Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 29, Issue 4

Full Contents Now Available!

Industry Hot News

Industry Hot News (6682)

While Texas' Republican leadership touts the state’s booming economic growth, Texas-based climate scientists — some of the world’s most renowned — say that growth has come at a high cost.

In coming decades, the state is projected to be several degrees warmer and see longer and more severe droughts. Regions that already receive little rainfall will probably become drier, and portions of Texas’ 367-mile Gulf Coast should see rising seas, leaving them more susceptible to storms — which could also become stronger due to warming oceans.

Yet despite these forecasts, Texas remains one of the most significant contributors to global warming in the world. Year after year, Texas spews out more greenhouse gases than any other state in the country, and much of its growth is due to an energy boom that relies on extracting more carbon-polluting fossil fuels.

...

http://www.emergencymgmt.com/disaster/Climate-Scientists-Texas-Missing-Opportunity.html

Tuesday, 15 July 2014 20:41

Prep Check! Lockheed Martin

Prep Check Banner

Have you ever considered what you would do if you were out and about and severe weather struck? Where would you find shelter?  Would it be safe to try to go home? 

2008 Atlanta tornado damage

Photo courtesy Atlanta-Fulton County EMA

You can’t control where you will be during an emergency.  In March 2008, a tornado struck downtown Atlanta damaging several buildings and interrupting an SEC game at the Georgia Dome and an Atlanta Hawks game at Phillips Arena.  In April 2011, a tornado hit Lambert-St. Louis International Airport sending passengers scrambling for cover as debris swirled in the air around them.  Planes, with passengers in them, were damaged, windows were knocked out, and the terminal was shut down for temporarily for repairs. 

Disasters can strike any place at any time and it’s important to learn how to be safe wherever you are.

CDC’s Prep Check! takes preparedness into the community.  Each episode features a venue that many people visit regularly – large businesses, airports, churches, and more – to learn about how each of them prepares for a disaster. At the venue, we talk to emergency planners about their preparedness activities to protect employees and visitors, and experiences they have had with emergency situations.

In our first episode, we visit Lockheed Martin, one of the world’s largest defense contractors with more than 100,000 employees.  Lockheed Martin is a global security and aerospace company with a heavy footprint in research, design, development, manufacture, and sustainability technology systems and products.  In this episode we talk to three of their emergency planners about their preparedness activities.  Go behind the scenes with Prep Check! and you’ll probably discover that you know more about this company than you realize.

Stay tuned to see how other locations prepare for emergencies and learn what you can do to keep yourself and your family safe.

Overcapacity in the international construction, property /casualty markets in the first half of 2014 has resulted in rate reductions of up to 30% for commercial insurance buyers, according to Willis.

This is primarily driven by benign loss activity and softening conditions in the global reinsurance market, which is having a trickledown effect to the primary insurance market, according to Willis’s Q3 2014 Construction, Property & Casualty Market Review. Over and above rate reductions, corporate insurance buyers are also benefitting from an increase in available natural catastrophe capacity.

With no withdrawals of capacity from the construction market in the last six months, capacity is at an all-time high, according to the report. At the same time the volume of construction projects in many parts of the world has reduced, intensifying competition between carriers for premium volume and market share in the construction insurance market.

...

http://www.cirmagazine.com/cir/Overcapacity-ratereductions-construction-cover.php

When creating Evacuation, Incident Management or Business Continuity Plans the focus is usually on what you will do, how you will react and what actions you will take.  Unfortunately, those assumption (yes, those really are ‘assumptions’) don’t necessarily mesh with what may really happen.

First, consider your environment.  Are you in a multi-tenant building?  Your landlord (or their Building Management staff) has responsibility for the safety of all tenants – including you – and the preservation of property (your and theirs).  Your Evacuation Plan must mesh with those of the other tenants.  If not, the result of an evacuation may be chaos, with tenants vying for the same assembly points.

In a single tenant building you don’t own, the landlord/building manager often has the same responsibilities (check your lease).  Once outside the building, you may no longer have the authority to make decisions about when and how to return.

...

http://ebrp.net/whos-the-boss-when-emergency-services-arrive-at-your-facility/

Microsoft has announced that it has acquired InMage, an innovator in the emerging area of cloud-based business continuity.

Explaining the acquisition in a blog, Microsoft states:

“Customers tell us that business continuity – the ability to backup, replicate and quickly recover data and applications in case of a system failure – is incredibly important. After all, revenue, supply chains, customer loyalty, employee productivity and more are on the line. It’s also very complicated and expensive to do. CIOs consistently rank business continuity as a top priority, but often don’t have the budgets or time to do it right.”

“As the productivity and platform company for the mobile-first, cloud-first world, Microsoft is committed to solving this challenge for customers. This acquisition will accelerate our strategy to provide hybrid cloud business continuity solutions for any customer IT environment, be it Windows or Linux, physical or virtualized on Hyper-V, VMware or others. This will make Azure the ideal destination for disaster recovery for virtually every enterprise server in the world. As VMware customers explore their options to permanently migrate their applications to the cloud, this will also provide a great onramp”

...

http://www.continuitycentral.com/news07284.html

The Business Continuity Institute (BCI) has announced that it has been named ‘Most Respected Training Resource of 2014’ at the prestigious Business Excellence Awards.

Voted for by a worldwide network of professionals, advisers, clients, peers and business insiders, the Acquisition International Business Excellence Awards celebrate individuals and organizations whose ‘commitment to excellence sees them exceeding clients’ expectations on a daily basis while setting the bar for others in their industry’.

Deborah Higgins, Head of Learning and Development at the BCI, said: “To be named Most Respected Training Resource of 2014 is a wonderful recognition of the dedicated and coordinated effort from BCI staff, BCI volunteers and the network of BCI Training Partners and Instructors who have invested in developing and delivering a world class learning experience. Winning this award will spur us all on to continue providing the highest levels of service and meet the challenges of accessing new and developing markets and promoting the profession of business continuity.”

www.thebci.org

In the beginning, experts said Big Data technologies would lead to the end of enterprise data integration, with data eventually moving into one, big in-memory or Hadoop system.

That was before the Internet of Things (IoT), with its never-ending stream of data. It seems the IoT is teaching Big Data humility.

A TechTarget article about a recent O’Reilly Media webcast includes this very telling quote from Mike Olson, co-founder and chief strategy officer for Hadoop distributor Cloudera: "It turns out machines are much better at generating data than you or I. It's why big data is happening; it's why industry is so quickly being transformed."

...

http://www.itbusinessedge.com/blogs/integration/why-the-internet-of-things-data-will-spark-an-it-revolution.html

Tuesday, 15 July 2014 20:32

How to be a Liaison

We talk about it, write about it, have it on our EOC organization charts, but what does it really mean to be a liaison? What are the best ways to use these people and positions?

My first military assignment was as an infantry officer serving in a combat engineer battalion. As such I supported a mechanized infantry battalion when they were on field maneuvers at Fort Hood, Texas. In that era we spent half of our time in the field so I got lots of experience in being a liaison in another organization’s command post. Yes, the principles are all the same.

The primary goal is to have eyes and ears on what is going on. Disasters are fluid, and discerning the situation and its ramifications is not easy. By having a person in another organization’s EOC or other facility physically, you have the ability to measure what is happening and the pace of the activity. And you have to discern if you will be providing resources or receiving them.

...

http://www.emergencymgmt.com/training/How-to-be-a-Liaison.html

In recent months, as California officials started to calculate the fire danger posed by the state’s prolonged and historic drought, they tucked an extra $23 million into the Cal Fire emergency wildfire budget for the fiscal year that began July 1, bringing its total to $209 million.

By July 6 – just days into the fiscal year – the agency already had spent $13.9 million battling two major blazes, and is now bracing for one of the longest and most difficult fire seasons in memory.

“That’s just the first week, and we still have 51 more weeks to go,” said Daniel Berlant, spokesman for Cal Fire, the California Department of Forestry and Fire Protection. “We’re not even to the peak of the fire season yet.”

Berlant and top fire officials have been warning for months that the state faces serious peril from wildland fires this year, as the drought – stretching into a third year – has sucked dry much of the state’s brush lands and forests more quickly than in years with more normal precipitation levels.

...

http://www.emergencymgmt.com/disaster/California-Drought-Sparks-Early-Fire-Season.html

Emergency officials across southwest Ohio say they are confident in the region’s emergency preparedness and ability to respond in the event of a crisis.

Since May, five tornadoes have touched down in parts of Ohio — the nearest being an F3 tornado that landed May 15 in Greene County to the northeast of Butler County, said Brian Coniglio, meteorologist at the National Weather Service in Wilmington.

It’s events like that — as well as mass-casualty incidents, flooding, intense cold and periods of high flu activity — that emergency responders and hospital staff are training for in order to coordinate a quick and efficient response, said Jennifer Mason, emergency medical services and disaster management coordinator at Fort Hamilton Hospital.

...

http://www.emergencymgmt.com/training/Disaster-Preparedness-Training-Coordination-Ohio.html

Tuesday, 15 July 2014 20:19

Preparing for the Commonwealth Games

Two years on from the London 2012 Olympic Games, the UK is set to play host yet again to one of the largest sporting events in the world – the Commonwealth Games, hosted by the city of Glasgow in Scotland. Glasgow 2014 may not quite be on the same scale as London 2012, but the crowds will still be high.

On the 23rd July, and over the following two weeks, 6,500 athletes from 71 different countries will be taking part in 17 different sports for the right to win a gold medal. 2,500 journalists will be attending the events and with more than a million tickets sold, the number of additional visitors to Glasgow is expected to exceed 100,000.

So what does all this mean for business continuity planners? For many organizations events like this are a dream come true. Investment in the city in order to rebuild infrastructure over the past few years has been high with many local firms reaping the benefit. During the Games, retail outlets will do a roaring trade as the visitors spend their money on souvenirs, food, drink and, seeing as it’s the west coast of Scotland, probably a few umbrellas and rain coats.

For some organizations however, whether getting into the spirit of the Games or not, there will possibly be some disruption during the two weeks.

If you’re an employer then it’s highly likely that a few of your staff will want to attend some of the events or take leave during what is normally the holiday period. Have you taken this into consideration and made suitable arrangements?

Transport networks will be stretched to the limit as trains and roads become busier than normal. Have you made suitable arrangements to ensure your staff can get to work or perhaps work from home instead? If you work in the transport industry, are your customers or suppliers aware that there might be some delays? For such high profile events, security is always an issue and this can slow things down even further.

If you’re a retailer then the increase in visitor numbers means your stock may go quickly (that’s a good thing) but how quickly can you replace it in order to take an even greater advantage of the circumstances? With international events such as the Commonwealth Games, language can often be a barrier. English may be the common language for many of the countries competing, but there will be many other languages spoken too, do you have the ability to communicate with non-English speakers?

Let’s not forget the extra strain that will be placed on the communications network, do you rely on your mobile phone, and can you guarantee it will work when so many other people are trying to use theirs? There may be a similar issue with broadband if the network starts to reach capacity.

Of course, with all the excitement about the influx of new customers, businesses mustn’t forget their existing customers, those people who will (hopefully!) still be there long after the Games are over. Do they know what your arrangements are during the Games and have you considered ways to reduce the disruption to them?

A major event such as the Commonwealth Games brings plenty of opportunities to the host city and the surrounding area, but everything comes at a cost. If you prepare properly however, and consider what disruptions could affect your organization, then plans can easily be put in place to ensure that this cost is not high and is far outweighed by the positives.

Andrew Scott is the Senior Communications Manager at the Business Continuity Institute who joined after a brief stint working as the Press Officer for a national health charity. Prior to that he had over ten years at the Ministry of Defence working in a number of roles including communications and business continuity. During this time he also completed a Masters in Public Relations at the University of Stirling.

http://thebceye.blogspot.com/2014/07/preparing-for-commonwealth-games.html

After potentially serious back-to-back laboratory accidents, federal health officials announced Friday that they had temporarily closed the flu and anthrax laboratories at the Centers for Disease Control and Prevention in Atlanta and halted shipments of all infectious agents from the agency’s highest-security labs.

The accidents, and the C.D.C.’s emphatic response to them, could have important consequences for the many laboratories that store high-risk agents and the few that, even more controversially, specialize in making them more dangerous for research purposes.

If the C.D.C. — which the agency’s director, Dr. Thomas Frieden, called “the reference laboratory to the world” — had multiple accidents that could, in theory, have killed both staff members and people outside, there will undoubtedly be calls for stricter controls on other university, military and private laboratories.

...

http://www.nytimes.com/2014/07/12/science/cdc-closes-anthrax-and-flu-labs-after-accidents.html

I wouldn’t normally write about sports on this blog …or at all, really, but here’s an unexpected development: Today, famed statistician and data geek Nate Silver revealed that he and his company, FiveThirtyEight, ran a data analysis on whether LeBron James should stay with Miami or move to Cleveland.

It may seem like an unusual mix, but sports is actually Silver’s original stomping ground. He first made a name for himself by developing the Player Empirical Comparison and Optimization Test Algorithm, a system for forecasting Major League Baseball player performance.

As you might expect, the results are a bit controversial. After all, this is the man who gave us “No, really, your polls are wrong about Mitt Romney winning.”

...

http://www.itbusinessedge.com/blogs/integration/nate-silver-on-the-smart-play-for-lebron-james-and-other-data-points.html

Things just keep getting curiouser and curiouser in the data center industry.

If it feels like enterprise IT has fallen down the rabbit hole in this age of virtualization and cloud, well, it looks like we’re just getting started. But not all the changes are taking place on the abstract, architectural level. The data center itself is undergoing substantial physical changes as organizations look for innovative ways to boost data productivity while lowering costs.

Examples abound of data centers being built in extreme climates where they can take advantage of naturally cold air or steady winds, but lately it seems that building designs themselves are starting to push an array of unusual envelopes. Take, for example, Foxconn’s latest “green-tunnel” data center, which is literally built inside a long tunnel within the Guiyang industrial park in China. The facility holds up to 12 containerized data centers each packing 504 servers. By leveraging conditions like wind speed and direction, as well as temperature, humidity and geology, the facility is expected to cut power consumption by a third.

...

http://www.itbusinessedge.com/blogs/infrastructure/the-growing-diversity-of-data-center-design.html

It’s hard to wrap your mind around the fact that someone would enter a school building and declare open season on kids. It’s even harder to determine a strategy for how to mitigate that. There’s a growing catalog of “solutions” to help with the problem.

There are a number of trainings available, including the Run, Hide, Fight video and ALICE (Alert, Lockdown, Inform, Counter, Evacuate) training; there’s the mental health issue; the gun issue; there are myriad solutions — buzzers, cameras, locks, bulletproof desk tops — and we discuss some of these and their relative merits in Active Shooter Mirage (renamed Are Schools Focusing Too Much on the Active Shooter Scenario? for online publication).

It seems school districts are grasping at straws, trying to come up with a fix, including investing millions in some cases on security measures like cameras, which by themselves won’t stop a gunman bent on destruction.

...

http://www.emergencymgmt.com/safety/Cops-on-Campus.html

The Business Continuity Institute is delighted to be named Most Respected Training Resource of 2014 at the prestigious Business Excellence Awards.

Voted for by a worldwide network of professionals, advisers, clients, peers and business insiders, the Acquisition International Business Excellence Awards celebrate the individuals and organizations whose commitment to excellence sees them exceeding clients’ expectations on a daily basis while setting the bar for others in their industry. They are given to only the most deserving businesses, departments and individuals who have consistently demonstrated outstanding innovation, performance and commitment to their business or clients over the past 12 months and who have received independent nominations from their clients or industry peers.

Deborah Higgins, Head of Learning and Development at the BCI, said: “To be named Most Respected Training Resource of 2014 is a wonderful recognition of the dedicated and coordinated effort from BCI staff, BCI volunteers and the network of BCI Training Partners and Instructors who have invested in developing and delivering a world class learning experience. Winning this Award will spur us all on to continue providing the highest levels of service and meet the challenges of accessing new and developing markets and promoting the profession of business continuity.”

Speaking about the awards, AI Global Media awards coordinator Siobhan Hanley said: “Our Business Excellence Awards are quickly becoming one of our most popular, with businesses all over the globe eager to showcase the amazing work they’ve been doing to achieve stellar results for their clients while really setting the standards for what can be achieved in their sector. We’re proud to be able to showcase some of the most innovative and committed organizations from across the business world and the winners can be rightly proud of the game-changing work they’ve been doing over the past 12 months.”

To find out exactly which businesses have gone above and beyond this year, achieving outstanding results for their clients while demonstrating unwavering commitment to providing the best possible service, visit the AI website where you can view the winner’s supplement.

Based in Caversham, United Kingdom, the Business Continuity Institute (BCI) was established in 1994 to promote the art and science of business continuity worldwide and to assist organizations in preparing for and surviving minor and large-scale man-made and natural disasters.  The Institute enables members to obtain guidance and support from their fellow practitioners and offers professional training and certification programmes to disseminate and validate the highest standards of competence and ethics.  It has circa 8,000 members in more than 100 countries, who are active in an estimated 3,000 organizations in private, public and third sectors.

For more information go to: www.thebci.org

Here in Alabama, residents are no strangers to natural disasters.  Civic histories of many cities and towns throughout the state include references to natural disasters such as fires, tornadoes and hurricanes.

Alabamians know they must be prepared.  Every home should have a smoke alarm; every home should have an emergency supply kit packed and ready.

What not everyone realizes, however, is that being prepared doesn’t have to cost a lot of money.

The Federal Emergency Management Agency’s disaster preparedness website, www.ready.gov is a destination site for information about getting your family prepared for a disaster.

“FEMA urges residents of every community in every state to Be Informed, Have a Plan and Prepare a Kit,” said Albie Lewis, federal coordinating officer for the Alabama recovery. “Each of these may be critical in a family’s ability to recover from disaster.  A family preparedness kit, particularly, is one of the most important tools at your disposal to keep your family safe in a disaster.”

Commercially available disaster kits can range from $75 to $300 and up, but most of the pieces of a disaster kit already may be in the home and just need to be gathered together and stored in one place.

“The rule of thumb for residents who are survivors of a disaster is that they should be prepared to take care of their family’s needs for the first 72 hours after a disaster strikes,” says Art Faulkner, director of Alabama’s Emergency Management Agency.  “It may take that long for responders to get to you.”

FEMA recommends that an emergency preparedness kit include food and water for each member of the family for three days, a battery-powered or hand-crank radio, flashlight, spare batteries, first aid kit, non-electric can opener, local maps and personal sanitation items such as hand sanitizer, moist towelettes, toilet paper, garbage bags and plastic ties.

Water supplies should be sufficient to meet both health and sanitation needs.

Family emergency kits also should include important family documents such as wills or property deeds, personal identification and any prescription medicines a family member may be taking.

Other items to consider include sleeping bags or blankets, paper towels, books, puzzles and games for children, pet food and medications for family pets.

It’s helpful to have cash in case banks are closed and there is no power for ATMs.

The emergency supplies can be stored in an easy-to-carry plastic storage container or duffel bag, making them easy to grab and go when an emergency forces people to leave their home.

Rene Bertagna ran a northern Virginia restaurant called the Serbian Crown for 40 years. It attracted Washington, D.C. diners with unusual fare such as horse, lion and kangaroo meat. For 40 years, his restaurant was a dining destination in and of itself.

Bertagna blames the Internet, and specifically Google, for its closure last year, according to a July Wired article. He sued Google over the Serbian Crown’s erroneous listing on Google Places, which listed the restaurant as closed on weekends when, in fact, weekends constitute the bulk of the restaurant’s business. He and his attorney contend a hacker created the error, but that Google was unresponsive to his phone calls asking to change the listing.

This problem isn’t as unusual as you’d like to think. Wired offers many other examples, and quotes Mike Blumenthal, a consultant who helps fix listings and who blogs about Google gaffs on his own site.

...

http://www.itbusinessedge.com/blogs/integration/google-and-the-serbian-crown-a-case-for-universal-data-governance.html

I follow quite a few small to midsize business (SMB) accounts on Twitter, and noticed that many this week had joined a chat about data privacy for small business (#chatDPD). The topics ranged from the Internet of Things (IoT) to what SMBs know about data privacy.

One tweet in particular caught my eye. It was from AT&T Small Business (@ATTSmallBiz) and it said “Security & privacy must work together, but privacy includes how data is used by your biz and vendors.”It struck a chord with me because I recall a recent event where AT&T found that a breach in its data systems was caused by a vendor whose employee accessed accounts “without authorization.” Of course, I’m sure the person Tweeting was aware of the instance, but their tips and views on the privacy chat definitely hold true for both large enterprises and SMBs.

One other thing @ATTSmallBiz pointed out was how SMBs may have policies to guard against cybersecurity issues, but they may not be as detailed or strong as they should be. Also, small businesses may not have IT staff to reinforce such policies. @ATTSmallBiz said:

...

http://www.itbusinessedge.com/blogs/smb-tech/smbs-are-not-exempt-from-data-privacy-practices.html

What do Sayada, Tunisia, and Red Hook, Brooklyn, have in common? At first glance, not much. One is a fishing town on the Mediterranean Sea. The other is a waterfront neighborhood in an industrial section of America’s largest city. But both are using a networking technology that is cheap, relatively easy to set up, and remarkably resilient and secure.

Called a mesh network, the technology lets users connect directly to each other rather than through a central hub. For the citizens of Sayada, that means they can create a community network free from government surveillance or interference. For residents of Red Hook, the local mesh network helps them stay connected during power outages.

Of course, mesh networks aren’t new. They’ve been operating in Europe for years. They are, however, relatively new to the U.S., where they are just starting to catch on. In Detroit, where some neighborhoods don’t have access to broadband, mesh networks are seen as a low-cost solution to the digital divide that exists there. And for many local governments, mesh networks are a relatively simple way to offer high-speed Wi-Fi. Ponca City, Okla., has adopted mesh as a means of delivering free wireless broadband to all of its 25,000 residents.

...

http://www.emergencymgmt.com/disaster/Mesh-Networks-Keep-Residents-Connected.html

Let’s face it: Whether or not policies are in place to prohibit it, business units frequently  circumvent the IT department and go out on their own to source the IT products and services they feel they need to stay competitive. So when that happens, who’s really at fault—the business unit, or the IT department?

I recently discussed this topic with Kent Christensen, virtualization and cloud practice director at Eden Prairie, Minn.-based cloud services provider Datalink, who sees the circumvention all the time.

“It’s kind of a given,” Christensen said. “Every organization knows it’s either happening, or somebody has a desire for it to happen.”

...

http://www.itbusinessedge.com/blogs/from-under-the-rug/circumventing-the-it-department-its-kind-of-a-given.html

Many organizations fail to acknowledge that the scenario most likely to cause a business disruption is an electrical outage.  Without power, everything can grind to a halt.

A sudden loss of electrical power can result from weather, mechanical malfunction, human error or any number of other less common causes (sabotage, solar flares, etc.).  Minutes or days may pass before power is restored.  What should you do to prepare?

Create a Power Outage Policy

A policy may take the form of “How long will we wait before we let everyone go home?”  That’s practical, but not a very effective Business Continuity strategy.  Or make dismissal decisions based on time-of-day: if the RTOs (or MAD) for local business processes are greater than the hours remaining in the workday, everyone goes home.

...

http://ebrp.net/dancing-in-the-dark-what-will-you-do-when-the-lights-go-out/

BCM experts and practitioners offer insights to raise the profile and relevance of business continuity professionals

PLYMOUTH MEETING, Pa. Strategic BCP®, a team of business continuity planning (BCP) and management specialists, has announced the availability of its new blog featuring expert content on the topics that help streamline BCP for enterprise resilience and that raise the profile and relevance of business continuity (BC) professionals across their organizations.

The blog acts as an open forum to share ideas that are driving and challenging BCM strategies today. Its content will be comprised of insights authored by Strategic BCP contributors and guest bloggers, tapping into the vast industry knowledge and experience as hands-on consultants and as managers of BC, disaster recovery (DR), and information technology (IT).

Topics will offer best practices, lessons learned, and real-world success examples. Current BCP software considerations, processes, and compliance standards will also be discussed.

Our bloggers currently include:

  • Frank Perlmutter (CBCP, MBCI): Founder of Strategic BCP & Former DR/COOP (Continuity of Operations Planning) Manager for the U.S. Department of the Treasury

  • Dave Olkowski (CBCP, MBCI): Senior Manager & Former BC Analyst at MBNA America Bank

  • Cherie Taylor (CBCP): Senior Manager & Member of the Business Continuity Planners Association (BCPA) Board of Directors

  • Chris Duffy (CISSP): Senior Manager & Former CIO at Peirce College in Philadelphia

As colleagues with common goals, there’s no shortage of information to be shared given how complicated this industry can be,” says Kimberly Lawrence (ABCP), Vice President and Business Continuity Program Manager at Umpqua Bank (formerly with Sterling Bank before the merger). “Unbiased viewpoints from real practitioners can help both newcomers and even seasoned pros who are responsible for BC planning.”

Some recent posts include:

To read additional posts, visit http://www.strategicbcp.com/blog. If you are interested in contributing to the blog or collaborating on content, email jsolick@strategicbcp.com.

About Strategic BCP

Strategic BCP® represents a team of business continuity management specialists who empower organizations of all sizes to build cost-effective, action-based plans that can be implemented immediately in the event of downtime. The company’s award-winning BCM software, ResilienceONE®, integrates risk assessment and management, BC plan development and maintenance, incident management, and compliance issues in one comprehensive easy-to-implement solution. It features proprietary algorithms and metrics that automate cumbersome tasks and provide comprehensive insight into an organization’s risk profile. Strategic BCP complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework. More information: www.strategicbcp.com.

A new report by EEF, the manufacturers' organization, warns the UK Government to act over escalating risks to the UK's supply of essential materials. It says that the global growth in middle-class consumers, increased demand for all commodities and an over-reliance on China for strategic supplies, is leaving the UK vulnerable. But, while other manufacturing nations have strategies in place to shield their economies from resource risks, the UK is lagging behind.

The report ‘Materials for Manufacturing: Safeguarding Supply’ digs behind concerns raised by UK manufacturers that volatile material prices and security of supply pose a threat to growth and confirms that the UK does indeed face escalating risks.

Globally, the consuming middle classes are expected to swell from 1.8 billion people to 4.9 billion by 2030. Demand for all commodities is expected to rocket by 30 to 80 percent by 2030. However, the UK's supply of essential materials – ranging from silicon metal and rare earth elements through to coking coal - is concentrated. China is the leading supplier of materials to the UK, producing 22 of 38 elements of strategic economic value. These are minerals and metals that are vital to British manufacturing.

...

http://www.continuitycentral.com/news07282.html

Thursday, 10 July 2014 15:55

BCI Diploma – Good Reasons

The BCI Diploma is the unique and only BC award that provides a route to Institute membership on one hand, and a significant development in confidence, capability and subject understanding and knowledge in those who are successful in achieving it on the other.

The designation DBCI shows that the holder has gone the significant extra distance and studied BCM in depth, looking far beyond frameworks and simple guidance, and researching the subjects related to continuity, resilience and associated issues in significant depth.  The DBCI also indicates that the holder has the potential to succeed at postgraduate level, and we have several graduates from the Diploma now enrolled on our MSc Organisational Resilience.

...

http://buckssecurity.wordpress.com/2014/07/10/bci-diploma-good-reasons/

Thursday, 10 July 2014 15:54

Disaster Recovery Lessons from Radiology

When hospitals moved from film-based hardcopy systems to electronic images, they began to generate large amounts of data held on PACS – Picture Archiving and Communications Systems. Hospitals use various ‘modalities’ to scan patients, including Computer Tomography, Magnetic Resonance Imaging and Ultrasound systems. These modalities must regularly (and frequently) upload the scanned images to the PACS, where they can be stored, sequenced for retrieval and made available for remote diagnosis. However, a PACS is often a potential single point of failure with inevitable downtime – which is where the DR lessons start.

...

http://www.opscentre.com.au/blog/disaster-recovery-lessons-from-radiology/

School shootings have captured the attention of the American public and certainly school administrators, who feel compelled to do something to prevent or mitigate the effects of a similar incident taking place on their grounds.

Solutions — in the form of cameras, metal detectors, buzzers, bulletproof white boards and the like — are coming out of the woodwork and are being foisted upon administrators. There is a lot of training available too, such as the Run, Hide, Fight video that demonstrates what to do in the event of an active shooter, including taking down an armed gunman. 

But there are problems with these approaches and educators are missing key elements of managing these scenarios by relying on some of the technology fixes and the active shooter training, some experts say.

The Run, Hide, Fight training is an alternative to waiting for law enforcement to arrive, which is ineffective since most violent acts are usually over in minutes, before law enforcement arrives. The objective of the training videos is to condition students and administrators, anyone faced with the potentially deadly situation of an active shooter, to recognize the best avenues for avoiding bloodshed.

...

http://www.emergencymgmt.com/training/Are-Schools-Focusing-Too-Much-Active-Shooter.html

Thursday, 10 July 2014 15:51

Forgotten Smallpox Discovered Near D.C.

National Institutes of Health workers preparing to move a lab in Bethesda, Md., found an unwelcome surprise in a storage room this month: six vials of smallpox.

There is no evidence that any of the vials was breached, and no lab workers or members of the public were exposed to the infectious and potentially deadly virus, the federal Centers for Disease Control and Prevention said in its announcement Tuesday.

The vials labeled variola — a name for the smallpox virus — were found July 1 “in an unused portion of a storage room” and seem to date to the 1950s, the CDC said. They were freeze-dried, intact and sealed, forgotten and packed away in a cardboard box, officials said.

The vials were "immediately secured" in a containment lab, then transported via government aircraft Monday to the CDC’s containment facility in Atlanta, it said.

...

http://www.emergencymgmt.com/health/Forgotten-Smallpox-Discovered-Near-DC.html

The General Assembly of the Federation of European Risk Management Associations (FERMA) has agreed a framework and funding to create European certification for risk managers.

It will include certification of the professional competences and experience of individual risk managers as well as accreditation for the risk management programmes of education bodies. Certification will be supported by a requirement for continuous professional development and a code of ethics.

The General Assembly also agreed for funding from FERMA’s reserves for the development and implementation phase of the project, which will run on a not-for-profit basis.

FERMA vice president Michel Dennery said: “A new designation is born: European Certified Risk Manager. We can be proud of that we will be providing one of the first pan-European recognitions of a profession, and one that will be a benchmark for other risk managers’ professional bodies worldwide.”

...

http://www.cirmagazine.com/cir/FERMA-agrees-plan-for-European-certification-of-risk-managers.php

Cyber security has been ranked third in a list of boardroom investment priorities, according to a survey released earlier this month by KPMG.

The annual Business Instinct Survey, a poll of 498 C-level executives from businesses across the UK, found under-investment has left many businesses acknowledging the need to increase spending on secure technology.

However, despite acceptance that cyber security is critical to long-term business operations, one in three executives questioned (36 percent) said investing in people skills had become their number one concern, with 19 percent also more focused on plant or machinery purchases.

According to the findings, data protection and cyber threats also ranked third behind corporate governance and regulatory change, and supply chain risk/procurement when boards considered the main risk issues influencing their approach to managing their businesses.

...

http://www.cirmagazine.com/cir/Boardrooms-fail-to-prioritise-cyber-security-due-to-fear-of-scaremongering.php

Wednesday, 09 July 2014 15:54

BCI Education Month Reduction

Did you know that September 2014 is BCI Education Month?  Lots of initiatives to develop educational opportunities in BCM.  Here at Bucks New University we are offering 10% off (a saving of £250.00) for those who enrol on the September cohort of the BCI Diploma.

Education Month details here: http://www.thebci.org/index.php/training-education/bci-education-month

Wednesday, 09 July 2014 15:53

New – Foundation Degree in Cyber Security

Cyber-attacks comprise the main security issues facing organisations in the Information Age. The UK Government’s National Security Strategy (first published in 2011) categorises cyber-attacks as a Tier One threat to our national security, alongside international terrorism. According to the UK Government, 93% of large corporations and 87% of small businesses reported a cyber-breach in the past year and analysis from the UK Ministry of Defence estimates the cost to the UK economy at around £11.6 billion a year.

The Government has allocated £860 million towards the UK’s national cyber security strategy to 2016 which has the four objectives of:

- making the UK one of the most secure places in the world to do business in cyberspace;

  • making the UK more resilient to cyber-attack and better able to protect our interests in cyberspace;
  • helping shape an open, vibrant and stable cyberspace that supports open societies;
  • building the UK’s cyber security knowledge, skills and capability.

...

http://buckssecurity.wordpress.com/2014/07/09/new-foundation-degree-in-cyber-security/

Wednesday, 09 July 2014 15:52

If Tuberculosis Spreads ...

ATLANTA — DRUG-RESISTANT tuberculosis is on the rise. The World Health Organization reports around 500,000 new drug-resistant cases each year. Fewer than half of patients with extensively drug-resistant tuberculosis will be cured, even with the best medical care. The disease in all its forms is second only to AIDS as an infectious killer worldwide.

The United States has given more than $5 billion to the Global Fund to Fight AIDS, Tuberculosis and Malaria. But drug-resistant tuberculosis isn’t a problem only in the developing world; we must turn our attention to the fight against it here at home.

Tuberculosis rates have declined in the United States in the last decade. In 2012, there were around 10,000 cases, and of those, only 83 were resistant to all of the most commonly used tuberculosis drugs — 44 fewer than in 2011. So far we have been lucky. The low numbers hide the precarious nature of the nation’s public health defense, and how vulnerable we would be to an epidemic.

...

http://www.nytimes.com/2014/07/09/opinion/if-tuberculosis-spreads.html

Big Data promises to bring big changes to the way enterprises collect, store, analyze and use their data. From increased infrastructure to new marketing usage, Big Data will affect many areas of the company. So it’s no wonder that with all that looming on the horizon, hiring managers are scrambling to fill positions opened up by the latest big technology—including software engineering jobs.

In the realm of Big Data, software engineers will be required to find ways to integrate the enormous amounts of data into programs that solve business challenges. If your company is looking to create a new division of software engineering just for Big Data, a good place to start is to hire a senior position to head up the team.

In our IT Downloads area, you will find a ready-to-use job description for a Senior Software Engineer/Big Data. The description is useful for human resources departments and hiring managers when deciding the qualifications of a senior-level software developer in this area. The job description can be used as-is, or use the information included to spur your own company to create a job description for such a position.

...

http://www.itbusinessedge.com/blogs/it-tools/hot-job-senior-level-software-engineers-with-big-data-experience.html

Much attention has been paid to the likelihood of more drought, fires and floods as the planet warms, but the most significant impact on public infrastructure won't come from extreme weather events, Paul Chinowsky says.

It will be the the change in what constitutes normal weather in various regions — higher temperatures for more sustained periods of time, higher or lower average humidity and rainfall — that will most tax buildings, roads and bridges that were built for one set of conditions and now have to function in another.

"Road surfaces get weaker in heat," Chinowsky said. "Asphalt gets softer. As trucks and cars pass, you get a lot more potholes, more cracking. It won't be a one time event but a constant thing. That's the part we don't talk about, but that's the part that's going to have a huge economic impact."

...

http://www.emergencymgmt.com/disaster/Prepare-Infrastructure-Climate-Change-Engineering-Professor.html

The role of local authorities is crucial in the steps towards building resilience against natural disasters due to their ability to manage risk and ensure prevention on the front line, the Committee of the Regions has argued.

The Committee – an assembly of local and regional leaders from all member states – was represented by Cllr Siggs of the European Conservatives and Reformists Group from the UK’s County Council of Somerset. His comments were made in response to a European Commission proposal that contributes to the EU's international obligations in finding a common strategy to build resilience to disasters.

Worldwide between 2002 and 2012, natural disasters were responsible for more than 80,000 deaths and the economic cost was as high as €95bn (£750bn). Cllr Siggs stated that local authorities have three clear roles in disaster management: preparing through improved resilience; reacting with improved coordination; and dealing with the impact afterwards.

...

http://www.cirmagazine.com/cir/EU-must-look-to-local-authorities-in-order-to-achieve-resilience-to-natural-disasters.php

Effective IT governance is a critical tool for CIOs to align their organizations and efforts to support business strategy and create shareholder value. Given the rapidly changing and evolving technology options that confront CIOs and business leaders, making sure the right decisions are being made about investments in IT is an essential priority.

There are many misconceptions about what constitutes a comprehensive IT governance model and how it is implemented. IT governance is more than just:

  • Having a steering committee that meets periodically to review and approve IT plans and budgets
  • Involving the business on an annual basis to assist in assigning IT priorities
  • Using financial metrics such as ROI to determine whether to invest in specific initiatives
  • Instituting best practices to ensure projects are completed on time and within budget
  • Measuring and reporting on user satisfaction of IT services

...

http://www.corporatecomplianceinsights.com/impossible-to-ignore-the-importance-of-it-governance/

Tuesday, 08 July 2014 16:19

ASOS disaster recovery response praised

The recent fire at the distribution centre of leading British online retailer ASOS is a textbook example in the importance of having an effective disaster recovery plan in place across your organization’s supply chain, in order to ensure business continuity says, Jonathan Gibson, Head of Logistics at supply chain consultancy firm Crimson & Co.

The incident, which occurred in late June at ASOS’s main distribution centre in Barnsley caused damage to 20 percent of the retailer’s stock, and consequently required the business to temporarily cease trading. Despite this the online retailer made an efficient recovery and was operational again in 48 hours. Gibson states that the impressive recovery strategy is an eye opener to fellow retailers, demonstrating the importance of implementing a structured plan that is able to identify risks across your business.

“The ASOS warehouse fire brings home the importance of having backup and disaster recovery processes in place across your organization’s supply chain. Ultimately, consumer’s sympathy for an incident such as this will only go so far, and if you are offline for a significant amount of time customer loyalty will waiver and they will start to look elsewhere.

...

http://www.continuitycentral.com/news07276.html

Digital Realty Trust, Inc. has released Australia-specific findings following its annual commissioned survey of Asia Pacific data centre trends conducted by Forrester Consulting.

According to the survey, 76 percent of Australian organizations expect to increase spending on data centre facilities over the next 12 months, with 59 percent of respondents expecting to increase spending by 5 – 10 percent and 17 percent of respondents expecting to increase spending by more than 10 percent.

Big Data was cited as the key driver of data centre growth in Australia by over half (51 percent), followed by virtualization (39 percent) and business continuity (37 percent).
Additional findings from the survey include:

  • CIOs continue to have the strongest influence on data centre spend in Australia with over half (52 percent) of respondents identifying the CIO or most senior IT decision maker as influencing the decision, closely followed by the CEO (46 percent) and the IT VP/manager/director (46 percent).
  • Over half (52 percent) of Australian organizations surveyed have between one to four data centres.
  • Exactly half of respondents (50 percent) cited the need to expand space and number of cabinets/racks as the main reason their data centre facilities are running out of capacity.

www.digitalrealty.com

For some organisations, it’s an explicit legal requirement. For others, it’s the consequence of prevailing laws and regulatory structures. The mandatory requirement defined by the Australian Government for its agencies sets the tone: “Agencies must establish a business continuity management (BCM) program to provide for the continued availability of critical services and assets, and of other services and assets when warranted by a threat and risk assessment.” And for the rest? There’s a strong argument to be made that business continuity management is no longer a choice for any enterprise – and that an obligation for BCM is a good thing anyway.

...

http://www.opscentre.com.au/blog/business-continuity-management-now-effectively-mandatory-for-all/

Enterprise executives are under intense pressure these days to deliver a wide range of new and expanding data services amid shrinking IT budgets. It seems that the front office has taken to heart the mantra “do more with less” and is buoyed by the notion that the cloud will come to the rescue when confronting all manner of data challenges.

This is part of the reason why top research firms like Gartner are starting to pull back on their IT spending predictions. As I noted last week, the company recently trimmed its 2014 growth outlook by about a third, from a 3.2 percent expansion to 2.1 percent, even though that still represents a substantial $3.75 trillion market. A deeper dive into the numbers, however, shows a data center hardware market flat-lining for the next year at about $140 billion, while an oversupply of SAN and NAS systems is likely to drive prices down even further. IT services, meanwhile, are looking at about 3.8 percent growth this year, representing nearly $1 billion in revenue.

But is it really that bad? Are we on a one-way street to a utility-style, all-cloud data center? Not hardly, at least not yet. The fact remains that there are plenty of compelling reasons for enterprises of all stripes to build and maintain local data infrastructure, both as stand-alone IT environments and hybrid systems tied to third-party resources.

...

http://www.itbusinessedge.com/blogs/infrastructure/still-some-life-in-traditional-data-infrastructure.html

Tuesday, 08 July 2014 16:15

Shadow IT Is Risky Business

A few months ago, I was asked to write an excerpt on shadow IT for an e-book. I had to decline because I didn’t know much about shadow IT. Heck, I didn’t know anything about shadow IT—or so I thought. I just didn’t recognize it by that name. It turns out that it is a topic I’ve touched on; that whole idea of employees using outside technology, particularly cloud technologies, for business purposes but doing so without permission from the IT department. Thanks to free applications, downloads and the rise of BYOD, shadow IT has become common in the workforce. A study released earlier this year by Frost & Sullivan Stratecast and commissioned by McAfee defined shadow IT in this way:

SaaS applications used by employees for business, which have not been approved by the IT department or obtained according to IT policies. The non-approved applications may be adopted by individual employees, or by an entire workgroup or department. Note that we specified that the non-approved applications must be used for work tasks; this study is not about tracking employees’ personal Internet usage on company time.

...

http://www.itbusinessedge.com/blogs/data-security/shadow-it-is-risky-business.html

Emergency dispatchers and response teams are struggling with a widening language divide as they attempt to service Waterloo’s growing population of non-English speakers.

The communication barrier creates problems for all parties involved, from the dispatcher deciphering a 911 call to the officer trying to put together an accurate police report to the concerned resident trying to communicate a problem with little to no knowledge of the English language.

Over recent years, Waterloo Police have dealt with a slew of languages including Bosnian, Spanish, Serbian, Croatian, Burmese, French and Vietnamese.

In 2006, Burmese refugees began settling in Waterloo for the employment opportunities at Tyson's meat plant, and the community has been growing ever since.

...

http://www.emergencymgmt.com/safety/Language-Barrier-Complicates-Emergency-Response-Scenarios.html

In the study measuring effects of enterprise risk management (ERM) maturity—as  defined by the RIMS Risk Maturity Model (RMM) assessment—no attribute had a more meaningful impact on bottom line corporate value than Performance Management. The correlation is not an accident. While many organizations say they have an effective handle on risk, their ability to execute the policies and procedures they’ve put into place are severely lacking.

The sixth RMM attribute of ERM Maturity, Performance Management, measures the ability for an organization to execute vision and strategy through the effective use of a balanced scorecard.

...

http://www.riskmanagementmonitor.com/rims-risk-maturity-model-performance-management/

There’s allot of talk of organization’s becoming resilient and how they need to be resilient if they are to compete successfully and respond accordingly to the ever increasing disasters of the world – both man-made and natural in causation. But that begs the question: Can organizations be resilient? In this practitioner’s opinion, yes, they can though it takes more than a single aspect to become resilient.

Many would have you believe that you can buy resiliency off a shelf; a service or product purchased from a firm touting that they can make your organization resilient, as though the procurement of a ‘product’ will make an organization resilient. Well, unless they are a pseudo-psychologist or have a background in leadership psychology, they can’t; at least not completely. Sure, it’s fine to say that Business Continuity Plans (BCP) and Technology Recovery Plans (TRP) et al will make an organization resilient but that’s just not the complete picture. It’s only part of the overall picture.

It’s just not a simple concept – though it would be great it if was. What will make an organization resilient? Is there some sort of magic ingredient that will suddenly ensure that an organization will bounce back from any adverse situation? Well, yes and no. It’s not one single ingredient, it’s multiple ingredients that when combined just so, will help any organization get through difficult situations.

...

http://stoneroad.wordpress.com/2014/07/06/bcm-dr-can-organizations-be-resilient/

Monday, 07 July 2014 17:14

On the Cusp of a New Data Environment

Hindsight is often 20/20, but sometimes foresight can be illuminating, too.

Gartner caused a mini-stir this week when it issued its latest prediction for data center spending in the coming years. Despite the rebounding economy and the drive to build out cloud infrastructure, the group is actually dialing back the rate of growth by a rather hefty margin. Rather than the 3.2 percent growth that the company anticipated earlier in the year, the forecast is now set at 2.1 percent, which translates to about $3.75 trillion.

Of course, this is still a significant wad of cash, representing the sum total of all data-related spending across the globe, ranging from devices and data center systems to software solutions, telecom and the wealth of new services that are hitting the market at a steady clip. For IT’s part, Gartner is expecting a still respectable 3.7 percent climb into 2015, representing about $3.9 billion in revenues.

...

http://www.itbusinessedge.com/blogs/infrastructure/on-the-cusp-of-a-new-data-environment.html

WASHINGTON -- The Federal Emergency Management Agency (FEMA) and its federal partners continue to monitor Hurricane Arthur’s impact and northward track. The agency encourages those in Arthur’s path to listen to their local officials, monitor storm conditions and take steps to be prepared.

"Residents are urged to continue to listen to the instructions of your local officials," said Craig Fugate, FEMA Administrator.  "As the storm continues to move along the east coast, there are a number of areas that can be affected by strong winds, storm surge, inland flooding and tornadoes. If you evacuated and are considering returning home, make sure local officials have deemed the area safe to return.” 

Through regional offices in Atlanta, Philadelphia, New York and Boston, FEMA remains in close contact with emergency management partners in North Carolina and potentially affected states and has a liaison in the emergency operations center in Massachusetts. FEMA is also working in coordination with the National Weather Service and National Hurricane Center.

In advance of the storm, FEMA had liaisons in the emergency operation centers in North Carolina and South Carolina and an Incident Management Assistance Team (IMAT) in North Carolina to coordinate with state, tribal and local officials should support be requested or needed. Additional teams from around the country are ready to deploy to impacted states and tribes as necessary.

According to the National Weather Service, Tropical Storm Warnings remain in effect for portions of the east coast as Hurricane Arthur moves northward. The latest storm tracks, local forecasts and warnings are available at hurricanes.gov and weather.gov.

As the first hurricane of the Atlantic hurricane season, Hurricane Arthur serves as a reminder for residents in areas prone to tropical storms and hurricanes to refresh their emergency kits and review family emergency plans. Those who do not have an emergency kit or family plan can learn about steps to take now to prepare for severe weather at ready.gov.

The FEMA smartphone app provides safety tips and displays open shelter information at www.fema.gov/smartphone-app. Information on Red Cross shelters is available by downloading the Red Cross Hurricane app or by visiting redcross.org.

Safety and Preparedness Tips

  • Residents and visitors in potentially affected areas should be familiar with evacuation routes, have a communications plan, keep a battery-powered radio handy and have a plan for their pets. Individuals should visit ready.gov or listo.gov to learn these and other preparedness tips for tropical storms.
  • Know your evacuation zone and be sure to follow the direction of state, tribal and local officials if an evacuation is ordered for your area.
  • Storm surge is often the greatest threat to life and property from a hurricane. It poses a significant threat for drowning and can occur before, during, or after the center of a storm passes through an area. Storm surge can sometimes cut off evacuation routes, so do not delay leaving if an evacuation is ordered for your area.
  • If you encounter flood waters, remember – turn around, don’t drown.
  • Driving through a flooded area can be extremely hazardous and almost half of all flash flood deaths happen in vehicles. When in your car, look out for flooding in low lying areas, at bridges and at highway dips. As little as six inches of water may cause you to lose control of your vehicle.
  • If your home has flood water inside or around it, don’t walk or wade in it. The water may be contaminated by oil, gasoline or raw sewage.
  • Hurricanes have the potential for tornado formation. If you are under a tornado warning, seek shelter immediately in the center of a small interior room (closet, interior hallway) on the lowest level of a sturdy building. Put as many walls as possible between you and the outside.
  • Stay off the roads in impacted areas. Emergency workers may be assisting people in flooded areas or cleaning up debris. You can help them by staying off the roads and out of the way.
  • If your power is out, safely use a generator or candles.
    • Never use a generator inside a home, basement, shed or garage even if doors and windows are open.
    • Keep generators outside and far away from windows, doors and vents. Read both the label on your generator and the owner's manual and follow the instructions. 
    • If using candles, please use caution. If possible, use flashlights instead.
  • Avoid downed power or utility lines; they may be live with deadly voltage. Stay away and report them immediately to your power or utility company.
  • When the power comes back on, wait a few minutes before turning on major appliances, to help eliminate problems that could occur if there's a sharp increase in demand. If you think electric power has been restored to your area but your home is still without power, call your local power company.
  • Get to know the terms that are used to identify severe weather and discuss with your family what to do if a watch or warning is issued.

For a Tropical Storm:

  • A Tropical Storm Watch is issued when tropical cyclone containing winds of at least 39 MPH or higher poses a possible threat, generally within 48 hours.
  • A Tropical Storm Warning is issued when sustained winds of 39 MPH or higher associated with a tropical cyclone are expected in 36 hours or less.

For coastal flooding:

  • A Coastal Flood Advisory is issued when minor or nuisance coastal flooding is occurring or imminent.
  • A Coastal Flood Watch is issued when moderate to major coastal flooding is possible.
  • A Coastal Flood Warning is issued when moderate to major coastal flooding is occurring or imminent.

More safety tips on hurricanes and tropical storms can be found at ready.gov/hurricanes.

Not every company has a Big Data problem. In fact, many companies are operating in “relatively sparse data environments,” says David Meer, a partner with Strategy&’s consumer and retail practice.

This isn’t your usual rant about how companies need to fix small data problems before embracing Big Data. No, Meer’s Strategy+Business article is much more original. He’s proposing that companies revisit existing data, and then seek out ways to add to or fill out that data for strategic advantage.

Why would they do this? It turns out the market doesn’t care if you don’t have large datasets and can’t afford to buy them.  You still need to compete against data-driven companies.

...

http://www.itbusinessedge.com/blogs/integration/five-business-savvy-ways-to-add-strategic-little-data.html

Cyber security and data protection have been ranked a surprising third in a list of boardroom priorities, according to a survey released by KPMG.

The annual Business Instincts Survey, a poll of 498 C-level executives from businesses across the UK, found that under-investment has left many businesses acknowledging the need to increase spending on secure technology. Yet despite acceptance that cyber security, specifically, is critical to long-term business operations, one in three executives questioned (36 percent) said that investing in people skills had become their number one concern, with 19 percent also more focused on plant or machinery purchases.

...

http://www.continuitycentral.com/news07274.html

Most organizational decisions to try to slow or ban Bring Your Own Device (BYOD) in the workplace seem to circle around the security issues. Which, of course, are valid and concerning to IT groups who must balance conflicting security and productivity or convenience needs for users. CIO.com, for instance, describes a large electrical contractor, Rosendin Electric, that has a no-BYOD policy. Employees keep asking about it, but CIO Sam Lamonica worries about security breaches and says, “We have a user base that might not, in a lot of cases, make the right choices.” The article also cites a CompTIA survey of 400 IT and business execs in which just over half said they are not “doing” BYOD, period.

But CIOs and IT managers are also now dealing with less quantifiable problems that may grow along with BYOD and the mobile worker’s lifestyle. These problems range from angst and worry over job loss, to fear of being expected to work unlimited hours, to uncertainty about which responsibilities could increase with BYOD’s freedom.

...

http://www.itbusinessedge.com/blogs/governance-and-risk/byod-can-threaten-more-than-network-security.html

Monday, 07 July 2014 17:09

Five Ways MDM Benefits Business Users

Some experts think too many organizations are approaching master data management (MDM) as a “must-do” without really understanding or achieving its potential. In fact, Forrester MDM and data expert Michele Goetz says MDM isn’t something every company should pursue.

If you’re interested in drilling down on the potential of MDM, check out this recent Infosys BPO blog post. Granted, as a technology consultancy, it’s good business for the company to promote MDM (did you see that their CEO is now India’s highest paid executive?) and it may have elements of their model in it. But mostly, it seems pretty straightforward, with solid information.

The blog post provides some telling statistics, although it doesn’t source the surveys or provide specifics, so it’s impossible to judge their legitimacy. For instance, the piece cites a 2013 survey that found only 21 percent of organizations rated their data quality as high or better, with most rating it “fair.” I will say that information falls in line with past research that I’ve read.

...

http://www.itbusinessedge.com/blogs/integration/five-ways-mdm-benefits-business-users.html

NEW YORK – New Yorkers know about severe weather. After Hurricane Sandy, 2013 brought 15 significant weather events to New York, including winter snow and ice storms, a tornado, extreme heat, brush fires, heavy rains and flooding. Two of those events resulted in major disaster declarations for the state.

Next week, March 2-8, is National Severe Weather Preparedness Week, a nationwide campaign to remind everyone that severe weather can affect anyone. The effort is sponsored by the Federal Emergency Management Agency and the National Oceanic and Atmospheric Administration.

Across the U.S. last year, there were seven severe weather events that crossed the $1 billion mark in economic and property damage. These disasters, including floods, tornadoes and wildfires, caused the deaths of 109 people.

NOAA and FEMA urge all New Yorkers to understand the risks where you live and how severe weather could affect you and your family. Check weather forecasts, get a NOAA Weather Radio and sign up for local weather alerts from emergency management officials. Check NOAA’s National Weather Service website for more information: www.weather.gov.

Next, make sure you and your family are prepared for severe weather. Develop a family communication and disaster preparedness plan, keep important papers, medications and other essential items in a safe place and visit www.Ready.gov/severe-weather to learn more.

Being prepared for severe weather need not be complicated or costly. Keeping a few simple items handy in a disaster kit, for example, could end up being a lifesaver. Go to www.ready.gov/basic-disaster-supplies-kit to find out more about what to include in a basic kit and how to develop one for those with unique needs. The same information is available in Spanish at www.listo.gov.

Once you have taken action to prepare for severe weather, set an example by sharing your story with family and friends on any social media site. Be a "force of nature" and inspire others in your community to take action too. Pledge to prepare by signing up for America’s PrepareAthon on April 30 at www.fema.gov/americas-prepareathon.

The Federal Emergency Management Agency (FEMA), through its National Watch Center in Washington and its regional office in Atlanta, and in coordination with the National Weather Service and National Hurricane Center, is monitoring the conditions of Tropical Storm Arthur off the east coast of Florida. FEMA remains in close contact with state emergency management partners in potentially affected states.

According to the National Weather Service, a Tropical Storm Watch is in effect for the east coast of Florida from Fort Pierce to Flagler Beach. A Tropical Storm Watch means that tropical storm conditions are possible within the watch area, in this case within 24 hours. Tropical Storm Arthur is expected to move northwest today and then north on Wednesday. Arthur is expected to become a hurricane by Thursday near the coast of the Carolinas. Visit Hurricanes.gov  and Weather.gov for the latest storm track and local forecasts.

FEMA urges residents and visitors in potentially affected areas to closely monitor the storm and take steps now to be prepared in advance of severe weather and most importantly, follow the direction of state, tribal and local officials.

FEMA has deployed liaisons to the emergency operations centers in North Carolina and South Carolina along with an Incident Management Assistance Team (IMAT) to North Carolina to coordinate with local officials, should support be requested, or needed. FEMA’s regional office in Atlanta is in contact with its emergency management partners in Florida, North Carolina and South Carolina. FEMA’s National Watch Center is at an Enhanced Watch.

As the first tropical storm of the Atlantic hurricane season, Tropical Storm Arthur serves as a reminder for residents in areas prone to tropical storms and hurricanes to refresh their emergency kits and review family plans. If you do not have an emergency kit or family plan, or to learn about steps you can take now to prepare your family for severe weather, visit ready.gov.

At all times, FEMA maintains commodities, including millions of liters of water, millions of meals and hundreds of thousands of blankets, strategically located at distribution centers throughout the United States, that are available to state and local partners if needed and requested.


Tropical Storm Safety Tips:

  • Residents and visitors in potentially affected areas should be familiar with evacuation routes, have a communications plan, keep a battery-powered radio handy and have a plan for their pets. Individuals should visit ready.gov or listo.gov to learn these and other preparedness tips for tropical storms.
  • Know your evacuation zone and be sure to follow the direction of state and local officials if an evacuation is ordered for your area.
  • Storm surge is often the greatest threat to life and property from a hurricane. It poses a significant threat for drowning and can occur before, during, or after the center of a storm passes through an area. Storm surge can sometimes cut off evacuation routes, so do not delay leaving if an evacuation is ordered for your area.
  • Driving through a flooded area can be extremely hazardous and almost half of all flash flood deaths happen in vehicles. When in your car, look out for flooding in low lying areas, at bridges and at highway dips. As little as six inches of water may cause you to lose control of your vehicle.
  • If you encounter flood waters, remember – turn around, don’t drown.
  • Tropical Storms have the potential for tornado formation. If you are under a tornado warning, seek shelter immediately in the center of a small interior room (closet, interior hallway) on the lowest level of a sturdy building. Put as many walls as possible between you and the outside.
  • Get to know the terms that are used to identify severe weather and discuss with your family what to do if a watch or warning is issued.


For a tropical storm:

  • A Tropical Storm Watch is issued when tropical cyclone containing winds of at least 39 MPH or higher poses a possible threat, generally within 48 hours.
  • A Tropical Storm Warning is issued when sustained winds of 39 MPH or higher associated with a tropical cyclone are expected in 36 hours or less.


For coastal flooding:

  • A Coastal Flood Watch is issued when moderate to major coastal flooding is possible.
  • A Coastal Flood Warning is issued when moderate to major coastal flooding is occurring or imminent.
  • A Coastal Flood Advisory is issued when minor or nuisance coastal flooding is occurring or imminent.

More safety tips on hurricanes and tropical storms can be found at ready.gov/hurricanes.

This blog article talks about a step in the Business Continuity Planning (BCP) Methodology that I think is missing – and, I happen to think it is a pretty important step.

One of the greatest challenges in the BCP methodology is in establishing the program’s recovery objectives.  Whether you label them as Maximum Acceptable Downtime (MAD); Recovery Time and Recovery Point Objectives (RTO & RPO); or some other creative anagram unique to your process, these program benchmarks are usually arrived at through a Business Impact Analysis (BIA) process or, at least, through some survey/interview with business managers and subject matter experts to establish what the critical business processes are; what timeframes they must be recovered; and what resources must be available in certain timeframes to enable our continuity or recovery of those processes.  Does this sound familiar?  I’m I right, so far?

But – you knew there was going to be a but – to achieve what end?  I mean, we do a great job defining business continuity objectives, but do we do so against established business objectives?

...

http://safeharborconsulting.biz/blog2/2014/06/27/business-objectives-vs-business-continuity-objectives-the-missing-step/

At a recent meeting, the London Assembly’s Economy Committee heard that London’s businesses are failing to adequately invest in suitable climate change risk mitigation strategies.

The Economy Committee were told that large companies have substantial strategies in place to deal with climate change risks; however, SMEs across the capital are generally unaware of the significant threats to their business posed by climate change and severe weather events both in London and to their supply chains abroad.

Jenny Jones AM, Chair of the Economy Committee said:

“It is vital that business owners in London, SMEs and large companies alike, understand the very real risk that climate change and severe weather events, both here and abroad can have on the future success of their companies. But today we heard that SMEs, which account for 90 percent business in the capital, do not have the resources to protect and adapt themselves to the impact of severe weather events.

...

http://www.continuitycentral.com/news07262.html

National Retail System (NRS) has released the results of a survey into how a West Coast ports strike could impact logistics in the USA. With a strike looming as the holiday season gets nearer, the NRS' survey found that only 52 percent of the companies who responded are prepared for such an eventuality.

The logistics professionals surveyed came from a variety of different sectors including 36 percent in manufacturing and 18 percent in retail, as well as 23 percent working for other 3PL logistics providers across the USA.

The anticipated strike has seen a variety of contingency plans being put in place. The most popular of those is to use alternative ports. The biggest winners of the alternative ports are the New England ports New York / New Jersey and Boston with 39 percent of businesses choosing to route trade through these. The up and coming port of Savannah, Georgia is the next most popular option with 26 percent, and the Canadian Port of Vancouver is seen as the third best option for a further 23 percent of companies. While all of these ports are likely to see a short-lived boom if the strikes take place what will be interesting is how much trade will not return after a strike ends and still be routed through these destinations. Will businesses want to mitigate future risk and leave a proportion of their imports coming through alternatives?

...

http://www.continuitycentral.com/news07264.html

Technology is beginning to dominate many aspects of the emergency management profession. This is particularly evident during disaster response. Today we have a number of large technology companies that offer their software or services for larger scale disasters. Chief technology officer for Microsoft Disaster Response, Tony Surma, answered questions about technology’s use in emergency management.
 
Surma is responsible for the worldwide team and program at Microsoft focused on delivering technologies and technical assistance to communities, responders and customers both in response to natural disasters and in support of proactive resiliency efforts. He has been a part of the Microsoft Disaster Response team from the start — first as a volunteer global coordinator for solutions builds and deployments in time of disaster response and, more recently, as the lead for the program. Between response efforts, his focus is on building proactive partnerships and cross-organization initiatives, such as Humanitarian Toolbox, to operationalize innovations for use during response and leverage trends in technology and solution development to the benefit of response organizations and community readiness.

...

http://www.emergencymgmt.com/training/Technology-Increasing-Role-Emergency-Management.html

The Business Continuity Institute (BCI) and the Association of Contingency Planners (ACP) are proud to announce a new strategic partnership that will further enhance the networking opportunities offered to business continuity professionals across North and Central America.

Networking and the sharing of ideas and experience are fundamental benefits of being a member of a professional institute but this is not always easy in regions so large and diverse as North and Central America. By forming this alliance between the BCI and the ACP it will help address those challenges.

As part of the partnership, BCI members will have access to local ACP Chapter meetings, events and services. The BCI will also participate in the ACP’s National Leadership Conference, where it will be able to highlight its influence in the discipline of business continuity from its global membership of more than 8,000 members in more than 100 countries.

Commenting on this new partnership, Steve Mellish FBCI, Chairman of the BCI, said: “The BCI and the ACP have worked together in an informal way in the past as both share the common goal of promoting the need for business continuity within organizations of all shapes and sizes. This new strategic partnership builds on that relationship.  With the continuing evolution of the discipline, partnering with the ACP will bring more networking opportunities for both memberships as well as access to the BCI's world-renowned thought leadership activities much more effectively. These are very exciting times for the BCI in the Americas and we are proud to partner with the ACP to work together for the benefit our members.”

Michael Gifford MBCI, ACP Chairman said: "ACP is committed to the business continuity profession and as an organization dedicated to protecting lives, safeguarding businesses and fostering community resiliency. Our new partnership will create new growth opportunities for both ACP and BCI. We are very pleased to take this journey with the BCI."

The ACP has Chapters across North America, so if you are interested in finding out more about the Chapter local to you then click here.

http://www.thebci.org/index.php/about/news-room#/news/new-partnership-between-the-business-continuity-institute-and-the-association-of-contingency-planners-87217

If you look through the literature on disaster recovery, you’ll probably see that practical ideas, recommendations and methods abound – but that theory is in rather shorter supply. This makes sense in that all those IT systems and networks are running now – so if they break, you’ll want some good ‘cookbooks’ or ‘how-to’s’ for mending them rapidly. However with DR management comes DR planning, which is the chance to step back and better understand the key principles that govern effective DR. The CAP theorem for distributed IT systems is one example. Better still, it’s simple to grasp and has immediate practical application.

...

http://www.opscentre.com.au/blog/a-theorem-for-it-disaster-recovery-but-with-practical-application/

MONTGOMERY, Ala. – Some disaster survivors think that U.S. Small Business Administration loans are only for businesses. That is not the case – it is the primary source of federal funds for long-term recovery assistance for disaster survivors.

SBA offers disaster loans at rates as low as 2.188 percent to homeowners and renters, at 4 percent for businesses of all sizes and at 2.625 percent for private nonprofit organizations for physical damage from the April 28 through May 5 severe storms, tornadoes, straight-line winds and flooding in the following Alabama counties: Baldwin, Blount, DeKalb, Etowah, Jefferson, Lee, Limestone, Mobile and Tuscaloosa counties.

Economic injury disaster loans also are available to provide working capital to eligible small businesses and nonprofit organizations located in the counties listed above and the adjacent counties.

There are good reasons for FEMA applicants who have been contacted by SBA to submit a completed disaster loan application before the July 1, 2014 deadline. Reasons include:

  • A future insurance settlement may fall short. Survivors may find out they are underinsured for the amount of work it takes to repair or replace a damaged home. An SBA low-interest loan can cover the uninsured costs. By submitting the loan application, survivors may have loan money available when it is needed. SBA can approve a loan for the repair or replacement of a home up to $200,000. The loan balance will be reduced by a survivor’s insurance settlement. However, the opportunity for an SBA disaster loan will be lost if they wait until after the application deadline.
  • SBA can help renters repair or replace disaster damaged personal property. Renters as well as homeowners may borrow up to $40,000 to repair or replace clothing, furniture, appliances and damaged vehicles.
  • By submitting an SBA loan application, survivors keep the full range of disaster assistance available as an option. SBA may refer applicants who do not qualify for a home loan to FEMA for “Other Needs” grants to replace essential household items, replace or repair a damaged vehicle, cover medical, dental and funeral expenses and other serious disaster-related needs. But if survivors do not submit their disaster loan applications, the assistance process stops. Survivors are not required to accept a loan offer.

For more information, homeowners, renters and businesses may call the SBA at 800-659-2955 (TTY 800-877-8339), send an email to DisasterCustomerService@SBA.gov or visit SBA.gov/Disaster. Survivors can complete disaster loan applications online at https://DisasterLoan.SBA.gov/ELA.

Survivors who have not yet registered with FEMA can do so online at DisasterAssistance.gov with a mobile device at m.FEMA.gov or by calling the FEMA helpline at 800-621-3362 (FEMA). TTY 800-462-7585.

The deadline to register for disaster assistance and an SBA loan is July 1, 2014 for property damage. The deadline for Economic Injury Disaster Loans is February 2, 2015.

The Federal Emergency Management Agency and the U.S. Small Business Administration offer assistance programs for homeowners, renters, and business owners in nine Alabama counties designated for Individual Assistance.

High-profile Big Data success stories tend to focus on ridiculously large volumes and trendy data, such as social media data. In the real world, Big Data looks a lot different, according to data management consultant Gary Allemann.

Allemann is the managing director at the South African consultancy Master Data Management, so right off the bat you know he will have a different perspective on Big Data than the Silicon Valley set. In “Five More Big Data Myths Busted,” Allemann argues that for many companies, Big Data’s value has little to do with astronomical volumes of data or even social media data.

And Big Data is certainly not gunning to take over the enterprise data warehouse at this point, he adds. Actually, companies adopt Big Data as a supplement to the enterprise data warehouse because Big Data solutions allow them to combine structured data with unstructured data.

...

http://www.itbusinessedge.com/blogs/integration/how-real-world-companies-put-big-data-to-work-with-existing-systems.html

It is often said that the most important asset an organization can have is its staff, so it would seem logical for an organization to have a plan in place for when staff move on taking their skills and knowledge with them. This is not always the case however, according to a white paper by SEI and FP Transitions, less than half (45%) of advisors polled have a continuity plan in place in the event of an unexpected departure or leave of absence. This is despite the claim that 99% of independent financial services and advisory practices go out of business when their founder retires.

The white paper, titled, ‘Acquisition and Succession: Shift Your Focus from Retirement to Growth,’ surveyed 771 financial advisors to gain insights on their acquisition, succession planning, and continuity planning activities. It noted that firms must increasingly view succession planning as a growth strategy not a retirement strategy, and reveals that while nearly one-third (32%) of advisors claim to have a succession plan, only 17% have a binding and actionable agreement. This data points to the need for advisors to re-assess their succession planning goals and strategies.

"Advisors are beginning to realize that succession plans and continuity plans can actually become growth tools,” said John Anderson, Head of SEI Practice Management Solutions, SEI Advisor Network. “By taking the time to plan for the future, advisors are giving themselves a key competitive advantage in the present. The process gives them a clearer picture of their firms' overall health, prioritizes finding a new generation of talent, and sends the message to clients that the firm will be viable for years to come.”

"Succession planning isn’t just about figuring out who’s going to take over when you’re gone," said David Grau Sr., President and Founder of FP Transitions. "It’s about building a business that will support your long term vision, and which will continue to serve clients even when you’re not around as much.  Whether that means preparing the firm for acquisition or extending ownership to the next generation, continued growth is essential to a successful transition."

The data suggests, however, that most advisors have given thought to succession planning and continuity planning, even if they do not currently have all of the tools needed to execute a plan/strategy. Of those without a business continuity plan, nearly three-quarters (69%) plan to implement one over the next few years.

http://www.thebci.org/index.php/about/news-room#/news/lack-of-business-continuity-to-cover-unexpected-staff-departures-87930

In releasing its second quadrennial review, a 104-page report, the U.S. Department of Homeland Security (DHS) outlines its efforts to enhance the five homeland security missions it detailed in the first review in 2010.

With disasters like the Deepwater Horizon oil spill in 2010, Hurricane Sandy in 2012 and the Boston Marathon bombings in 2013, as well as the increasing cyberthreat as the backdrop, the report outlined what it called a more risk-based approach to the significant threats from terrorism and natural hazards.

Of course the mission of the DHS continues to be combating terrorism, but also taking an all-hazards approach and recognizing the trends in natural hazards brought on by a changing climate, and to understand and mitigate the possibilities of a devastating pandemic.

...

http://www.emergencymgmt.com/safety/Addressing-Cyberthreats-Changing-Climate-DHS-Goals.html

Why are some countries more resistant to supply chain disruption or better able to bounce back?

According to Margareta Wahlström, United Nations Special Representative of the Secretary-General (SRSG) for Disaster Risk Reduction, this is a puzzle that world leaders are perpetually trying to solve.

Hence the inherent value in a new online interactive tool from FM Global that ranks countries by supply chain resilience.

The 2014 FM Global Resilience Index ranks the business resilience of 130 countries around the world.

Nine key drivers of supply chain risk are grouped into three categories: economic, risk quality and supply chain factors. These combine to form the composite index. Scores are bound on a scale of 0 to 100, with 0 representing the lowest resilience and 100 the highest resilience.

...

http://www.iii.org/insuranceindustryblog/?p=3699

Fortune CM&S and the Business Continuity Institute have announced the establishment of a formal, strategic partnership. The goal of this new collaborative partnership is to dramatically increase the level of awareness among Fortune’s North American business readers of the critical importance of business continuity management and to help raise the levels of resilience within their own corporations worldwide to ensure their organization’s long term success.

Newell Thompson, Vice President at Fortune’s Content Marketing & Strategies division said: "Fortune CM&S division selected the BCI to partner with them on this high profile feature because of the BCI's outstanding reputation as the world's leading institute for business continuity and their standards of excellence in the practice of Business Continuity Management (BCM). The BCI's mission of promoting and facilitating the adoption of international standards for business continuity helps to raise awareness of the importance of the practice of BC globally. The BCI works with some of most well respected global brands who embrace the practice of BCM and want to raise their corporate profile in the global BC arena."

...

http://www.thebci.org/index.php/about/news-room#/news/business-continuity-institute-to-form-strategic-partnership-with-fortune-magazine-87830

Wednesday, 25 June 2014 16:09

The BIA Insult

So, I came across this quote the other day that someone was using in a presentation about the importance of conducting a Business Impact Analysis (BIA):

“A business continuity plan that is not predicated on or guided by the results of a business impact analysis (BIA) is, at best, guesswork, is incomplete, and may not function as it should during an actual recovery.”

Really?

I understand what they mean and I appreciate this message given to business continuity planners, but, I would hesitate saying this in a board room.  It may not be wise suggesting to the CEO and other senior executives that they do not know their business well enough to tell you what is important to them and what business processes are necessary to keep their organization solvent.

...

http://safeharborconsulting.biz/blog2/2014/06/24/the-bia-insult/

Each year hundreds of emergency management researchers, academics and practitioners gather to discuss the state of research across fields and hazards. The Natural Hazards Research and Applications Workshop is held just south of Boulder, Colo., in Broomfield, making the devastating flooding last September a natural fit as a focus throughout the conference. Representatives from Boulder and Lyons spoke about the current state of the response as well as how they had prepared their communities in advance of the flood, and researchers addressed what they observed during the emergency, including the use of emergency alerts. The following are six takeaways about the flood response that were shared during the conference.

ALERTS NEED TO BE SPECIFIC — What’s the best way to alert residents about an emergency? While the ideal order to list information has been debated, one thing has become clear from studies of emergency alerts: be specific. “Explain to people what you mean when you say ‘evacuate,’ otherwise they will make it up themselves,” said Dennis Mileti, director emeritus of the Natural Hazards Center, which hosts the workshop. Social scientists have said that warnings must tell people what to do, and Mileti said this was alive and well during the flooding in Boulder last September. For example, he cited an alert from the Boulder Office of Emergency Management that went out on Sept. 12, 2013, that said, “Shelter in place but move to upper floors, if possible. If this is not possible, these individuals should seek higher ground, at least 12 feet above creek level, without crossing the creek.” Mileti said he’s read all of the warnings that were issued during the flood and that Boulder did a “wonderful job” issuing warnings during the event.

...

http://www.emergencymgmt.com/disaster/6-Takeaways-Colorados-Devastating-Flooding.html

Wednesday, 25 June 2014 16:06

Why You Should Still Worry About Heartbleed

CSO — Patching of Internet-connected systems that contain the Heartbleed bug has slowed to a snail's pace, and security experts are advising companies to take extra precautions to avoid a security breach.

Errata Security scanned the Internet late Friday and found roughly 309,000 sites with the bug, which is in the secure sockets layer (SSL) library of the OpenSSL Project. That number was only about 9,000 less than what Errata found a month ago.

When Hearbleed was discovered in April, Errata found more than 600,000 vulnerable systems on port 443, which is used by default for SSL-secured communications between clients and servers.

...

http://www.cio.com/article/754701/Why_You_Should_Still_Worry_About_Heartbleed

Wednesday, 25 June 2014 15:50

Why One CIO Is Saying 'No' to BYOD

CIO — Every six months, an employee at electrical contractor Rosendin Electric will walk into CIO Sam Lamonica's office in San Jose with a question: "How come I can't use my own phone for work?"

Rosendin Electric has thousands of employees, hundreds of smartphones, more than 400 iPads and a few Microsoft Surface tablets -- none are Bring Your Own Devices.

"We would probably never have a BYOD environment here," Lamonica says.

Lamonica isn't alone, either. There's a growing BYOD backlash among CIOs that threatens to derail the once-high-flying computing trend. For instance, CompTIA's spring survey of 400 IT and business executives found that 51 percent of respondents at large companies are not doing BYOD at all.

...

http://www.cio.com/article/754698/Why_One_CIO_Is_Saying_No_to_BYOD

Although cyber attack now ranks among the top risks facing the global business community, many European boards face the challenge of adequately analysing and assessing how the threats associated with technology and the internet may affect their organisations.

To assist these firms in managing these cyber risks more effectively, Marsh has developed a model that helps users identify and evaluate the cyber risk scenarios they face, analyse their insurability and risk tolerance, and then model their insurable and non-insurable losses. The reporting data can then be used for risk financing, in the insurance market or through self-insurance.

...

http://www.cirmagazine.com/cir/Marsh-launches-cyber-risk-financing-optimisation-model.php

Tuesday, 24 June 2014 16:30

Native Data Analysis Comes to MongoDB

CIO — Seeking to make it easier for you to apply analytics to your big data stores, Pentaho today announced the general availability of the latest version of its business analytics and data integration platform.

The Pentaho 5.1 release is intended to bridge the "data-to-analytics divide" for the whole spectrum of Pentaho users, from developers to data scientists to business analysts. Pentaho 5.1 adds the capability to run code-free analytics directly on MongoDB data stores, incorporates a new data science pack that acts as a data science "personal assistant," and adds full support for the Apache Hadoop 2.0 YARN architecture for resource management.

"The new capabilities in Pentaho 5.1 support our ongoing strategy to make the hardest aspects of big data analytics faster, easier and more accessible to all," says Christopher Dziekan, executive vice president and chief product officer at Pentaho. "With the launch of 5.1, Pentaho continues to power big analytics at scale, responding not only to the demands of the big data-driven enterprise but also provides companies big and small a more level playing field so emerging companies without large, specialist development teams can also enter the big data arena."

...

http://www.cio.com/article/754695/Native_Data_Analysis_Comes_to_MongoDB

CIO — You've certainly heard a lot about the cloud — the public cloud, that is, run by software vendors and outsourced completely. You've heard the standard advice about why the public cloud has certain technical advantages and disadvantages, too. However, there's an inconvenient truth to the public cloud that has been brewing for a while: Its effect on IT pros.

Cloud Vendors Creating False Choices

As part of software companies' push to move their customers to cloud versions of their products, many companies introduce features or capabilities available in the hosted service versions of their programs that aren't immediately available in the on-premises version of the software. In some cases, these features aren't on the roadmap at all to be ported to on-premises systems.

We've heard from Microsoft, for example, that major server products such as Exchange and SharePoint will be as close to feature equivalent as possible. We've even heard promises that new technology such as the Office Graph will be ported back to the boxed software release designed to be run in your server closet. These commitments have been walked back, much to the dismay of existing customers and IT pros.

...

http://www.cio.com/article/754696/The_Truth_About_Enterprises_and_the_Public_Cloud

Business continuity often inspires a feeling of ‘disaster averted’. In other words, the perception is that spending money on business continuity is really an insurance policy, and as such brings no positive benefit, but helps to avoid negative outcomes. It’s true that this is an essential role. As its name suggests, the avoidance of business discontinuity or interruption is inherent in the pursuit of business continuity. However, business continuity can and should have a net positive effect as well.

...

http://www.opscentre.com.au/blog/business-continuity-benefits-not-just-an-insurance-policy/

In an unexpected twist, Big Data is driving adoption of data archiving, according to Gartner.

When people first started talking about Big Data technology, some said it would eliminate the need to worry so much about archiving or, at least, Hadoop clusters would take on that role. Ironically, it’s the increased adoption of Hadoop that is now forcing organizations to look at data archiving, CMS Wire reports.  Growth of structured data is particularly a concern as organizations try to separate out useful from non-essential data, the article notes.

Don’t worry, it’s expected to come full circle. The article notes that Gartner’s latest report, the Magic Quadrant for Structured Data Archiving and Application Retirement, predicts that the archiving needs will be so robust by 2017, 75 percent of structured data archiving applications will have to incorporate Big Data analytics.

...

http://www.itbusinessedge.com/blogs/integration/big-data-cloud-pushing-adoption-of-data-archiving.html

Tuesday, 24 June 2014 16:26

Could BYOD Increase Insider Threats?

A new study commissioned by Raytheon and conducted by the Ponemon Institute provides a fresh look at the insider threat. In a nutshell, we can expect the insider threat to increase. According to FierceMobileIT:

Focusing on 'the human factor,' the survey report, "Privileged User Abuse & The Insider Threat" finds that many individuals with the highest levels of network access in organizations are often granted access to data and areas of the network not necessary for their roles and responsibilities. The report reveals that 65 percent of survey respondents indicated that curiosity – not job necessity – drives these same individuals to access sensitive or confidential data.

...

http://www.itbusinessedge.com/blogs/data-security/could-byod-increase-insider-threats.html

It’s only a matter of time before a catastrophic earthquake hits the Pacific Northwest, but what happens after the shaking subsides?

Aging buildings across the area would likely collapse, causing scores if not hundreds of deaths and injuries. Roads could become impassable, and many businesses throughout the region would likely cease to offer services for some time — completely changing the face of our region and the communities within as we know them.

The scenario is real, and that’s what brought engineers, emergency managers, public officials and interested citizens from across the Northwest to Centralia College on Thursday. The second day of the Construction and Best Practices Summit hosted by the college and the Pacific Northwest Center of Excellence for Clean Energy focused on how to best prepare for and recover from an earthquake along the Cascadia Subduction Zone, a 1,000-kilometer fault stretching from Vancouver Island to Cape Mendocino, Calif.

...

http://www.emergencymgmt.com/disaster/Pacific-Northwest-Ready-Catastrophic-Quake.html

It seems that the march to private cloud infrastructure is finally under way in earnest, with both the technology and the business case for its deployment at a sufficient level of maturity for large numbers of enterprises to pull the trigger.

This does not mean all questions have been answered, however. In fact, if the private cloud has anything in common with legacy infrastructure, it’s that the tweaking and fine-tuning will likely continue well into the future.

One of the first dilemmas in fact, is the selection of a platform. To date, VMware has captured the lead in enterprise cloud deployments, according to database service provider Tesora, although OpenStack is rapidly closing the gap. In the company’s latest survey of North American developers, VMware owns about 15 percent of the market, compared to OpenStack’s 11 percent. Top applications for both public and private clouds are database processing for SQL, MySQL and other platforms, followed by web services and quality assurance. Interestingly, only about 9 percent indicated compatibility with Amazon Web Services as a top priority in designing a private cloud.

...

http://www.itbusinessedge.com/blogs/infrastructure/time-to-get-serious-about-the-private-cloud.html

CIO — We know in our gut that data has value. No company can run without it. But what is it really worth? As CEOs realize that data is an asset that can be exploited as a new source of revenue, they will start to ask CIOs about its financial potential. Responding with a shrug and a shot in the dark won't exactly enhance your own value in the CEO's eyes.

Patents, trademarks and other forms of intellectual property have long been accounted for as intangible assets in a company's financial reports. But those numbers are only estimates that may or may not include more mundane kinds of information, such as customer profiles. That's partly because no standard method or accounting procedure exists for putting a dollar value on data.

"It's frustrating that companies have a better sense of the value of their office furniture than their information assets," says Doug Laney, a Gartner analyst who studies information economics. "CIOs are so busy with apps and infrastructure and resourcing that very few of them have cycles to think about it."

...

http://www.cio.com/article/754041/CIOs_Consider_Putting_a_Price_Tag_on_Data

There’s allot of talk of organization’s becoming resilient and how they need to be resilient if they are to compete successfully and respond accordingly to the ever increasing disasters of the world – both man-made and natural in causation. But that begs the question: Can organizations be resilient? In this practitioner’s opinion, yes, they can though it takes more than a single aspect to become resilient.

Many would have you believe that you can buy resiliency off a shelf; a service or product purchased from a firm touting that they can make your organization resilient, as though the procurement of a ‘product’ will make an organization resilient. Well, unless they are a pseudo-psychologist or have a background in leadership psychology, they can’t; at least not completely. Sure, it’s fine to say that Business Continuity Plans (BCP) and Technology Recovery Plans (TRP) et al will make an organization resilient but that’s just not the complete picture. It’s only part of the overall picture of what will make an organization resilient.

It’s just not a simple concept – though it would be great it if was. What will make an organization resilient? Is there some sort of magic ingredient that will suddenly ensure that an organization will bounce back from any adverse situation? Well, yes and no. It’s not one single ingredient, it’s multiple ingredients that when combined just so, will help any organization get through difficult situations.

...

http://stoneroad.wordpress.com/2014/06/21/bcm-dr-how-does-an-organization-become-resilient/

Officials are using this time as an opportunity to tweak disaster plans, practice emergency drills and brace for potentially devastating storms later in the summer.

Ken Kaye, McClatchy News | June 20, 2014

Hurricane season so far has been business as usual for most of us, with the tropics nice and calm.

But for emergency managers, this slow stage is an opportunity to tweak disaster plans, practice emergency drills and brace for potentially devastating storms later in the summer.

"This is time of season when we're putting final touches on training, exercising and making sure we're ready," said Bill Johnson, Palm Beach County's emergency management director.

...

http://www.emergencymgmt.com/disaster/Storm-Season-Not-Slow-Floridas-Emergency-Managers.html

The news: It's Ebola.

The largest outbreak ever of the hemorrhagic fever is spreading "totally out of control" in West Africa, according to a senior official with Doctors Without Borders. The World Health Organization reports that some 330 deaths are now considered linked to the deadly virus in Guinea, Sierra Leone and Liberia.

"The reality is clear that the epidemic is now in a second wave," Doctors Without Borders operations director Bart Janssens told the AP. "And, for me, it is totally out of control."

German specialists previously said that the epidemic killing people across West Africa was caused by anew strain of the Zaire ebolavirus, which killed 88% of its victims in the first known outbreak in 1976. Doctors have managed to keep the fatality rate lower than previous epidemics, but the current outbreak is killing approximately 64% of its victims. 

...

http://mic.com/articles/91793/there-s-a-dangerous-epidemic-spreading-that-has-already-been-linked-to-over-300-deaths

Following Continuity Central’s recent survey into business continuity software usage we asked some of the key suppliers of business continuity software to answer a standard set of questions about trends in the business continuity software market. The responses can be read below:

More entries will be posted as they become available.

Software suppliers: if you would like to have your responses listed above please contact editor@continuitycentral.com

Friday, 20 June 2014 15:28

Lessons Learned from Heartbleed

By Russ Spitler

Without question, Heartbleed is one of the most catastrophic events from an Internet security standpoint over the past ten years, arguably ever. It had IT and security teams frantic to fix the vulnerability and the media frenzied. As the dust settles after the initial Heartbleed crisis response, what lessons are starting to emerge?

A quick recap

Heartbleed is a vulnerability in OpenSSL that permits attackers to access random blocks of memory from servers running OpenSSL. OpenSSL is used to establish encrypted communication channels between different places, and therefore the servers running this software hold some significant secrets: explicitly the encryption keys. Simply explained, the process used for setting up OpenSSL encryption uses a key-pair: a private key and a public key. These two keys are bound and you cannot replace one without also modifying the other. Then money is paid, fancy algorithms are applied and an SSL Certificate is obtained which is used to affirm identities when establishing a secure connection.

...

http://www.continuitycentral.com/feature1189.html

BC Management’s latest annual survey of compensation levels in the business continuity and related sectors has discovered that UK-based business continuity consultants / independent contractors make more than twice as much money as their US-counterparts, and more than three times as much as Canadian business continuity consultants.

The online study was launched in December 2013 and remained open through to March 2014. A total of 1,520 respondents from over 30 countries took part, with 116 independent contractors providing compensation information.

Independent contractors are defined as ‘professionals classified as performing contract work to another entity under terms specified in an agreement. Unlike an employee, an independent contractor does not work regularly for an employer, but works when and as required.’

The survey found that the 2013 average total compensation for independent contractors in $USD was:

UK: $303,278
Europe: $248,545
USA: $140,601
Asia Pacific: $130,311
Canada: $83,982

There was an average increase in total compensation for independent contractors, with earnings increasing 8.8 percent internationally and 6.3 percent for USA based professionals.

www.bcmanagement.com

Luxury goods companies believe that they face greater reputational risk than those in other industries, according to a report published by ACE Group in Europe. Following a survey with a concentrated sample of 45 European luxury goods firms and a series of in-depth expert interviews, the report also concludes that environmental, business travel and directors and officers liability (D&O) are three emerging risks for the industry to watch.

Some 75 percent of senior risk executives from the industry sample state that reputation is their company’s greatest asset and 80 percent agree that reputational risk is the most difficult individual risk category to manage.

Almost six in ten respondents report that globalisation has increased the interdependency of risks they face and rank lack of risk management tools and processes, insufficient budget and lack of management time as well as human resources and skills as the greatest barriers to effective management of reputational risk.

...

http://www.continuitycentral.com/news07260.html

Sometimes, the business doesn’t care about data quality. It’s a hard thing to hear, but someone has to be honest with you about it, and Capgemini’s Big Data and Analytics expert Steve Jones is stepping up to do it.

Actually, Jones is talking about master data management (MDM). It’s often confused as a data quality project, he writes, but the primary goal of MDM isn’t data quality these days. It’s really collaboration.

If that sounds like a major departure from what you’ve read in the past, you’re right. Data quality, along with data governance, has long been heralded as key components to finding success with MDM.

...

http://www.itbusinessedge.com/blogs/integration/when-is-data-quality-not-a-priority-when-the-business-says-so.html

Thursday, 19 June 2014 16:22

Responding to global risks

Business leaders are not doing enough to prepare for the risks that arise from our increasingly inter-connected world, such as government debt crises, extreme weather events and social instability, claims the Institute of Directors in a new report, Responding to Global Risks: A practical guide for business leaders.

This is a concern highlighted in the 2013 BCI Supply Chain Resilience Report which identified that, as supply chains become ever more complex, organizations find it difficult to manage them effectively. In the survey that led to the report, 75% of respondents admitted to not having full visibility of their supply chain disruption levels and 42% had experienced a disruption below their immediate supplier the previous year.

Charles Beresford-Davies, Managing Director and UK Risk Management Practice Leader at Marsh, said: “No company operates in isolation. Every business, no matter how large or small, is part of a complex global network of suppliers, outsourcers and customers, all of which are subject to resiliency risk.”

...

http://www.thebci.org/index.php/about/news-room#/news/responding-to-global-risks-87529

If we have learned any lessons from the last few years, it is that data breaches present a significant business risk to organizations, often resulting in high financial cost and impact on public opinion. According to a recent study, the average cost of a data breach incident is approximately $3.5 million. With reputation management and a complex regulatory landscape as additive organizational concerns, security and risk professionals face the tough task of ensuring their companies successfully manage the aftermath of a data breach.

A crucial aspect to data breach preparedness is having a strong understanding of the legislative and regulatory framework around data breach notification. However, set against a patchwork of 47 existing laws from nearly every U.S. state, risk and compliance professionals are challenged with understanding and communicating rights for their business and customers. The recent mega breaches experienced by several large companies in the United States has resulted in heightened consumer, media and policymaker awareness and concern, making the potential for new requirements and legislation a hot topic.

...

http://www.riskmanagementmonitor.com/u-s-policymakers-renew-focus-on-data-breach-laws

Today, we’re adding metadata to the list of issues that will need to be addressed before data lakes are a useful, realistic concept.

Recently, I’ve been sharing the key concerns and barriers around data lakes. Data lakes, at least in theory, are what you get when you pull Big Data sets, including unstructured data, together. The idea is that data lakes will replace or at least supplement data marts for accessing enterprise-wide information.

Vendors have been hyping up data lakes, but many experts are questioning how realistic data lakes are right now. The challenge isn’t so much creating them as it is managing the data in a useful way, experts say.

...

http://www.itbusinessedge.com/blogs/integration/another-barrier-to-data-lakes-the-metadata.html

Thursday, 19 June 2014 16:20

Maintaining Data Protection in the Cloud

Enterprises of all types and sizes are quickly ramping up their cloud presences, despite the fact that key questions regarding their reliability and efficacy remain.

A leading source of worry is data protection. Once data leaves the safety of the firewall, ensuring both its security and availability becomes largely a matter of trust.

Many organizations, in fact, are already struggling with the shift from an infrastructure-based protection scheme to a federated or virtual/application-layer solution, even without the cloud. As HP’s Duncan Campbell points out, the increase in data load and the already largely distributed nature of many enterprise data environments, not to mention the introduction of mobile communications, are forcing a rethink when it comes to maintaining access and availability. If you are looking at 20 to 25 percent data growth per year, how much longer will you be able to maintain local protection and security solutions at every remote site and branch office? At some point, the need for an integrated solution that cuts across geographic and infrastructure boundaries becomes evident, which is why the company developed the StoreOnce Backup solution with tools like federated deduplication, autonomic hardware restart and secure erase.

...

http://www.itbusinessedge.com/blogs/infrastructure/maintaining-data-protection-in-the-cloud.html

Six years after Hurricane Dolly struck a $1.35 billion blow to the South Texas coast, federally funded reconstruction efforts are just now getting under way for hundreds of Lower Rio Grande Valley residents whose homes were destroyed or badly damaged by the storm.

Nick Mitchell-Bennett, executive director of the Community Development Corporation of Brownsville, blames the situation on a “long and outrageously convoluted” federal, state and local process for getting help to storm-ravaged poor families.

...

http://www.emergencymgmt.com/disaster/Disaster-Pilot-Project-Seeks-Alternative-FEMA-Trailers.html

After severe weather hit the state of Georgia earlier this year, Gov. Nathan Deal called for an improved emergency app, and on June 16, that app was released.

The upgraded Ready Georgia app maintains old features and adds several new features, including geo-targeted severe weather and emergency alerts that notify users based on their locations before an event, such as severe weather, occurs. Users can access live traffic maps and incident reports directly from the Georgia Department of Transportation, as well as obtain a map of local American Red Cross and approved Good Samaritan shelters, along with directions to those shelters from their location. 

...

http://www.emergencymgmt.com/disaster/Upgraded-Ready-Georgia-Emergency-App.html

CSO - A data breach like the one recently reported by AT&T demonstrates that security policies alone are only a paper tiger without the technological teeth to make sure they are enforced, experts say.

AT&T reported last week that unauthorized employees of one of its service providers accessed the personal information of AT&T wireless customers. The exposed data included social security numbers and call records.

AT&T did not say how many records were accessed, but the number was high enough that the carrier had to report the breach to California regulators.

While there was no indication of criminal intent, the service provider's employees "violated our strict privacy and security guidelines," AT&T said.

...

http://www.computerworld.com/s/article/9249185/Six_ways_to_prevent_a_breach_like_the_one_at_AT_amp_T

Multiple outbreaks of severe weather led to a costly month for insurers in the United States in May, as thunderstorm events continued to dominate the catastrophe record.

According to the latest Global Catastrophe Recap report by Aon Benfield’s Impact Forecasting, no fewer than four stretches of severe weather affected the U.S. during the month of May.

Aggregate insured losses exceeded $2.2 billion and overall economic losses were at least $3.5 billion, with large hail and damaging winds the primary driver of the thunderstorm-related costs, Impact Forecasting reports.

The costliest stretch occurred during a five-day period (May 18-23) which saw damage incurred in parts of the Midwest, Plains, Rockies, Mid-Atlantic and the Northeast, including the major metropolitan areas of Chicago, IL and Denver, CO.

...

http://www.iii.org/insuranceindustryblog/?p=3691

Multiple outbreaks of severe weather led to a costly month for insurers in the United States in May, as thunderstorm events continued to dominate the catastrophe record.

According to the latest Global Catastrophe Recap report by Aon Benfield’s Impact Forecasting, no fewer than four stretches of severe weather affected the U.S. during the month of May.

Aggregate insured losses exceeded $2.2 billion and overall economic losses were at least $3.5 billion, with large hail and damaging winds the primary driver of the thunderstorm-related costs, Impact Forecasting reports.

...

http://www.iii.org/insuranceindustryblog/?p=3691

ASIS has released a standard that provides guidance for establishing and managing an audit program, as well as conducting individual audits consistent with the ISO 19011 and ISO/IEC 17021 standards.

The latest in the five part series of ASIS resilience standards that offer a holistic, business friendly approach to risk and resilience management, the Auditing Management Systems: Risk, Resilience, Security, and Continuity - Guidance for Application American National Standard (SPC 2) will help practitioners evaluate risk and resilience-based management systems, establish and manage an audit program, conduct individual audits, and identify competence criteria for auditors who conduct conformity assessments of management risk and reliance-based management systems.

More details.

UK employees are potentially putting their companies at risk of cyber-attack when using mobile devices for work purposes while on holiday or on a short break, new research has found.

The ‘Beach to Breach’ research commissioned by Sourcefire, now part of Cisco, found that 77 percent of UK workers surveyed usually take their work devices with them on holiday, with 72 percent choosing to spend up to one or two hours per day keeping up with what’s going on in the office. Over 80 percent of directors, mid-managers and senior level employees admitted to taking their work device on holiday, and even the most junior employees are also keen to stay connected while away with 50 percent unwilling to leave their work device at home.

...

http://www.continuitycentral.com/news07255.html

I don’t think anyone really thought that Hadoop and other Big Data technologies would liberate us from the basics of data, such as integration and governance. It was just so easy to ignore those issues in the heady first years of Big Data hype and pilot projects. Now, it’s time to do the hard work of figuring out how to make all this data useful.

And, frankly, the to-do list just keeps growing.

Data integration expert David Linthicum added his concerns about data integration tools in a recent Informatica blog post. Linthicum is piggy-backing on an idea proposed by analytics expert Tom Davenport. After interviewing data scientists for his research, Davenport concluded that the only way to support the demand for Big Data analytics is to provide the data scientists with better tools.

...

http://www.itbusinessedge.com/blogs/integration/are-current-data-tools-enough-to-wrangle-big-data.html

Computerworld UK — Companies that want to engage customers with wearables, but are worried about privacy issues, should run pilots with their employees first, a Forrester analyst has said.

Highlighting the success Virgin Atlantic has had with its Upper Class Wing Google Glasses pilot in Heathrow Terminal Three, Forrester analyst JP Gownder advised that arming customer-facing employees with wearables is the first step enterprises should be taking.

Virgin Atlantic's pilot saw business club lounge staff in Heathrow wearing devices to assist members with flight connection information, destination weather forecasts and restaurant suggestions.

...

http://www.cio.com/article/754305/Firms_Should_Use_Their_Staff_As_Wearables_Guinea_Pigs_Says_Forrester

The biggest threat to public sector data comes from employees, a new report suggest. Some 83% of the 141 senior public sector managers and other staff polled said they were most concerned about internal loss or misuse, with just 10% worried about the external threat posed by hackers.

Despite this, only 18% use a secure managed offsite records facility, with 41% storing data on-site and 21% relying on staff to dispose of documents using general waste, recycling bins and office-based shredding machines.

“Physical records stored within public sector buildings are extremely vulnerable to being lost or misplaced by employees,” says Anthony Pearlgood, managing director, PHS Data Solutions, which commissioned the research.

...

http://www.cirmagazine.com/cir/Public-sector-says-employees-biggest-threat-to-data-not-hackers.php

At a gathering of the UK’s risk managers today, Mike McGavick, CEO of XL Group, told risk managers “it’s a great time to be in your jobs, there is great opportunity for you to lead your organisations’ thinking about risk.”

Speaking on a panel debate focused on The State of the Insurance Market, at this year’s Airmic Conference, McGavick said: “Excess capital, the low interest rate environment and the mutation of risk means insurers have to dig deep, working harder to find differentiating solutions and services.”

“This environment provides risk managers with the opportunity to ask, what are we getting from you? And these searching questions are challenging insurers to innovate and stay relevant.

...

http://www.cirmagazine.com/cir/be-the-risk-sherpa-xl-mcgavick-tells-risk-managers.php

Wednesday, 18 June 2014 14:52

A New Data Center for a New Age

That the data center will have to evolve in order to keep up with changing application and data workloads is a given at this point. Static, silo-based architectures simply lack the flexibility that knowledge workers need to compete in a dynamic data economy.

But exactly how will this change be implemented? And when all is said and done, what sort of data center will we have?

According to a company called Mesosphere, the data center will become the new computer. The firm provides management software that helps hyperscale clients like Google and Twitter coordinate and pool resources across diverse application loads. By offering compute cluster, command line and API access to developers, the Apache-based platform enables broad deployment and scalability without the need for direct IT involvement. As well, it allows numerous low-level support tasks to be automated, essentially allowing users to call up applications or save data in the data center the way they do on a PC: Click the icon and let the system figure out the best way to handle it.

...

http://www.itbusinessedge.com/blogs/infrastructure/a-new-data-center-for-a-new-age.html

When you hear “public health,” you may think of flu shots. That’s one visible — and briefly painful — side of public health services. But if you’ve enjoyed tobacco-smoke-free air, thought twice about ordering a cheeseburger after seeing its calorie count on a menu, or not worried about tuberculosis in your community, you’ve also “used” public health services. These services are essential, ubiquitous and usually unnoticed.

They’ve also been hit hard by the recession. Since 2008 about 17 percent of the state public health workforce and 22 percent of the local public health workforce have been eliminated, according to a 2011 report from the Association of State and Territorial Health Officials. Several reports have enumerated how, as a result of these cuts, we’re more vulnerable to communicable diseases, water-borne infections and other health concerns.

...

http://www.emergencymgmt.com/health/Public-Health-Funding-Shot-in-the-Arm.html

Wednesday, 18 June 2014 14:49

The Many Paths to a Career in Risk

Over the years, I’ve had no shortage of people ask me how they can get my job as a senior risk leader. They see the possibilities and get a strong sense that risk management just might be a pretty interesting career track. Oftentimes these folks are sitting in some insurance related sub-function within the broader industry, anything from claims to loss control to underwriting and brokerage. Interestingly, many people who have had this experience (who are essentially developing specialists in these sub-functions) have frequently found that skill transferability from these specialized areas, to their “profession,” was often fraught with hurdles.

I have seen a parallel mind-set throughout much of my career in various industries in which I sought alternate employment. Most commonly it was in the manufacturing or health care sectors that insisted that any leader in their ranks, most especially a risk manager, needed to come from within their industry. They were the true believers and were typically inflexible about this minimum requirement.  They believed their industries were just too specialized and unique for a risk manager from another industry to succeed. They would argue that they didn’t want to invest in allowing the development of the full skill-sets or that their world could or should be learned by those coming from other industries, especially for a mid- to senior-level manager.

...

http://www.riskmanagementmonitor.com/the-many-paths-to-a-career-in-risk/

Wednesday, 18 June 2014 14:48

Lessons from Target’s Security Breach

There are times when major trends intersect. Sometimes they reinforce each other; other times they cancel each other out. In the case of Target’s security problems, there seems to have been a fair amount of interference (to read my earlier Advisor on the Target security breach, see “Cyber Security: Inside and Out“). The FireEye software that was supposed to warn of the kind of exposure that did Target in reacted as it was supposed to: the basic problem was flagged and diagnosed immediately, and a warning message was included in one of the security logs and highlighted by analysts at Target’s Bangalore security center. Unfortunately, the critical message was not deemed worthy of immediate action by the central security staff in Minneapolis.

As it turned out, there were multiple reasons that Target’s central security group didn’t follow up on the suspicious activity flagged by FireEye and the Bangalore team. One reason given for not acting was that the central team wanted to manually review all the critical flags. A second reason was that there was such an enormous number of flagged items on all different security logs that it was difficult to follow up on any but the most important ones in a reasonable time frame. (An interesting insight here is that the FireEye security monitoring software had the capability to automatically act upon finding specific problems, but again, the central team wanted to review this kind of problem. It may also have had something to do with the fact that the original breach was through a HVAC system, which may have seemed unlikely to cause widespread problems.)

...

http://blog.cutter.com/2014/06/17/lessons-from-targets-security-breach/

A new handbook on Cyber Risk Oversight, designed to provide corporate directors with expert guidelines to improve their cybersecurity oversight, has been published by the American International Group (AIG), the National Association of Corporate Directors (NACD), and the Internet Security Alliance (ISA). The handbook is the latest issue in NACD’s Director’s Handbook Series.

The cyber threat is very real concern for business continuity professionals as identified in the 2014 BCI Horizon Scan Report with cyber attack and data breach featuring second and third respectively as the biggest threats to organizations. 73% of respondents to the survey expressed either concern or extreme concern at both these threats materialising. Such is the nature of the threat that it was the main topic of conversation in the launch edition of the BCI's Working Paper Series.

...

http://www.thebci.org/index.php/about/news-room#/news/cyber-risk-oversight-guidance-for-corporate-directors-87130

CSO — The pace of change for Information Technology is challenging established notions of "What is IT?" and "What is Information Security in the modern age?" For one example, the "new" data center technologies such as virtualization, Software-Defined Networking (SDN), service-oriented delivery models, and cloud computing have radically changed the typical IT infrastructure from a defined set of assets owned and controlled by the organization to a constantly fluctuating roster of resources that can come and go from IT department visibility and control.

As this has occurred, we have witnessed the equivalent of a Cambrian Explosion of new Internet-connected life forms--mobile devices, tablets, sensors, actuators, home appliances, monitoring systems, content access devices, and wireless terminals. Applications running on these devices range from recreation to services critical to the functioning of our social and economic infrastructure. Put it all together, and we expect that world population of Internet-connected devices will grow from today's 10 billion to over 50 billion by the year 2020.

From a security point of view, these IT changes, including the expansion of Internet-connected devices, lead to a corresponding increase in attack surface. Instead of the mission of protecting a reasonably known and enclosed IT perimeter, we now must be ready to secure any connected device humans can make against any threat a hacker can innovate. Clearly, using established security practices, except on a larger scale, will not suffice.

...

http://www.cio.com/article/754348/3_Strategies_for_the_New_Era_of_Enterprise_Cybersecurity

Despite growing levels of awareness and understanding of cyber risk among large and medium-sized corporations across the UK and Ireland, board-level ownership of the issue remains comparatively low with many firms relying on their IT departments for the strategic direction of their cyber risk strategies.

According to the Marsh Risk Management Research, UK & Ireland 2014 Cyber Risk Survey Report, cyber risk now features prominently on the corporate risk registers of organizations across the UK and Ireland, with one quarter (24 percent) of respondents placing it in the top five risks they face and over half (56 percent) placing it in their top ten.

However, Marsh’s research found that cyber risk is managed and reviewed at board level in just 20 percent of respondents’ organizations with 57 percent of respondents stating that the overall responsibility for the assessment and management of cyber risk lies with their IT departments.

...

http://www.continuitycentral.com/news07252.html

Officials at the US National Institute of Standards and Technology (NIST) have announced plans to establish a new research Center of Excellence to work with academia and industry on disaster resilience.

NIST Centers of Excellence are meant to provide multidisciplinary research centers where experts from academia, industry and NIST can work together on specific high-priority research topics. The agency established its first such center, dedicated to advanced materials research, in December 2013.

The disaster resilience Center of Excellence will focus on tools to support community disaster resilience; and will work on developing integrated, systems-based computational models to assess community infrastructure resilience and guide community-level resilience investment decisions. It will also develop a data management infrastructure that allows for public access to disaster data, as well as tools and best practices to improve the collection of disaster and resilience data.

http://www.nist.gov/coe/resilience/index.cfm

Only half of employees believe their workplaces are prepared for a severe emergency, according to the third annual workplace safety survey by Staples, Inc. Nearly two-thirds of those polled said recent natural disasters have not led to their employers reassessing company safety plans. The survey also reveals that in the past six months nearly half of businesses have closed due to severe weather, costing the economy nearly $50 billion in lost productivity.

Small business employees feel more at risk to emergencies and disasters than employees at larger companies. The survey found that workers at businesses with fewer than 50 people are less aware or less sure who is in charge of emergency planning than employees at larger companies. Employees from smaller companies report having less emergency equipment or plans in place, are less likely to do safety reviews or drills, and are less prepared for severe emergencies than their counterparts at bigger organizations.

About the survey
Staples conducted an online survey of more than 400 office workers and 400 decision makers at organizations of all sizes across the US. The survey, conducted in May 2014, asked a series of questions about general office safety.

www.staples.com

Social media is increasingly being looked to as a tool for emergency management. It has a number of attractive characteristics, including cloud-based resiliency and being well-known and understood by a large portion of the public and professionals alike. The problem that many organisations face is in knowing how to prepare their use of social media. Trying to test the social media component of an emergency management plan is a delicate matter. Simply prefacing social media messages with ‘This is a test’ is optimistic at best.

...

http://www.opscentre.com.au/blog/emergency-management-getting-ahead-of-the-social-media-test-curve/

Strange are the ways of the technology market gods. While technology itself follows a fairly predictable bell curve of hype, the terms seem to come and go in spurts.

Several years ago, experts and vendors, such as those in this Forbes piece, would often talk about “data lakes” as a way of explaining Big Data’s capabilities. Big Data was going to change everything: No more silos, no more separation of structured and unstructured data, and no more need for data marts.

It was more of a metaphor for the capabilities than anything specific, as I recall.

...

http://www.itbusinessedge.com/blogs/integration/why-data-lakes-are-still-a-murky-proposition.html

MEXICO CITY — The past two months have brought an unusual succession of earth tremors to the Mexican capital — and a business opportunity for Andres Meira.

Meira, a 39-year-old architect and social entrepreneur, started a company that produces a small earthquake alert that wails before a potentially destructive earthquake hits the capital.

For sale for about $54, Meira’s device costs a fraction of his competitors’.

That there is a market at all for such a receiver casts light on a quirk of Mexico’s pioneering seismic alert system, considered one of the most advanced in the world, and the unusual geologic conditions that cause Mexico City to shake even from distant quakes.

...

http://www.emergencymgmt.com/disaster/Entrepreneur-Mexico-Market-Earthquake-Sirens.html

Computerworld UK — Software licenses for mobile users are a "grey area" legally, opening enterprises up to mounting costs unless a compromise with vendors is made, Forrester has warned.

Although software vendors have forecast that their spoils from maintenance support will grow, the reality is that companies are seeing diminishing maintenance budgets against increasing demands for technology to improve customer service. Therefore CIOs "must better align spending", analyst Duncan Jones said at the Forrester Forum for Technology Management Leaders in London this week.

Increasing mobile users are blurring the definition of what constitutes a separate user license, as software vendors like Oracle and SAP attempt to capture revenue from businesses' new mobile projects.

...

http://www.cio.com/article/754210/Forrester_CIOs_at_Risk_of_Multimillion_Dollar_Liabilities_Over_Mobile_Software_Licenses

In this day and age of data center efficiency, just about every IT manager is familiar with the concept of hot aisles and cold aisles.  By directing proper air flow in and around racks of humming equipment, the enterprise is able to reduce operating expenses even as it increases utilization, and therefore heat generation, of key equipment.

What may not be widely known, however, is that there are numerous options when it comes to hot/cold designs, and what works for one facility may not be optimal, or even desirable, for another.

For example, some argue that the cold aisle containment portion of the equation may in fact be more crucial than hot aisle containment. According to Mark Hirst, head of T4 data center solutions at rack and cabinet designer Cannon Technologies, the difference comes down to the most effective use of cooling resources. Do you want cold air to go specifically toward data equipment, or do you want it to dissipate hot air in the room at large? Neither approach is wrong per se, although cold aisle containment does provide for faster cooling response in the event of sudden data spikes.

...

http://www.itbusinessedge.com/blogs/infrastructure/hot-and-cold-a-data-center-juggling-act.html

When it comes to helping a victim of cardiac arrest, it's all about speed. PulsePoint, a life-saving mobile app, may not necessarily increase the speed at which first responders arrive, but it adds more legs to the race.

Santa Clara County, Calif., agencies began using the PulsePoint app earlier this year with the goal of mobilizing CPR-trained residents and bystanders into becoming first responders.

The free app uses location-based technology to alert CPR-trained citizens if someone in their immediate area is experiencing sudden cardiac arrest. The alerted citizen can then choose to spring into action, find the victim and begin resuscitation until official emergency responders arrive.

...

http://www.emergencymgmt.com/health/App-Turns-Bystanders-First-Responders.html

If a strong hurricane were to pass through the Gulf of Mexico the overall effect on U.S. oil and natural gas supply would not be as severe as in past years, due to declining production in the region, according to a report from the U.S. Energy Information Administration (EIA).

However, Artemis blog warns that this won’t change the potential impact to insurers and reinsurers, particularly with the removal and decommissioning of rigs also being insured.

In its post, Artemis notes that the reinsurance and insurance-linked securities (ILS) market in recent years has been placing an increasing focus on gaining access to underwriting energy risks, particularly physical damage risks due to storms and earthquakes.

...

http://www.iii.org/insuranceindustryblog/?p=3688

Risk managers’ focus on the seemingly unlimited array of cyber threats to their organizations is steadily growing. The 2014 BDO Technology RiskFactor Report, for instance, which analyzes SEC 10-K filings and other data from the largest publicly traded U.S. technology companies, found that “breaches of technology security or privacy” ranks at number seven in the top 25 risk factors cited by these 100 companies. Ninety-one percent of companies cited the risk this year, compared to 57 percent in 2011.

No doubt, those sorts of numbers won’t really surprise anyone, but they do raise questions. In particular, what will be done about these concerns? Tracking the trends surrounding the attitudes of risk managers, those cybersecurity risks, and other major risks, has been the goal of the Emerging Risks Survey for the last seven years. It’s produced by The Casualty Actuarial Society, Canadian Institute of Actuaries, and the Society of Actuaries' Joint Risk Management Section, and after the 2014 results were released, I asked the report’s author, Max Rudolph, about some of the results around cybersecurity risks and what risk managers plan to do about them.

...

http://www.itbusinessedge.com/blogs/governance-and-risk/risk-managers-consider-responses-to-emerging-risks.html

CSO — A majority of IT security pros believe that continuous monitoring of the database network is the best approach to prevent large-scale breaches like the ones that occurred at retailers Target, Michaels and Neiman Marcus, a study showed.

Nearly two thirds of the 595 U.S. experts polled by the Ponemon Institute cited monitoring as the best form of database protection, a position other security experts challenged.

"Continuous monitoring, looking for unusual or anomalous type of behavior, becomes very important," Larry Ponemon, chairman of the Ponemon Institute, said. "The more you monitor, the more things you can see and the more things you can stop."

...

http://www.cio.com/article/754102/Why_Database_Monitoring_May_or_May_Not_Secure_Your_Data

Business disruptions can happen at any time and have an almost limitless number of causes. Among the biggest disrupters, of course, are big storms with names (a.k.a. hurricanes). The start last week of the Atlantic hurricane season makes this a good time to see what the business continuity/disaster recovery (BC/DR) landscape looks like.

Continuity Central this week posted results from a survey that took a deep dive into the worldwide use of BC software. One-third of the respondents were from the U.S., but a variety of verticals and company sizes were represented.

The results show that just over half (53.3 percent) use specialized BC software and that most who do (88.05 percent) use only one type. The survey revealed that 11 types of BC software are used by respondents. The most common types include software to write and develop BC plans (89.87 percent) and to manage and update BC plans (89.24 percent). Software aimed at carrying out benchmarking activities brought up the rear at 29.11 percent.

...

http://www.itbusinessedge.com/blogs/data-and-telecom/beyond-crisis-everyday-uses-of-business-continuitydisaster-recovery-plans.html

Emergency management is officially a profession — defined as having a core body of knowledge, an ethical framework, standards and university programs offering education and degrees. It is no longer a question about whether degrees are an important part of this field. Employers are requiring a college degree to start, and for those already in the field, it is getting harder to advance without a master’s degree.

When considering where and how to get that degree, the question of delivery platforms becomes sticky. In other words, what about online degree? Is an emergency management degree obtained over the Internet worth as much as the same one from a brick-and-mortar school?

...

http://www.emergencymgmt.com/training/Emergency-Management-Degrees-Education-Online.html

Continuity Central recently conducted a wide-ranging survey into business continuity software usage. 377 people responded and the results will be published in two parts.

Respondents’ profile

Survey respondents came from all around the world, with the largest groups being from the United States (33 percent), the United Kingdom (20 percent), Australia (6 percent) and Canada (6 percent).

The majority of respondents were from large organizations, with 71 percent being employed by organizations with more than 1000 employees. 14 percent were from medium sized organizations (200 to 999 employees); 10 percent were from small organizations (10 to 199 employees) and 5 percent were from micro organizations (under 10 employees).

27 percent of organizations represented were multinationals with 50 or more locations; and 23 percent were multinationals with less than 50 locations.

...

http://www.continuitycentral.com/feature1187.html

ClearView Continuity is a UK based supplier of specialist business continuity software. Re-launched in 2010, it has seen rapid global growth with collaborators and clients in all parts of the world, from Australia to South Africa, South East Asia, Russia, the Middle East, Europe and the US. The global network of collaborators enables ClearView to provide 24/7 global support for its clients, who range from the largest global financials to more modest single-country organizations. Clearview does not place restrictions on user numbers or functionality which means that all clients benefit from the same powerful functionality.

The success of Clearview has been underlined at the CIR Magazine Annual Business Continuity Awards, with ClearView Continuity being presented with the Business Continuity Management Planning Software of the Year Award in 2012, 2013 and 2014.

Given the company’s wide experience of the global business continuity software market, Continuity Central asked ClearView’s chief executive, Charles Boffin, to give his view on changes and challenges in the business continuity software market:

...

http://www.continuitycentral.com/feature1188.html

Is the aim of recovering to a minimum business continuity objective acceptable? Tim Dunger argues that it isn’t…

Many of you have recovery time objectives within your business continuity and disaster recovery plans. It’s the desired time for which you will be deemed to have been ‘recovered’. But following a conversation with peers just recently, I have discovered that the point at which an IT system is seen as ‘recovered’ is rarely agreed between them.

To just over 50 percent of the people who joined in the debate, recovery time is the time it takes to get a system up to a ‘minimum business continuity objective’. So, surprisingly, this means that less than 50 percent of people take recovery time to be a state where the business is operating to the same level, and as profitable as it was, prior to the disaster in question.

...

http://www.continuitycentral.com/feature1186.html

The 2014 FM Global Resilience Index, released this week, finds that Norway, Switzerland and Canada top the list of nations most resilient to supply chain disruption, one of the leading causes of business volatility.

The first-of-its-kind Index, commissioned by FM Global, is an online, data-driven tool and repository ranking the business resilience of 130 countries. More than a year in development, the Index is designed to help executives better assess and manage supply chain risk.

The Index finds Kyrgyzstan, Venezuela and the Dominican Republic as the nations that are least resilient to supply chain disruption.

...

http://www.continuitycentral.com/news07247.html

Friday, 13 June 2014 13:57

The top causes of data disasters…

HDD crashes prevail as the most common cause of data loss according to a recent global survey by Kroll Ontrack. 72 percent of those surveyed noted that their most recent data loss came from a desktop or laptop hard drive, followed by SSD (15 percent) and RAID/virtual services (13 percent), showing that data loss impacts every type of storage from the individual user up to the enterprise level.

When asked about the cause of their most recent data loss, 66 percent (compared to 29 percent in 2010) of the 1,066 surveyed across North America, Europe and Asia Pacific, cited a hardware crash or failure, followed by 14 percent claiming human error (compared to 27 percent in 2010). Software failure ranked as the third most common cause of data loss with 6 percent.

Looking at individual response segments, laptop and PC crashes prevailed as the leading cause of data loss among both businesses (71 percent) and home users (72 percent) respectively and SSD device loss ranked second, accounting for 18 percent of data loss cases for home users and 10 percent for businesses.

Among businesses, 27 percent said their most recent loss disrupted a business process, such as prohibiting them or their company from actually providing a product or service to their customers. A further 15 percent admit to losing personal data from their business machine contrasted with 7 percent whom acknowledged losing business-related data from their home machine.

Kroll Ontrack surveyed 1066 recent data recovery customers from 10 countries across North America, Europe and Asia Pacific. Forty-eight percent were businesses, 32 percent were home users, 13 percent were partners and 3 percent were government entities.

http://www.krollontrack.co.uk/data-recovery

Cybercrime costs the global economy about $445 billion every year, though the damage may be up to $575 billion, according to a new report from the Center for Strategic and International Studies and software company McAfee. Further, the damage to businesses exceeds the $160 billion loss to individuals.

“Cyber crime is a tax on innovation and slows the pace of global innovation by reducing the rate of return to innovators and investors,” said Jim Lewis of CSIS. “For developed countries, cyber crime has serious implications for employment.”

Indeed, the biggest economies have suffered the most – the losses in the United States, China, Japan and Germany totaled at least $200 billion.

...

http://www.riskmanagementmonitor.com/cybercrime-costs-global-economy-up-to-575-billion

When it comes to deciding how best to manage information, organizations on both sides of the Atlantic seem more comfortable following conventional risk-avoidance strategies than translating that information into insight and competitive advantage. That’s one of the key findings of the 2014 Information Maturity Risk Index, a new study published by storage and information management company Iron Mountain Incorporated and PwC UK that examines how sophisticated organizations are when it comes to not only protecting information from risk but also realizing the promise of data analytics.

...

http://www.thebci.org/index.php/about/news-room#/news/managing-information-while-balancing-security-and-value-86893

CIO — WASHINGTON -- Many CIOs in the federal government have been loosening their policies to allow employees greater freedom in the devices that they use for work, though the extent to which BYOD will become the norm in the public sector remains very much in question.

Concerns around security, privacy and the open question of whether workers are willing to couple their professional and personal lives on a single device linger, experts said this week at a conference on mobility in the government hosted by Citrix.

But BYOD is gaining momentum, and, gradually, the feds are rewriting the rules for tech usage to accommodate more consumer-oriented smartphones and tablets that employees use in their personal lives.

"Mobile is the future," declared James Miller, associate CIO at the Federal Communications Commission.

...

http://www.cio.com/article/754085/How_CIOs_Can_Tailor_BYOD_Initiatives_for_the_Public_Sector

Risk management software identifies the risk associated with different assets. It then communicates this information to the enterprise concerned, for example through business dashboards displayed on screens. While risk is a factor for every organisation, some are bound by regulations to practice and demonstrate good risk management. Banks are a case in point: they must have enough cash in reserve to cover expenses if issues such as IT failure or fraud affect them. Consequently, many software vendors have produced risk management software or integrated it into their product lines. But does that mean that enterprises are obliged to use such software?

...

http://www.opscentre.com.au/blog/are-you-obliged-to-use-a-risk-management-software-application/

Thursday, 12 June 2014 15:12

Be Prepared; Have a Family Emergency Plan

Montgomery, Ala. – Severe weather can happen any time of the year. The best way to prepare for it is with a family emergency plan. If you don’t have one, develop one. If you have an emergency plan, review and update it, then go over it with your family at least once a year.

An emergency plan should include how everyone will contact each other, where to go, how you will get back together and what to do in different situations. A good place to begin is Ready.Gov, the disaster preparedness website managed by the Department of Homeland Security and the Federal Emergency Management Agency.

Forms are available at that site for contact information on each family member, phone numbers of out-of-town contacts, work locations and other important phone numbers.

Also inquire about emergency plans in places where your family spends time, such as work, school and daycare. Incorporate this information into your plan.

Identify an out-of-town friend or relative as a contact person for your family members. During an emergency each member of the family will call the contact and let them know they are safe. An out-of-town contact may be in a better position to communicate among separated family members.

Decide where to go in an emergency. Plan for different scenarios, such as where to go if there is a fire. Where in the home is the safest place if a tornado hits? If you live in an area susceptible to hurricanes, decide whether to evacuate or stay. Plan several evacuation routes, if possible, in case some roads become impassable. Identify where you will stay until it is safe to return home. If you have pets, find, in advance, places to board them or hotels and shelters that are pet friendly.

During a wide-scale disaster, such as tornado or hurricane, prepare for power outages. Keep fresh batteries for flashlights, keep cell phones fully charged. If you don’t have one, consider purchasing a cell phone charger for your vehicle. Also, keep your gas tank full.

During hurricane season, keep a basic disaster supply kit of nonperishable food, water, first aid supplies, medicines, disposable diapers, formula and baby food (if necessary), plus extra food and water for pets. Don’t forget a manual can opener. Keep these items in a waterproof container and include enough food and water for several days.

A battery-operated weather radio will be invaluable in an emergency. These radios can be programmed to your local weather service office and will provide information on approaching severe weather in your area. Heed their advice if you are directed to evacuate.

Keep enough cash on hand to get through several days. Banks will likely be closed and ATMs won’t function during a power outage.

Several government agencies work together to help you and your family stay safe. If you would like additional information, try these links:

The 2014 FM Global Resilience Index places Norway, Switzerland, Canada and Australia at the top of the list of nations most resilient to supply chain disruption, a major cause of business volatility as highlighted in the recent BCI Horizon Scan Report which revealed that 42% of respondents to the survey expressed concern or extreme concern about the possibility of this threat materialising. This level of concern is no surprise given that the 2013 BCI Supply Chain Resilience Report revealed that three quarters of respondents do not have full visibility of their supply chain disruption levels and three quarters have experienced at least one incident in the preceding 12 months.

Commissioned by FM Global, the Index is an online, data-driven tool and repository that ranks the business resilience of 130 countries. More than a year in development, the Index is designed to help executives better assess and manage supply chain risk.

...

http://www.thebci.org/index.php/about/news-room#/news/tracking-your-supply-chain-the-riskiest-countries-for-business-86854

Kids growing up in Tornado Alley are used to bright, splotchy radar patterns moving across a television screen, and most know the difference between a tornado watch and warning. But do they understand how to read and predict the weather based on radar images and forecasts?

Students at the University of Oklahoma’s College of Engineering wanted to remove the mystery around weather forecasting by speaking to kids in a language they could better understand — gaming. Collaborating with the School of Meteorology, OU students created an app that teaches kids about weather patterns by putting them in the pilot seat to navigate a plane during weather events. The game encourages kids to see meteorology as a problem-solving tool rather than just a segment of the evening news.

With funding from a more than $600,000 National Science Foundation grant, Amy McGovern, OU associate professor of computer science and adjunct associate professor of meteorology, and engineering students Andrea Balfour, David Harrison and Marissa Beene created Storm Evader, an iPad app aimed at elementary and middle school students. The app challenges players to route airplanes from one U.S. airport to another while avoiding pitfalls like difficult weather patterns and long routes that waste fuel.

...

http://www.emergencymgmt.com/training/Storm-Evader-Weather-App.html

Wednesday, 11 June 2014 15:49

World’s most resilient nations revealed

The nations most resilient to supply chain disruption, one of the leading causes of business volatility, have been revealed by an index developed by FM Global. More than a year in development, the data-driven tool and repository ranks the business resilience of 130 countries via an online, interactive tool that displays data on country-by-country susceptibility to supply chain disruption. The 2014 FM Global Resilience Index finds Norway, Switzerland and Canada top the list of nations most resilient to supply chain disruption. At the other end of the scale, Kyrgyzstan, Venezuela and the Dominican Republic were found to be the least resilient.

“Natural disasters, political unrest and a lack of global uniformity in safety codes and standards all can have an impact on business continuity, competitiveness and reputation,” said Jonathan Hall, executive vice president, FM Global. “As supply chains become more global, complex and interdependent, it is essential for decision makers to have concrete facts and intelligence about where their facilities and their suppliers’ facilities are located. The Resilience Index is a dynamic resource to better understand unknown risk in order to strategically prioritise supply chain risk management and investment efforts.”

...

http://www.cirmagazine.com/cir/Worlds-most-resilient-nations-revealed.php

Earlier this year, results were released from the seventh Emerging Risks Survey conducted by the Joint Risk Management Section, a collaboration of the Casualty Actuarial Society, Canadian Institute of Actuaries, and Society of Actuaries. In the series of annual surveys, the researchers strive to “track the thoughts of risk managers about emerging risks across time.” These trends, they explain, “are as important as absolute responses, helping risk managers contemplate individual risks, combinations of risks, and unintended consequences of actions." For instance, the researchers point out that we are at a crossroads in regard to risk management: Five years of intense management and regulatory activities around financial emergencies are giving over to other emerging risks that could span longer periods. Cyber risk is one of these emerging risks.

IT Business Edge’s Kachina Shaw asked Max Rudolph, author of the survey report, Society of Actuaries member, and founder of Rudolph Financial Consulting, about some of the survey’s results around cyber risk and risk management.

...

http://www.itbusinessedge.com/interviews/emerging-cyber-risks-on-the-minds-of-risk-managers.html

Local health departments across the country are working to mitigate the re-emergence of measles in the United States. Just this year, 334 cases have been reported from Jan. 1 to May 30, 2014. According to the CDC, this number marks a 20-year high five months into the calendar year. Measles is typically brought to the United States from other countries by unvaccinated U.S. travelers. Outbreaks can occur when the virus is transmitted from travelers to other exposed unvaccinated individuals. This year’s rise in cases can be attributed to what is happening at the global level. Of the cases reported this year in which the origin could be traced, nearly half were linked to travel to the Philippines. The CDC recognizes the ongoing outbreak in the Philippines — where about 40,000 cases have been reported this year — as one of the leading factors in the increase of cases in the United States.

In the United States, Ohio and California have seen the largest numbers of cases, with a majority linked to travel to the Philippines. In Ohio, the largest outbreak occurred among the Amish community near Knox County and contiguous counties, where travelers returning from a mission trip spread measles to unvaccinated members of the community. Local health departments in both states have been actively responding to these outbreaks to control and prevent further transmission.

...

http://www.emergencymgmt.com/health/Largest-Measles-Outbreak-in-20-Years.html

Business needs and requirements demand expertise and coordination for privacy programs and practices. As a result, chief privacy officers, data protection officers, and other designated privacy professionals like privacy analysts are a fast growing presence within the enterprise today. The International Association of Privacy Professionals (IAPP) is 16,000 members strong today (compared to 7,500 back in 2010) and growing!    

In many organizations, a dedicated privacy professional (e.g., a full-time employee who focuses on privacy and not someone who has privacy responsibilities attached to another role) is a new role. Privacy professionals come from a variety of backgrounds from legal to IT, and the details of their role and focus can vary depending on the organization and the size of the privacy team. Yet they all have one thing in common: they must work together with multiple privacy stakeholders – IT, security, legal, HR, marketing, and more! – across the enterprise. And honestly, it’s not always easy. Like any relationship, there are ups and downs.

...

http://blogs.forrester.com/heidi_shey/14-06-10-cisos_cmos_whats_it_like_working_with_the_privacy_pro_in_your_organization

Facebook and Twitter are already used to disseminate information about breakdowns and crises. Public service organisations have begun to use them to as part of their PR strategy for good crisis management.  Now there’s a move to use social networks, Twitter in particular, for communication in the opposite direction. In the UK, the London Fire Brigade announced Twitter as an acceptable channel for reporting fires.  This is a bold move as well as a potentially lifesaving one. It’s bold because it opens up the challenge of sorting out relevant messages from irrelevant ones that could include hoaxes. Is there a companion solution to separate the grain from the chaff?

...

http://www.opscentre.com.au/blog/crisis-management-and-the-growing-role-of-social-media/

Those dire warnings that worldwide warming was having an incendiary effect on hurricanes and that ever-more powerful, deadly, and costly tropical storms were inevitable were part of the legacy of Katrina's almost unimaginable devastation.

But what followed was shocking for other reasons: After that 2005 season, not a single major hurricane struck U.S. shores, constituting a period of record quiet. Technically, Sandy, as bad as it was, was not a hurricane at landfall.

If forecasters can be believed — and last year they whiffed badly — this could be yet another relatively tranquil season in the Atlantic basin, which includes the Caribbean Sea and Gulf of Mexico.

...

http://www.emergencymgmt.com/disaster/Future-Hurricanes-10-Trillion-Question.html

In Washington, D.C., officials tried, but were nearly helpless in stopping the deterioration of the Lincoln Memorial. Rather than address the damage with costly repairs, they instead traced the concern back to a root cause. Deterioration was caused by the high powered hoses needed to clean the building—which were necessary because the building was an attractive home for birds. Birds were drawn to a very dense population of insects, which were attracted to the bright lights of the memorial.

So how do you stop the Lincoln Memorial from deteriorating? You dim the lights.

The root cause methodology provides clarity by identifying and evaluating the origin of the risk rather than the symptoms. Unveiling the triggers behind high level risk and loss events point to the foundation of where an organization is vulnerable.

Uncovering, identifying and linking risk back to the root causes from which they stem allows organizations to gather meaningful feedback, and move forward with accurate, targeted mitigation plans.

...

http://www.riskmanagementmonitor.com/rims-risk-maturity-model-root-cause-discipline/

PC World — When a eBay suffered a massive data breach a few weeks ago, most of the attention revolved around the compromise of passwords and the vulnerabilities in the sites security. While those are legitimate concerns, they obscure the most glaringly weak link in the security chain: people.

Indeed, it was not a sophisticated exploit that facilitated the eBay breach, but an old-fashioned con. Its been determined that as many as 100 eBay employees were likely victims of a social engineering scheme: an attack where the perpetrators arm themselves with enough information to pass themselves off as a known and trusted individual or organization and convince the victim to reveal valuable personal informationin the case of the eBay employees, their logins.

Thats actually not surprising. When I recently asked a number of security experts to weigh in on innovative new attacks we should look out for, I was told the most concerning trend couldnt be remedied by patching and updating applications or thwarted by your security software.

...

http://www.cio.com/article/753918/What_Data_Breaches_Teach_Us_About_the_Future_of_Malware_Your_Own_Data_Could_Dupe_You

In light of the mass shooting near the University of California at Santa Barbara on May 23, officials from local colleges in New York said Tuesday that they consider themselves prepared for such an event, should it ever arise.

"If the unforeseen happens, we want to be prepared to ensure the safety of our students, maintain the security of our campus, and work with emergency responders to address whatever challenge confronts us," said Hal Legg, director of communications at the State University of New York College at Oneonta.

Legg said SUNY Oneonta has been conducting emergency simulations annually for several years, including simulated power failures, heat waves, suicides and terrorist acts. Last year, the University Police Department partnered with the Oneonta Public Transit to simulate a bus accident on campus, Legg said.

...

http://www.emergencymgmt.com/disaster/Colleges-Ready-for-Disaster.html

Bertha, Dolly, Fay and Hanna could be on the way now that the Atlantic hurricane season started Sunday. And recent research suggests it's time to give the Atlantic storms with feminine names a bit more respect.

According to a study released Monday by University of Illinois researchers, hurricanes with women's names are likely to cause significantly more deaths than those with masculine names -- not because the feminine-named storms are stronger, but because they are perceived as less threatening and so people are less prepared.

People in the path of severe storms with a feminine name may take fewer protective measures, leaving them more vulnerable to harm, according to the article published in the "Proceedings of the National Academy of Sciences." It was written by Kiju Jung, a doctoral student in marketing at the university, and marketing professor Sharon Shavitt.

...

http://www.emergencymgmt.com/disaster/Hurricane-Name-Makes-a-Difference.html

Earlier this year, the Office of Inspector General (OIG) put smaller life sciences companies on notice that they should put in place a risk assessment process as part of their corporate compliance program.  In its corporate integrity agreement (CIA) with EndoGastric Solutions, Inc. (EGS), the OIG required EGS to establish a risk assessment process to allow the company to:

  • Identify and assess risks associated with the sale, marketing, detailing, advertising and promotion of products reimbursed by government health care programs
  • Devise and implement specific measures to mitigate identified risks

The risk assessment requirement in the EGS CIA is one more example of the OIG clearly signaling that its expectations with respect to smaller company corporate compliance programs are not significantly different than its expectations of Big Pharma compliance programs.

...

http://www.corporatecomplianceinsights.com/risk-assessments-mitigate-risk-for-bigger-and-smaller-companies-alike

Middle East Respiratory Syndrome (MERS) has been on the U.S. Centers for Disease Control and Prevention’s radar since it first appeared in Saudi Arabia in 2012. The World Health Organization called the MERS virus a “threat to the world,” because of the unknowns surrounding it, most notably how it spreads. But nothing made the threat more real than when the first case of MERS was confirmed in the U.S. on May 2, 2014.

MERS is a viral respiratory illness caused by a coronavirus called MERS-CoV. MERS has killed at least 175 people worldwide and sickened hundreds in the Middle East. It has spread from ill people to others through close contact, such as caring for or living with an infected person. People infected with MERS commonly experience fever, shortness of breath and coughing. About 30 percent of those infected with the virus die.

Given today’s interconnected world, communicable diseases are truly just a plane ride away. Therefore the potential for MERS-CoV to spread further and cause more cases globally and in the U.S. is significant. Now that MERS has officially reached U.S. soil, what should public health departments and emergency managers be doing to prepare?

 ...

http://www.emergencymgmt.com/health/MERS-How-Can-We-Prepare.html

Weather forecasters predict a less active than normal 2014 Atlantic hurricane season, but it only takes one bad storm to cause immense destruction. To prepare for that possibility, one coastal community, Belmar, N.J., is now relying on social media to alert, interact and stay in touch with its residents.

Belmar realized the effectiveness of social media as an emergency communications channel during Hurricane Sandy, which battered the community of nearly 6,000 residents in October 2012. According to a new analysis in a new Frost & Sullivan report, ‘Using Social Media in Disaster Planning and Response’, the effective engagement of social media during the hurricane generated nearly $750,000 in donations and supplies for the community.

During Hurricane Sandy, social media filled the gaps when residents could not get through on other channels and allowed residents to engage with officials. Belmar, in particular, utilizes social media to warn and inform residents about both smaller and larger disruptive events such as, such as ice and snow storms, thunderstorms and downed power lines.

...

http://www.continuitycentral.com/news07241.html

Organizations around the world lose an estimated 5 percent of their annual revenues to occupational fraud, according to a survey of Certified Fraud Examiners (CFEs) who investigated cases between January 2012 and December 2013. Applied to the estimated 2013 Gross World Product, this figure translates to a potential total fraud loss of more than USD 3.7 trillion.

Based upon the findings in its 2014 Report to the Nations on Occupational Fraud & Abuse, the Association of Certified Fraud Examiners (ACFE) presents five of the top lessons business owners, directors and managers should heed to be better protected from the risk of fraud:

...

http://www.continuitycentral.com/news07244.html

When disaster strikes, keep calm and march on!! Sometimes it’s not always that easy and in a real situation you really do need to carry on; if you don’t, you’re done! Over! Caput! Even with the numerous disasters occurring in the world – some man-made some natural in nature – there are still many organizations that would rather take their chances with fate than invest in a Disaster Response / Emergency Response / Business Continuity Management program. When disaster does strike, these organizations are left empty handed. With no plans or processes in place to respond to the situation they must ‘wing it’ if they’re to continue staying in business – or attempt to stay in business.


So what should organizations consider and focus on if they are caught in a serious situation and they don’t have a BCM/DR program in place?

What do they need to do to try to get some level of coordination in response, restoration, recovery and resumption efforts? Below are some tips for how leaders need to view the predicament they find themselves in; a disaster/crisis with no BCM/DR program or plan in place.

...

http://stoneroad.wordpress.com/2014/06/08/10-tips-to-remember-when-you-dont-have-a-disaster-planand-disaster-strikes/

If you don’t have to implement master data management (MDM), then don’t. That’s the surprising advice given by Forrester MDM and data expert, Michele Goetz.

I’ll be honest, I can’t recall anyone having said that previously. In fact, the general assumption, from vendors to analysts to authors, has been that if you have master data, you need MDM.

If you’re unfamiliar, MDM is a discipline and a technology that sets in a separate layer from your data storage and applications. As a discipline, MDM requires you to establish rules about things like which data to overwrite and which to accept as the “golden copy.” That’s the role of MDM: to establish a trusted version of your master data, to which other systems can defer.

...

http://www.itbusinessedge.com/blogs/integration/think-master-data-management-is-a-must-do-its-not-warns-expert.html

CIO — The desire to make better decisions faster is one of the fundamental drivers of new big data analytics technologies and a general push toward data-driven decision-making. But the relationship between data and intuition — the old 'gut feeling' — is a complicated one, says Peter Swabey, senior editor, technology at the Economist Intelligence Unit (EIU), the research and analysis division of The Economist Group.

"They both play a role," Swabey says. "The process of developing data is the process of trying to identify what the true state is. In identifying that, your intuition could be a useful guide."

In an effort to better understand how business decisions are made, predictive analytics firm Applied Predictive Technologies (APT) asked the EIU to conduct a study, resulting in a report released this week: Decisive action: How businesses make decisions and how they could do it better.

...

http://www.cio.com/article/753821/Even_Data_Driven_Businesses_Should_Cultivate_Intuition

I wrote in a previous post about a data center survey that found that CEOs, not CIOs, are the ones who most frequently make data center-related purchasing decisions. I noted that I wasn’t particularly surprised by that finding, but there was another finding in the same survey that did surprise me: A whopping 61 percent of the companies surveyed don’t measure their power usage effectiveness, or PUE.

I discussed that finding with Matt Miszewski, senior vice president of sales and marketing at Digital Realty, the data center operations services provider that commissioned the survey. I recognize that measuring PUE isn’t the be-all and end-all of advancing green data center operations, but the number of companies that don’t bother to measure it still seemed awfully high to me. I asked Miszewski if he was surprised by the finding, and to what he attributes the lack of focus in this area. His response:

...

http://www.itbusinessedge.com/blogs/from-under-the-rug/is-interest-in-green-data-center-operations-waning.html

With June 1 signaling the official start of the 2014 Atlantic Hurricane Season, all eyes are on the North Atlantic Ocean, Caribbean Sea and the Gulf of Mexico for the development of tropical storms. Fortunately, conditions for a cyclone are currently unfavorable and there’s no sign of imminent risk. But, that may not be the case for long.

In its 2014 Atlantic Hurricane Season outlook issued May 22, the National Oceanic and Atmospheric Administration’s (NOAA) Climate Prediction Center forecasted near-normal or below-normal activity with 8-13 named storms, 3-6 actual hurricanes, and 1-2 major hurricanes. Most will not take place until the peak of the season, which for the Atlantic Basin, runs from August through October. The greatest risk of cyclone development typically comes in early to mid-September.

...

http://www.sendwordnow.com/Company/BlogPost/hurricane-preparedness

Department of Business, Innovation & Skills Minister, Right Hon David Willetts MP, has announced the certification framework for Cyber Essentials, the governments new initiative aimed at creating a minimum expected capability for cyber security.  

The Cyber Essentials Scheme (CES), announced in April, helps businesses  by clearly detailing five basic cyber controls that can be cost effectively implemented in most businesses and demonstrate the minimum that should be in place to combat crime and disruption.  

David Willets said “The recent GOZeuS and CryptoLocker attacks, as well as the Ebay hack, shows how far cyber-criminals will go to steal people’s financial details, and we absolutely cannot afford to be complacent.”

...

http://www.continuityforum.org/content/news/178023/government-sets-bar-cyber-risk-cyber-essentials

With the start of the World Cup less than a week away, employers are being urged to update business continuity plans ahead of football fever – particularly where they relate to staff absences.

Staff absences are more prone to rise during large sporting events, which has are more significant impact on employers whose staff are working shifts.

Jo Eccles, business adviser at the Forum of Private Business, says: “Sporting events such as the World Cup can bring a real feel good factor and many people will want to watch and get behind England. While the majority of matches may be in the evening out of office hours for most of us, the final fixture will be towards the end of the working day and employers may want to arrange plans to allow staff to be able to watch what could be the big decider for Hodgson and his team.”

...

http://www.cirmagazine.com/cir/World-Cup-fever-The-business-continuity-counter--attack.php

Many organizations responded to the Heartbleed Bug by conducting the appropriate risk assessments and vulnerability scanning to determine whether they were running vulnerable versions of Linux containing the affected OpenSSL versions (1.0.1 through 1.0.1f). If the vulnerability was found, they quickly moved to close it, but many organizations determined that the servers or systems they were running weren’t at risk.

The simple fact is that for hundreds of thousands of sites that ran the vulnerable OpenSSL code – which was in distribution for a year – we will probably never know whether the vulnerability was exploited, or exactly what data may have been compromised as a result of Heartbleed’s memory scraping.

...

http://www.corporatecomplianceinsights.com/are-service-providers-prepared-for-cyber-security-risks-post-heartbleed/

The US-based Transportation Research Board has issued a new report entitled ‘A Guide for Public Transportation Pandemic Planning and Response.’

The report is designed to assist transportation organizations as they prepare for pandemics and other infectious diseases, such as seasonal flu. It outlines broad guidance on dealing with pandemic preparedness planning and provides information, tools, tips, and guidance on where to find up-to-date recommendations from federal agencies and other resources, prior to and during a pandemic.

Read the report here (PDF).

Continuity Software has published the results of its latest Service Availability Benchmark Survey, designed to enable IT infrastructure, business continuity and disaster recovery professionals to compare their organization's performance and practices to that of their peers.

The key findings of the report, based on responses from 155 IT professionals across a wide range of industries and geographies, are:

  • Over half of the companies (59 percent) had an outage in the past three months and 28 percent had an outage in the past month;
  • 41 percent of the organization surveyed missed their service availability goal for mission critical systems in 2013;
  • 66 percent of the respondents have initiatives for improving service availability management in 2014;
  • Proactive identification of risks is the top challenge 20 percent of the respondents face in ensuring service availability;
  • The most common and most effective strategy for ensuring service availability is virtualization HA, used by 72 percent of the respondents this year compared to 63 percent in 2013.

"It is discouraging to see that such a high percentage of organizations continue to miss their service availability goals, despite the tremendous effort and investment made across the infrastructure," said Doron Pinhas, CTO, Continuity Software. "IT teams are finding themselves in a never-ending chase to keep up with the pace of change across the IT landscape. As the survey results show, IT organizations are increasingly recognizing that a proactive approach to risk identification is more effective for outage prevention than playing catchup."

Read the full report, registration required.

Avalution designed the BCM 101 videos below to provide an overview of business continuity planning concepts and processes and answer the most common questions we receive, including: What is Business Continuity? Click any video below to start learning about business continuity right now.

Avalution is the leading provider of business continuity management consulting services in the U.S. and an expert at getting business continuity programs off the ground. We would love to have a conversation to discuss your business continuity and disaster recovery challenges. If you're ready to get started, contact us today.

- See more at: http://www.avalution.com/bcm-101#sthash.VkhLjwZS.dpuf

BCM 101 - An Introduction to Business Continuity Planning & Management


Whether you're an executive that's just been handed responsibility of developing/maintaining a business continuity program or a practitioner brand new to the profession, you've come to the right place to learn about business continuity!


Avalution designed the BCM 101 videos below to provide an overview of business continuity planning concepts and processes and answer the most common questions we receive, including: What is Business Continuity? Click any video below to start learning about business continuity right now.

Avalution is the leading provider of business continuity management consulting services in the U.S. and an expert at getting business continuity programs off the ground. We would love to have a conversation to discuss your business continuity and disaster recovery challenges. If you're ready to get started, contact us today.

- See more at: http://www.avalution.com/bcm-101#sthash.VkhLjwZS.dpuf

CIO — WASHINGTON — In many ways, the challenges of improving healthcare through technology revolve around data.

It's a boom time for health IT startups that have been developing mobile devices and tools to collect more data about patients' adherence to treatment plans, monitor anything from chronic conditions to caloric intake, and any number of other applications.

At their core, those businesses launched with the vision that more data can address public health issues, reduce the costs of care, improve patient outcomes — or all of the above.

...

http://www.cio.com/article/753795/Why_Health_Data_Is_a_Big_Data_Challenge

Have business intelligence and analytics “jumped the shark” with CIOs?

Gartner analyst Andrew White thinks so. In a recent post, White said he thinks the popularity of BI and analytics is “about to play out its course.”

It’s a bold statement, but perhaps not as daring as it may at first seem. White points out that BI/analytics has been a top priority for CIOs for several years. This year, however, it ranked fourth when Gartner asked top leaders to name the “most important technology-enabled capability investment over the next five years.”

...

http://www.itbusinessedge.com/blogs/integration/has-bianalytics-lost-its-luster-with-cios.html

Airmic and insurance information specialists, Axco, have launched a database of regulatory requirements designed to address one of the most pressing problems facing risk managers – confirming that their insurance programmes are compliant globally. Insight Risk Manager provides crucial intelligence on local compliance and regulatory insurance requirements, policy conditions and premium payment terms.

“Insight Risk Manager is more than just a valuable tool – it’s a potential game-changer,” said Airmic chair-elect Helen Pope. “Compliance for global insurance programmes will probably never be easy, but the new database will provide risk managers with access to a single, authoritative source they can consult whenever they want.”

...

http://www.cirmagazine.com/cir/Compliance-database-for-insurance-buyers-launched.php

A paper, published today by the European School of Management and Technology in Berlin and Sungard Availability Services, reveals the unique opportunity that digitisation has provided for chief information officers to elevate their position and to drive the wider business agenda within their organisations.

Digital Dynamics in the C-Suite: Accelerating Digitisation with the Right Conversations, written by Joe Peppard, professor of management at the European School of Management and Technology in Berlin, outlines how customer interactions and experiences are increasingly shaped by technology. It also identifies major shifts whereby the role of technology in business can be truly transformative and offers CIOs guidance to help them evolve, if not accelerate, their organisations’ digital agendas through digital cross-collaboration.

...

http://www.cirmagazine.com/cir/New-research-reveals-unique-opportunity-for-CIOs.php

Planning for business continuity includes identifying real risks and evaluating their impact on business activities and objectives. The risks to be included are the ones that could reasonably be held to apply to an organisation. Of course, each entity needs to make its own list, because many risks are situation-specific. For example, an enterprise in the middle of the desert is unlikely to include the risk of a plane crashing on its premises. On the other hand, for a company located next to an airport, the risk is more relevant. But what part should large-scale political or environmental shocks play in business continuity planning?

...

http://www.opscentre.com.au/blog/are-global-shocks-part-of-your-business-continuity-planning/

eBRP conducted its first in the series of  Incident Readiness: Plan Today. Test Today.  webinars on May 29th.  Measuring the impact of an online webinar is a bit subjective, but we were gratified by the number of attendees – and especially the large percentage stayed until the end (even when the Q&A period ran long beyond the state hour-long objective).  Here’s is a sampling of email feedback we received:

...

http://ebrp.net/the-path-to-incident-readiness-what-they-said/

Charlie Maclean-Bristol provides some practical advice for business continuity managers who are preparing for an ISO 22301 certification audit.

Recently I was in Fremont, California, supporting a business through an ISO 22301 audit. My company had been working with the business in question for a year to get it ready for the audit and we had already taken part of the organization (the part based in Sweden) to ISO 22301 certification, so we were fairly confident that we would pass this audit. However, a different auditor is always an unknown entity. This meant that the audit was, as always, approached with a little apprehension.

The following are 15 points I learned from this particular audit:

...

http://www.continuitycentral.com/feature1185.html

A survey by Ipswitch has found that fear of reputational damage is the biggest driver for business professionals to comply with data security laws. Yet the majority are still failing to secure the transfer of critical files.

The survey, conducted at the end of April 2014, asked 415 business professionals working across the EU about attitudes, practices and technologies relating to data security and protection. The results also show that the UK is seen as having tighter data protection laws than Germany or France. However, the vast majority think the UK’s data protection laws need to be even stricter.

...

http://www.continuitycentral.com/news07234.html

Computerworld — Ever since we learned that last autumn's massive Target data breach was accomplished with the use of access credentials stolen from a third-party vendor, I've been concerned about similar threats at my company. We use lots of vendors, many of which have access to our network. I've spent a lot of money, time and energy fortifying my network and its perimeter. But what if one of the vendors gets compromised? Could hackers sneak into my network through the side door, posing as a legitimate service employee?

Of course, this is really nothing new. I've written a few columns in the past about problem vendors and some of the things I've done to deal with the consequences of business managers signing contracts with third parties without involving my team. I've also mentioned in the past that I try to review third-party SSAE16 (previously SAS70) reports on our vendors that audit firms have produced, and I hope those reports are accurate and unbiased.

...

http://www.cio.com/article/753719/We_Manage_our_Threats_but_What_About_our_Vendors_

James O’Donnell pulls no punches. “The sea level is going to rise, that’s for sure,” said the professor of marine sciences at the University of Connecticut. “It has been rising for 10,000 years; it’s just accelerated recently. The biggest danger is that we don’t do anything.”

But Connecticut is doing something. Officials in the state, which has been bruised and battered in the past few years by storms both named — Sandy and Irene — and unnamed, announced the creation of the Institute for Community Resiliency and Climate Adaptation in January.

It’s a collaborative effort among UConn, the state Department of Energy and Environmental Protection and the National Oceanic and Atmospheric Administration, and its goal is to create real-world solutions for the growing risks to both life and property that are being posed by climate change.

...

http://www.emergencymgmt.com/disaster/Institute-Connecticut-Communities-Prepare-Rising-Sea-Levels.html

According to a study recently released by Forrester Consulting, data center related purchasing decisions in companies of all sizes are more likely to be made by the CEO than by the CIO, or by any other IT executive.

I recently had the opportunity to discuss that finding with Matt Miszewski, senior vice president of sales and marketing at Digital Realty, a data center operations services provider in San Francisco, and the company that commissioned the survey. Don’t let that sales and marketing title put you off—Miszewski has solid CIO credentials as the former CIO of the state of Wisconsin. So you’ll be happy to know that he doesn’t talk like a sales and marketing guy.

For starters, I asked Miszewski, based on his experience, whether the fact that CEOs most frequently call the data center shots is a relatively new phenomenon, or the way it’s always been. He responded wearing his former CIO hat:

...

http://www.itbusinessedge.com/blogs/from-under-the-rug/ceos-not-cios-drive-data-center-decisions-study-finds.html

Combined efforts to guard against the threat of malware are laudable, but the threat posed by cyber criminals remains. Commenting on news this week that computer users are being urged to protect their machines from malware which could allow hackers to steal financial data, Stephen Bonner, a partner in KPMG's cyber security practice, says this "fantastic effort...has cut the head of the hydra of the control networks that steal banking access and encrypt data for ransom".

These actions not only cut off the flow of money to the perpetrators and help unmask their identities, but also means current infections cannot be updated with new versions. Bonner stresses, however, that the threat remains: “Like any hydra, the heads will grow back and organised crime will return, but this event presents a unique opportunity to clean up our systems while the criminals cannot update their infections.

...

http://www.cirmagazine.com/cir/malware-arrest-kpmg-comment.php

Often our staff tries to avoid a “re-inventing the wheel” approach when addressing inquiries from our readers.  To that point and answering several inquiries of “how do I?” organize an Emergency Management or Disaster Preparedness guide for where I work, and for where I live …our staff reviewed its inventory of past articles and disaster recovery materials and decided to focus on a recent project completed in the Santa Rosa County in the state of Florida.

Knowing that emergencies and disasters can happen anywhere and anytime, the Santa Rosa County Board of Commissioners supported and created their Emergency Management/Disaster Preparedness Guide.  This guide was put together to provide its residents, visitors and businesses with valuable information in order to help them better plan and prepare for man-made and natural disasters.  This guide might well be a basis for and perhaps an integral part of your own preparedness plans in your community, where you work and especially in your personal preparedness plan.

MONTGOMERY, Ala. – Alabama emergency managers kept one eye on the destruction occurring in Mississippi as they prepared for supercell storm systems to enter their state during the afternoon and early evening of April 28.

Alabamians heeded meteorologists’ dire warnings that this system appeared to be “a particularly dangerous situation” by closing schools and government offices in the early afternoon. Gov. Robert Bentley issued a state of emergency for all 67 counties because of the threat.

Storms Enter the State at 1 p.m.

All the ingredients for tornado development were parked over Alabama as the storms rolled into the northwest region of the state at about 1 p.m. When the outbreak subsided at 6:30 p.m., 29 tornadoes were recorded, homes and buildings were destroyed by high winds of up to 88 mph and hail the size of baseballs damaged roofs and vehicles.

The damage was widespread with roads impassable, trees and electrical wires down and several reports of people trapped in their homes. Five people died, 16 were injured.

In the southern part of the state, flooding was a major problem with 23.67 inches of rain recorded in Mobile. Search and rescue teams were dispatched for door-to-door searches to find trapped survivors throughout the state.

At the height of the storm, more than 126,000 power outages were reported by the state. The American Red Cross opened five shelters in hardest-hit counties. Some 65 community safe rooms were utilized, saving countless lives.

Later, meteorologists pronounced that the April 28th storms spawned the fourth highest number of tornadoes in a single event. According to the National Weather Service, the outbreak left a swath of damage almost 200 miles long across the state. The weather service also confirmed four EF-3 tornadoes (the Fujita Scale of tornado strength ranges from EF-0 to EF-5), severe storms, straight-line winds and flooding affecting 31 counties.

At the state Emergency Operations Center (EOC) in Clanton, staff compiled and analyzed reports coming in from the counties. With more than $6.7 million in damages and knowing that amount surpassed the state’s ability to absorb, State Emergency Manager Art Faulkner reported to Gov. Bentley that he should seek federal assistance.

The governor asked for the help of the Federal Emergency Management Agency. President Obama expedited a major disaster declaration on May 2, opening the doors for federal aid.

Initially, four counties were declared for Individual Assistance and five counties for Public Assistance. Following a declaration amendment on May 8, another five counties were added for Individual Assistance, which provides grants for individuals and households.

On May 12, 13 counties were added for Public Assistance, which includes emergency reimbursements for protective measures, repairs to roads and bridges, public buildings and infrastructure as well as debris removal.

Counties designated for Individual Assistance include: Baldwin, Blount, DeKalb, Etowah, Jefferson, Lee, Limestone, Mobile and Tuscaloosa.

Counties designated for Public Assistance include: including Baldwin, Butler, Covington, Crenshaw, Dale, DeKalb, Etowah, Franklin, Geneva, Jefferson, Lamar, Lee, Limestone, Mobile, Perry, Pickens and Tuscaloosa.

Recovery Begins

FEMA, one of Alabama’s federal partners, prepositioned a mobile command center at the Alabama EOC to assist in the response effort.

Within 24 hours of the declaration, preliminary damage assessments for Public Assistance had been completed for Baldwin, Jefferson and Limestone counties. Individual Assistance preliminary damage assessments were started in Blount, DeKalb, Etowah, Mobile and Tuscaloosa counties.

Meanwhile, FEMA staff worked to prepare for and deploy equipment for three Disaster Recovery Centers – two in Jefferson and one in Lee counties, while teams of Disaster Survivor Assistance specialists traveled to the state EOC. These teams would fan out across the state to assess, inform and report the situation in communities, as well as going door-to-door to provide on-the-spot FEMA registration for survivors.

The U.S. Small Business Administration, another federal partner, dispatched its staff to Alabama to assist in the outreach to survivors and offer low-interest rate loans to individuals and businesses.

Registration was underway. By close of business May 6, more than 1,800 registrations had been received via the FEMA call center, online and mobile registration. Twenty-six inspectors were in the field, with 1,195 damage inspections completed.

FEMA Grants Help Bring Relief to Survivors

By May 20, more than 300 FEMA and state employees were working in the Montgomery Joint Field Office to bring a sense of normalcy back to the lives of those affected by the storms.

Three weeks after the storm, FEMA had approved more than $11 million in Individual Assistance grants, another federal partner, the SBA, had approved $1.6 million in  low-interest, long-term loans. Millions more in Public Assistance dollars will help with the impact to municipalities and government services.

At peak operations, 11 Disaster Recovery Centers were operating in affected counties. More than 3,100 visits to the centers had been made to register for FEMA assistance, ask questions of state and federal officials and learn what programs were available.

At the busiest period, 52 FEMA housing inspectors were in the field, resulting in 95 percent of home damage inspections completed within two days – a rate that remains one month from the date of the disaster.

Also one month after the disaster, federal aid for Alabama tops $20 million with $15 million approved through FEMA’s Individuals and Households Program and another $5 million through approved SBA low-interest disaster loans.

With 38 FEMA housing inspectors now in the field, 95 percent of home damage inspections are being completed within two days.

As of Monday, June 2, six Disaster Recovery Centers remain open: two centers in Baldwin, two in Jefferson, and one center in each Limestone and Mobile counties. The SBA is operating a Disaster Loan Outreach center in Tuscaloosa, which also will have FEMA registration information available.

The deadline for FEMA registration is July 1.

Survivors can register at the recovery centers from 9 a.m. to 6 p.m., Monday through Saturday; by phone, call 800-621-3362 (FEMA) from 7 a.m. to 10 p.m. local time, multilingual operators are available; TTY is 800-462-7585; by computer, go online to www.DisasterAssistance.gov; or by smartphone and tablet, use m.fema.gov.

In a recent blog, I discussed the results of a report by Brother on how small businesses believed that investing in new technology provided a better ROI than investing in new employees. Another statistic from that report showed that 64 percent of the respondents felt “overwhelmed” by new technology. This response isn’t surprising if you consider that another report by Parks Associates identified that small businesses spend less than $1,000 per year on technical support services. If you couple those two percentages with the fact that technology advancements are on the rise in every market including BYOD, the Internet of Things, social networking and the cloud, running a small business in the digital age can be downright daunting.

New technology being implemented by SMBs is opening new doors for tech support service providers to grow. Jim O’Neill, research analyst for Parks Associates, paints a positive picture for service partners that provide help desk support:

...

http://www.itbusinessedge.com/blogs/smb-tech/smb-tech-adopting-new-technologies-may-require-bigger-tech-support-budget.html

A lot of buzz surrounds how to become a digital business right now, but precious little about what the term actually means.

Several pieces use some variation of this explanation from Gartner Fellow Ken McGee:

“Digital business is not synonymous with IT. It is about revenue, value, markets and customers. It is outward-focused. It is a metaphorical combination of front office, top line and downstage compared with back office, bottom line and backstage. True, information and technology help to build the capabilities for digital businesses, but they are only part of a complex picture."

...

http://www.itbusinessedge.com/blogs/integration/the-digital-enterprise-whatever-it-is-will-require-better-data.html

PENSACOLA, Fla. – The State/FEMA disaster recovery center located at the Milton campus of Pensacola State College is transitioning Monday, June 2, to a U.S. Small Business Administration disaster loan outreach center.

SBA customer service representatives will be on hand at the loan outreach center to answer questions about SBA’s disaster loan program and explain the application process. Survivors can get help applying for or closing out low-interest disaster loans. The center is located at:

Pensacola State College

Milton Campus

Building 4000

5988 Highway 90

Milton, FL 32583

The disaster recovery center will be open from 8 a.m. to 7 p.m. on Friday and Saturday, and 11 a.m. to 7 p.m. on Sunday, June 1.

Beginning Monday, June 2, the SBA disaster loan outreach center will be open on weekdays from 9 a.m. to 6 p.m., until further notice.

The Milton disaster recovery center opened May 10 to help survivors who sustained damage during the severe storms, tornadoes and flooding from April 28 through May 6. The center has received more than 300 visits in nearly three weeks.

It is not necessary to visit a disaster recovery center to register with FEMA. Disaster survivors can continue to register online at DisasterAssistance.gov, via smartphone at m.fema.gov or by phone at 800-621-3362. Survivors who are deaf, hard of hearing or have a speech disability can call (TTY) 800-462-7585.

To apply for an SBA low-interest disaster loan, survivors can find the electronic loan application on SBA’s secure website at disasterloan.sba.gov/ela. Questions can be answered by calling the SBA disaster customer service center at 800-659-2955/(TTY) 800-877-8339 or visiting www.sba.gov.

For more information on Florida disaster recovery, click fema.gov/disaster/4177, visit the Florida Division of Emergency Management website at FloridaDisaster.org or the Facebook page at facebook.com/FloridaSERT.

# # #

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

FEMA’s temporary housing assistance and grants for childcare, medical, dental expenses and/or funeral expenses do not require individuals to apply for an SBA loan. However, those who receive SBA loan applications must submit them to SBA to be eligible for assistance that covers personal property, transportation, vehicle repair or replacement, and moving and storage expenses.

JACKSON, Miss. – As Mississippi disaster survivors receive FEMA checks or direct deposits to help them recover from the severe storms, tornadoes and flooding of April 28 through May 3, it is important to understand that there are limits on how the money can be spent.

Use of the money for other than eligible expenses could result in having to return funds back to FEMA.

FEMA does not provide survivors with an itemized list of eligible expenses tailored to their specific situation. But it does provide an important booklet, “Help After a Disaster,” that spells out the kinds of expenses authorized in the Individuals and Households Program.

The grant covers only repair or replacement of items that were damaged as a direct result of the disaster and were not covered by insurance. Repairs and rebuilding may not improve a home above its pre-disaster condition unless such improvements are required by current building codes.

Use of the money is limited to repairing the home so that it is safe and sanitary so survivors can live there. It will not be enough to return the home to its condition before the disaster.

The money can be spent to repair structural parts of the home such as foundation, outside walls and roof.

Survivors also may use FEMA assistance provided for housing needs to repair:

  • Windows, doors, floors, walls, ceilings and cabinetry.
  • Septic or sewage systems.
  • Wells or other water system.
  • Heating, ventilating and air conditioning.
  • Utilities (electrical, plumbing and gas.)
  • Entrance and exit ways, including privately-owned access roads.
  • Blocking, leveling and anchoring of a mobile home and reconnecting or resetting its sewer, water, electrical and fuel lines and tanks.

Survivors also may receive money for “Other than Housing Needs.” This money is provided to repair damaged personal property or to pay for disaster-related expenses and serious needs, limited to items or services that help prevent or overcome a disaster-related hardship, injury or adverse condition. It does not pay to return or replace personal property to its condition before the disaster.

Examples of allowable Other than Housing Needs are disaster-related medical and dental costs, funeral and burial expenses, clothing, household items, heating fuel, disaster-specific clean-up items, a vehicle damaged by the disaster and moving and storage expenses.

Survivors should keep bills and receipts for three years to show how all of the FEMA grant money was spent. FEMA is authorized to do an audit.

Disaster survivors in Itawamba, Jones, Leake, Lee, Lowndes, Madison, Montgomery, Rankin, Simpson, Warren, Wayne and Winston counties may be eligible for FEMA’s Individual Assistance program. The deadline to register is June 30, 2014.

Individuals and households in those counties can register for FEMA Individual Assistance online at DisasterAssistance.gov, via smartphone or tablet at m.FEMA.gov or by calling the FEMA helpline at 800-621-FEMA (3362.) People who are deaf, hard of hearing or have a speech disability and use a TTY should call 800-462-7585. Lines are open 7 a.m. to 10 p.m. (central time) and assistance is available in multiple languages.

For more information on Mississippi disaster recovery, go to FEMA.gov/Disaster/4175. Visit the MEMA site at msema.org or on Facebook at facebook.com/msemaorg.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. 

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). If you have a speech disability or hearing loss and use a TTY, call 800-462-7585 directly; if you use 711 or Video Relay Service (VRS), call 800-621-3362.

FEMA’s temporary housing assistance and grants for public transportation expenses, medical and dental expenses, and funeral and burial expenses do not require individuals to apply for an SBA loan. However, applicants who receive SBA loan applications must submit them to SBA loan officers to be eligible for assistance that covers personal property, vehicle repair or replacement, and moving and storage expenses.

###

Related Content: 
Last Updated: 
June 3, 2014 - 12:28
State/Tribal Government or Region: 
 

IDG News Service (New York Bureau) — As it preps Oracle Enterprise Manager to run private clouds, Oracle has released an update to the management software that offers the ability for organizations to offer production-ready databases as a service.

Oracle Enterprise Manager 12c release 4 is the first version of the software to "offer enterprise-grade databases as a service with high availability and disaster recovery," said Dan Koloski, senior director of product management for the Oracle Enterprise Manager line of software. "We want our customers consume their databases in an agile environment."

The new release also offers advancements in managing middleware and in access control.

...

http://www.cio.com/article/753675/Oracle_Focuses_on_Prepping_Databases_As_a_Service

The Institute of Directors has authored a guide to outline the practical lessons for organizations from the World Economic Forum Global Risk 2014 report.

‘Responding to Global Risks: a practical guide for business leaders’ has been developed in conjunction with Airmic, PWC, Marsh and Zurich .

The publication aims to offer a practical guide to risk management and insurance solutions in response to the top global macro financial, societal, economic and environmental risks.

Read the document (PDF).

The Software Engineering Institute's (SEI) CERT Division had published a technical note which describes the Mission Risk Diagnostic for Incident Management Capabilities ((MRD-IMC), a risk-based way to assess an organization's information security incident management function.

The document’s abstract reads as follows:

“An incident management (IM) function is responsible for performing the broad range of activities associated with managing computer security events and incidents. For many years, the Software Engineering Institute's (SEI) CERT Division has developed practices for building and sustaining IM functions in government and industry organizations worldwide. Based on their field experiences over the years, CERT researchers identified a community need for a time-efficient means of assessing an IM function. The Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC) is designed to address this need. The MRD-IMC is a risk-based approach for assessing the extent to which an IM function is in position to achieve its mission and objectives. Analysts applying the MRD-IMC evaluate a set of systemic risk factors (called drivers) to aggregate decision-making data and provide decision makers with a benchmark of an IM function's current state. The resulting gap between the current and desired states points to specific areas where additional investment is warranted. The MRD-IMC can be viewed as a first-pass screening (i.e., a "health check") or high-level diagnosis of conditions that enable and impede the successful completion of the IM function's mission and objectives. This technical note provides an overview of the MRD-IMC method.

Author(s): Christopher J. Alberts, Audrey J. Dorofee, Robin Ruefle, Mark Zajicek

Read the document

Computerworld — The White House plan to cut carbon dioxide pollution by 30% seeks to meet its goals, in part, through efficiency improvements. This could put further pressure on data centers to improve efficiency, many of which are powering servers that are doing very little work or none at all.

For instance, a recent Uptime Institute survey asked enterprise data professionals: "What percentage of your servers are likely comatose?" About 60% of respondents said the number of comatose servers was under 5%. But nearly 25% put at least 10% of their servers were into that category.

The problem may be bigger than the Uptime survey indicates.

"Most data center operators can't even tell you how many servers they have never mind their utilization, so caution in interpreting those numbers is indicated," said Jonathan Koomey, a research fellow Steyer-Taylor Center for Energy Policy and Finance at Stanford University. "The percentages for comatose servers are likely much bigger."

...

http://www.cio.com/article/753657/EPA_Urges_Efficiency_Many_Data_Centers_Still_Far_From_it

Is another pandemic on the way? The generic coronavirus is common everywhere, but this one – Middle East respiratory syndrome coronavirus, or MERS-CoV – is a particularly virulent strain. It’s also on the move. The World Health Organization published information on May 1st about serious infection of a hospital patient in Egypt who had returned to the country after a stay in Riyadh, Saudi Arabia. On May 2nd, the first U.S. case of MERS was identified in a traveller arriving from Saudi Arabia. Recent similar illnesses include the SARS outbreak in 2003. What precautions are necessary this time?

...

http://www.opscentre.com.au/blog/keep-your-pandemic-plan-updated-in-case-of-mers/

It didn’t take long after the tragedy of the Oso, Wash., March mudslide for everyone to wonder: Should local officials have done more to prevent people from building in harm’s way?

The local emergency management director, John Pennington, was grief-stricken. “We did everything we could,” he told reporters. He added, “Sometimes big events just happen. Sometimes large events that nobody sees happen. And this just happened.”

A retired architect who had a weekend home in the path of the slide — and who lost many of his neighbors — told The Seattle Times, “We are not a bunch of stupid people ignoring warnings.” He explained, “We all make risk assessments every day of our lives. But you cannot make a risk assessment on information you do not have.”

...

http://www.emergencymgmt.com/disaster/How-Much-Can-Government-Protect-People-Natural-Disaster.html

CIO — Last month, the White House released its 90-day review of big data and privacy, renewing the call for a Consumer Privacy Bill of Rights along with a number of other policy recommendations.

With the administration and legislators (and regulatory bodies like the Federal Trade Commission) now considering issues of data collection and privacy, how should CIOs advise their organizations about going forward with big data initiatives?

"My advice is people should move very, very aggressively into this area of big data," says Lanny Cohen, global CTO of technology consulting firm Capgemini. "I think, at the end of the day, this is going to become one of the biggest sources of competitive advantage that an enterprise can have. Those enterprises that really have, as a core competency, the ability to gather data, analyze it and act on it are going to have a major advantage."

...

http://www.cio.com/article/753612/CIOs_Should_Push_Big_Data_Projects_but_Prioritize_Privacy

By STAFF REPORTER

PwC has just released their 2014 US State of Cybercrime report. Key findings reveal that while the number of cybercrime incidents and the monetary losses associated with them continue to rise, most US organisations’ cybersecurity capabilities do not rival the persistence and technological skills of their cyber adversaries. According to the report, only 38% of companies have a methodology to prioritise security investments based on risk and impact to business strategy.

The survey finds that most organisations do not take a strategic approach to cyber security spending. It also found that, worryingly, organisations do not assess security capabilities of third-party providers.

In general, the survey found that supply chain risks are not understood or adequately assessed, and that security for mobile devices is inadequate and has elevated risks.

...

http://www.cirmagazine.com/cir/PwC-Organisational-cyber-resilience-no-match-for-adversaries.php

JACKSON, MS. — Survivors may not know about disaster help from the U.S. Small Business Administration that could lead to a smarter, faster recovery for businesses, homeowners, renters or private nonprofits.

Economic Injury Disaster Loan

SBA offers a working capital loan to relieve the economic injury caused by the disaster. A disaster loan is available to eligible businesses as well as private nonprofits even if property was not damaged by the severe storms, tornadoes and flooding that occurred April 28 thru May 3, 2014. 

These loans are for small businesses, small agricultural cooperatives, small businesses engaged in aquaculture and certain private, nonprofit organizations of all sizes to cover unpaid bills and lost business due to the disaster. Economic Injury Disaster Loans are also given in amounts up to $2 million, but the total of both physical damage and economic injury loans cannot exceed $2 million. Economic Injury Disaster Loan assistance is available regardless of whether the business suffered any physical property damage.

There are 45 Mississippi counties eligible for Economic Injury Disaster Loans. The first 12 counties are those designated by the presidential disaster declaration for FEMA Individual Assistance.  Those counties are Itawamba, Jones, Leake, Lee, Lowndes, Madison, Montgomery, Rankin, Simpson, Warren, Wayne and Winston. 

Thirty-three other counties are eligible because each shares a border with one of the 12 disaster-designated counties. These additional counties eligible only for an Economic Injury Disaster Loan are Attala, Carroll, Chickasaw, Choctaw, Claiborne, Clarke, Clay, Copiah, Covington, Forrest, Greene, Grenada, Hinds, Holmes, Issaquena, Jasper, Jefferson Davis, Kemper, Lawrence, Monroe, Neshoba, Newton, Noxubee, Oktibbeha, Perry, Pontotoc, Prentiss, Scott, Smith, Tishomingo, Union, Webster and Yazoo in Mississippi. 

Physical Damage Disaster Loans

Businesses and private non-profit organizations of any size may borrow up to $2 million to repair or replace disaster damaged or destroyed real estate, machinery and equipment, inventory and other business assets. The SBA may increase a loan up to 20 percent of the total amount of disaster damage to real estate and/or leasehold improvements, as verified by SBA, to make improvements that lessen the risk of property damage by future disasters of the same kind. 

Interest rates are as low as 4 percent for businesses, 2.625 percent for non-profit organizations and
2.188 percent for homeowners and renters with terms up to 30 years. Loan amounts and terms are set by the SBA and are based on each applicant’s financial condition. 

Deferred Disaster Loan Payments

The first payment for a disaster loan is due five months from the date of the SBA Note.

The deadline to apply for an SBA Physical damage loan is June 30, 2014, and for Economic Injury Disaster Loans the deadline is January 30, 2015. 

A simple and fast way to complete the application is online, using the SBA’s electronic loan application.  Go to https://DisasterLoan.SBA.gov/ELA. Plus, you can receive a status of your application by calling 800-659-2955 or TTY 800-877-8339, emailing DisasterCustomerService@sba.gov or visiting sba.gov/disaster. SBA customer service representatives are available at ALL disaster recovery centers. Disaster recovery center locations can be found online at FEMA.gov/DRCLocator or by calling      800-621-3362 (TTY 462-7585.)                          

Do not wait on an insurance settlement before returning an application. Insurance may not pay for all of the disaster-related damage. Survivors can begin their recovery immediately with an SBA disaster loan. The loan balance will be reduced by the insurance settlement.

For more information on Mississippi disaster recovery, click fema.gov/disaster/4175. Visit the MEMA site at msema.org or on Facebook at facebook.com/msemaorg.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

FEMA’s temporary housing assistance and grants for public transportation expenses, medical and dental expenses, and funeral and burial expenses do not require individuals to apply for an SBA loan. However, applicants who receive SBA home loan applications must submit them to SBA loan officers to be eligible for assistance that covers personal property, vehicle repair or replacement, and moving and storage expenses.

In the digital version of “physician, heal thyself,” it seems that some large data organizations are utilizing Big Data and other advanced functions for their own purposes, namely, driving greater efficiency and performance in the data center.

It only makes sense, after all, that a construct as complicated as a virtual, dynamic data environment would need all the help it can get to not only provide an accurate picture of what is going on amid myriad boxes and wires, but also tell how best to improve things.

Google, for example, is turning toward advanced machine intelligence at some of its largest facilities with an eye toward fulfilling the twin goals of greater performance and less energy consumption. Through the use of neural networks and advanced analytics, the company says it is well on the way to the kind of predictive functionality that absorbs everything from IT loads, pump speeds, cooling metrics and hundreds of other data points. With advanced modeling, the company says it can calculate the expected PUE of a properly equipped facility with 99.6 percent accuracy.

...

http://www.itbusinessedge.com/blogs/infrastructure/turning-big-data-into-a-better-data-center.html

IBM launched a new cloud-based service program this week to help companies jump-start Big Data analytics, called IBM Cloud Business Solutions.

The first batch includes 12 subscription-based managed services, which basically means it couples consulting services with pre-built IBM assets, including advanced analytics and cloud infrastructure.

Eventually, IBM will have 20 cloud-based business solutions available. The first dozen address high-demand areas such as customer analytics, customer data, marketing management and industry-specific mobile tools.

IBM ranked as one of Information Week’s top 16 Big Data Analytics Platforms earlier this year, but this is its first foray into a cloud-based service for Big Data. Other companies do offer cloud-based Big Data analytics, including two pure-plays, 010data and Amazon Web Services (AWS).

...

http://www.itbusinessedge.com/blogs/integration/ibms-new-cloud-based-solution-offers-to-manage-big-data-analytics-for-you.html

Monday, 02 June 2014 14:33

Insuring Against Third-Party Cyberrisk

The tremendous growth in cyber insurance is being fueled in part by the desire of companies to cede some of the risk of a cyber breach to insurers.  In many cases insurers are eager to take on this risk—provided they can objectively quantify and understand the risks they are underwriting.

However, is it enough to only look at the cyber risk of the insured?  Increasingly companies are being attacked through their third-party vendor networks; one study by the Ponemon Institute reported 23% of data breaches are attributable to third party vendors. As companies share critical customer information with vendors, they expose themselves to a breach through these extended networks. Criminals have even started to target small to medium sized companies as a way to access the sensitive information of the larger firms they serve.

...

http://www.riskmanagementmonitor.com/insuring-against-third-party-cyberrisk

Yesterday, Institutional Shareholder Services (ISS), a third-party advisor to Target Corp. investors, recommended ousting Target’s Audit Committee because they failed to do appropriate risk management, resulting in a breach of customer data. According to Twin Cities Business Magazine, ISS stated that “… in light of the company’s significant exposure to customer credit card information and online retailing, these committees should have been aware of, and more closely monitoring, the possibility of theft of sensitive information, especially since it involves shoppers and the communities in which the company operates, as well as the overall impact on brand reputation and brand value.”  This suggests a fundamental lack of understanding of both the nature of the breach and who should be held responsible for the outcome.

First, let's understand what really happened here: Target updated their point of sale (POS) systems before the holiday season. There was a known vulnerability in those POS systems that let credit card data travel between the POS system and the register before it was encrypted and sent off to the clearinghouse for approval. Target’s technology team was warned of the vulnerability and DECIDED that the risk was worth accepting – not the board, not the auditors; it was the people involved in the project who accepted the risk of losing 70 million records. When departments accept that level of risk, they in essence, end the conversation.  The audit committee and board of directors would be none the wiser. When was the last time you notified your board about how you were disposing of hard drives?

...

http://blogs.forrester.com/renee_murphy/14-05-29-dont_blame_targets_audit_committee_for_the_sins_of_technology_management

Previously, I shared how some executives are skeptical about Big Data analytics and its ability to match their own business intuition.

This made me wonder: How do some leaders find that Big Data analytics actually enlightens their business behavior? To help you find the path, I’ve compiled five expert tips that may illuminate your Big Data analytics projects.

Tip 1: New analytics often requires new behaviors. Michael Schrage, a research fellow at MIT Sloan School’s Center for Digital Business, says in his discussions with companies, those who struggle or achieve only moderate outcomes tend to use Big Data analytics primarily for decision support. By contrast, Big Data achievers leverage Big Data to change their conversations.

...

http://www.itbusinessedge.com/blogs/integration/five-expert-tips-for-succeeding-with-big-data-analytics.html

CSO - Signal-to-noise ratios are hard to manage. As a security professional, you want the threat data, you want the attack notifications and alerts, and you need intelligence. But, when there's too much coming in, those alerts and notifications fall to the wayside. They're easily dismissed and ignored.

After all, if a device is generating 60 alerts a day - and for the first few weeks none of them amount to anything - as new alerts from that device arrive, they're eventually going to be dismissed.

This happens because the IT / InfoSec department has other things to worry about, and there isn't enough time (or people) to deal with a flood of alerts. It's possible the device generating the alerts will be properly tuned and configured later, but that depends on the staff's workload.

...

http://www.computerworld.com/s/article/9248654/Information_overload_Finding_signals_in_the_noise

In its 2014 “Business Risk Index,” Travelers surveyed more than 1,100 businesses on the top risks they perceive and how ready they are to mitigate those threats. Overall, respondents clearly see an increasingly risky world around them, but feel notably unprepared  to handle the risks. The top seven threats, in order of reported concern, are: medical cost inflation, increasing employee benefit costs, legal liability, broad economic uncertainty, cyberrisk, complying with laws, and attracting and retaining talent.

Check out this infographic for more of the study’s insights:

...

http://www.riskmanagementmonitor.com/businesses-feel-less-prepared-for-increasingly-risky-world-travelers-finds/

Rather than simply changing the location where a particular piece of technology is deployed and moving it into someone else’s data center, many organizations are looking for something that actually behaves more like a turnkey service.

With that issue in mind, IBM today announced that it plans to make available 20 different cloud services this year that range from customer analytics as a service to mobile as a service.

Collectively part of a suite of services known as IBM Cloud Business Solutions, Sanjay Rishi, managing partner for cloud consulting services for IBM Global Business Services, says the goal is to give customers a more turnkey approach to cloud computing that more easily scales.

...

http://www.itbusinessedge.com/blogs/it-unmasked/ibm-to-launch-20-turnkey-cloud-services-in-2014.html

Massive security breaches, like the Target breach last December, and the infamous TJX breach in 2007, have something conspicuously in common: The data that would have enabled the companies to detect those breaches existed in their environments, and proper data analysis would have found them. The reason companies aren’t finding such breaches earlier is that they lack the data analytics talent necessary to do so.

I came away with that understanding from a recent interview with Alex Moss, a veteran IT security expert and managing partner at Conventus, an information security consulting firm in Chicago. The next generation of IT security pros, Moss says, will be data analysts.

Moss encapsulated the crux of the situation this way:

...

http://www.itbusinessedge.com/blogs/from-under-the-rug/next-generation-of-it-security-pros-will-be-data-analysts-expert-says.html

PwC Japan has published a detailed report following a survey of Japanese IT organizations.

‘IT-BCP Survey 2014 Report’ is based on a survey PwC Japan conducted between 2nd September 2013 and 13th October 2013.

The survey identified a wide gap between perceptions of the potential for disruption and the amount of continuity planning conducted.

Key findings included:

  • 42 percent of respondents experienced information system failure in the previous 12 months; and 30 percent of these experienced downtime of more than six hours.
  • 58 percent of respondents stated that their organizations had IT continuity measures in place, a reduction from a similar survey in 2012 which found that 69 percent had IT continuity measures in place.
  • Only 26 percent of respondents have identified all the important information systems that must be recovered immediately to resume business activities; and only 20 percent have decided on recovery priorities for information systems.
  • 41 percent of respondents have not conducted hands-on drills and exercises.
  • 90 percent of respondents reported that the upper management team had not participated in training and exercises in the past 12 months.

Read the full survey report as a PDF.

Just think how exciting the world of disaster recovery has become. What used to be exclusively tape storage has branched out into all kinds of disk storage, virtual snapshots, deduplication and cloud object storage. That’s great for DR managers, right? Not so fast. One of the central elements of disaster recovery is risk mitigation, which has its counterpart in job security – as in ‘I don’t want to get fired because I lost data using a new technology that failed’. The Chinese have an ancient curse that reflects this situation: ‘May you live in interesting times’. Are new disaster recovery solutions a curse for the busy DR manager or a chance to reduce stress while increasing resilience?

...

http://www.opscentre.com.au/blog/disaster-recovery-horses-for-courses-and-other-metaphors/

JACKSON, Miss. – It was April 28 when tornadoes swept from west to east across Mississippi, the beginning of five days of severe storms that also brought rain and flooding. The National Weather Service confirmed 23 tornadoes in the state and 14 deaths. More than 1,200 homes and 90 businesses were destroyed or sustained major damage. Approximately 2,000 homes and 200 businesses were damaged in some way. Two days into the event, Governor Phil Bryant’s request for a federal disaster declaration was granted by President Obama.

A dozen counties were so badly damaged they soon qualified for federal Individual Assistance to help individuals and households. Public Assistance was also included to help local governments, and certain private nonprofits in 10 counties.

The American Red Cross quickly opened shelters for those displaced by the tornadoes and eventually operated six shelters which provided 678 overnights stays, 21,512 meals and 25,721 snacks by the time they closed. The Salvation Army opened eight mobile kitchens (“Canteens”) and three fixed feeding sites. They served 10,256 meals, 13,547 beverages and 7,328 snacks.

...

http://www.fema.gov/news-release/2014/05/28/whole-community-rapid-response-marks-first-thirty-days-recovery

The health care industry has had its share of cybersecurity breakdowns over the years. The vast majority of health care organizations have suffered at least one data breach within the last two years, according to a Doctor’s Lounge article, but the article goes on to say that the number of organizations with five or more breaches has decreased. That’s good news, I guess, but you have to wonder why these health care companies are having so many breaches.

Earlier this year, the Identity Theft Resource Center revealed that the health care industry suffered 43 percent of all the breaches that occurred in 2013. It’s not hard to figure out why health care is targeted so often. These organizations hold massive amounts of intensely personal data.

As Jason Fredrickson, senior director of enterprise application development at Guidance Software, said to me during a conversation we had last week, the personally identifiable information (PII) is only one part of the data breach equation. It is the one that tends to get all of the attention, and to be honest, the majority of data breaches involving health care involve patient records. However, Fredrickson said there is a much bigger and scarier security breach looming within the health care industry:

...

http://www.itbusinessedge.com/blogs/data-security/the-complicated-matter-of-health-care-data-security.html

Network World — Generally thought of as having up to 500 employees, small businesses constitute the vast majority of companies in the United States, making them a critical part of the economy. Their customers naturally expect personal and financial data to be kept secure, and a data breach is a painful and expensive ordeal. Like the larger enterprises, small businesses that accept payment cards have to follow Payment Card Industry rules. It can be daunting for a small business that may not even have an IT department to think about how to tackle network security.

...

http://www.cio.com/article/753357/10_IT_Security_Risks_That_Small_Businesses_Can_t_Afford_to_Ignore

Continuity Central is currently conducting a wide-ranging survey into business continuity software usage. There has been a good response so far and, with two weeks to go until the survey closes, here is a taste of the trends that are emerging:

Business continuity software usage is not ubiquitous

51 percent of survey respondents use specialist business continuity software to build, review or manage any aspect of their business continuity plan or business continuity management system. 49 percent do not.

Individual software packages are the order of the day

83 percent of respondents who use specialist business continuity software use only one business continuity software package. 17 percent use more than one.

Most users use business continuity software for BIAs and for business continuity plans

The survey asked respondents to identify the different areas within a business continuity management system where they use specialist business continuity software. The results so far show that usage is focussed on BIAs and on business continuity plan writing and updating.

The figures below gives a usage breakdown:

Question: If you use business continuity software in your organization, which of the following do you use it for?

  • Manage and update business continuity plans: 82.61%
  • Write and develop business continuity plans: 80.43%
  • Carry out BIAs: 80.43%
  • Conduct tests and exercises: 63.04%
  • Audit business continuity management systems: 58.70%
  • Conduct risk assessments: 58.70%
  • Manage and co-ordinate your incident / crisis management response: 58.70%
  • Carry our post-incident reviews: 41.30%
  • Raise awareness of business continuity within the wider organization: 32.61%
  • Train business continuity personnel: 30.43%
  • Carry out benchmarking activities: 28.26%

Market analysis

The full survey results, published after the survey closes on 13th June, will provide an analysis of the different business continuity software packages being used by respondents. Overall, most users seem to be reasonably satisfied with their business continuity software: with the highest satisfaction scores being in the areas of 'customer care and support' and 'value for money'. 'Ease of use' is the area where users seem to be the least satisfied.

Take part

To take part in the survey go to https://www.surveymonkey.com/s/bcsoftware

Wednesday, 28 May 2014 14:36

Crisis communications and the CEO

By Jim Preen

These days, CEOs have to be visible in an emergency. If the media feels they’re hiding, questions will be asked. Why’s she not taking responsibility? What’s he got to hide?

Part of the problem for a CEO is the huge switch that happens to their lives in a crisis: a switch that goes to the very heart of what it means to be a boss.

Over the years a chief executive rises to the top of the corporate ladder, is well remunerated, but saddled with heavy responsibilities. Naturally their staff and others treat them with a great deal of deference and respect, but outside their own sector they are often unknown to the general public. They are high profile to their staff, but remain, in most cases, private citizens.

...

http://www.continuitycentral.com/feature1184.html

By Joel Dolisy

Last year, some of the largest and most well-known brands across the globe, including Google, Facebook and Twitter, experienced interruptions to their services due to network outages. Whether these organizations experienced downtime due to internal network errors or full blown [Distributed] Denial of Service [D]DoS attacks, the costs to their reputations and, is some cases, their revenues, proved significant.

Which is the greater threat?

While media reports tend to hype-up the presence of hackers, the reality is that most outages are caused by an organization’s own network. A recent Gartner study projected that by 2015, 80 percent of outages impacting mission-critical services will be caused by people and process issues, and more than 50 percent of those outages will be caused by change/configuration/release integration and hand-off issues. In fact, both Xbox LIVE and Facebook recently suffered network outages from configuration errors during routine maintenance, and while the state of China blamed its outage on hackers, some independent watchers believe it was actually due to an internal configuration error in the firewall.

...

http://www.continuitycentral.com/feature1183.html

During a recent TechTarget podcast, THINKstrategies founder Jeff Kaplan shared a funny little encounter he had at a conference. Let’s see if this sounds familiar to any of you.

He asked some veteran IT workers why they were attending a SaaS-related event. They smiled and responded: “They’ve come back.”

Of course that begged the question, “Who came back?” The intrepid IT vets explained that the business leaders who had so cavalierly signed up with SaaS solutions a few years ago have now realized they forgot a few things — like, oh, data integration. And so, these leaders have “come back” to IT for help with their SaaS problems.

...

http://www.itbusinessedge.com/blogs/integration/the-key-to-successful-saas-integration-due-diligence-on-vendors.html

CSO — There is no shame in being breached by a cyber attack -- security experts are unanimous about that. Prevention, while a worthy part of a risk management strategy, will never be 100% successful, given the sophistication and overwhelming volume of attacks.

But there is room for improvement -- vast improvement -- in the detection of breaches. A large majority of enterprises fail to detect breaches on their own -- they find out about them from somebody else, as a couple of recent reports show.

The security firm Mandiant, now part of FireEye, reported recently that while the average time it took to detect breaches declined slightly from 2012 to 2013, from 243A to 229 days (more than seven months), the number of firms that detected their own breaches actually dropped, from 37% to 33%.

...

http://www.cio.com/article/753281/Needed_Breach_Detection_Correction