conditions that surround and affect the audience?
  • Capacity: What is people’s ability to act on the information? Are there barriers?
  • Perception: What will the audience think about the information? What will inspire them to act on it?
  • Response: How will people respond? What can we do to stay engaged with them and give them support as they take action?

We call this set of questions TIME-CPR. Answering all of these questions before we start communicating lets us make a plan that will help people take action and save lives.

What we know, as soon as we know it

Sometimes we get worried about communicating information before we have all the answers. But it’s okay to say that we don’t know yet, and we’re working on finding out. We’re all in this together, especially in emerging and evolving situations, and people need to trust that we will always share the latest and best information we have, even if we don’t yet understand or know everything. We’re not just experts, we’re expert learners.

When something first happens, we might not know right away exactly how many people or which products are affected. But we need to start talking about it anyway. The risk is too great if we don’t.

Let’s go back to that Salmonella outbreak. Because peanut paste is in so many products, and because those products were already in the hands of so many people, we had to act quickly. Many of the affected crackers had been sent to troops overseas or were foods that get sent as part of school lunches. We immediately reached out to veterans’ communities, daycares, and schools. We developed a searchable database and created a widget to help people figure out if their food had the peanut paste in it. In the end, the outbreak affected over 700 people in 46 states. But without fast communication, many more would have been sick.

Health literacy touches everyone

October is Health Literacy Monthhttps://blogs.cdc.gov/TemplatePackage/3.0/images/icon_out_v2.png), which is a time to focus on how we can help people better receive and understand information they need to stay safe and healthy. When we present our information in a way that makes it difficult for people to understand what they can do to protect their health, they may be more likely to get sick or die.

Health literacy affects everything from how and why medication should be taken, to reading nutrition labels, to what people should do in a major emergency like an outbreak or natural disaster. Everyone – from large agencies to community organizations to family doctors to individuals – is responsible for making sure we all have clear and relevant health information when we need it. We need to stay connected and communicate well. Lives depend on it.

For more information about Health Literacy, visit the CDC Health Literacy website.

Improving the ability to share and use health information is a national priority. The National Action Plan to Improve Health Literacyhttps://blogs.cdc.gov/TemplatePackage/3.0/images/icon_out_v2.png); display: inline-block; width: 10px; height: 10px; vertical-align: baseline; margin: 0px 3px 0px -13px; background-position: 100% 50%; background-repeat: no-repeat no-repeat;"> seeks to engage organizations, professionals, policymakers, communities, individuals, and families in a connected effort to increase health literacy, and is part of the Healthy People 2020https://blogs.cdc.gov/TemplatePackage/3.0/images/icon_out_v2.png); objective to improve health outcomes and health equity through better communication.

Posted on October 25, 2016 by Christine Prue, MSPH, Ph.D., Associate Director for Behavioral Science, National Center for Emerging & Zoonotic

At the U.S. Department of Homeland Security (DHS), Assistant Secretary for the Office of Infrastructure Protection Caitlin Durkovich recognizes how hard it can be for emergency managers to distill the message of preparedness for citizens and businesses.

With the rise of global terror, the threat landscape has become exponentially more complex, making it harder for first responders and others to communicate even basic security information. “But this is the new normal, this is the world that we are living in now, where we are going to see attacks on soft targets with frequency,” she said.

To convey the significance of that reality, emergency managers need a concise message.

...

http://www.emergencymgmt.com/disaster/Prepare-Your-Business.html

Not all "clouds" are created equal – or considered clouds at all, for that matter. With all due respect, single-tenant hosted products are one such instance. Just because a traditional software product is hosted by a vendor doesn't make it the equivalent of SaaS. Let's face it – it's not uncommon for successful licensed software companies that focus on operational intelligence or enterprise compliance and security to zig and zag as they evolve their business models to the cloud. Neither is it uncommon for them to maximize their best attributes in their marketing materials.

The difference between SaaS and a single-tenant hosted software "cloud", however, is an important distinction. If you're looking for a solution that offers the key benefits of a modern SaaS product, hold out for a provider whose underlying architectural model offers the benefits of a true cloud offering. And while your first reaction might be, "Who cares? Hosted software seems like SaaS as far as the user is concerned." But here are the three reasons why customers should care about their "cloud" provider's underlying model.

...

http://www.datacenterknowledge.com/archives/2016/10/25/cloud-not-cloud-single-tenant-hosted-product/

Wednesday, 26 October 2016 00:00

MANAGE EVENTS WITH A MASS COMMUNICATION SYSTEM

Your Event Management Doesn't Have to Be So Hard

Company execs love to put on big, fancy events. They may invite business leaders, managers, partners, suppliers, stockholders, board members, customers, and maybe even regular employees who deserve a night on the house.

These events often take place in hotel ballrooms or conference centers with plenty of food, drinks, and entertainment. Speakers are given the stage, presentations, and short films often accompany, and most leave in a better mood than when they arrived (if it is done right). Events may be planned for product launches, annual conferences, holiday galas, or awards banquets. They are all a big deal, take a lot of time to plan, and cost a boatload of money.

...

https://www.alertmedia.com/manage-events-with-a-mass-communication-system

The Business Continuity Institute - Oct 26, 2016 12:15 BST

 

Two years ago, I was asked to contribute to the ‘20 in their 20s’ publication by the BCI on the future of business continuity. In my article, I pointed out the need to learn from experience in order to achieve what I think is the mission of our industry: the ‘social continuity’. I also stated that the business continuity industry shall not repeat the mistakes of risk management, which was highly disregarded by the Boards of Directors of the most important companies all over the world until the most recent years, when the financial crisis hit the global markets.

I am now invited to write this blog as a follow-up to that initiative, with the aim of understanding if and how my view had changed since then. Honestly, I have to say I still think the greatest challenge for continuity and resilience professionals is to broaden the scope of action to include the social components in their considerations. Indeed, we all know that an organization is as vulnerable as the weakest link in its value chain, and we are also aware of the fact that each company operates in an interconnected environment. How can we claim to be resilient, if we do not care about the level of preparedness of our critical stakeholders?

In these two years, I have also understood that cultural restraints can represent a limit that needs to be overtaken if we want to reach our target. Therefore, I have decided to get more involved with the activities of the Business Continuity Institute, whose mission is to promote a more resilient world. Specifically, I have become an Approved BCI Instructor, a BCI Corporate Partner with my company (PANTA RAY) and I have joined the BCI Risk and Governance Committee. I strongly believe in the role of the Institute because, actually, there are countries where chasing the ‘social continuity’ purpose can be hard. That is why we need to work the system if we wish to change mindsets that had been instilled over hundreds of years.

It will be a long process and I can tell it is frustrating at the beginning. I am Italian and I have been involved in the launch of the BCI Italian Forum in the summer of 2014. A small group of people had to build a network from scratch and faced many challenges, but we worked hard and thanks to the support of Steve Mellish (BCI Chairman at that time) and Lorraine Darke we had a very first conference in November that same year with approximately 70 Italian professionals. It was an incredible success and we decided that we wanted to establish an annual meeting, so we had a similar event last year (2015) and doubled the audience.

In 2016, we started to hold monthly Forum meetings. As a consequence of our efforts, the numbers of CBCI training sessions and statutory members are increasing at a fast pace and our expectations on the next annual conference are definitely high. The BCI Italian Forum is now a very active LinkedIn group that counts over 350 continuity and resilience professionals!

We know it is going to be a long journey, but the results of our job are quite interesting so far. I would like to share our approach and discuss it with the community, as I am sure we would benefit from feedback and suggestions. And with a pinch of conceit, we might as well inspire the growth of the Institute in other areas. After all, we all share the same mission.

Alberto Mattia is the Managing Director of PANTA RAY, the leading business continuity consulting company in Italy. He graduated in Economics and Finance at the Università Bocconi in Milan, his hometown, with a final paper on Crisis Management in the banking sector. Alberto has been a speaker at several important conferences on resilience and has written articles that have been published in Italy and abroad.

Managed cloud provider Rackspace announced it has appointed two new executives to its international team. Reinhard Waldinger has been promoted to Managing Director, International, and Alex Fuerst, Regional Leader for DACH.

The appointments come as Rackspace, which recently went private in a $4.3 billion buyout, is opening a new office in Munich that will help support the growth of its German-speaking customers in Germany, Austria and Switzerland.

Waldinger has worked at Rackspace for more than 10 years. Previously, Waldinger was VP of Finance for Rackspace International. In his new role he will work with customers, partners and employees in its international operations.

...

http://www.datacenterknowledge.com/archives/2016/10/24/rackspace-boosts-international-team-opens-munich-office/

Regardless of whether you work in the hosting industry, you would have likely encountered an outage Friday on a website that you may visit frequently, due to a DDoS attack targeting Dyn.

You can read the news story here.

A DDoS attack on an individual website can cause lots of issues in and of itself, but a DDoS attack on a DNS network has a much bigger impact. Friday’s DDoS attack impacted sites ranging from Twitter to AirBnb to The New York Times and, even to PagerDuty, a site that helps alert you of downtime.

In an emailed statement, Dave Larson, Corero COO, explained how DDoS attacks against DNS providers can be particularly damaging.

...

http://www.datacenterknowledge.com/archives/2016/10/24/was-fridays-ddos-attack-part-of-a-troubling-trend/

The enterprise cloud industry is starting to take on some semblance of order as both providers and consumers gain a clearer understanding of how it is to function within the broader data ecosystem.

To be sure, there are still many questions regarding deployment, configuration, services and a host of other factors when creating individual clouds, but in general the need to establish robust hybrid infrastructure that can accommodate legacy applications and emerging services for mobile, Big Data and IoT functions is coming into focus.

This clarity is also driving much of the deal-making on both the provider and infrastructure layers, not the least of which is Amazon’s recent tie-in with VMware. As Information Week’s Charles Babcock noted recently, the deal gives Amazon something it desperately needed to combat chief rival Microsoft: a means to easily port workloads from legacy infrastructure to its largely proprietary cloud architecture. VMware fills the bill nicely because it provides the virtual format to shift workloads without bothering with a lot of hardware configuration, and it has one of the largest installed bases of enterprise customers on the planet.

...

http://www.itbusinessedge.com/blogs/infrastructure/how-top-cloud-providers-hope-to-woo-the-enterprise.html

On Thursday, I wrote a blog post about the Mirai IoT malware infecting IoT devices, turning them into botnets that create DDoS attacks. I knew that this was going to become a serious problem but at that moment, it hadn’t become a mainstream issue.

That certainly changed quickly, didn’t it? On Friday, I was leaving my office when my phone chirped with a breaking news story – Homeland Security was investigating a major DDoS attack against Dyn. A quick check of Facebook told me all I needed to know: My friends were wondering why they couldn’t access so many of their favorite websites all of a sudden. Now everyone is asking questions about not only IoT security but DDoS attacks. It’s good that people are now aware; I wish we could be aware proactively rather than reactively.

But where does this proactive behavior begin? For this type of attack, it is a two-pronged issue. First, we have to do a better job addressing IoT security. A new survey from ESET found that 40 percent of us are not confident that our smart devices are secure enough, and as Tech Crunch added:

...

http://www.itbusinessedge.com/blogs/data-security/major-ddos-attack-shows-how-we-vulnerable-we-are.html

Tuesday, 25 October 2016 00:00

FEMA: Long Term Recovery

PHILADELPHIA – Long term recovery begins and ends in local communities.  To support state and local officials, and help build back communities to be more resilient, FEMA developed the National Disaster Recovery Framework, also known as the NDRF, to help guide federal agencies in their support efforts. The NDRF empowers federal, state, local and other partners to work together to find solutions for some of the major challenges communities face after a disaster, such as housing needs, rebuilding the local economy, and preserving the communities’ heritage and traditions while making strides towards resilience against future disasters.

FEMA Region III has released a podcast on the NDRF to help explain how the program works and our goal in working with and supporting communities’ long term recovery. The podcast is a great way to learn more about the framework, roles, responsibilities and objectives.  It is available at https://www.fema.gov/media-library/assets/audio/126251 and through the Multimedia Library Audio section. The podcast interviews FEMA Region III’s Federal Disaster Recovery Coordinator (FDRC) Kevin Snyder and Community Planning and Capacity Building (CPCB) Coordinator Michelle Diamond on the NDRF, as well as how FEMA works with our partners to make long term recovery happen for communities.

Below are some excerpts from the podcast:

FDRC Kevin Snyder: “In Region III we have what we call our Recovery Support Function Leadership Group and that is a steady state group, we meet monthly and we talk about our issues, needs, and activities and through that network we can reach back to our regional infrastructure system partners and say hey – here is this issue that we didn’t identify early on but we are seeing right now. What are your ideas of how we can coordinate solutions to address that? And kind of take it from there.”

CPCB Coordinator Michelle Diamond: “…we do work with a number of federal partners, but in addition to the federal partners, we also work with the private sector, with universities, with professional associations, foundations, and nonprofits and all of these partners – they all have the goal of working with local governments and state governments to help address issues of local needs for planning and for capacity building.”

To listen to and download the podcast, please visit https://www.fema.gov/media-library/assets/audio/126251. For more information on the NDRF, please visit https://www.fema.gov/national-disaster-recovery-framework.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, the District of Columbia, Maryland, Pennsylvania, Virginia and West Virginia.  Stay informed of FEMA’s activities online: videos and podcasts are available at fema.gov/medialibrary and youtube.com/fema. Follow us on Twitter at twitter.com/femaregion3.

Tuesday, 25 October 2016 00:00

What IoT Cyber Attacks Mean for Insurers

The massive global distributed denial of service attack (DDoS) against internet infrastructure provider Dyn DNS Co. that left over 1,000 major brand name sites including Twitter, Netflix, PayPal and Spotify, inaccessible Friday has implications for insurers too.

While the nature and source of the attack is under investigation, it appears to have been (in the words of Dyn chief strategy officer Kyle York) “a sophisticated, highly distributed attack involving tens of millions of Internet Protocol addresses.”

As Bryan Krebs’ KrebsOnSecurity blog first reported, the attack was launched with the help of hacked Internet of Things (IoT) connected devices such as CCTV video cameras and digital video recorders (DVRs) that were infected with software (in this case the Mirai botnet) that then flooded Dyn servers with junk traffic.

...

http://www.iii.org/insuranceindustryblog/?p=4634

Managed DNS provider Dyn was hit by a series of massive DDoS attacks on Friday, October 21, which left several major sites inaccessible for hours, including Box, CNN, HBO Now, PayPal, Pinterest, Reddit, Spotify, Squarespace, Twitter, Weebly, Wired, Wix, Yelp, Zendesk and Zoho, among many others, Gizmodo reports.

In a statement on its website, Dyn explained that its Managed DNS infrastructure in the Eastern U.S. came under attack from 11:10 UTC to 13:20 UTC, and again from 15:50 UTC to 17:00 UTC. "We will continue to evaluate every situation with the goal of improving our systems and processes to deliver the utmost customer experience," the company stated.

In a blog post, security expert Bruce Schneier suggested that someone has spent the past year or two probing the defenses of companies critical to the operation of the Internet. "These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down," he wrote.

...

http://www.esecurityplanet.com/network-security/major-ddos-attack-disables-websites-across-the-u.s..html

Any repetitive IT task that requires IT organizations to detect patterns within a massive amount of data is now generally subject to being automated. With that in mind, Hewlett-Packard Enterprise (HPE) has been applying Big Data analytics to multiple forms of data protection.

The launch of HPE Backup and Recovery Suite brings all HPE data protection offerings together under a common analytics framework as part of an effort to first identify bottlenecks in the process, make recommendations on how to fix scheduling conflicts and ultimately eliminate the amount of IT intervention currently required to complete them.

In addition, Stephen Spellicy, vice president of product management for information management and governance says, HPE is now providing a “what-if” capability that allows IT administrators to model different data protection strategies before implementing them.

...

http://www.itbusinessedge.com/blogs/it-unmasked/hpe-applies-big-data-analytics-to-data-protection.html

RALEIGH, N.C. – If you applied for FEMA help in the aftermath of Hurricane Matthew and you disagree with the decision stated in the letter you received, a quick fix may be all that is needed to change it. 

It’s important that you read your letter carefully to understand FEMA’s decision so you will know exactly what you need to do. Many times applicants just need to submit extra documents for FEMA to process their application.

Examples of missing documentation may include an insurance settlement letter, proof of residence, proof of ownership of the damaged property, and proof that the damaged property was your primary residence at the time of the disaster.

If instructed and needed, you can simply submit missing documentation to FEMA online at www.disasterassistance.gov, by mail or fax, or by visiting a Disaster Recovery Center.

There may be more than one reason you disagree with FEMA’s decision. For example, if you feel the amount or type of assistance is incorrect, you may submit an appeal letter and any documents needed to support your claim, such as a contractor’s estimate for home repairs.

If you have insurance, FEMA cannot duplicate insurance payments. However, if you’re under-insured you may receive further assistance for unmet needs after insurance claims have been settled.

How to Appeal a FEMA Decision

All appeals must be filed in writing to FEMA. You should explain why you think the decision is incorrect. When submitting your letter, please include:

  • Your full name
  • Date and place of birth
  • Address

In addition, your letter must be either notarized, include a copy of a state issued identification card, or include the following statement, “I hereby declare under penalty of perjury that the foregoing is true and correct.” You must sign the letter.

If someone other than you or the co-applicant is writing the letter, there must be a signed statement from you affirming that the person may act on your behalf. You should keep a copy of your appeal for your records.

To file an appeal, letters must be postmarked, received by fax, or personally submitted at a Disaster Recovery Center within 60 days of the date on the determination letter.

By mail:

FEMA – Individuals & Households Program
National Processing Service Center
P.O. Box 10055
Hyattsville, MD 20782-7055

By fax:
800-827-8112
Attention: FEMA – Individuals & Households Program

You should have received a booklet called "Help after a Disaster." It explains what you need to provide for your appeal. The booklet is available online at www.fema.gov/help-after-disaster.

If you have any questions about submitting insurance documents, proving occupancy or ownership, or anything else about your letter, you may call the FEMA Helpline at 800-621-3362. If you use TTY, call 800-462-7585. Those who use 711 or Video Relay Service can call 800-621-3362. Lines are open from 7 a.m. to 11 p.m. EDT, seven days a week, until further notice. You can also visit a North Carolina disaster recovery center and speak with a disaster assistance representative. Locate your closest center by going online to fema.gov/drc or by calling the FEMA Helpline.

###

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-3362 or TTY at 800-462-7585.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow FEMA on twitter at @femaregion4. Download the FEMA app with tools and tips to keep you safe before, during, and after disasters.

Dial 2-1-1 or 888-892-1162 to speak with a trained call specialist about questions you have regarding Hurricane Matthew; the service is free, confidential and available in any language. They can help direct you to resources. Call 5-1-1 or 877-511-4662 for the latest road conditions or check the ReadyNC mobile app, which also has real-time shelter and evacuation information. For updates on Hurricane Matthew impacts and relief efforts, go to ReadyNC.org or follow N.C. Emergency Management on Twitter and Facebook. People or organizations that want to help ensure North Carolina recovers can visit NCdisasterrelief.org or text NCRecovers to 30306.

The U.S. Small Business Administration (SBA) is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps homeowners, renters, businesses of all sizes, and private non-profit organizations fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Customer Service Center by calling (800) 659-2955, emailing This email address is being protected from spambots. You need JavaScript enabled to view it., or visiting SBA’s Web site at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call (800) 877-8339.

How would emergency management and public health officials handle a catastrophe that taxed local supplies of vaccines or medical equipment? Since 1999, the federal government has had a way to help: the Strategic National Stockpile.

The stockpile consists of warehouses that contain medicines — both those that prevent the onset of an illness and those that can treat illnesses — and medical supplies and equipment. It is not meant to be the first line of defense, but rather to supplement resources when state and local supplies run short.

“The underlying premise of the Strategic National Stockpile is to respond to primarily chemical, biological, radiological and nuclear events,” said Greg Burel, director of the Division of Strategic National Stockpile at the Centers for Disease Control and Prevention (CDC). “We also hold material that would be useful in an influenza event.”

...

http://www.emergencymgmt.com/health/The-Strategic-National-Stockpile-Stores-Medication-and-Equipment-in-Case-of-Emergency.html

Monday, 24 October 2016 00:00

Enhancing Campus Safety

This spring, the U.S. Department of Education released its third version of the Handbook for Campus Safety and Security Reporting to help guide colleges in their continued implementation of the Clery Act.

Originally intended to bring greater transparency to campus crime reporting, especially around crimes against women, that law has been expanded in the decades since its inception. It now contains substantial language compelling schools to organize and document specific plans for issuing timely warnings and emergency notifications.

The Clery Act applies to some 6,000 colleges and universities that participate in federal financial aid programs. With the release of its latest handbook, the Department of Education says it is looking for these schools to take their emergency planning beyond the historic norms of academia.

...

http://www.emergencymgmt.com/safety/Enhancing-Campus-Safety.html

Monday, 24 October 2016 00:00

The 911 Cyber Challenge

Emergency Management has published several articles about the movement toward a next-generation 911 (NG911) system based on modern Internet protocols that will allow responders to take advantage of capabilities such as text and video messaging. 

Beyond the capability to send and receive texts and multimedia, there are other benefits to the new types of networks. Public safety answering points (PSAPs) will be able to transfer calls and activate alternative routing to share the burden during an emergency or when they are closed by disaster.

But accompanying all these important benefits of the switch from analog to digital, one challenge looms large: the increased risk of cyberattacks on 911 call centers once they are connected to so many devices and other networks.

...

http://www.emergencymgmt.com/next-gen-911/The-911-Cyber-Challenge.html

In life and in business, you are generally more successful when you have friends. You are able to share the load, bounce ideas off each other, and have each others’ backs, if you will. The goal is that the sum of the parts is greater than indicated by the math.

Companies that are trying to address large problems will find it lonely if they don’t surround themselves with an ecosystem, the technology equivalent of friends, to fill in the gaps.

The idea of an ecosystem isn’t new – it’s a core reason most industries exist. Ecosystems in the technology space succeed for some of the same reasons most of us tend to have a higher score when we play “best ball” in golf, compared to playing solo. For example, there may be a woman who can drive the ball down the fairway, another guy that chips it onto the green, another guy who is a whiz with the putter, and then there’s me – the designated golf cart driver. In tech, when vendors, partners, customers, and thought leaders collaborate, they can set higher standards for innovation and push the limits with the solutions they create.

...

http://www.datacenterknowledge.com/archives/2016/10/20/the-four-cs-for-it-and-security-ecosystem-success/

Iron Mountain, the company known for its underground caverns that house everything from classified government documents and Hollywood movie reels to data centers, is expanding into Northern Virginia, the largest and most active data center market in the US.

The company recently kicked off construction of a 150,000-square foot data center in Manassas, which it expects to be the first of at least four buildings on a future 83-acre, 60MW data center campus, according to a news release. The facility is slated to come online in August 2017.

It first announced plans to build a data center campus in the region in March.

...

http://www.datacenterknowledge.com/archives/2016/10/20/iron-mountain-entering-n-virginia-with-massive-data-center-build

Thursday, 20 October 2016 00:00

Is World Backup Day Such a Good Idea?

As you may already know, World Backup Day is on the 31st of March, 2017. So depending on when you read this blog post, you may have more or less time in front of you until it rolls around again. Hooray for World Backup Day, you might think, reminding people how important it is to safeguard data and systems.

world-backup-day

But is there a danger that data backups then have but one day of fame per year, only to be forgotten about for the other 364 (or 365)? Maybe this anniversary could be put to a slightly different use.

...

http://www.opscentre.com/world-backup-day-good-idea/