Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 29, Issue 4

Full Contents Now Available!

Industry Hot News

Industry Hot News (6682)

CIO — CAMBRIDGE, Mass. — The debate about technology in the enterprise used to focus on hope vs. fear. Now it's fear vs. fear — specifically, the fear of becoming the next Target vs. the fear that technology will eat your lunch, says Narinder Singh, president of [topcoder] and chief strategy officer at Appirio.

Just as we recognized that MIT Sloan CIO Symposium also suggest that digitization drives innovation. As one example, Peter Weill, chairman of the MIT Center for Information Systems Research, points to Orange Money, which lets Orange mobile phone customers in rural, developing nations access previously off-limits financial services.

...

http://www.cio.com/article/753256/7_Ways_CIOs_Should_Prepare_for_the_Digital_Enterprise

Computerworld — IT departments need to watch out for business units or even individual workers going rogue and bypassing IT to go straight to the cloud.

Theres a tug-of-war tension in the enterprise right now, said Gartner analyst Lydia Leong. IT administrators very rarely voluntarily want to go with the public cloud. I call this the turkeys dont vote for thanksgiving theory. The people who are pushing for these services are not IT operations people but business people.

When marketing, events or other corporate business units conclude that IT is dragging its feet on the way to the cloud, the contract for the services themselves. IT often doesn't discover the move until oit shows up in the tech expenses papers.

...

http://www.cio.com/article/753252/Business_Users_Bypass_IT_and_Go_Rogue_to_the_Cloud

Hands up all those in favour of a cost centre. Nobody – just as we thought! Now, hands up all those who’d like a new profit centre. Ah, much better! With the trend to define business operations in terms of the net profit they generate, instead of the expense to be funded, your next clear contributor to a healthy bottom line could be business continuity management. The general benefits have always been there, for example, better risk management and enhanced organisational reputation. However, it’s not always been easy to put a figure on their effect. The factors below open up new possibilities.

...

http://www.opscentre.com.au/blog/making-a-profit-centre-out-of-business-continuity-management/

I’ve always felt a little fuzzy about the difference between analytics, business intelligence and business analytics.

It seems there’s good reason for that: You’ll discover quite a bit of variance in how they’re defined, as a recent InformIT post shows.

The piece is actually a chapter from “Business Analytics Principles, Concepts and Applications: What, Why and How,” by Marc J. Schniederjans, Dara G. Schniederjans and Christopher M. Starkey. The chapter sets out definitions for each of these terms, starting with the more general term, analytics.

...

http://www.itbusinessedge.com/blogs/integration/whats-the-difference-between-ba-bi-and-plain-ole-analytics.html

S&P 500 companies are seeing climate change related risks increase in urgency, likelihood and frequency, with many describing significant impacts already affecting their business operations, according to a new report from CDP, which collects environmental performance information on behalf of investors.

Reported risks affect companies in all economic sectors and include damage to facilities, reduced product demand, lost productivity and necessitated write-offs, often with price tags reaching millions of dollars.

Forty five percent of the risks S&P 500 companies face from extreme weather and climate changes are current, or expected to fall within the next one-to-five years, up from 26 percent just three years ago.

The S&P 500 companies also indicate that 50 percent of these risks range from “more likely than not” to “virtually certain” up from 34 percent three years ago.

"Dealing with climate change is now a cost of doing business" says Tom Carnac, President of CDP in North America. "Making investments in climate change related resilience planning both in their own operations and in the supply chain has become crucial for all corporations to manage this increasing risk".

Around 60 companies describe the current and potential future risks and their associated costs in the research, which highlights excerpts from the companies’ disclosures to their investors between 2011 and 2013.

The report is available at https://www.cdp.net/CDPResults/review-2011-2013-USA-disclosures.pdf

Traditional approaches to cybersecurity are no longer working and organizations that fail to update their strategies run the risk of significant financial and reputational damage. This was the major insight from the inaugural IT Leaders’ Roundtable events hosted by Protiviti and Robert Half Technology, which were attended by chief information security officers (CISOs) from a range of private and public sector organizations.

The main challenge lies in communication between CISOs/IT and the board, reported attendees. While boards of directors are aware of the risks associated with cyber crime, partly because of recent high profile attacks in the news and partly because of guidance from GCHQ and other government bodies, they tend to view expenditure on measures to tackle cyber crime as overheads, rather than risk mitigation.

...

http://www.continuitycentral.com/news07216.html

Organizations seeking to improve the security and management of their data now have access to a new blueprint for successful information governance, a framework for organizations looking to define the roles, policies, processes and metrics required to properly manage the lifecycle of information, including creation, storage, access, and disposal.

Developed by a group of records and information management professionals in the financial services industry and published by Iron Mountain Incorporated, ‘A Practical Guide to Information Governance’ provides organizations with advice for creating and implementing the policies and processes needed to manage information risk and satisfy compliance requirements.

A Practical Guide to Information Governance focuses on several key areas for building information governance programs, including:

...

http://www.continuitycentral.com/news07217.html

Tuesday, 27 May 2014 15:24

Information - friend or foe?

Information is both a risk and a resource when thinking about organisational resilience, including business continuity. There are plenty of examples of information losses that have caused major embarrassment, cost a considerable amount of money to resolve and resulted in a loss of trust as well as clients. These have included hacking and cyber attack problems, lost memory devices, leaving files on the train or selling off filing cabinets with records still in them. They even involve being photographed on the way to an important meeting carrying a document the content of which can be easily read from the photographs. Organisations involved have ranged from small business to multi-nationals and public sector bodies. The nature of information as a risk is well publicised, as a result, even if after the fact of its loss. The assessment and treatment of information risks is perhaps less well understood in practice as such losses continue to occur. How well thought through is your information risk strategy? Do you fully understand the nature of this risk and have you treated it properly? No one wants to see his or her organisation’s reputation in the gutter due to the loss of sensitive information, be it commercial or personal.

...

http://thebceye.blogspot.com/2014/05/information-friend-or-foe.html

All BCM program components must be validated prior to any disaster ever occurring; the more validation performed, meaning the more tests with varying situations and scenarios are performed, the better the overall Crisis Management plan and strategy will achieve. The problem is that all too often an organization will draft a crisis management strategy (contained within the crisis management plan) and believe that it will work as documented. This isn’t always the case and in too many instances, it can prove to be detrimental to an organization when it’s experiencing a major business interruption – regardless of the trigger.
There are many indicators to show an organization that what it’s doing isn’t working and that the strategy they are currently working with needs an immediate change.


Disasters and crises can present many challenges for organization and an organization should no compound their own problems by not being alert to early signals that they might be heading down the wrong road.


Below are just a few of those early warning signs that can help an organization amend its crisis communication strategy (the plan) to ensure it doesn’t end up losing control of the overall situation.

...

http://stoneroad.wordpress.com/2014/05/25/crisis-communications-11-ways-to-recognize-that-it-may-not-be-working/

ISO27001, the standard for information security, has recently had a face-lift. It is claimed that ISO27001 is the second largest selling management systems standard in the world and one might assume that this means there has been a significant uptake in its global implementation. The numbers of standards sold is not too surprising. It has been around since 2007 and was essentially derived from BS7799 (1995) and ISO17799 (2000), so information security professionals have had two decades to get used to it. How influential it has been in changing attitudes to security is less clear, some see it as the most important landmark in getting to topic on the management agenda; others see it as too inflexible and procedure based to help counter the real threats posed today by cyber criminality.

...

http://thebceye.blogspot.com/2014/05/is-iso27001-effective-in-dealing-with.html

 
undefined

Some of the most senior and experienced people in the business continuity industry got together in Amsterdam on the 21st and 22nd May for the annual BCI Executive Forum, a networking and thought leadership event that addressed the future challenges to the industry. The theme for the Executive Forum was resilience and the need business continuity to become a part of the strategic direction of the organization to ensure that it is able to respond and adapt to a changing envoronment.

On day one of the Forum, renowned futurologist – Dr James Bellini – took delegates through his vision of what the world may look like in 5, 10 or perhaps even 15 years and what this could mean for organizations and those charged with managing them. These visions looked at the changing demographics and economies of the world and the development of technology:

  • Issues of an urban world – as populations are rapidly moving away from rural areas and into cities, and as these cities therefore become larger, what does this mean for their infrastructure and the socio-economic culture that develops within that city.
  • Smart cities – Technology is developing at a dramatic rate with more and more of our environment becoming digitally connected. Placing such reliance on this technology clearly has its benefits, but it also comes with risks.
  • Implications of western renaissance – as the BRIC economies expand as well as those of developing countries, it perhaps no longer makes them the cheaper option for outsourcing. Complex supply chains could be drawn back into the traditional economies, changing the dynamics of that region.

Day two of the conference looked at specific industries with the financial sector, public sector and manufacturing and retail all featuring. Experts in these fields talked through what the challenges were and how they overcame them and this was followed by a discussion on what the wider implications could be of a changing world and deciding upon some actions that the industry needs to take.

The key discussions and action points that came out of the Executive Forum will be published in a report towards the end of June and this will be available free of charge to Statutory Members of the BCI, or it can be purchased from the BCI Shop. The report will be supported by a webinar that can be registered for by clicking here.

CIO — Technology today, particularly big data and analytics, is disrupting roles throughout the enterprise, whether it's the CIO that needs to seek new ways to be a strategic partner to the business or the CMO constantly faced with decisions about technology that can make the marketing function more data-driven and efficient. Even the CFO role is not immune.

"The CFO doesn't really have to be a technologist, but they have to understand how the power of technology can help them do their job," says Nicole Anasenes, CFO of enterprise software solutions specialist Infor. "The pressures on the CFO are not terribly different than they've always been, but the interconnectedness of the world and the rate of change adds to it. They need to react to change quickly with speed and flexibility."

Anasenes was a panelist at the Bloomberg CFO Summit this week on the topic: "Dealing with New Technology and Building a Business Case for It."

...

http://www.cio.com/article/753147/Does_the_CFO_Need_to_Become_a_Technologist_

IDG News Service (Boston Bureau) — A printer that connects to the Web may pose as great a risk to enterprise security as an OS vulnerability, but yet companies worry about the latter and too often ignore the former, said a CTO during a discussion at MIT.

With more devices gaining Web connectivity as part of the Internet of Things movement, hackers have greater opportunities to exploit weaknesses, said Patrick Gilmore, CTO of data-center and telecommunications service provider the Markley Group. The people who write software for printers may not be worried about security, he said.

"No one talks about what if your printer is hacked and every document your CEO printed is posted to a blog," he said.

...

http://www.cio.com/article/753129/Iot_Cloud_Computing_Nation_state_Threats_Redefining_Enterprise_Security_Panelists_Say

You may not think about information governance as a cost-saving measure, but it turns out, it can potentially save you millions.

That’s because most companies are so worried about regulatory compliance, they overshoot on data retention, according to a recent CIO.com column by Actiance Vice President Doug Kaminski.

More than 70 percent of data stored in discovery collections has no business, legal or regulatory value, Kaminski writes, citing findings by the Compliance, Governance and Oversight Council (CGOC).

...

http://www.itbusinessedge.com/blogs/integration/how-data-governance-can-cut-costs-up-and-down-stream.html

El Niño expected to develop and suppress the number and intensity of
tropical cyclones

2014 Atlantic Hurricane Outlook graphic

2014 Atlantic hurricane outlook.

Download here (Credit:NOAA)

In its 2014 Atlantic hurricane season outlook issued today, NOAA’s Climate Prediction Center is forecasting a near-normal or below-normal season.

The main driver of this year’s outlook is the anticipated development of El Niño this summer. El Niño causes stronger wind shear, which reduces the number and intensity of tropical storms and hurricanes. El Niño can also strengthen the trade winds and increase the atmospheric stability across the tropical Atlantic, making it more difficult for cloud systems coming off of Africa to intensify into tropical storms.

The outlook calls for a 50 percent chance of a below-normal season, a 40 percent chance of a near-normal season, and only a 10 percent chance of an above-normal season.  For the six-month hurricane season, which begins June 1, NOAA predicts a 70 percent likelihood of 8 to 13 named storms (winds of 39 mph or higher), of which 3 to 6 could become hurricanes (winds of 74 mph or higher), including 1 to 2 major hurricanes (Category 3, 4 or 5; winds of 111 mph or higher).

These numbers are near or below the seasonal averages of 12 named storms, six hurricanes and three major hurricanes, based on the average from 1981 to 2010. The Atlantic hurricane region includes the North Atlantic Ocean, Caribbean Sea and Gulf of Mexico.

“Thanks to the environmental intelligence from NOAA’s network of earth observations, our scientists and meteorologists can provide life-saving products like our new storm surge threat map and our hurricane forecasts,” said Kathryn Sullivan, Ph.D., NOAA administrator. “And even though we expect El Niño to suppress the number of storms this season, it’s important to remember it takes only one land falling storm to cause a disaster.”

Satellite view of Humberto, the first of only two Atlantic hurricanes in 2013.

Humberto was the first of only two Atlantic hurricanes in 2013. It reached peak intensity, with top winds of 90 mph, in the far eastern Atlantic.

Download here (Credit:NOAA)

Gerry Bell, Ph.D., lead seasonal hurricane forecaster with NOAA’s Climate Prediction Center, said the Atlantic – which has seen above-normal seasons in 12 of the last 20 years – has been in an era of high activity for hurricanes since 1995. However, this high-activity pattern is expected to be offset in 2014 by the impacts of El Niño, and by cooler Atlantic Ocean temperatures than we’ve seen in recent years.

“Atmospheric and oceanic conditions across the tropical Pacific are already taking on some El Niño characteristics. Also, we are currently seeing strong trade winds and wind shear over the tropical Atlantic, and NOAA’s climate models predict these conditions will persist, in part because of El Niño,” Bell said. “The expectation of near-average Atlantic Ocean temperatures this season, rather than the above-average temperatures seen since 1995, also suggests fewer Atlantic hurricanes.”

NOAA is rolling out new tools at the National Hurricane Center this year. An experimental mapping tool will be used to show communities their storm surge flood threat. The map will be issued for coastal areas when a hurricane or tropical storm watch is first issued, or approximately 48 hours before the anticipated onset of tropical storm force winds. The map will show land areas where storm surge could occur and how high above ground the water could reach in those areas.

Early testing on continued improvements to NOAA’s Hurricane Weather Research and Forecasting model (HWRF) shows a 10 percent improvement in this year's model compared to last year. Hurricane forecasters use the HWRF along with other models to produce forecasts and issue warnings.  The HWRF model is being adopted by a number of Western Pacific and Indian Ocean rim nations.

 NOAA’s seasonal hurricane outlook is not a hurricane landfall forecast; it does not predict how many storms will hit land or where a storm will strike. Forecasts for individual storms and their impacts will be provided throughout the season by NOAA’s National Hurricane Center.

"It only takes one hurricane or tropical storm making landfall to have disastrous impacts on our communities," said Joe Nimmich, FEMA associate administrator for Response and Recovery. "Just last month, Pensacola, Florida saw five inches of rain in 45 minutes – without a tropical storm or hurricane. We need you to be ready. Know your risk for hurricanes and severe weather, take action now to be prepared and be an example for others in your office, school or community. Learn more about how to prepare for hurricanes at www.ready.gov/hurricanes."

Next week, May 25-31, is National Hurricane Preparedness Week. To help those living in hurricane-prone areas prepare, NOAA offers hurricane preparedness tips, along with video and audio public service announcements in both English and Spanish, featuring NOAA hurricane experts and the FEMA Administrator at www.hurricanes.gov/prepare.

NOAA’s outlook for the Eastern Pacific basin is for a near-normal or above-normal hurricane season, and the Central Pacific basin is also expected to have a near-normal or above-normal season. NOAA will issue an updated outlook for the Atlantic hurricane season in early August, just prior to the historical peak of the season.

NOAA’s mission is to understand and predict changes in the Earth's environment, from the depths of the ocean to the surface of the sun, and to conserve and manage our coastal and marine resources. Join us on FacebookTwitter and our other social media channels.

Friday, 23 May 2014 14:58

BCI European Awards

undefined

The 2014 BCI European Awards took place on Wednesday 21st May at a Gala Dinner to coincide with the Executive Forum in Amsterdam. The BCI European Awards are held each year to recognise the outstanding contribution of business continuity professionals and organizations living in or operating in Europe.

The Winners of the Awards were:

Business Continuity Consultant of the Year
Bill Crichton FBCI

Public Sector Business Continuity Manager of the Year
James McAlister MBCI

Business Continuity Manager of the Year
Werner Verlinden FBCI

Business Continuity Innovation of the Year
Pinbellcom Limited

Business Continuity Provider of the Year (Product)
Phoenix

Business Continuity Service of the Year (Service)
Continuity Shop

Business Continuity Team of the Year
Marks & Spencer

Most Effective Recovery of the Year
EDP Distribucao

Industry Personality of the Year
Andy Tomkinson MBCI


Congratulations to all the winners and well done to all those who were nominated. As always the standard of entries was high and the judges had some difficult decisions to make.

All winners from the BCI European Awards 2014 will be automatically entered into the BCI Global Awards 2014 which take place in November during the BCI World Conference and Exhibition 2014.

undefined

Over 100 industry leaders and experts in the field of business continuity and its related disciplines got together to share ideas, vision and take home best practices that will help build organizational resilience at the first ever BCI Middle East Conference and Exhibition held at The Address, Dubai Marina. The event was organized by the Middle East Member Firm Protiviti, a global consulting firm.

The two day event titled 'Business Continuity: Building a Resilient Middle East' saw practitioners brainstorm on various aspects of business continuity and risk management that are of relevance in today’s challenging business environment. Putting its business continuity expertise to use, Protiviti designed the sessions to focus on tackling the industry pain points by discussing the specifics within each sector, which was supplemented by success stories for others to emulate.

One of the highlights of the event was the keynote speech by Abdul Mohsin Ibrahim Younes, Chief Executive Officer, Strategy and Corporate Governance, Roads and Transport Authority (RTA), Dubai. He shared RTA’s vision around 'Safe and smooth transport for all' and elaborated the measures in place to execute the plan.

Speaking about the event, Lorraine Darke, Executive Director at the Business Continuity Institute, said: “The commitment that Protiviti put into making this event a success is recognized and truly appreciated. The event provided delegates with valuable learning experience, which we are sure will help drive critical organizational change in the region.”

Senthil Kumar, Protiviti’s Managing Director, said: “The first Middle East conference aimed to give business continuity practitioners some real insight into solutions, latest researches, techniques and best practices. We are glad we achieved it with much success. We would like to thank each and every delegate, sponsor and exhibitor who made this possible.”

Heartbleed and the OAuth and OpenID vulnerabilities have created a lot of questions about open source security. And Zack Whittaker writes in this article in ZDNet that these vulnerabilities aren’t out of the norm:

Many millions of Java-based and other open source applications are vulnerable to flaws that have been around for, in some cases, years. And even up to today, they are being downloaded.

But in an InformationWeek commentary, Michele Chubirka writes that open source isn’t any worse than commercial or closed source software:

...

http://www.itbusinessedge.com/blogs/data-security/heartbleed-response-creating-more-secure-open-source-software.html

Thursday, 22 May 2014 18:23

Risk: A Game of Thrones

HBO, the producer of ”made for TV” award-winning shows, is renowned for its high-quality programming, documentaries and event TV.  One of HBO’s hit shows, A Game of Thrones, is based on the A Song of Ice and Fire series of fictional novels by George R.R. Martin, the first installment of which was published in 1996.  The title of the show comes from a proverb that the Queen Cersei quotes in the novel: “When you play the game of thrones, you win or you die.  There is no middle ground.”

The series has more plot twists than a murder mystery and captures the imagination.  There is no shortage of drama, intrigue and, of course, obligatory gratuitous sex.  But what does this have to do with risk management?

A Game of Thrones is a great metaphor for how human behavior can radically change the course of events, including the downfall of empires (oops, I meant to say corporations).  Fiction is a reflection of real human behavior.  In fact, “conduct risk” may be the hardest risk to manage simply because it permeates every aspect of business life.  Conduct risk is the manifestation of every decision an employee of a firm makes to either act ethically or take advantage of opportunities for self-indulgence.  Given the temptations of wealth, power and access to resources only available to senior executives, it should not be surprising that fraud occurs.  Yet each time it happens, we sit back in awe and judgment, condemning bad behavior.  Seldom is this behavior condemned, though, before it causes catastrophic failure.

...

http://www.corporatecomplianceinsights.com/risk-a-game-of-thrones/

Money alone can’t buy happiness, and technology by itself can’t buy disaster recovery – but they can both help significantly! IT disaster recovery management needs thought, planning and training of personnel; being aware of what technology has to offer is an important part of this. Check our handy ten-point list below to see if you’re making the most of what’s available.

Archiving systems. Use these to store data no longer needed on a daily basis, but which must still be kept. Archiving is complementary to backup, but not the same....

http://www.opscentre.com.au/blog/a-quick-guide-to-it-disaster-recovery-technology/

Like most companies, small to midsize businesses (SMBs) are on the lookout to save money and simplify complexities of day-to-day tasks. Many SMBs already have a small (or non-existent) IT staff, so creating efficiencies in workflows and access to information for employees is often not top of mind. However, the increasing role of desktop virtualization in the enterprise is spreading to include those smaller businesses and can help with efforts toward increased efficiency.

Today, client virtualization company NComputing announced that it will provide a new desktop as a service (DaaS) solution to select service providers around the U.S. and other countries. In fact, the first provider to offer the DaaS solution to SMBs is So-net Corporation, a member of the Sony group, which is located in Japan.

...

http://www.itbusinessedge.com/blogs/smb-tech/smbs-to-benefit-from-daas-solution-from-ncomputing.html

Thursday, 22 May 2014 18:19

Warning: Big Data Road Bump Ahead

My friend and I have a running joke. We’ve decided we liked 35 so much, we’re going to stick with it for a decade or so.

Okay, it’s not particularly clever, but to us, it was worth a quick laugh. It probably wouldn’t be so funny if I handled data quality at Paytronix, a company that manages customer loyalty programs for restaurant chains.

When Paytronix analyzed its data quality, it found that approximately 10 percent of customers lie about their age. Another 18 percent leave it blank. Couple that with about 25 percent of restaurants that don’t even ask, and you’ve got a real problem with a significant demographic identifier.

...

http://www.itbusinessedge.com/blogs/integration/warning-big-data-road-bump-ahead.html

Thursday, 22 May 2014 17:17

Turning Big Data into Big Knowledge

Big Data is not just the latest fad to hit the enterprise, it’s an obsession. On the one hand is the fear of constructing the infrastructure capable of handling massive volumes, and on the other is the anticipation of all the advantages to be gained by mining and analyzing that data.

New research from QuinStreet Enterprise reveals that more than three quarters of all organizations consider Big Data a top priority in the coming year, citing the need to foster speed and accuracy in the decision-making process as a key driver. Interestingly, it seems that Big Data is not just the province of the Big Enterprise either. More than 70 percent of mid-sized companies are also planning Big Data initiatives.

...

http://www.itbusinessedge.com/blogs/infrastructure/turning-big-data-into-big-knowledge.html

Thursday, 22 May 2014 17:16

Piracy Incidents Down

Steps taken by the international maritime community have paid off, reducing the threat of piracy in the Arabian Sea’s Gulf of Aden, according to the Allianz Global Corporate & Specialty Safety and Shipping Review 2014. The number of ships seized and hostages taken was down significantly in 2013. According to the International Maritime Bureau (IMB), piracy at sea is at the lowest level in six years—264 attacks were recorded worldwide in 2013, a 40%drop since Somali piracy peaked in 2011. There were 15 incidents reported off Somalia in 2013, including Gulf of Aden and Red Sea incidents—down from 75 in 2012, and 237 in 2011 (including attacks attributed to Somali pirates in the Gulf of Aden, Red Sea and Oman).

But while the number of incidents in this region has gone down, piracy attacks in other areas have increased in frequency, notably Indonesia and off the west coast of Africa. While most of these Indonesian attacks remain local, low level opportunistic thefts carried out by small bands of individuals, a third of the incidents in these waters were reported in the last quarter of 2013, meaning there is potential for such attacks to escalate into a more organized piracy model unless they are controlled.

...

http://www.riskmanagementmonitor.com/piracy-incidents-down

Following the occurrence of a disruptive incident to your organization, what is your perception of how prepared your organization is to properly respond to that event and to provide a repeatable approach to minimize downtime resulting from that event? Do you believe that disaster preparedness is present in the planning capability or culture of your organization?
Unfortunately, observed results of organizations reactions to disasters in many organizations, indicate that a “business continuity management” “BCMS) awareness is often not given enough attention.

Once your organization is able to address this component as one it’s growing requirements in maintaining a “keeping the doors open” approach to running its business, then, hopefully “planning” will begin to be recognized as a necessary discipline to implement into its own corporate culture.

 

LINCROFT, N.J. -- The New York and New Jersey Sandy Recovery field offices are supporting a national initiative to maximize resilience and minimize risk. FEMA is encouraging those rebuilding from Hurricane Sandy to join the agency in its recognition of the 34th annual Building Safety Month (BSM) to promote the importance of high building standards, protecting the environment and saving energy.

BSM is a public awareness campaign established by the International Code Council (ICC). The global campaign focuses on public outreach and education to increase the overall safety and sustainability of buildings through the adoption of model building codes and promotion of code enforcement—elements for New York and New Jersey to consider as the area rebuilds after the storm.

Those in the affected states—and nationwide—can avail themselves of FEMA’s Building Science Department online and print information about various natural and man-made disasters and how they affect building safety. The agency introduces basic concepts used to design new or retrofitted buildings. Also offered are measures to increase resilience against future disasters while retaining or elevating efficiency—a two-pronged approach in dealing with climate change.

For the fourth consecutive year, President Obama has proclaimed May as National Building Safety Month to underscore the role that safe building codes and standards play in decreasing the effects of disasters and making the nation resilient. Building codes protect citizens from disasters like fires, flooding and weather-related events like Hurricane Sandy and structural collapse.

The overarching theme of BSM is Building Safety: Maximizing resilience, minimizing risks with sub-themes for each of its respective four weeks: fire, weather, yard and outdoor safety, and for the final week of the campaign, Building a brighter, more efficient tomorrow.   

For more information, on FEMA’s Building Science Branch, visit www.fema.gov/building-science. More information on Building Safety Month is at: www.buildingsafetymonth.org and www.iccsafe.org.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Wednesday, 21 May 2014 14:35

BCI India Awards

undefined

The 2014 BCI India Awards took place on Monday 19th May at a Gala Dinner to coincide with the second Business and IT Resilience Summit in Mumbai. The BCI India Awards are held each year to recognise the outstanding contribution of business continuity professionals and organizations living in or operating in India.

The Winners of the Awards were:

Business Continuity Manager of the Year
Dhirendra Kumar MBCI 

Business Continuity Consultant of the Year
Saurabh Agarwal 

Business Continuity Team of the Year
Reliance Life Insurance

Business Continuity Innovation of the Year
IBM

Business Continuity Provider of the Year (Service)
Sungard Availability Services

Business Continuity Provider of the Year (Product)
Sungard Availability Services

Industry Personality of the Year
Chittarajan Kajwadkar MBCI

Congratulations to all the winners and well done to all those who were nominated. As always the standard of entries was high and the judges had some difficult decisions to make.

All winners from the BCI India Awards 2014 will be automatically entered into the BCI Global Awards 2014 which take place in November during the BCI World Conference and Exhibition 2014.

In this age of Big Data, mobile communications and the Internet of Things, virtually everyone in the IT industry is aware of the need for scale. But even with dynamic cloud architectures at the ready, is there such a thing as too much scale? And are there right ways and wrong ways to implement scalability across data center infrastructure?

To hear infrastructure vendors tell it, scalability should be the top priority for enterprises across the board. And indeed, as Apcon CEO Richard Rauch told CIOL recently, with increased traffic soon to be coming from virtually everything we touch, data center infrastructure will have to scale in order to meet the availability and reliability levels that we have come to expect. For a networking company like Apcon, this means advanced switching capabilities that support non-blocking connectivity and heavy traffic flows, along with the visibility tools needed to keep an eye on things.

...

http://www.itbusinessedge.com/blogs/infrastructure/scalability-for-the-real-world-not-the-imagined-one.html

DENVER – A year ago Tuesday, on May 20, an EF5 tornado struck Moore, Oklahoma, killing 24 and leaving a 17-mile trail of destruction.

The anniversary is a poignant reminder of the importance of preparing for tornadoes, point out emergency managers from the Federal Emergency Management Agency (FEMA). The United States gets 75 percent of the world’s tornadoes, on average more than 1,100 per year.

FEMA’s Ready.gov website (http://www.ready.gov/) provides these suggestions for what to do before, during and after a tornado:

BEFORE

  • Build an emergency kit and make a family communications plan.
  • Listen to electronic media for the latest information. In any emergency, always listen to the instructions given by local emergency management officials.
  • Be alert to changing weather conditions. Look for approaching storms.
  • Look for the danger signs: a dark, often greenish sky; large hail; a large, dark, low-lying cloud (particularly if rotating); and a loud roar, similar to a freight train.
  • If you see approaching storms or any of the danger signs, be prepared to take shelter immediately.

DURING

If you are under a tornado warning, seek shelter immediately!  Most injuries associated with high winds are from flying debris, so remember to protect your head.

If you are in a building, go to a pre-designated area such as a safe room, basement, storm cellar, or the lowest building level. If there is no basement, go to the center of a small interior room on the lowest level (closet, interior hallway) away from corners, windows, doors, and outside walls. Put as many walls as possible between you and the outside. Get under a sturdy table and use your arms to protect your head and neck. In a high-rise building, go to a small interior room or hallway on the lowest floor possible. Do not open windows.

If you are in a manufactured home or office, get out immediately and go to a pre-identified location such as the lowest floor of a sturdy, nearby building or a storm shelter. Mobile homes, even if tied down, offer little protection from tornadoes.

If you are outside with no shelter, there is no single research-based recommendation for what last-resort action to take because many factors can affect your decision. Possible actions include:

  • Immediately get into a vehicle, buckle your seat belt and try to drive to the closest sturdy shelter. If your vehicle is hit by flying debris while you are driving, pull over and park.
  • Take cover in a stationary vehicle. Put the seat belt on and cover your head with your arms and a blanket, coat or other cushion if possible.
  • Lie in an area noticeably lower than the level of the roadway and cover your head with your arms and a blanket, coat or other cushion if possible.
  • Do not get under an overpass or bridge. You are safer in a low, flat location.
  • Never try to outrun a tornado in urban or congested areas in a car or truck. Instead, leave the vehicle immediately for safe shelter.
  • Watch out for flying debris. Flying debris from tornadoes causes most fatalities and injuries.

AFTER

  • Check for injuries. Do not attempt to move seriously injured people unless they are in immediate danger of further injury. Get medical assistance immediately. If someone has stopped breathing, begin CPR if you are trained to do so. Stop a bleeding injury by applying direct pressure to the wound. Have any puncture wound evaluated by a physician. If you are trapped, try to attract attention to your location.
  • A study of tornado damage in Marion, Illinois, showed half of all tornado-related injuries came after the tornado, from rescue attempts, clean up, and so forth. Almost a third of the injuries came from stepping on nails.
  • Wear sturdy shoes or boots, long sleeves and gloves when handling or walking on or near debris.
  • Be very careful when entering any damaged structure, and use battery-powered light if possible rather than candles to minimize the danger of fire or explosions.
  • Be alert to the danger of fire, electrocution or explosions from damaged power and gas lines.
  • Continue to monitor your battery-powered radio or television for emergency information.
  • Never use any gasoline, propane, natural gas or charcoal-burning devices inside your home, basement, garage or camper, or even outside near an open window, door or vent. Carbon monoxide – an odorless, colorless gas that can cause sudden illness and death if you breathe it –can build up inside any enclose space and poison the people and animals inside. Seek prompt medical attention if you suspect CO poisoning and are feeling dizzy, light-headed or nauseated.

Research shows that most people wait until bad news is confirmed by a second source before taking action. With tornadoes, act first, emergency officials warn. Take shelter yourself, then be the second source that confirms the emergency for others by phone or social media.

A timeline of some of the most significant tornadoes to affect the six-state region covered by FEMA’s Denver regional office, with links for more information, is available at http://www.fema.gov/fema-region-8-tornado-timeline.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

The BCM program in many progressive enterprises focuses on Incident Readiness.  Integrating critical aspects of Planning, Incident Response and Incident Management, an Incident Readiness program aims to assure an organization is truly prepared to respond to any disruption of its day-to-day operations.  Incident Readiness may not be the right prescription for every BCM program; for some, BCM programs may simply be traditional ’3-ring binder’ Plans and table-top tests.  But for most, Incident Readiness may be the key to a successful BCM future.

In our two earlier blogs we defined Incident Readiness, and examined the requirements to implement it.  Finally, let’s look at the benefits: the tangible advantages of an Incident Ready BCM program:

...

http://ebrp.net/5-advantages-of-an-incident-readiness-program/

By Deborah Ritchie

A majority of UK businesses expect to increase their dependency on exports, despite being unaware of the associated risks. More than two-thirds (69%) of UK businesses expect to increase their dependency on exports over the next five years but many are ill-prepared to protect themselves against the risks they will encounter, according to a report by AIG, Trade & Export Finance and the Institute of Export.

Findings show that risk related to non-payment of goods and services is UK exporters’ biggest concern, cited by 42% of respondents. However, only 37% of companies purchase trade credit insurance (down from 40% in 2013 and 53% in 2012), while 49% of all companies rely on open account payment, according to the International Trade Survey 2014, the largest independent survey of its kind which captures the views of over 2,800 companies.

...

http://www.cirmagazine.com/cir/Export-dependent-businesses-oblivious-to-risks.php

Tuesday, 20 May 2014 17:31

Preparing for Hurricane Season

With less than two weeks weeks until the official start of the Atlantic hurricane season on June 1, organizations and homeowners alike are hoping that this year’s season mirrors that of 2013, which was one of the quietest in 30 years. So far, most experts are predicting another relatively calm year.

Philip Klotzbach and William Gray from Colorado State University’s Tropical Meteorology Project predicted below-average hurricane activity, with nine named stroms, three of which would be hurricance and only 1 would be a major hurricane (Category 3 or higher). According to their research, there is only a 35% chance of a major hurricane making landfall in the United States. the average for the last century has been 52%.

...

http://www.riskmanagementmonitor.com/preparing-for-hurricane-season/

We recently published part 1 of a new series designed to help organizations build resiliency against targeted attacks. In the spirit of Maslow, we designed our Targeted-Attack Hierarchy Of Needs. One factor that significantly drove the tone and direction of this research was Forrester client inquiries and consulting. Many organizations were looking for a malware sandbox to check off their targeted attack/advanced persistent threat/advanced threat protection/insert buzzword needs. Malware analysis has a role in enterprise defense, but focusing exclusively on it is a myopic approach to addressing the problem.  

Part 1 of the research is designed to help organizations broaden their perspective and lay the foundation for a resilient security program. Part 2 (currently writing at a non George R.R. Martin pace) will move beyond the basics and address strategies for detecting and responding to advanced adversaries. Here is a preview of the research and the six needs we identified:

...

http://blogs.forrester.com/rick_holland/14-05-19-introducing_forresters_targeted_attack_hierarchy_of_needs

If most problems are due to human error, the next metric for understanding risk and business impact might just be the stupidity index. It’s a somewhat tricky concept in a business sense, because stupidity is often context-dependent. The Peter Principle points this out, by stating that in organisations, people are promoted to their highest level of incompetence. Carlo Maria Cipolla also researched the matter to come up with a number of ‘laws of stupidity’. One of these laws in particular is relevant to business continuity management: “Non-stupid people always underestimate harmful potential of stupid people.”

...

http://www.opscentre.com.au/blog/a-new-metric-for-business-continuity-the-stupidity-index/

DENVER – A year ago Tuesday, on May 20, an EF5 tornado struck Moore, Oklahoma, killing 24 and leaving a 17-mile trail of destruction.

A month later, June 20, will be the anniversary of the 1957 EF5 tornado in Fargo that killed 10 and was part of a family of five tornadoes that wreaked havoc for almost 70 miles, from Buffalo, North Dakota, to Dale, Minnesota. The tornado and its damage were studied extensively by T. Theodore Fujita of the University of Chicago, which led to his later development of the 1-5 F-Scale for ranking tornadoes. (The Fargo tornado was ranked in retrospect.) 

Both anniversaries are a poignant reminder of the importance of preparing for tornadoes, point out emergency managers from the North Dakota Division of Emergency Management and from the Federal Emergency Management Agency (FEMA). North Dakota gets an average of 23 reported tornadoes per year, mostly in June, July and August.

The state’s website (http://www.nd.gov/des/uploads/resources/150/tornadotips.pdf) provides these suggestions for what to do during a tornado:

  • In a house with a basement: Avoid windows. Get in the basement and under some kind of sturdy protection (heavy table or work bench), or cover yourself with a mattress or sleeping bag. Know where very heavy objects rest on the floor above (pianos, refrigerators, waterbeds, etc.) and do not go under them. They may fall down through a weakened floor and crush you.
  • In a house with no basement, a dorm, or an apartment: Avoid windows. Go to the lowest floor, small center room (like a bathroom or closet), under a stairwell, or in an interior hallway with no windows. Crouch as low as possible to the floor, facing down, and cover your head with your hands. A bath tub may offer a shell of partial protection. Even in an interior room, you should cover yourself with some sort of thick padding (mattress, blankets, etc.), to protect against falling debris in case the roof and ceiling fail.
  • In an office building, hospital, or nursing home: Go directly to an enclosed, windowless area in the center of the building -- away from glass. Crouch down and cover your head. Interior stairwells are usually good places to take shelter, and if not crowded, allow you to get to a lower level quickly. Stay off the elevators; you could be trapped in them if the power is lost.
  • In a mobile home: Get out! Even if your home is tied down, you are probably safer outside, even if the only alternative is to seek shelter out in the open. Most tornadoes can destroy even tied-down mobile homes; and it is best not to play the low odds that yours will make it. If there is a sturdy permanent building within easy running distance, seek shelter there. Otherwise, lie flat on low ground away from your home, protecting your head. If possible, use open ground away from trees and cars, which can be blown onto you. The only fatality in the Northwood tornado remained in his home.
  • At school: Follow the drill! Go to the interior hall or room in an orderly way as you are told. Crouch low, head down, and protect the back of your head with your arms. Stay away from windows and large open rooms like gyms and auditoriums.
  • In a car or truck: Vehicles are extremely dangerous in a tornado. If the tornado is visible, far away, and the traffic is light, you may be able to drive out of its path by moving at right angles to the tornado. Otherwise, park the car as quickly and safely as possible -- out of the traffic lanes. Get out and seek shelter in a sturdy building. If in the open country, run to low ground away from any cars which could roll over onto you. Lie flat and face-down, protecting the back of your head with your arms. Avoid seeking shelter under bridges, which can create deadly traffic hazards while offering little protection against flying debris.
  • Outside: If possible, seek shelter in a sturdy building. If not, lie flat and face-down on low ground, protecting the back of your head with your arms. Get as far away from trees and cars as you can.
  • In a shopping mall or large store: Do not panic. Watch for others. Move as quickly as possible to an interior bathroom, storage room or other small enclosed area, away from windows.
  • In a church or theater: Do not panic. If possible, move quickly but orderly to an interior bathroom or hallway, away from windows. Crouch face-down and protect your head with your arms. If there is no time to do that, get under the seats or pews, protecting your head with your arms or hands.

Research shows that most people wait until bad news is confirmed by a second source before taking action. With tornadoes, act first, emergency officials warn. Take shelter yourself, then be the second source that confirms the emergency for others by phone or social media.

FEMA’s Ready.gov website cites a study of tornado damage in Marion, Illinois, that showed half of all tornado-related injuries came after the tornado, from rescue attempts, clean up, and so forth. Almost a third of the injuries came from stepping on nails. Be very careful when entering any damaged structure, and use battery-powered light if possible rather than candles to minimize the danger of fire or explosions.

A timeline of some of the most significant tornadoes to affect the six-state region covered by FEMA’s Denver regional office, with links for more information, is available at http://www.fema.gov/fema-region-8-tornado-timeline.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Shahid N. Shah, an expert on EMR/EHR systems, says health care organizations are spinning their wheels with interoperability when they should be learning something from the past 50 years of enterprise technology integration.

Sigh. I had hoped health care would be able to learn from the past 50 years of enterprise technology when it came to handling data.

“The need for and attention to interoperability in health care is palpable—more and more vendors talk about, and even more customers complain about, how it's missing from products,” Shah writes in a recent iHealth Beat column. “Service vendors are struggling to make it happen and even the government is joining the chorus to help.”

...

http://www.itbusinessedge.com/blogs/integration/three-integration-lessons-health-care-it-still-needs-to-learn.html

Computerworld — It's a familiar complaint: Executives from a business department learn about a new, often cloud-based product and they want to try it. Only they can't, because IT has decreed that this wonderful new product creates too much risk. The frustrated business execs gripe that IT is standing in the way of progress. As one business executive said, IT is "where dreams go to die."

The problem might not lie in some stubborn dislike by technology professionals for innovative new products. The problem, CIOs and other experts agree, is that most organizations don't have a realistic, balanced or mature system for evaluating and making decisions about technology risk. Especially the risk that always comes with implementing something new.

"Somebody, typically in a line of business, has some SaaS product they want to use, and they provide a business case for it: 'Here's all the good stuff that can result from the use of this. It'll make my numbers. I can access it from anywhere,'" says Jay Heiser, an analyst at Gartner.

...

http://www.cio.com/article/752971/Why_IT_Needs_to_Drive_the_Risk_Conversation

By Deborah Ritchie

Technology is changing the way insurers and buyers of insurance interact. This is according to a Swiss Re whose analysis into digital distribution in insurance shows how the internet and mobile devices are empowering consumers everywhere. Despite this development, digital transformation does not spell the end of intermediaries, the report’s authors say.

Today, people can search, review and purchase insurance policies without relying solely on the services of intermediaries. At the same time, developments in Big Data are facilitating access to a rich source of data about customers, which insurers can use to enhance sales and marketing strategies. Digital transformation overall can help insurers become more consumer-centric.

...

http://www.cirmagazine.com/cir/Technology-creating-quiet-revolution-in-insurance-distribution-Swiss-Re.php

By Wayne Rigby, chairman, Alarm

As the UK emerges from winter into spring, the hopes of better weather will be front of mind for many people. Despite the recent extreme weather, temperatures have been relatively mild for the time of year. Remember 2013, when we saw snow fall and temperatures plummet in the middle of May? A repeat of this will be unwelcome by most I’m sure. At the time of writing this column, it is estimated that insurers face a bill of at least £800m due to the recent storms and floods, with the figure set to rise as flood water subsides and the full extent of damage is revealed. In addition to this, public sector organisations, which already face challenges in maintaining vital services for their communities due to the level of public sector funding cuts, will be counting the cost of damage within their own areas.

...

http://www.cirmagazine.com/cir/VIEW-Risk-management-whatever-the-weather.php

Last week, we introduced the latest findings from studies of the RIMS Risk Maturity Model. In an effort to explain the model and results of the study more fully, it’s beneficial to break the RMM into each of its attributes. Here we’ll examine the first two attributes of an effective ERM program, ERM Based Approach and ERM Process Management.

...

http://www.riskmanagementmonitor.com/rims-risk-maturity-model-erm-approach-and-process-management/

Compliance risks are an inherent component of global business in the 21st century; many risks are familiar and some are new, but all can inflict potentially critical damage on an enterprise. At the same time, there are nascent signs that the ethics and compliance (E&C) discipline is maturing in many respects, and that many E&C programs, in the words of one expert, “occupy a moment of great opportunity.”

The 2014 Risk Forecast Report from the LRN Ethics and Compliance Alliance (ECA) finds E&C leaders confronting continued pressure—from lawmakers, regulators and corporate management—to demonstrate that their programs effectively address a broad range of very specific organizational risks. As many manage with tightened budgets, they are increasingly challenged to integrate their efforts ever more closely with the core day-to-day business functions of their organizations.

...

http://www.corporatecomplianceinsights.com/ethics-and-compliance-risk-projections-for-2014

 
undefined

A survey by eHosting DataFort (eHDF) in partnership with the Business Continuity Institute (BCI) and Continuity and Resilience (CORE) has revealed an increased take up of IT Disaster Recovery in the Middle East over the last two years demonstrating that organizations are starting to take the threat more seriously.

The 2014 Middle East Business Continuity Management Survey, the third of its kind, showed that 73% of respondents had IT Disaster Recovery in place and 22% were considering implementation. The increased take up is compared to the 2012 survey which showed that nearly 63% of the respondents stated their organization did not have a dedicated IT Disaster Recovery or BCM team, and that Business Continuity Management was being driven by Information Security Unit, Quality Management, IT and Operational and Overall Risk teams.

While this is positive, there is still a long way to go as 56% of the respondents rated their organization’s IT DR readiness as average or below average.

A huge shift is already underway in the way organizations look at BCM. This year’s survey highlighted that 59% had a budgets greater than US$100,000 in order to implement and sustain their BCM program, while 32% allocated budgets in excess of US$250,000. Large organizations such as those in the banking, oil and gas, telecoms, government and e-commerce sectors, accounted for 11% of organizations that had set aside BCM budgets of more than US$1 million.

Yasser Zeineldin, CEO at eHosting DataFort, said, “The results are indicative of how the industry and business environment is evolving. Everything is driven by technology and it is imperative that organizations look closely at what is ‘crucial data’ and how it can be safeguarded in the instance of downtime caused either by a natural disaster or simply because of an IT outage.”

“eHDF has been at the forefront of stressing on the importance of Disaster Recovery and BCM, and this year’s survey shows that our efforts have reaped dividends. The increase in the number of organizations, both large corporations and SMEs, investing in disaster recovery and making contingency plans by adopting business continuity management programs look encouraging. We have seen a huge uptake for Disaster recovery services and have implemented high end DR projects for a number of organisations over the last year.”

Lyndon Bird, Technical Director at the BCI, commented: “The Business Continuity Institute’s  annual Horizon Scan survey showed just how seriously BC professionals take the cyber threat so it is encouraging to see that this is now being recognised at the Board level. Organizations are beginning to realise the value of having an effective business continuity management programme and the return on investment this can provide.”

The results from the survey show that 47% of BCM budgets in the region are being spent on IT disaster recovery infrastructure, seats, software and licensing. This can be further reduced by working with specialized service providers who can implement IT disaster recovery at a fraction of the cost of doing it in-house. In fact, 30% of the survey respondents have indicated that they plan to outsource the enhancement of IT DR plans to specialist external service providers.

Lack of a robust business continuity plan can result in financial loss that may have a negative impact on bottom line profits of an organization. 30% of the respondents who have indicated the financial impact of disruptions as per their Business Impact Analysis (BIA) estimate that a two-day disruption could set the organization back by US$3 million and more.

66% of the respondents reported at least one significant business disruption in the last year and the top three causes for disruptions in the Middle East have been identified as applications and network infrastructure failure, power outage and human error. Businesses today are vulnerable to diverse natural or man-made disasters such as fire, earthquakes, cyclones, cyber threats, as well as network and power failures. Implementation of robust BCM planning can help enterprises effectively respond to challenges without defaulting on commitments towards retaining the trust, faith and confidence of key customers and stakeholders.

eHDF had released the first such survey in 2009, seeking to analyze DR and BCM trends and raise BCM awareness for organizations in the Middle East.

MERS

You’re flipping through the channels on your car radio and you hear the tail end of story about something called MERS.  You think you’ve heard the phrase before – it’s got something to do with the Middle East, right?  You’re correct – but there is more you need to know.

Setting the Stage

So, let’s talk about MERS – what it stands for, what kind of disease it is, what we know about the disease, what we still have to learn, and what we recommend at this time to protect yourself.

MERS stands for Middle East Respiratory Syndrome (MERS).  It is a viral respiratory illness that was first reported in Saudi Arabia in 2012. It is caused by a coronavirus, a common type of virus infecting humans and animals, known as MERS-CoV (the long version is Middle East Respiratory Syndrome Conornavirus).

Since April 2012, there have been over 500 laboratory-confirmed cases of MERS reported to the World Health Organization (WHO).  Countries are reporting their cases and case information (like age and sex) to WHO, and you can find the latest case count hereExternal Web Site Icon.  All of the cases thus far have been linked to seven countries in the Arabian Peninsula (Jordan, Saudi Arabia, Kuwait, Qatar, the United Arab Emirates, Oman, and Yemen).  This means that either the patient got sick and tested positive in one of those countries, or lives in or visited one of those countries, got sick, and tested positive elsewhere.

Countries With Lab-Confirmed MERS Cases

Countries in or near the Arabian Peninsula with cases:

  • Saudi Arabia
  • United Arab Emirates (UAE)
  • Qatar
  • Oman
  • Jordan
  • Kuwait
  • Yemen
  • Lebanon

Countries with travel-associated cases:

  • United Kingdom
  • France
  • Tunisia
  • Italy
  • Malaysia
  • Turkey
  • Greece
  • Egypt
  • United States of America
  • Netherlands

Currently, we know this virus has spread from ill people to others through close contact, such as caring for or living with an infected person. However, there is no evidence of sustained person-to-person spreading in a community setting. Most people who have been confirmed as having MER-CoV infection have showed signs of severe respiratory illnesses, including fever, cough, and shortness of breath.  More than 30% of those who have been infected have died. 

At this time, we are unsure of the source or host that MERS-CoV comes from. It’s likely an animal host, and while MERS-CoV has been found in camels in Qatar, Egypt and Saudi Arabia, it has also been found in a bat in Saudi Arabia. Camels in a few other countries have also tested positive for antibodies to MERS-CoV, meaning that they were previously infected with MERS-CoV or a closely related virus. When we and others look at the virus in the lab, the virus infecting humans has similarities to the virus infecting camels.

What’s Happening in the United States

On May 2nd, CDC announced the first imported case of MERS in the US, a health care worker who also traveled from Saudi Arabia to Indiana.  CDC sent a team of experts to Indiana to help assist with the investigation.  The patient from Indiana has since recovered and was released from the hospital. On May 12, CDC confirmed the second imported case of MERS in the U.S. – a health care worker who lives in and traveled from Saudi Arabia to Florida.  CDC and the Florida Department of Health are currently working on a contract tracking – in which we work with the airlines to identify and notify the people who were on the planes that the patient traveled on (the patient traveled from Jeddah, Saudi Arabia to London, England to Boston, Massachusetts to Atlanta, Georgia to Orlando, Florida). 

These two cases represent very low risk to the general public.  You can always help protect yourself by washing your hands often, avoiding close contact with people who are sick, avoiding touching your eyes, nose, and mouth with unwashed hands, and disinfecting frequently touched surfaces.  

At this time, we don’t recommend that you change your travel plans to the Arabian Peninsula.  However, if you are traveling to countries in or near the Arabian Peninsula, we recommend you pay attention to your health during and after your trip. Call a doctor right away if you develop fever and symptoms of respiratory illness and let your doctor know of your recent travel.

CDC continues to closely monitor the MERS situation globally and work with partners to better understand the risks of this virus, including the source, how it spreads, and how infections might be prevented. CDC recognizes the potential for MERS-CoV to spread further and cause more cases globally and in the U.S.  

For the latest information from CDC on MERS, visit the MERS website.

Computerworld - The Federal Communications Commission (FCC) continues to warn the public not to rely on text messages to reach 911 in emergencies because the technology is only available to 59 of the more than 6,000 emergency communications centers nationwide.

On its official website, the FCC notes that "the ability to contact 911 using text is only available on a limited basis in a few markets. For this reason, you should not rely on text to reach 911."

The agency instead urges calling 911 in an emergency, "even where text-to-911 is available."

...

http://www.computerworld.com/s/article/9248399/FCC_warns_that_it_s_still_better_to_call_911_instead_of_texting

Monday, 19 May 2014 15:19

Weekly Disaster Update

Fires in Southern California:

In response to the multiple fires in San Diego County, American Red Cross disaster workers are continuing shelter operations at Mission Hills High School as a shelter site (1 Mission Hills Ct., San Marcos 92069). The Temporary Evacuation Point at Escondido High School (1535 N Broadway, Escondido, CA 92026) is now being transitioned into a shelter. The shelter at La Costa Canyon High School located at 1 Maverick Way in Carlsbad also remains open. All shelters will remain open until there is no longer a need.

Since Tuesday, May 13, the Red Cross has provided approximately:
- 3,400 meals
- More 2,000 snacks
- More than 275 overnight shelter stays, and expected to increase this evening
- More than a dozen canteen operations, supporting various Temporary
Evacuation Points, as well as providing snacks and hydration to first responders
at several Incident Command Posts.

For more information about this incident please visit the San Diego/Imperial Counties Chapter’s Website

Friday, 16 May 2014 16:58

One Word Too Many

A short article here: http://www.continuitycentral.com/news07205.html reports on a recent conference in the UK, where ‘Cyber Security is being superseded by Cyber Resilience’.  I think that a little care and sense is required here, mainly to avoid adding another sub-discipline and piece of jargon to an already crowded world of (deliberately?) confusing terminology.

My reading of the sense of the article is that it makes sense in terms of what is necessary.  Purely protective security – putting up barriers to stop an attack impacting on an organisation – is not enough.  However, that is not just true for cyber risks.

...

http://buckssecurity.wordpress.com/2014/05/16/one-word-too-many/

OAKLAND, Calif. — The U.S. Department of Homeland Security’s Federal Emergency Management Agency (FEMA) has authorized the use of federal funds to assist the state of California combat the Cocos Fire burning in San Diego County, in the San Marcos community.

On May 14, 2014, the State of California submitted a request for a fire management assistance declaration for the Cocos Fire.  The authorization makes FEMA funding available to reimburse up to 75 percent of the eligible firefighting costs under an approved grant for managing, mitigating and controlling the fire.

At the time of the request, the fire was threatening 1,500 homes in and around the community of San Marcos with a population of 86,752.  Mandatory evacuations due to the Cocos fire are in effect for approximately 6,000 people. The fire started on May 14, 2014 and has burned in excess of 200 acres of state and private land.

The President’s Disaster Relief Fund provides funding for federal fire management grants made available by FEMA to assist in fighting fires that threaten to cause a major disaster. Eligible costs covered by the grant can include expenses for field camps; equipment use, repair and replacement; tools, materials and supplies; and mobilization and demobilization activities.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

If you have implemented or used either application wrapping or containerization technologies, please COMPLETE THIS SURVEY.

Application wrapping versus containerization: Which technology provides better security to an enterprise mobile deployment? What are the use cases for each technology, and which technology has a longer shelf life when it comes to being the de facto standard for enterprise mobile security? Are there times when containerization provides a better user experience than application wrapping? And more simply speaking . . . what the heck is the difference between these two technologies, and which one should you purchase?

...

http://blogs.forrester.com/tyler_shields/14-05-15-containerization_vs_app_wrapping_the_tale_of_the_tape

Friday, 16 May 2014 16:55

California Wildfire Risk

Images of wildfires burning in suburban neighborhoods in Southern California are a reminder of the risk faced by many homeowners.

Nearly 2 million, or 14.5 percent, of the 13.7 million homes in California face severe wildfire risk, according to the most recent FireLine State Risk Report by Verisk Underwriting Solutions.

Some 417,500 of these high-risk homes are located in Los Angeles County, while 239,400 are located in San Diego County.

Check out this snapshot from the Verisk report illustrating California’s wildfire risk:

...

http://www.iii.org/insuranceindustryblog/?p=3662

Thursday, 15 May 2014 16:29

Taking control of your cloud

Organizations need to know where their cloud services are hosted for disaster recovery and data protection purposes.

By LILAC SCHOENBECK

Cloud computing services are increasingly being adopted as a mainstream IT strategy and many industry analysts are saying that cloud will become a major platform for growth for organizations; and especially for mid-market businesses. This is because, previously, if an organization wanted to get a new idea off the ground, they would often have had to make a significant upfront investment in IT before they even knew if their business idea was going to work. The cloud, however, levels the playing field.

When done right, cloud takes away barriers to entry and makes technology available to all organizations regardless of size. From day one, a business can ramp up very quickly and easily without having to make serious upfront capital investment. The move to the cloud is seamless. Costs are predicable. There are no big step changes or spikes in costs for maintenance or renewal requirements. Remote working and disaster recovery can also be built in.

However, because of this rapid growth and evolution, it could be argued that the definition of cloud has become somewhat unclear. Today, the term is used for everything from physical hosting ‘elsewhere,’ to Gmail, to almost anything imaginable in between. It seems that the meaning of cloud is different to different organizations depending on how cloud services are being used.

...

http://www.continuitycentral.com/feature1178.html

Thursday, 15 May 2014 16:27

Back to basics…

Security breaches are on the rise. Yet as security experts face ever more complex and challenging threats, is there a risk some of the basic components of IT security are being overlooked?

By MARK KEDGLEY

Security breaches are on the rise. Indeed, Experian's 2014 Data Breach Industry Forecast (1) predicts that new security threats and transparency regulations will make 2014 a ‘critical year’ for data breaches and warns that organizations need to be better prepared. So what’s going wrong?
IT security is certainly a tough job. From the relentless introduction of new threats, to the escalating impact of any breach in a 24x7, joined-up economy, those tasked with protecting business-critical data have the challenge of juggling routine, day to day protection requirements with the need to prevent ever more innovative hacking attempts.

Sadly, however, recent high profile breaches would suggest that the routine, tried, trusted and proven security activity is being overlooked.

...

http://www.continuitycentral.com/feature1180.html

If you’ve been following the news of any kind recently, you may well have seen articles about Heartbleed. This is the vulnerability in the OpenSSL network protocol that theoretically allowed hackers to invisibly copy sensitive data from a web server. A sign of the times, Heartbleed even made front page news in the tabloid press in the UK, an extraordinary feat for such a technical subject. Soon after the threat was discovered, a new version of OpenSSL was made available so that servers could be updated and protected once again. But there are business continuity lessons to be learned.

...

http://www.opscentre.com.au/blog/the-heartbleed-threat-to-business-continuity/

OAKLAND, Calif. — The U.S. Department of Homeland Security’s Federal Emergency Management Agency (FEMA) has authorized the use of federal funds to assist the state of California combat the Poinsettia Fire currently burning in Carlsbad, Calif.

On May 14, 2014, the State of California submitted a request for a fire management assistance declaration for the Poinsettia Fire.  The authorization makes FEMA funding available to reimburse up to 75 percent of the eligible firefighting costs under an approved grant for managing, mitigating and controlling the fire.

At the time of the request, the fire was threatening 2,500 homes in and around the community of Carlsbad, Calif., with a combined population of 105,000. All of the threatened homes are primary residences; none are secondary residences. Mandatory and voluntary evacuations are taking place for approximately 15,000 people.  The fire started on May 14, 2014 and has burned in excess of 100 acres of State and private land. There are 5 other large fires burning uncontrolled within the State. 

The President’s Disaster Relief Fund provides funding for federal fire management grants made available by FEMA to assist in fighting fires that threaten to cause a major disaster. Eligible costs covered by the grant can include expenses for field camps; equipment use, repair and replacement; tools, materials and supplies; and mobilization and demobilization activities.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Integration remains a major concern for those hesitant to adopt SaaS, but a recent vendor survey shows a new top barrier: data privacy.

SnapLogic, which provides a cloud-based integration solution, engaged in a joint survey with TechValidate, a third-party research organization. We’ve seen a lot of vendor surveys on cloud and SaaS recently, but what sets this apart is that it targeted 100 U.S. companies with revenues exceeding $500 million.

Seventy-two percent of the organizations responding said they already have an active cloud application or data integration project. So, for the majority, SaaS is already in play as a viable option.

...

http://www.itbusinessedge.com/blogs/integration/data-privacy-integration-rank-as-top-saas-concerns-for-large-companies.html

PEARL, Miss. – In the aftermath of a disaster, misconceptions about disaster assistance can often prevent survivors from applying for help from the Federal Emergency Management Agency and the U.S. Small Business Administration. A good rule of thumb: register, even if you’re unsure whether you’ll be eligible for assistance.

Registering with FEMA is simple. You can apply online at DisasterAssistance.gov or with a smartphone or tablet by downloading the FEMA app or by visiting m.fema.gov. You can also register over the phone by calling FEMA’s helpline, 800-621-FEMA (3362). Survivors who are deaf or hard of hearing and use a TTY can call 800-462-7585. The toll-free telephone numbers operate from 7 a.m. to 10 p.m. (local time) seven days a week until further notice.

Clarification on some common misunderstandings:

  • MYTH: FEMA assistance could affect my Social Security benefits, taxes, food stamps or Medicaid.
    FACT: FEMA assistance does not affect benefits from other federal programs and is not considered taxable income.
  • MYTH: I have insurance. I don’t need to apply for federal disaster assistance.
    FACT: You should register for federal disaster assistance even if you have insurance. While FEMA cannot duplicate insurance payments, under-insured applicants may receive help after their insurance claims have been settled.
  • MYTH: I've already cleaned up the damage to my home and had the repairs made. Isn’t it too late to register once the work is done?
    FACT: You may be eligible for reimbursement of your clean up and repair costs, even if repairs are complete.
  • MYTH: I didn’t apply for help because I don’t want a loan.

FACT: FEMA only provides grants that do not have to be paid back. The grants may cover expenses for temporary housing, home repairs, replacement of damaged personal property and other disaster-related needs such as medical, dental or transportation costs not covered by insurance or other programs.

The U.S. Small Business Administration provides low-interest disaster loans to renters, homeowners and businesses of all sizes. Some applicants may be contacted by SBA after registering with FEMA. You are not obligated to take out a loan, but you need to complete the application to continue the federal disaster assistance process. By completing the application, you may become eligible for additional grant assistance from FEMA.

You can apply with SBA online using the Electronic Loan Application (ELA) via SBA's secure website at https://disasterloan.sba.gov/ela. For more information on SBA’s Disaster Loan Program, visit SBA.gov/Disaster, call the SBA Customer Service Center at 800-659-2955 (TTY 800-877-8339 for the deaf and hard-of-hearing) or send an email to DisasterCustomerService@sba.gov.

  • MYTH: I don’t want to apply for help because others had more damage; they need the help more than I do.
    FACT: FEMA has enough funding to assist all eligible survivors with their disaster-related needs. 
  • MYTH: I'm a renter. I thought FEMA assistance was only for homeowners for home repairs.
    FACT: FEMA assistance is not just for homeowners. FEMA may provide assistance to help renters who lost personal property or who were displaced.
  • MYTH: Registration involves a lot of red tape and paperwork. I don’t have time to register.
    FACT: There is no paperwork to register with FEMA. The process is very easy and normally takes between 15 and 20 minutes.
  • MYTH: Since I received disaster assistance last year, I’m sure I can’t get it again this year.
    FACT: Assistance may be available if you suffered damage from a new federally-declared disaster.
  • MYTH: My income is probably too high for me to qualify for FEMA disaster assistance.
    FACT: Income is not a consideration for FEMA grant assistance. However you will be asked financial questions during registration to help determine eligibility for SBA low-interest disaster loans.

For more information on Mississippi disaster recovery, click fema.gov/disaster/4175. Visit the MEMA site at msema.org or on Facebook at facebook.com/msemaorg.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

FEMA’s temporary housing assistance and grants for public transportation expenses, medical and dental expenses, and funeral and burial expenses do not require individuals to apply for an SBA loan. However, applicants who receive SBA loan applications must submit them to SBA loan officers to be eligible for assistance that covers personal property, vehicle repair or replacement, and moving and storage expenses.

If you ask IT executives about shifting the entire data infrastructure to the cloud, the most common reaction is something like: “Possible in theory, but not practical in real-world environments.”

But that perspective may be changing.

According to Network World, AMAG Pharmaceuticals, a Massachusetts firm that reported $81 million in revenues last year, has moved to a data center-free footprint by shifting its entire data environment to the cloud and BYOD. CIO Nathan McBride says this has halved his annual data center budget to about $1.4 million and reduced the IT staff to four: himself, a project manager, a Scrum/PMP developer and a “data center master.” At the same time, he says the company has been able to successfully replicate the five key pillars of IT in the cloud: backup, email, file servers, security and service.

...

http://www.itbusinessedge.com/blogs/infrastructure/can-the-enterprise-fully-trust-the-cloud-yet.html

Thursday, 15 May 2014 15:52

An Unpredictable Spring

 

Be Prepared Header

“In the spring I have counted one hundred and thirty-six kinds of weather inside of four and twenty hours.” – Mark Twain

While spring officially sprung in late March, it’s only been in the last few weeks that we’ve seen the characteristically unpredictable weather that ushers in the fun-in-the-sun summer. During spring, temperatures can swing back and forth between balmy (high 80s in Georgia this week) and frigid (in the 40s in Wyoming). Sunny days may be followed by a week of stormy weather; sometimes extreme weather changes can occur even within the same day.

Below are the most common types of severe spring weather:

Be Ready for Tornadoes Infographic

  • Thunderstorms cause most of the severe spring weather. They can bring lightning, tornadoes and flooding. Whenever warm, moist air collides with cool, dry air, thunderstorms can occur. For much of the world, this happens in spring and summer.
  • Tornadoes, often called twisters, are rapidly rotating columns of air that are connected to both the ground and the cloud.  Tornado Alley – the Great Plains region of the United States – is most active this time of year.  Already in 2014, there have been more than 30 deathsExternal Web Site Icon due to tornadoes.
  • Flooding, which is most common in and near mountainous areas due to snow melt, is another condition of spring.  As are mudslides, like the one in Oso, Washington, in late March.  Mudslides happen when heavy rainfall, snowmelt, or high amounts of ground water cause soil to be uprooted.   
  • Wildfires are most common in the Western United States and wildfire season usually starts in May and runs through August.  According to the National Interagency Fire Center, this year’s wildfire season could be dangerousExternal Web Site Icon.

Because spring weather can be so unpredictable, you may be unprepared when severe weather hits—especially if you live in a region that does not often experience these types of events. And when severe weather hits unexpectedly, the risk of injury and death increases. So planning ahead makes sense; prepare for storms, floods, and tornadoes as if you know in advance they are coming, because in the spring, they very likely will.

Advance planning for thunderstorms, lightning, tornadoes and floods requires specific safety precautions. Still, you can follow many of the same steps for all extreme weather events. You should have on hand:

  • A battery-operated flashlight, a battery-operated NOAA Weather Radio, and extra batteries for both
  • An emergency evacuation plan, including a map of your home and, for every type of severe weather emergency, routes to safety from each room
  • A list of important personal information, including
    • telephone numbers of neighbors, family and friends
    • insurance and property information
    • telephone numbers of utility companies
    • medical information
  • A first aid kit may include:
    • non-latex gloves
    • assortment of adhesive bandages
    • antibiotic ointment
    • sterile gauze pads in assorted sizes
    • absorbent compress dressings
    • tweezers
    • scissors
    • adhesive cloth tape
    • aspirin packets (81 mg each)
    • First aid instruction booklet
  • A 3–5 day supply of bottled water and nonperishable food
  • Personal hygiene items
  • Blankets or sleeping bags
  • An emergency kit in your car

Remember to help prepare your family members and neighbors for the possibility of severe weather too. Tell them where they can find appropriate shelter as soon as they are aware of an approaching storm. Make sure to run through your emergency plans for every type of severe weather. Show family members where emergency supplies are stored, and make sure they know how to turn off the water, gas, and electricity in your home.

Unfortunately, few of us get much advance notice of a severe weather event. Often times when we become aware of an approaching storm, we have little time to prepare for it.  But, we know what season it is, and even if this spring doesn’t bring any severe weather to your area, being prepared can help you at any time of the year.

Are there any stories of your own spring preparedness that you want to share with us?

Wednesday, 14 May 2014 16:27

The World’s Most Resilient Cities

How do you invest, source and expand responsibly?

Picking the right place to do so may make or break your efforts. At least, that’s the theory of London-based property company Grosvenor. With that in mind, the company analyzed 160 data sets to assess the vulnerability and adaptive capacity of the world’s “50 most important cities” to determine which are the most resilient, with resilience defined as “the ability of cities to continue to function as centers of production, human habitation, and cultural development despite the challenges posed by climate change, population growth, declining resource supply, and other paradigm shifts.”

...

http://www.riskmanagementmonitor.com/the-worlds-most-resilient-cities/

Traditional cyber security is now inadequate for today’s threat landscape and must be superseded by ‘cyber resilience’, demanding more vigorous action from company boardrooms.

This was the main message of a panel of industry experts at the international cyber summit hosted by IT Governance in London on 8th May.

The event, ‘New Standards in the Global Cyber War’ included speakers from the Department for Business, Innovation and Skills, British Standards Institution (BSI), international professional organization ISACA, and AXELOS, a joint venture between the Cabinet Office and services group Capita plc that runs the Best Management Practice portfolio.

...

http://www.continuitycentral.com/news07205.html

A recent survey among 250 UK CIOs and IT leaders has revealed that nearly half of respondents are plagued by regular IT performance and availability issues. 48 percent of respondents experience availability and outage issues at least once a week; and 21 percent of these experience downtime every day.

ControlCircle, UK provider of managed and cloud-based services, commissioned the ‘IT Growth and Transformation’ survey with Vanson Bourne, to explore IT budget alignment and how CIOs are managing IT as well as innovation.

Overall, smaller organizations (employing between 251-500 employees) report a higher level of service excellence across the board. Even in this group, only 46 percent claim excellence in quality of service, regardless of budget. Among larger enterprises, only 20 percent of respondents believed they were achieving ‘best effort’ in quality of service, regardless of cost control.

...

http://www.continuitycentral.com/news07206.html

Rogue employees continue to be the biggest threat to information security, according to 37 percent of IT professionals polled at Infosecurity Europe 2014. The poll conducted by BSI, the business standards company, investigated perceived threats to information security and how businesses are responding.

The poll found that despite taking measures to combat the risks, 37 percent of businesses still see employees as biggest threat to information security, ranking the insider threat, higher than cyber-attacks (19 percent) and bring your own device (BYOD) (15 percent).

In order to reduce the risk to their business, over half (52 percent) have implemented an internal information security policy, 47 percent have provided staff training and 63 percent are either certified (29 percent) or operating in compliance (34 percent) with ISO 27001, the international Information Security Management System Standard. A further 23 percent indicated they were looking to certify in the immediate future.

However, confidence in security measures to protect against risks is relatively low with under half (46 percent) stating they are confident in the measures their firm has taken. One in ten are not confident at all, yet unsurprisingly in organizations that are certified to ISO 27001 the levels of confidence in security measures rise to 78 percent.

“It’s no surprise to see insider threats as the biggest risk to information security as employees will always be the one thing that cannot be controlled,” said Suzanne Fribbins, Risk Management Expert at BSI. “Employees don't necessarily have to be malicious to put a company at risk; they may just not understand the possible risks associated with their actions. Research has shown that effective staff training can halve the number of insider breaches, by ensuring employees understand the importance of information security and their role in protecting businesses critical information.”

Commitment from senior management is essential if an organization is to manage information security effectively. Encouragingly, 73 percent of respondents believe senior management is dedicated to information security. But 54 percent do not feel the necessary resources are allocated to it, despite this being one of the key ways in which top management can demonstrate its commitment to protecting the confidentiality, integrity and availability of information.

The poll also found that over three quarters (77 percent) of organizations are increasingly being asked for ISO 27001 as a customer requirement when bidding for new business.

www.bsigroup.com/infosec

Computerworld — When the White House issued its big-data privacy report on May 1, it recommended the passage of federal breach legislation "to replace a confusing patchwork of state standards." Although that may have sounded like good news to the development community -- the folk who generally bear the brunt of complying with such security requirements -- it's only a step in the right direction if your goal is falling off of a cliff.

Having one federal standard rather than a large number of state standards is an unquestionably good thing. I'm not arguing against that. But the exceptions spelled out in the report and one rather obvious omission make the whole effort rather pointless. (Let's leave aside the question of whether putting any nuanced business problem in the hands of Congress and expecting them to figure out a realistic solution is akin to administering an astrophysics final to your pet rock. No need to belabor the obvious.)

Let's start with what the report recommends. In discussing big data, it makes a reasonable point: "Amalgamating so much information about consumers makes data breaches more con-sequential, highlighting the need for federal data breach legislation to replace a confusing patchwork of state standards. The sheer number of participants in this new, inter-connected ecosystem of data collection, storage, aggregation, transfer, and sale can disadvantage consumers."

...

http://www.cio.com/article/752773/One_Law_to_Rule_All_Data_Breaches_But_Let_s_Make_it_a_Real_Law

Computerworld — In an Internet of Things (IoT) world, smart buildings with web-enabled technologies for managing heat, lighting, ventilation, elevators and other systems pose a more immediate security risk for enterprises than consumer technologies.

The increasing focus on making buildings more energy efficient, secure and responsive to changing conditions is resulting in a plethora of web-enabled technologies. Building management systems are not only more tightly integrated with each other, they are also integrated with systems outside the building, like the smart grid.

The threat that such systems pose is two-fold, analysts said. Many of the web-enabled intelligent devices embedded in modern buildings have little security built into them, making them vulnerable to attacks that could disrupt building operations and pose safety risks.

...

http://www.cio.com/article/752772/With_the_Internet_of_Things_Smart_Buildings_Pose_Big_Risk

The purpose of an Incident Readiness Program is to enhance the ability to respond effectively to any business disruption and restore those assets (Business Processes, facilities, technology, suppliers and people) that are critical to the delivery of that organization’s Products & Services.

The Planning Phase of the program enables the organization to identify the critical assets at risk, prioritize the resumption of business processes, map dependencies necessary for effective response & recovery, and develop actionable plans. Testing and exercises should be designed to find the gaps in recovering those critical assets – both strategic and operational. The Incident Management component of the program establishes the organizational structures and tools for command, control and communication during a disruptive incident.

...

http://ebrp.net/4-elements-to-create-an-incident-ready-program/

LINCROFT, N.J. -- As Deputy Coordinator of the Oceanport, N.J. Office of Emergency Management, Chris Baggot has weathered a lot of storms.

But nothing so profoundly altered the landscape of his community like Hurricane Sandy.

The 3.7 square mile town on the Shrewsbury River was devastated by the storm. Five hundred of the 2000 homes in this close-knit community were substantially damaged or destroyed. Oceanport also lost its police station, its borough hall, its ambulance squad building, its library and its courthouse.

Some 18 months after the Oct. 29, 2012 hurricane, 71 families were still unable to return home.

The Baggot family is among them. The Baggots have been renting a one-bedroom apartment in the nearby community of Eatontown while they await the demolition and reconstruction of their home on Blackberry Bay.

While they were approved for an RREM grant of $150,000 to underwrite the rebuilding, a rough winter delayed the start of construction on their replacement home. Once the weather improves and contractors break ground, it will be another six to nine months before Chris, his wife, Wendy, and college-age son, Zachary, will be able to enjoy life in Oceanport once again.

“I’m a Sandy survivor. We don’t use the word ‘victim,’’’ he says.

He carries A picture of Chris BaggottChris Baggot: From Sandy Survivor to Sandy Recovery Coordinatorthat perspective into his role at the Federal Emergency Management Agency’s New Jersey Sandy Recovery Office, where he recently became a CORE employee after joining FEMA as a Local Hire in December of 2012.

It was his second time assisting his fellow New Jerseyans as a FEMA employee:  Baggot was also recruited as a Local Hire in the aftermath of Hurricane Irene in 2011.

Hired initially as a project specialist for Public Assistance, Baggot moved on to become a Cost Estimating Format reviewer, Quality Assurance lead, Operations task force lead and finally, CORE Operations Task Force Lead.

In that capacity, he explains, “I oversee the life cycle of a Public Assistance project from the writing stage all the way through to obligation.”

Baggot’s personal experience with the devastating effects of Hurricane Sandy has underlined his understanding of the importance of the FEMA mission in helping communities rebuild and become more resilient.

“It sure is nice when people say to you, ‘Look, we need this; we need that,’ and you can give it to them in a reasonable way,” says Baggot, “and it’s nice when you can manage expectations when people ask for the moon and stars. That’s not really what we’re there to provide. We’re there to get them back to pre-disaster conditions.”

He has plenty of praise for his colleagues at FEMA, who came here in the immediate aftermath of the storm to help the hard-hit residents of New Jersey get back on their feet.

“The FEMA people that I’ve had the opportunity to work with have really been great.” He’s also enjoyed observing their surprise at how different New Jersey is from its “What exit?” stereotype.

“They talk about how beautiful it is – they thought it was all blacktop,” Baggot says with a laugh.

http://www.fema.gov/disaster/4086/updates/sandy-one-year-later


FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.


Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema. Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

Fast Rollout of Digital Lifestyle Services in the Tera Era with Allot Service Gateway Tera

WOKING, Surrey – Wick Hill is now shipping Allot Service Gateway Tera, a high-performance DPI-based platform built to power the deployment of Digital Lifestyle Services in fixed and mobile data networks on the path to software-defined networking (SDN) and cloud-based network services (NFV).

Ed Kidson, product sales manager at Wick Hill, commented: “This is an exciting opportunity for the channel to deliver a smooth migration path towards SDN and virtualisation, at the same time as minimising capital investment.” 

Allot Service Gateway Tera has already received multimillion dollar orders from four different mobile and fixed line operators worldwide, including a $4M deal announced earlier this year and a $5M dollar deal announced earlier this month.

Allot Service Gateway Tera provides a unified framework for both physical and virtual service deployment across any access network, serving as a single point of integration for network- and cloud-based services. The new offering includes real-time traffic management, video optimization, policy enforcement, application-based charging, and security services such as Parental Control and Anti-DDoS. 

Allot Service Gateway Tera supports Service Chaining to value-added services, with high-density 100GE and 10GE connectivity. The platform is built to manage 15 million active subscribers and provides up to 2Tbps in a Tera-cluster.

Allot Service Gateway Tera also supports breakthrough network analytics, allowing operators to collect a variety of data sets from their networks and analyze them according to application, subscriber, device, topology and context. It works with Allot ClearSee Analytics solution to turn big data into valuable business insights needed to drive service profitability and customer satisfaction.

About Wick Hill

Established in 1976, value added distributor Wick Hill specialises in secure IP infrastructure solutions. The company sources and delivers best-of-breed, easy-to-use solutions through its channel partners, with a portfolio that covers security, performance, access, networking, convergence, storage and hosted solutions.

Wick Hill is part of the Wick Hill Group, based in Woking, Surrey with sister offices in Hamburg. Wick Hill is particularly focused on providing a wide range of value added support for its channel partners. This includes a strong lead generation and conversion programme, technical and consultancy support for reseller partners in every stage of the sales process, and extensive training facilities. For more information about Wick Hill, please visit http://www.wickhill.com/company/company-profile or www.twitter.com/wickhill

About Allot Communications

Allot Communications Ltd. (NASDAQ, TASE: ALLT) is a leading global provider of intelligent broadband solutions that put mobile, fixed and enterprise networks at the center of the digital lifestyle and workstyle. Allot’s DPI-based solutions identify and leverage the business intelligence in data networks, empowering operators to analyze, protect, improve and enrich the digital lifestyle services they deliver. Allot’s unique blend of innovative technology, proven know-how and collaborative approach to industry standards and partnerships enables network operators worldwide to elevate their role in the digital lifestyle ecosystem and to open the door to a wealth of new business opportunities. For more information, please visit www.allot.com.  

Forward Looking Statement

This release may contain forward-looking statements, which express the current beliefs and expectations of Company management. Such statements involve a number of known and unknown risks and uncertainties that could cause our future results, performance or achievements to differ significantly from the results, performance or achievements expressed or implied by such forward-looking statements. Important factors that could cause or contribute to such differences include risks relating to: our ability to compete successfully with other companies offering competing technologies; the loss of one or more significant customers; consolidation of, and strategic alliances by, our competitors, government regulation; lower demand for key value-added services; our ability to keep pace with advances in technology and to add new features and value-added services; managing lengthy sales cycles; operational risks associated with large projects; our dependence on third party channel partners for a material portion of our revenues; and other factors discussed under the heading "Risk Factors" in the Company's annual report on Form 20-F filed with the Securities and Exchange Commission. Forward-looking statements in this release are made pursuant to the safe harbor provisions contained in the Private Securities Litigation Reform Act of 1995. These forward-looking statements are made only as of the date hereof, and the company undertakes no obligation to update or revise the forward-looking statements, whether as a result of new information, future events or otherwise.

Trademark Notice

Allot Communications, Allot Service Gateway Tera and Allot ClearSee Analytics are trademarks of Allot Communications. All other trademarks are the property of their respective owners.

Tuesday, 13 May 2014 14:57

Improving Compliance with Data Science

The days when organizations talked about data in terms of megabytes and gigabytes are long gone. Today, they talk about data in terms of petabytes and zettabytes — big data with massive potential, if they know what to do with it.

Increased access to powerful analytics, combined with the maturing capabilities of open architecture, cloud computing and predictive analytics are helping more organizations get better with data. Yet, in many cases, organizations are moving too slowly to keep up, and they may not be considering all of the risks.

...

http://www.corporatecomplianceinsights.com/improving-compliance-with-data-science/

CIO — Organizations are increasingly focusing on building enterprise data applications on top of their Hadoop and NoSQL infrastructure. But even as that's happening, Hadoop itself is becoming much more diverse and complex. That's a potential headache for developers seeking to build applications on top of that data infrastructure, but data application platform specialist Concurrent, primary sponsor of the open source Cascading application framework, sees it as an opportunity.

While Apache Hadoop began as a combination of Hadoop Distributed File System (HDFS) for file storage and MapReduce for compute, there are now a growing number of options for compute in Hadoop, including Apache Tez (a framework for near real-time big data processing), and the soon-to-be-released Apache Spark (a framework for in-memory cluster computing) and Apache Storm (a distributed computation framework for stream processing). Hadoop distribution vendor MapR even offers an alternative to HDFS in its distribution.

...

http://www.cio.com/article/752747/Cascading_Allows_Apps_to_Execute_on_All_Big_Data_Fabrics

As organisations evolve, they need to re-evaluate their degree of preparedness in the different business continuity management disciplines. In the networked partner model that has become common today, risk management, governance over recovery, crisis communications and talent management all need updating, compared how things used to be in the vertically integrated enterprise. Changes made in the way an organisation approaches these items then need to be mapped into the appropriate BCM documents. But is this as simple as it sounds?

...

http://www.opscentre.com.au/blog/mapping-networked-business-continuity-disciplines-into-documents/

In this age of data and science, it’s easy to underestimate the role of storytelling in human history. But the importance of storytelling is demonstrated by science, according to Louis Cozolino, a psychologist and professor of psychology at Pepperdine University.

In his book, “The Social Neuroscience of Education,” Cozolino says we’ve evolved to remember and tell stories as a way of retaining important information about our community, our world and ourselves.

In fact, a well-told story creates a “nexus of neural network integration” in all parts of the brain, Cozolino states.

...

http://www.itbusinessedge.com/blogs/integration/add-impact-to-data-analytics-by-tapping-our-primal-past.html

Tuesday, 13 May 2014 14:51

How the RIMS Risk Maturity Model Works

Hack Wilson was an MLB star in the 1920’s, but he had a drinking problem. Realizing his potential, Hack’s manager pulled him into the dugout and said, “If I drop a worm into a glass of water, it swims around fine. If I drop it into a glass of whiskey, it immediately dies. What does this prove?”

Hack responded, “If you drink whiskey, you’ll never get worms.”

Hack’s observation, while misguided, provides a lesson in the difficulty of training and educating employees. Over the next several weeks, I hope to provide a step by step walk through of the RIMS Risk Maturity Model (RMM) for enterprise risk management (ERM), and while doing so provide a framework that can be used to educate, implement, and enhance the ERM program at your own organization.

...

http://www.riskmanagementmonitor.com/how-the-rims-risk-maturity-model-works/

Looking back at the 20th Century, the way that the World conducted its ‘business’ and managed its affairs seems far removed from what we have become in the 21st Century. The momentous political and social effects of two global conflicts (with clashes of ideology and encompassing acts of incredible inhumanity) and the alignments of nations, politics, economies and business endured for a significant time.  Only as the last century drew to a close did change on a significant scale become apparent, driven by exposures of the weaknesses of both capitalism and socialism. The growing awareness and dialogue of populations through technology and the media about the state of the World and what they could to influence it began to influence behaviours at a higher level.  However, even as we thought that a shift in attitudes was happening the ‘old’ ways of national self interest and competition continued unabated through so-called periods of change such as the 1960s.  Even the end of the Cold War only realigned the World to some degree, and despite the changes in international trade, commerce and private rather than state-driven enterprise, old mistrusts remain.   While the empires of the future have yet to fully show their hands, they will be compelled to emerge from a rigid, two-sided and confrontational past to direct and manage the diverse, mobile, connected and aware populations that either they serve, or that serves them.  Of course, recent events have highlighted some regressional thought and attitudes that reach far back into history.

...

http://buckssecurity.wordpress.com/2014/05/12/the-future-of-resilience-starting-in-on-making-sense/

Tuesday, 13 May 2014 13:45

Executives and Risk: A Cautionary Tale

It’s been hard to determine a point of entry on the next book I’m writing.  What I thought initially would be a grand compendium of operational risk scenarios,  a reference manual of sorts for CEOs, has morphed into something more selective: identifying perhaps a dozen of the most costly forms of financial loss that are a direct function a failure to take steps that could mitigate, transfer, or otherwise manage risk.  From this book, CEOs and boards of directors will be able to identify proposals or programs with a high level of risk and determine cosciously at what level they should be involved.

I’ve been somewhat encouraged by reading lately of relevant neuroimaging studies which purport to explain how “the executive brain” works, [1] especially how it works under pressure, making decisions.  In one study by Bain, of 1,001 managers in global companies, [2] only 77% of those surveyed felt their company “chooses the right course of action;” only 68% felt their firm’s speed of decisions matched that of their competitors; and only 76% felt that their firm “executes decisions as intended.” In another study referenced by Blackman, he quotes the director of the research organization called NeuroLeadership Institute, David Rock, who says that “people who are good at strategy are better at sensing or feeling their way through strategies, rather than relying only on logic and being rational.”

...

http://anniesearle.createsend.com/t/ViewEmailArchive/r/9DCD65AEE2769CF02540EF23F30FEDED

Now that computers and the Internet are a regular part of our daily lives, the digital world increasingly contains potential evidence for all types of activity ranging from individual criminal actions to activity that may be relevant to a business litigation or investigation. Forensic investigations seek to uncover this evidence and then perform analysis in order to gain a full understanding of an end user’s activity on a given computing device. In recent years, traditional computer forensics, or “dead-box analysis,” has begun transitioning into “live-box analysis,” meaning more analyses are performed on volatile systems, such as live computer work stations and mobile devices like laptops, tablets and smartphones. Given the growing use of these mobile technologies for professional purposes, understanding the nuances of preserving, extracting and analyzing electronically stored information (ESI) from them is paramount to the success of any such investigation. Additionally, the policies established by the organization and its legal team to protect that data will be critical in defending this recovery moving forward.

...

http://www.corporatecomplianceinsights.com/data-on-the-move-the-evolution-of-mobile-tech-and-compliance/

On May 5, 2014, Target Corporation Chief Executive Officer Gregg Steinhafel resigned after having been with the company for 35 years, another casualty of the massive data breach that continues to damage the nation’s third-largest retailer. The data breach already claimed the job of Target Chief Information Officer Beth Jacob, who resigned shortly after the breach had been discovered and disclosed. But both of these high-profile resignations pale in comparison to the impact on Target itself, its business, its profits and its future.

The data breach occurred around November 12, 2013, at which time hackers began to access more than 40 million credit card numbers and 70 million addresses, phone numbers and other personal information. From that time through February 1, 2014, Target spent a whopping $61 million responding to the breach. This total does not include the costs (and potential liability) incurred in the more than 90 lawsuits filed against Target by their customers and banks, and it does not account for the fact that Target’s holiday sales fell by more 46 percent from the same quarter in the previous year due to shaken consumer confidence. Also, the $61 million does not capture the spectacle of Target Chief Financial Officer John Mulligan appearing before the Senate and testifying that Target was “deeply sorry” but that it failed to have responded to multiple intrusion warnings from its software prior to the breach.

...

http://www.corporatecomplianceinsights.com/protecting-yourself-against-data-breach-dont-be-a-target/

Failed mergers and acquisitions can be a real business continuity threat; however better management of M&A information risks can reduce the possibility of things going wrong.

By Charlotte Marshall

We are all creatures of routine and habit; we seek certainty and comfort in the familiar, especially when it comes to work, so the prospect of a company being completely overhauled is a daunting experience for many employees. But that is what happens when one firm acquires another; suddenly, for the acquired firm, everything is changing and fears begin to arise about job security, additional or reduced responsibilities, new relationships between the two firms and different ways of working.

Yet company mergers and acquisitions are a fact of business life as firms seek to grow, expand their portfolio or enter new markets. Over a third of office workers (37 percent) in Europe have been through a company merger or acquisition [1]; and with the European economy recovering, M&A activity is expected to increase significantly this year.

...

http://www.continuitycentral.com/feature1177.html

There is an interesting article in the latest edition of ‘The Economist’, discussing ‘The Decline of Deterrence’; the contention being that the US’s recent approach to the World and its issues is allowing different and opposing forces to come into play and influence the future.

In terms of the shape of global activity; we are currently in something of a “power hiatus”; with a continuing realignment of focus towards China (at the moment) and perhaps away from what we may consider to be the traditional US dominance of World politics. If we consider the global activity of the US and its change in recent years, there has been a significant change from the “global policing” approach to a more circumspect and perhaps hesitant approach to involvement in the activities of other nations.

And as ‘The Economist’ says: it is perhaps worth questioning the issues related to this-what fills the gap when there is a hiatus such as this? From my point of view, in the Organisational Resilience context, where will this have an effect upon organisational and business capabilities in the short and longer term?

...

http://buckssecurity.wordpress.com/2014/05/10/the-future-of-resilience-power-hiatus-or-full-stop/

By Deborah Ritchie

A groundbreaking report on antimicrobial and antibiotic resistance reveals the severity of this -- now very much established -- public health risk. The World Health Organisation's report provides the most comprehensive picture of drug resistance to date, incorporating data from 114 countries. The results are cause for high concern, documenting resistance to antibiotics, especially “last resort” antibiotics, in all regions of the world.

“Without urgent, coordinated action by many stakeholders, the world is headed for a post-antibiotic era, in which common infections and minor injuries which have been treatable for decades can once again kill,” says Dr Keiji Fukuda, WHO’s assistant director-general for Health Security.

“Effective antibiotics have been one of the pillars allowing us to live longer, live healthier, and benefit from modern medicine. Unless we take significant actions to improve efforts to prevent infections and also change how we produce, prescribe and use antibiotics, the world will lose more and more of these global public health goods and the implications will be devastating.”

...

http://www.cirmagazine.com/cir/Major-report-on-antibiotic-resistance-reveals-serious-risks.php

Open source applications and tools certainly are taking a beating lately. Heartbleed sent millions of people into a panic about changing passwords (and based on my Facebook feed and the online forums I follow, panic is the right word to describe it). Now the Covert Redirect bug, a security flaw affecting OAuth and OpenID has popped up.  Both of these are important elements of secure logins to many popular domains, ranging from Google to Facebook to Microsoft.

CSO Online quoted CloudLock's Kevin O’Brien on the issue:

...

http://www.itbusinessedge.com/blogs/data-security/lessons-to-be-learned-from-covert-redirect.html

Network World — It's been a month since the Heartbleed Bug set off a stampede to patch software in everything from network gear to security software as it quickly became evident that vulnerable versions of the OpenSSL encryption code had been very widely deployed.

Heartbleed, which would let a savvy attacker capture passwords or digital certificates, for example, came as a shock when the OpenSSL Group disclosed it on April 7 because it impacted an estimated 60% of servers worldwide ... and much more. But has it been the catastrophe that some feared?

So far, the consensus seems to be no, though some think pinning down Heartbleed-based break-ins is not easy. At best, Heartbleed has been a mammoth inconvenience everywhere as passwords and certificates were swapped out in what became a patching marathon around the globe.

...

http://www.cio.com/article/752645/Heartbleed_Was_a_Headache_But_Far_From_Fatal

Three recent studies provide a great reminder of the threats of data breach—and the role workers and IT departments play in either maintaining a company’s defense or letting malware storm the gates.

In its 2014 Data Breach Investigations Report, Verizon identified nine patterns that were responsible for 92% of the confirmed data breaches in 2013. These include: point of sale intrusions, web application attacks, insider misuse, physical theft/loss, miscellaneous errors, crimeware, card skimmers, denial of service attacks, and cyber-espionage. They have also identified the breakdown of these patterns in various industries, highlighting some of the greatest sources of cyber risk for your business:

...

http://www.riskmanagementmonitor.com/new-studies-highlight-sources-patterns-of-data-breach-and-how-to-do-better/

A growing number of public companies with complacent SOX programs are facing restatement and penalties from improper disclosures, improper revenue recognition and improper expense recognition. A fear of non-compliance with SOX and COSO 2013 has increased the risk that companies will adopt narrowly focused programs that attempt to mitigate the immediate regulatory compliance risks while failing to address the true intent of these regulations. It is a classic case of complying with the “letter of the law” and not its intent. The solution is for internal audit to lead through risk management assurance.

SOX compliance is now a routine process for most companies. How can we then explain the rapidly growing number of restatements and recognition complaints when companies certify they are in compliance?

I agree with Norman Marks, who believes that “complacency and denial” is being perpetuated by routine and checklist-like reviews.  Norman recently wrote about his favorite role that internal audit (IA) plays in an organization.  He describes that role as a fighter against “complacency and denial” that can be perpetuated by routine and checklist-like COSO [and SOX] reviews where it easy to utter “we have completed our quarterly review of the top risks and believe they are effectively managed.” He compares this delusional form of risk management to an “ostrich sticking his head in the sand while the battle rages around him and saying I looked up an hour ago.” Read Norman’s Blog on CAE Risk Intelligence.

...

http://www.corporatecomplianceinsights.com/fight-sox-complacency-to-reduce-your-risk-of-restatement/

Regulatory and legislative change has assumed the prime position as the leading risk for Australian and New Zealand businesses in 2013/2014, followed by concern regarding deteriorating local economic conditions and the impact of people risk.

These are the major findings of Aon’s 12th annual Australasian Risk Survey, which provides a snapshot of the risk management practices of 380 businesses operating in 15 key industry sectors, including 23 of the ASX top 100 Australian companies.

According to the survey, the top ten risks to Australian and New Zealand businesses are:

...

http://www.continuitycentral.com/news07199.html

The number seven crops up in many contexts: the Seven Wonders of the World, the seven dwarfs, and now the seven levels of cyber security. Let’s start with the different levels of threats posed by hackers. In order of increasing severity, we have: script kiddies (hacking for fun); the hacking group (often the first level of threat for SMBs); hacktivists (politically/socially motivated); black hat professionals (expert coders); organised cyber-criminals; nation states (NSA-style); and finally, the automated malicious attack tools that can infect huge numbers of organisations. With these seven levels of threats, what are the solutions?

...

http://www.opscentre.com.au/blog/is-seven-the-magic-number-for-it-security/

Today we published a new Forrester Wave: Social Risk & Compliance (SRC) Solutions, Q2 2014. This report evaluates 10 vendors emerging to help organizations enable companywide use of social media while providing the necessary controls and oversight to mitigate associated risks and enforce compliance.

Why now

Use of social media today is rampant.

It’s no longer just your marketing team that uses social media for business purposes. Employees across the entire organization use social media for personal and professional reasons, leveraging social to drive real business for your company. The opportunities to enhance your brand, deepen customer relationships, and glean new customer insights are all too valuable to ignore -- but the risks are real too.

...

http://blogs.forrester.com/nick_hayes/14-05-07-announcing_the_social_risk_compliance_src_solutions_wave

Thursday, 08 May 2014 16:06

What if...?

Keynote speaker and facilitator at this year’s BCI Executive Forum, Dr James Bellini sets the scene and identifies some of the major issues that will face business continuity professionals in the years ahead:

As a futurologist of many years’ standing I am regularly confronted with requests to ‘predict’ the outcome of some activity or development in the world of tomorrow. On occasion I’m even asked the name of the winner of an important upcoming horse race, or the score line of a major soccer match a few weeks hence. If only my crystal ball were that magical ... but it also reveals a basic misunderstanding of what futurology is all about.

I see my task as threefold: to apply a reality check on popular perceptions of the world around us, to create a framework for examining how ‘the future’ might unfold and to identify one or two possible future events or issues that would, if they actually occurred, pose very serious challenges for either business, government or the wider society – or all of these together.

...

http://thebceye.blogspot.com/2014/05/what-if.html

Generally speaking, I think internal auditors do a good job of assessing risks and developing risk-based audit plans. But there is always a danger that unfamiliar risks may be overlooked or that rapidly emerging risks will render even the best-crafted audit plans obsolete. If you typically undertake risk assessments only once or twice a year, you may not have incorporated several risks that have suddenly burst onto the radar of management or the Board of your organization.

Here are some areas that should be in our risk crosshairs in 2014:

...

http://www.corporatecomplianceinsights.com/5-risks-that-should-be-on-the-internal-audit-radar-now/

A new study, “The Valuation Implications of Enterprise Risk Management Maturity,” released by the Journal of Risk and Insurance, has found that organizations exhibiting mature risk management practices realize a value growth potential of up to 25%.

The survey is the first wholly independent research project that confirms the value connection of mature enterprise risk management practices in organizations. Using data from the RIMS Risk Maturity Model (RMM) gathered from 2006 to 2011, Mark Farrell, the paper’s author and the actuarial science and risk management program directorat Queens University Management School of Belfast (QUMS) and Dr. Ronan Gallagher of the University of Edinburgh Business School, provided evidence through this research that firms that have reached mature levels of enterprise risk management qualities exhibit a higher firm value. The broad data set encompassed publicly-traded organizations from a variety of industries. Nearly half the data tabulated by the researchers were submitted by RIMS members.

...

http://www.riskmanagementmonitor.com/strong-erm-program-gives-companies-higher-market-value/

The Ponemon Institute has published its ninth annual Cost of Data Breach Study, which was sponsored by IBM.

According to the benchmark study of 314 companies spanning 10 countries, the average consolidated total cost of a data breach increased 15 percent in the last year to $3.5 million. The study also found that the cost incurred for each lost or stolen record containing sensitive and confidential information increased more than nine percent to a consolidated average of $145.

Interestingly, the research was able to provide quantified evidence for the advantages of linking information security management and business continuity management programs, finding that the involvement of business continuity management reduced the cost of a data breach by an average of almost $9 per record.

...

http://www.continuitycentral.com/news07192.html

On May 5, 2014, Target announced the resignation of its CEO, Gregg Steinhafel, in large part because of the massive and embarrassing customer data breach that occurred just before the 2013 U.S. holiday season kicked into high gear. After a security breach or incident, the CISO (or whoever is in charge of security) or the CIO, or both, are usually axed. Someone’s head has to roll. But the resignation of the CEO is unusual, and I believe this marks an important turning point in the visibility, prioritization, importance, and funding of information security. It’s an indication of just how much:

...

http://blogs.forrester.com/stephanie_balaouras/14-05-05-if_you_are_ceo_of_a_consumer_organization_you_have_a_new_job_responsibility_security

Small and medium sized business (SMBs) in the UK are missing out on possible insurance deals that could be available to them if only they had a business continuity plan in place. This is according to a survey conducted by Cloud Direct of more than 500 UK SMBs.

The survey of 558 business and IT decision-makers revealed that 54% of respondents were unaware there were insurance benefits to having a business continuity plan, yet the British Insurance Brokers’ Association (Biba) has long committed to supporting business resilience measures with reduced insurance premiums and excesses. To promote this stance in 2012, they conducted a joint survey with the Cabinet Office, which found that 83% of insurers questioned would give a discount or improve terms to a business interruption policy if a business continuity plan were in place.

...

http://www.thebci.org/index.php/about/news-room#/news/smbs-missing-out-on-insurance-perks-due-to-no-business-continuity-planning-83651?utm_source=rss

undefined

Many business activities and the resources that support them can be disrupted by severe weather. In fact, a survey by the Chartered Management Institute, in association with the BCI, BSI and the Cabinet Office, found that 54% of businesses reported being disrupted by severe weather in 2012, making it the number one cause of business disruption for the fourth year running. Most recently the winter of 2013/14 has been reported as the wettest winter in England and Wales since records began with heavy rainfall and storms causing widespread flooding and disruption.

It is not possible to say that climate change alone is causing the increase in these disruptive events. Other changes are putting more value at risk, such as increasingly lean and complex supply chains and development in vulnerable locations. However, what is clear is that both the frequency of severe weather events and the value at risk are increasing. This has implications for business continuity and broader business objectives.

Organizations need to be prepared for severe weather regardless of the cause. This can involve making physical, operational or strategic changes and includes actions that tackle the likelihood of damage or disruption as well as those aimed at managing its impacts. It can include preparing for opportunities as well as threats.

In partnership with BSI, the Environment Agency has developed a Smart Guide on Adapting to Climate Change using a business continuity management system. Aimed at BC professionals, the guide is freely available and is intended to help:

  • Understand how climate change is influencing their risks
  • Take the lead on managing such risks
  • Be confident that their BCMS will remain effective during disruptive events
  • Make the case for additional resources to implement BC or adaptation measures
  • Communicate effectively about risk management from severe weather and the approach to climate change adaptation both internally and externally.

The Smart Guide can be downloaded for free from here.

Being able to show a valid certificate for business continuity management is becoming increasingly important. Firstly, you can expect to parlay your hard-won certificate into financial advantage for your company in several ways. Secondly, many customer organisations also now insist that you demonstrate business continuity certification as a condition for doing business. The BS 25999-2 standard has been a popular benchmark of excellence in this area. However, this standard has now been superseded by ISO 22301:2012. If you currently hold BS 25999-2 certification, the BSI (British Standards Institution) states it will expire by 31st of May, 2014. The solution is to recertify under ISO 22301:2012. What does that mean in terms of impact?

...

http://www.opscentre.com.au/blog/bs-25999-2-to-iso-22301-will-your-business-continuity-certification-still-be-valid/

Thursday, 24 April 2014 17:00

FERMA launches 2014 benchmarking survey

By staff reporter

The Federation of European Risk Management Associations (FERMA) has launched its 2014 Benchmarking Survey of European risk and insurance management, in association with its national association members in 20 European countries.

The FERMA Benchmarking Survey, which takes place every other year, is among the widest expression of the views of risk and insurance managers across Europe with more than 800 responses in 2012. An independent research company, Toluna, will collect the responses and compile the results.

To create the 2014 Benchmarking Survey, FERMA worked extensively with its member associations plus five commercial partners: AXA Corporate Solutions, EY, Marsh, XL Group and Zurich. Based on this collaboration, the survey will ask risk and insurance managers for their views on:

...

http://www.cirmagazine.com/cir/FERMA-launches-2014-benchmarking-survey.php

By staff reporter

An investment in safety and a proactive risk management strategy can provide real returns in terms of fewer accidents, lower costs, higher quality and a stronger reputation. These are among the findings of a new paper released by ACE Group that explores strategies for managing risk in the construction industry. The report reviews the importance of building a strong safety culture, and outlines the components of an effective construction risk management programme.

Building an Effective Strategy for Managing Construction Risk explains the need for a robust risk management strategy administered by safety and risk management experts who have a deep understanding of construction risk.

...

http://www.cirmagazine.com/cir/New-report-explores-best-practices-for-managing-construction-risk.php

Thursday, 24 April 2014 16:58

BCI launch new 2020 Group

undefined

The first meeting of the Business Continuity Institute's new 2020 Group was held on the 22nd April at Credit Suisse's offices in Canary Wharf in London. The 2020 Group is a new Think Tank set up by the BCI to commemorate the 20th anniversary of the Institute and to provide thought leadership to the industry as it prepares to face the challenges of the future.

Chaired by Lyndon Bird FBCI, the BCI’s Technical Director, and made up of senior figures from the industry, the purpose of the 2020 Group is to debate key issues relating to business continuity under the wider umbrella of resilience and produce high quality publications or academic journal articles that will provide value to those working within the industry. The 2020 Group will provide visionary insight into challenges facing business continuity practitioners, how the discipline is positioned in the risk landscape, and examine emerging trends.

In order to provide focus to the work of the group, it was decided to concentrate on trying to answer the question "What will BCM look like in 2020?" This question complements this year’s BCI Executive Forum in Amsterdam where discussion will centre on possible future business, political and cultural changes that will impact BCM as a discipline.

Speaking at the launch of the group, Lyndon Bird commented: "There is a need to think about the direction business continuity is taking. It may be the BCI's 20th anniversary, but instead of just celebrating the past, we thought it more appropriate to focus on the future and take stock of what is happening in an evolving discipline."

http://www.thebci.org/index.php/about/news-room#/news/bci-launch-new-2020-group-82891

Techworld — The number of cyberattacks directed at cloud infrastructure is still below that experienced by on-premises data centres but will probably reach parity at some point, an analysis by security-as-a-service provider Alert Logic has suggested.

The firm's Cloud Security Report [reg required] looked at 232,364 verified security incidents at 2,212 organizations in North America and Western Europe over a 6-month period last year using the firm's own intrusion system, finding a predictable rise in attacks across all environments.

The top attack types for cloud hosting providers (CHPs), which formed 80 percent of the sample, centred on brute force attacks on credentials and scans for vulnerable software, both seen by seen by 44 percent of its customers. This find is significant because for the first time the numbers roughly match the percentage of customers reporting such incidents in on on-premises data centres.

...

http://www.cio.com/article/751924/Criminals_Increasingly_Attack_Cloud_Providers

The answer is clear, says the Linux fan. The Linux operating system has proven its dependability time and time again. If NASA uses Linux for the International Space Station, and Oracle and IBM make it a strategic plank in their systems platform, organisations everywhere can also rely on this open system for day-in, day-out business continuity. Not so fast, says the Microsoft Windows Server aficionado. Not only has the latest version, Windows Server 2012, made even bigger strides towards robust, continuous operation, but you’re also forgetting about several other BC factors that are just as important.

...

http://www.opscentre.com.au/blog/is-a-windows-or-linux-server-better-for-business-continuity/

Countless hours and thousands of words have been spent extolling the need to get Senior Management buy-in for Business Continuity – an admirable effort.  Yet so little has been written about capturing the attention of BCM’s largest audience – line managers.  We shouldn’t assume that the threat of punishment (the ‘stick’) will suffice to gain their cooperation; instead we ought to dangle incentives (the ‘carrot’).  And the most valuable of these incentives is Knowledge Capture.

The old adage “You don’t miss your water ‘til your well runs dry” is applicable to Business Continuity Planning.

Documenting your Business Continuity strategies and alternatives presents a great opportunity to capture knowledge that exists in your organization, but may not be widely known (or may be hidden).

...

http://ebrp.net/knowledge-capture-gain-more-valued-from-bcm-planning/

Most everyone who wants to be on the cloud has done so by now, in one form or another. In fact, many organizations that have yet to embrace the technology formally may be surprised to learn that their employees are already doing so informally.

But even among those with cloud policies in place, it is surprising to leading cloud experts how flimsy many of them are. To be sure, most organizations have detailed notions as to how to get on the cloud via virtualization and logical abstraction, but thought is rarely given to what to do with the cloud once it is established.

Author and technology analyst David Linthicum recently noted that while most enterprises are adept at deploying new technology, there is often a lack of planning as to how it can be utilized to produce the maximum benefit. For example, few strategies include items like governance for either services or resources. This is a biggie because without governance, you merely have another infrastructure stack to deal with rather than a cohesive data environment. Operations planning is also needed, unless you want your new cloud environment to suffer a “slow but sure death.”\

...

http://www.itbusinessedge.com/blogs/infrastructure/youre-on-the-cloud-but-do-you-have-a-plan.html

Thursday, 24 April 2014 14:56

New maritime risk rating system launched

By Deborah Ritchie

A new maritime risk rating system has been launched. The International Maritime Risk Rating Agency (IMRRA) was founded with the support of a number of major oil companies in their attempts to unify areas of marine risk assessment and management, making them more transparent and comprehensive. The commercial shipping industry transports more than 90% of the world’s cargo, and with this new system, IMRRA believes it can reflect unprecedented transparency in marine risk.

The new site has gone public with its oil tanker risk rating system, employing numerous major industry databases that are then compiled and refined into one field for further analysis and calculations before being assessed against a Risk Criteria Matrix. Key factors related to tanker safety are pinpointed, assessed and assigned numerical weighting values.

London-based IMRRA provides information on almost every tanker vessel currently operating in the oil shipping industry, allowing direct comparison with aggregated data, industry standards and the average risk calculation to provide an accurate overall score of any given vessel’s risks.

...

http://www.cirmagazine.com/cir/New-maritime-risk-rating-system-launched.php

Andrew Griffin details six principles for ensuring that your organization is truly crisis ready.

Most of the work done in the name of crisis management is in fact crisis preparedness. “Are you ready to face the worst?” is a question that boards ask, regulators ask, governments ask and investors ask. They want to know that an organization and its senior management are in an advanced state of crisis preparedness. This article looks at how an organization can become ‘crisis ready’.

1. Preparing policy

Principle: Crisis management is a distinct component of an organization’s wider resilience framework.

Crisis management policy should explain how the organization thinks about and prepares for crises as a distinct component of a wider resilience framework.

...

http://www.continuitycentral.com/feature1172.html

By Dr. Jim Kennedy, NMCE, CRISC, CEH, CHS-IV, MRP, CBRM

Based on all of the diligent work of IT and information security organizations corporations and government agencies are beginning to see real progress on protecting their operations against external threats. However, the bad news is that we are being faced with a more difficult challenge of protecting our information assets from insider threats.

Insider attacks (data leakage, intellectual property theft, and data corruption and/or loss) account for as much as 80 percent of all computer and Internet related incidents and crimes. 70 percent of corporate attacks causing at least $20,000 of damage and threats that could have impact on national security are the direct result of malicious trusted insiders.

In fact, the US Secret Service - National Threat Center has indicated that: “The greatest information security threat facing your organization is in your office right now. It has the ability to bypass the physical and logical controls you have put into place to protect the perimeter of your network and has already obtained credentials to access a significant portion of your infrastructure.”

...

http://www.continuitycentral.com/feature1171.html

By Charlie Maclean-Bristol, MBCI, FEPS.

Throughout Scotland, at the moment, all conversations seem to quite quickly move on to the topic of the independence debate. I was sitting in the lounge bar of the Coll Hotel, on the Island of Coll, and could hear a lively debate going on in the public bar. It was a measured conversation and good points were being made on both sides. Most people I know seem to have made up their mind, so when I hear the issue being discussed it is usually just a rundown of the latest news and developments.

In terms of the debate within businesses there is a rather different attitude. Many public sector organizations have been told they are not allowed to talk about independence at all. Other organizations are keeping their head down, saying nothing publicly as they know they don’t want to be seen to belong to either camp, for fear the vote goes the wrong way and then there is a backlash against those who spoke out. For me it seems that only the large companies, such as Standard Life and Shell, that Scotland needs as much as they need Scotland, have the luxury of making their feelings on independence clear.

So what has Scottish independence got to do with business continuity?

...

http://www.continuitycentral.com/feature1173.html

The de Blasio administration has released a comprehensive diagnostic report on New York’s response to Hurricane Sandy, including an extensive set of recommendations to provide financial relief to homeowners and businesses and engage communities directly in the rebuilding process.

The report represents a major overhaul of currently active recovery programs—including expediting the process for families and businesses currently rebuilding and expanding eligibility for immediate relief; using the rebuilding and recovery process to expand economic opportunity and create job pathways for more New Yorkers; and improving coordination within the city and across levels of government. The report also provides details on the city’s infrastructure-related efforts to rebuild a stronger, more resilient New York to protect against future extreme weather and climate change.

The report follows a number of improvements made since January to cut red tape.

The full report is available here (PDF).

As businesses increasingly rely on external parties for critical services, they become more vulnerable to business interruptions. This is especially true when such businesses know little about their third party vendors' resiliency and recovery capabilities, according to a new PwC US whitepaper, which examines the effects that vendor resiliency, or lack thereof, can have on an organization's business continuity strategy.

Entitled, ‘Business continuity beyond company walls: When a crisis hits, will your vendors' resiliency match your own?’, the PwC report also notes that risk becomes greater when the organization has a limited understanding of its own business interruption threats, resiliency status and recovery capabilities and strategies.

"In a world of ever increasing dependence on third party vendors, you need to know if you can count on the other party when a crisis strikes," said Phil Samson, principal in PwC's Risk Assurance practice and the firm's Business Continuity Management services leader. "It's all about transparency - asking the right questions and pushing the right levers to determine whether your vendors will be able to weather a serious business interruption and quickly resume business as usual. The more you know about your own needs, your vendor's capabilities, and the robustness of your resiliency plans, the more comfort you'll have about staying on track toward your long-term strategic and operational goals even when faced with adverse developments."

...

http://www.continuitycentral.com/news07169.html

Last week, news about yet another data breach at major retail outlets surfaced. As Krebs on Security reported, Michaels Stores Inc., which includes Michaels Arts and Crafts and Aaron Brothers stores, admitted that its stores suffered two different eight-month-long breaches over the past year. Approximately three million credit card numbers were compromised in these attacks.

These breaches are a big deal—especially as seen in conjunction with other high-profile retail breaches. Millions of consumers have been victimized in these security breakdowns, at no fault of their own.

It is no wonder that a new survey from research firm GfK found that an overwhelming majority of consumers, 88 percent, voiced concerns over the privacy of their information and data. According to eSecurity Planet:

...

http://www.itbusinessedge.com/blogs/data-security/consumers-uneasy-about-privacy-as-more-companies-report-data-breaches.html

Tuesday, 22 April 2014 15:40

The Green Data Center in the Real World

In an ideal world, all energy would be free, data resources would be unlimited, and every day would be Christmas, Easter and your birthday rolled into one.

But as my grandma always told me, “this ain’t a perfect world, kid.” As you can probably guess, grandma wasn’t one of those sweet, little old ladies who sat in rocking chairs all day knitting sweaters.

Enterprise executives, and the environmental lobbies that are prodding them, need to get real about two key aspects of the burgeoning “green data center” movement. The first is that no matter how often you place the word “free” in front of an eco-friendly endeavor – free heat, free cooling, free power – none of it is truly free. There is both a financial and environmental cost to everything we do.

...

http://www.itbusinessedge.com/blogs/infrastructure/the-green-data-center-in-the-real-world.html

Monday, 21 April 2014 13:41

For your bookshelf

n the coming months there will be some new books from us and our alumni which aim to contribute to areas of organisational resilience and assist in knowledge development; perhaps even encourage some debate:

‘In Hindsight’, edited by Robert Clark, is a collection of case-study based analyses related to continuity and organisational resilience carried out by an international cohort of our postgraduates with backgrounds and experience in multiple sectors

...

http://buckssecurity.wordpress.com/2014/04/19/for-your-bookshelf/

Enterprises today are still choosing to outsource many IT functions despite the sometimes negative views of the practice. For many businesses, the only way to affordably provide skilled IT services is to sign on with an outsourcing company. If your company is considering the option of outsourcing some of its IT processes, management should create a list of areas of concern and go through each scenario prior to signing on the dotted line with an outsourcer.

The foremost concern for the enterprise should, of course, be security and privacy. How would email, smartphones, instant messaging, VPNs, and even documents and paperwork be affected by outsourcing some IT services to a company overseas? Are your networks ready to handle such risk? Are proper governance and procedural documentation in place to spell out what is and is not allowed and how outsourcing issues will be handled?

...

http://www.itbusinessedge.com/blogs/it-tools/before-you-outsource-consider-risks-and-security.html

Among the previous articles you’ve read in our blog, you may have noticed that besides discussing how good business continuity management can save organisations from disaster, we also like to point out where it can also simply save you money. Here’s one of those cases. Satellite communications may intuitively seem to be more expensive than landline links. It’s easy to assume that with project and launch costs running into astronomical amounts, it won’t necessarily be the cheapest option for making phone calls or network connections. But is that really the case?

...

http://www.opscentre.com.au/blog/smart-satellite-communications-and-business-continuity-benefit/

CSO — As "bring your own device" (BYOD) reshapes the way organizations handle technology, how do we handle the uncertainty of legal liability and security concerns?

The answer lies in considering how BYOD changes the entire organization. Change is scary. More so when the impacts of the change, including legal liabilities, are unclear and relatively untested.

Change is also an opportunity. Employees are excited about BYOD and the chance to use devices they prefer. This gives security an opportunity to support the business, enable individuals, and improve security.

To ensure BYOD increases value while also increasing security requires different thinking and an approach that brings people together in a series of conversations.

...

http://www.cio.com/article/751585/3_Ways_the_Right_Conversation_can_Reduce_BYOD_Legal_Liability

Thursday, 17 April 2014 13:04

A New Era for Data Center Hardware

The enterprise industry is changing, and with it the data center itself. Virtualization, software-defined infrastructure and cloud computing are all changing the equation that organizations use to build and finance their data support capabilities, which has led many pundits to predict the end of the data center as we know it.

And perhaps it’s true, as I mentioned a few days ago, that we are on the verge of utility-style virtual data environments, but the bottom line is that no matter how services and applications are delivered, they have to reside on physical infrastructure somewhere. So even if enterprises of all stripes start shedding their local data centers for on-demand virtual infrastructure, it’s a safe bet that demand for enterprise-class hardware and middleware will remain vibrant for some time.

...

http://www.itbusinessedge.com/blogs/infrastructure/a-new-era-for-data-center-hardware.html

CHICAGO – Spring in the Midwest brings the potential for severe weather, and the Federal Emergency Management Agency (FEMA) is encouraging everyone to take steps now to ensure your family is prepared. Don’t forget to consider the safety of your finances before a severe storm threatensyour area.

“Don’t hinder your recovery if disaster strikes. Take the time now to ensure criticaldocuments are safely stored, valuables are adequately insured, and potential spending needs are planned for,” said Andrew Velasquez III, regional administrator, FEMA Region V.

Rememberthese three steps: Identify, Enroll & Plan.

1. Identify your important documents and place them in a safe space: You can use FEMA’s Safeguarding Your Valuables activity and Emergency Financial First Aid Kit to help get you started.

• Scan important records such as medical records and financial documents, and save the files on disk or flash drives. Password-protect the data you have stored and keep the backup records in a safe deposit box or other off-site location.

• If you have no way to scan/copy records, store them in a flood and fireproof home safe or a safe deposit box. Avoid storing on the floor of a basement, especially if it is prone to flooding.

• Include any records that you may need immediately, such as medical records or medical contact information, in your disaster kit.

2. Enroll in online banking, direct deposit and/or Go Direct to minimize disruptions to receiving paychecks or any government benefits you may receive.

• Consider keeping a small amount of cash or traveler’s checks on hand in case ATMs or credit cards are not working.

3. Plan ahead of time to recover by considering your post-disaster needs and preparing for them now.

• Make a record of your personal property for insurance purposes, and if possible, take photos or a video of your home. Consider keeping a copy on a CD or flash drive in your disaster kit, so that you can provide it to your insurance company following a loss.

• Ensure you’re adequately insured. Contact your insurance agent to review your insurance coverage so your home is financially protected.

• Identify potential spending needs now, and plan for ways to meet those needs.

• Store contact information for all of your financial institutions; after a disaster contact your credit card company, your mortgage lender, and other creditors to let them know about your situation.

For valuable resources on financial readiness before a disaster, visit www.ready.gov/financialpreparedness. For even more readiness information follow FEMA Region V at twitter.com/femaregion5 and facebook.com/fema. Individuals can always find valuable severe weather preparedness information at www.ready.gov/severe-weatheror download the free FEMA app, available for Android, Apple or Blackberry devices.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at twitter.com/femaregion5, www.facebook.com/fema, and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at twitter.com/craigatfema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

Thursday, 17 April 2014 13:02

Lessons Learned from Winter’s Wrath

What a winter. As the “polar vortex” pushed cold weather from the arctic all the way to the deep south in the United States, severe snow storms and frigid temperature cost the American economy billions. While there have been obvious physical losses, such as roof collapses and endless potholes to repair, three less evident balance sheet exposures have wreaked havoc across a broad swath of industries. People are paying attention to the economic impact of the weather (witness #frozenomics on Twitter, a term coined by CNBC).  Here are some of the weather-related exposures we are watching:

  1. Event cancellations. This season’s major snowstorms and unrelenting freeze forced the cancellation of countless events, from conferences, to sporting events. Event hosts have suffered not only lost revenue from attendees, they forfeited the merchandise sales and “sunken costs” – from signage to non-refundable food and beverage deposits -of their suddenly defunct events. Even those that staged events far from the possibility of snowflakes felt the fallout, as airlines cancelled flights in record numbers. (Some 13,500 flights were cancelled in one week in February alone. ) In many cases, attendees just could not make the trip, as winter weather halted transport to even sunny locales.

...

http://www.riskmanagementmonitor.com/lessons-learned-from-winters-wrath/

CIO — The amount of electronic information (e.g., documents, images, emails, videos) organizations produce is staggering. Storing all your digital data in your data center can be expensive. That's why cloud storage -- which often comes at a fraction of the cost of storing the information on-premises -- has become increasingly popular.

But before you think of storage in the cloud, you need to be sure to clearly identify your needs, says Chris Poelker, vice president, Enterprise Solutions, FalconStor Software, a provider of data protection, virtualization, backup, disaster-recovery and deduplication services. "Is high performance [and availability] important, or are you just looking to archive data?"

You should also do some research before choosing where to store your digital data, as not all cloud storage vendors (and service level agreements, or SLAs) are the same.

...

http://www.cio.com/article/751584/9_Things_You_Need_to_Know_Before_You_Store_Data_in_the_Cloud

Richard Chambers, CIA, CGAP, CCSA, CRMA, shares his personal reflections and insights on the internal audit profession.  

Generally speaking, I think internal auditors do a good job of assessing risks and developing risk-based audit plans. But there is always a danger that unfamiliar risks may be overlooked or that rapidly emerging risks will render even the best crafted audit plans obsolete. If you typically undertake risk assessments only once or twice a year, you may not have incorporated several risks that have suddenly burst onto the radar of management or the board of your organization.

Here are some areas that should be in our risk crosshairs in 2014:

...

http://www.theiia.org/blogs/chambers/index.cfm/post/5%20Risks%20That%20Should%20Be%20On%20the%20Internal%20Audit%20Radar%20-%20Now!

Wednesday, 16 April 2014 14:38

Big Data Security Context

CSO — I just finished up a lengthy tour through Latin America and Asia, as described in many of my latest blogs. Most recently I was in Australia and New Zealand (ANZ). I had the opportunity to work with various government agencies, organizations within critical infrastructure and general enterprise businesses across ANZ. Their primary topic of interest: big data. More specifically, they were interested in determining what needs to be part of a successful big data security strategy.

Years ago some organizations throughout ANZ viewed cyber security in the same way they viewed physical security in response to nation-state threats. Because ANZ has a land and sea gap physically separating them from other countries, there was a feeling of separation and protection from the nefarious activities that might be happening around the world. Of course others realized, as almost all do today, that cyber attacks have grater range than a jet fighter or ICBM regardless of whether they're perpetrated by nation-states, cyber criminals or activists. To address this issue, organizations are trying to optimize their use of big data security by letting the machines do the heavy lifting and allowing the humans to manage by exception.

...

http://www.cio.com/article/751546/Big_Data_Security_Context

Everyone makes mistakes, but for social media teams, one wrong click can mean catastrophe. @USAirways experienced this yesterday when it responded to a customer complaint on Twitter with a pornographic image, quickly escalating into every social media manager’s worst nightmare.

Not only is this one of the most obscene social media #fails to date, but the marketers operating the airline’s Twitter handle left the post online for close to an hour. In the age of social media, it might as well have remained up there for a decade. Regardless of how or why this happened, this event immediately paints a picture of incompetence at US Airways, as well as the newly merged American Airlines brand.

It also indicates a lack of effective oversight and governance.

While details are still emerging, initial reports indicate that human error was the cause of the errant US Airways tweet, which likely means it was a copy and paste mistake or the image was saved incorrectly and selected from the wrong stream. In any case, basic controls could have prevented this brand disaster:

...

http://blogs.forrester.com/nick_hayes/14-04-15-key_lesson_from_the_us_airways_fail_marketers_need_help_managing_risk

When it comes to IT security, the complexity of managing all the technologies involved often seems like a clear-cut case of insult being continuously added to injury.

Looking to address that complexity issue, Trend Micro today announced an upgrade to the Trend Micro Complete User Protection suite of endpoint security software that makes it much easier to both deploy a mix of IT security technologies as well as acquire them in the age of the cloud.

Confronted with a dizzying array of security products in and out of the cloud, Eric Skinner, vice president of solutions marketing for Trend Micro, concedes it’s very likely that customers are unprotected simply because they failed to acquire the right type of security product to address a particular class of known threats. The primary reason for that failure, says Skinner, is often the complex line card of products that security vendors present to customers. Presented with a raft of options and a limited budget, customers often wind up making a best guess as to which endpoint software to deploy.

...

http://www.itbusinessedge.com/blogs/it-unmasked/trend-micro-reduces-endpoint-security-complexity.html

With so many data centers making up the firmament of the cloud these days, it’s only natural that a pantheon of service providers would emerge to offer disaster recovery as a cloud service.

The latest cloud service provider to join the list of vendors offering such services is VMware, which today is unfurling the VMware vCloud Hybrid Service Disaster Recovery offering as part of its public cloud service.

Angelos Kottas, director of product marketing for the VMware Hybrid Cloud unit, says the VMware disaster recovery service is designed to replicate virtual machines over a wide area network every 15 minutes. Recovery point objectives (RPOs) for the service can be set for anywhere between 15 minutes to 24 hours.

...

http://www.itbusinessedge.com/blogs/it-unmasked/vmware-leverages-the-cloud-to-provide-disaster-recovery-service.html

It is hard to imagine any people, collectively, being better prepared for earthquakes than the Japanese. Their country is one long seismic zone, which at any moment could, literally, rock and roll. Every Sept. 1, across the archipelago, Japanese engage in exercises devoted to disaster awareness: what to do should the worst happen. The occasion resonates with history. On that date in 1923, the Great Kanto earthquake devastated Tokyo and nearby Yokohama, unleashing fire and fury that left more than 100,000 people dead. After that, Japan resolved that it would prepare for whatever cataclysm nature might throw at it.

And yet.

When a huge earthquake struck Kobe in southern Japan in January 1995, killing more than 6,400, the national government and local officials stood accused of foot-dragging — a slow response that, among other failings, cost some people their lives and left as many as 300,000 others out in the cold, homeless for far too long. Comparable indictments of the authorities were heard in 2011 after the Tohoku earthquake and tsunami, which overwhelmed parts of northeastern Japan and created the enduring nuclear nightmare at the crippled Fukushima Daiichi power plant.

...

http://www.nytimes.com/2014/04/14/us/promises-of-preparedness-followed-devastating-earthquakes-and-yet.html

The MSc Organisational Resilience (OR) at Buckinghamshire New University is loading up with students very rapidly.  The MSc OR is designed to meet the requirements of business, public and private sectors globally and the professionals who are either currently employed in its disciplines or who seek to develop advanced capability.  Our approach has been to design and deliver an accessible postgraduate programme that reflects sector currency and assists in the drive towards further professionalism and research capabilities.  This, we believe, is crucial to developing fluency what is becoming recognised as a coherent, rather than distinct and completely separable, group of linked subjects.  In this programme; the development of mastery in understanding of these links, in their applicability to organisations and business, and the high-level knowledge, confidence and capability necessary to be fully effective as an OR professional are considered to be essential and explicit educational outcomes.

To support and as an adjunct to these requirements, the MSc OR is also designed to meet the needs of students who are, or who aspire to be, employed as managers and as sector influencers in the wide subject area of OR.  There are many currently working in the sector that have long-term experience and are seeking validation and evidence of this through the achievement of postgraduate qualification. In particular, applied postgraduate programmes and awards are considered to be the most desirable and required awards by companies and employers.  Industry also requires, because of the growing inter-relationship and blurred boundaries between the various elements, and the constant development of new risks and the need to mitigate them; the development of organisational and individual capability and knowledge across a range of contributing areas.   Therefore, this programme is designed to educate those with a specialist interest in the following areas and sub-disciplines:

...

http://buckssecurity.wordpress.com/2014/04/15/msc-organisational-resilience-loading-up/

CIO — It's hard to resist the sparkly nirvana that big data, leveraged appropriately, promises to those who choose to embrace it. You can transform your business, become more relevant to your customers, increase your profits and target efficiencies in your market all by simply taking a look at the data you probably already have in your possession but have been ignoring due to a lack of qualified talent to glean value from it.

Enter the data scientist — arguably one of the hottest jobs on the market. The perfect candidate is a numbers whiz and savant at office politics who plays statistical computing languages like a skilled pianist. But it can be hard to translate that ideal into an actionable job description and screening criteria.

This article explains several virtues to look for when identifying suitable candidates for an open data scientist position on your team. It also notes some market dynamics when it comes to establishing compensation packages for data scientists.

...

http://www.cio.com/article/751478/4_Qualities_to_Look_for_in_a_Data_Scientist

Computerworld — The IT response to Heartbleed is almost as scary as the hole itself. Patching it, installing new certificates and then changing all passwords is fine as far as it goes, but a critical follow-up step is missing. We have to fundamentally rethink how the security of mission-critical software is handled.

Viewed properly, Heartbleed is a gift to IT: an urgent wake-up call to fundamental problems with how Internet security is addressed. If the call is heeded, we could see major improvements. If the flaw is just patched and then ignored, we're doomed. (I think we've all been doomed for years, but now I have more proof.)

Let's start with how Heartbleed happened. It was apparently created accidentally two years ago by German software developer Robin Seggelmann. In an interview with the Sydney Morning Herald, Seggelmann said, "I was working on improving OpenSSL and submitted numerous bug fixes and added new features. In one of the new features, unfortunately, I missed validating a variable containing a length."

...

http://www.cio.com/article/751504/With_Heartbleed_IT_Leaders_Are_Missing_the_Point

So what will you choose: public cloud, private cloud – or perhaps a solution in between? The flexibility and scalability of the cloud have also made it well suited to partial use, namely the hybrid cloud solution. Those who can’t quite make up their mind can have as much or as little of the cloud as suits them. However, it’s better still to approach this resource with a clear IT strategy in mind and to make a hybrid cloud solution a deliberate choice, rather than a vague default. Here are two possibilities that could drive a hybrid cloud decision.

...

http://www.opscentre.com.au/blog/successfully-sitting-on-the-fence-with-hybrid-cloud/

IDG News Service (San Francisco Bureau) — Canada's tax authority and a popular British parenting website both lost user data after attackers exploited the Heartbleed SSL vulnerability, they said Monday.

The admissions are thought to be the first from websites that confirm data loss as a result of Heartbleed, which was first publicized last Tuesday. The flaw existed in Open SSL, a cryptographic library used by thousands of websites to enableA encryption, and was quickly labeled one of the most serious security vulnerabilities in years.

The Canada Revenue Agency (CRA) blocked public access to its online services last Tuesday in reaction to the announcement, but that wasn't fast enough to stop attackers from stealing information, it said on its website.

...

http://www.cio.com/article/751475/First_sites_admit_data_loss_through_Heartbleed_attacks

IDG News Service (Washington, D.C., Bureau) — More U.S. Internet users report they have been victims of data breach, while 80 percent want additional restrictions against sharing of online data, according to two surveys released Monday.

While nearly half of all U.S. Internet users avoid at least one type of online service because of privacy concerns, according to a survey by marketing research firm GfK, 18 percent reported as of January that important personal information was stolen from them online, a poll from the Pew Research Center's Internet and American Life Project found. That's an increase from 11 percent last July.

"As online Americans have become ever more engaged with online life, their concerns about the amount of personal information available about them online have shifted as well," Mary Madden, a senior researcher at Pew, wrote in a blog post. "When we look at how broad measures of concern among adults have changed over the past five years, we find that internet users have become more worried about the amount of personal information available about them online."

...

http://www.cio.com/article/751473/Data_Breaches_Nail_More_US_Internet_Users_Regulation_Support_Rises

“We don’t need no education . . .”

I couldn’t help but think of that line from a Pink Floyd song when I saw the headline on an eSecurity Planet article, “Majority of Employees Don’t Receive Security Awareness Training.”

The article goes on to report on a study by Enterprise Management Associates called Security Awareness Training: It's Not Just for Compliance. The study interviewed 600 people at companies of all sizes, from the very small to the very large, and what it found was that more than half of employees not working in IT or security receive no security awareness training. However, business size did make a difference – midsize businesses fared the worst when it comes to security education.

...

http://www.itbusinessedge.com/blogs/data-security/lack-of-security-awareness-training-puts-data-and-networks-at-risk.html

Tuesday, 15 April 2014 14:11

Is the Virtual Data Center Inevitable?

Given the state of virtual and cloud-based infrastructure, it’s almost impossible not to think about end-to-end data environments residing in abstract software layers atop physical infrastructure.

But is the virtual data center (VDC) really in the cards? And if so, does it mean all data environments will soon gravitate toward these ethereal constructs, or will there still be use cases for traditional, on-premises infrastructure?

Undoubtedly, a fully virtualized data operation offers many advantages. Aside from the lower capital and operating costs, it will be much easier to support mobile communications, collaboration, social networking and many of the other trends that are driving the knowledge workforce to new levels of productivity.

...

http://www.itbusinessedge.com/blogs/infrastructure/is-the-virtual-data-center-inevitable.html

I saw an encouraging sign the other day in a Tech Target 2014 Market Intelligence report.  It provided a list of the top IT projects for this year based on a survey of IT professionals.  Number one of the list was server virtualization.  And number two?  Business Continuity/Disaster Recovery (BC/DR).

That’s big news for us at the Disaster Recovery Preparedness Council.  It’s our mission to raise awareness of the need for BC/DR planning and help IT professionals to benchmark their current DR practices and implement ways to improve DR planning and recovery in the event of an outage or disaster.

So, given the results of the Tech Target report, you need to ask yourself where BD/DR falls on your list of priorities this year.  Maybe you’ve got a formal plan and a budget for BC/DR but many companies still do not.  That doesn’t mean you can’t start to develop and/or improve your business continuity strategy today.

...

http://drbenchmark.org/where-is-bcdr-on-your-list-of-priorities/

Monday, 14 April 2014 15:08

Take Off the Blinders

It’s been an extraordinary month, with scenarios that include a missing plane (see Divya Yadav’s research note); another round of deaths at Fort Hood just as the report on lessons learned in the Washington Shipyard was released; a Supreme Court decision that makes us wonder if the justices believe that free speech is the same as money; and, right in our backyard, a devastating mudslide from which not all the bodies have been removed.

The month also included the first meeting of the mayor’s City of Seattle Disaster Recovery Plan Executive Advisory Group, of which I am a member. This group is charge with imagining how recovery efforts, not the response itself, might proceed, and to consider how some planning now might make decisions easier to make after a catastrophic event such as an earthquake:  “what policy changes, planning or other strategies should be acted on now?  How will we ensure we have the necessary resources (staff, equipment, facilities, etc.) to get back to acceptable levels of service and to meet our legal mandates?”

...

http://anniesearle.createsend.com/t/ViewEmailArchive/r/ED5F90523766F0B22540EF23F30FEDED

Monday, 14 April 2014 15:05

AI Gets its Groove Back

Computerworld — Try this: Go online to translate.google.com.

In the left-hand input box, type, "The spirit is willing, but the flesh is weak." In the right-hand box, decide which language you want it translated to. After it's translated the first time, copy the translated text and paste it into the left-hand box for conversion back into English.

If you don't get exactly the original text, the back-translation will in all likelihood still reflect at least part of the original thought: That the actions of the subject fell short of his or her intentions and not that the wine was good but the meat was tasteless, which the phrase could mean in a literal translation.

...

http://www.cio.com/article/751443/AI_Gets_its_Groove_Back

IDG News Service — Four researchers working separately have demonstrated a server's private encryption key can be obtained using the Heartbleed bug, an attack thought possible but unconfirmed.

The findings come shortly after a challenge created by CloudFlare, a San Francisco-based company that runs a security and redundancy service for website operators.

CloudFlare asked the security community if the flaw in the OpenSSL cryptographic library, made public last week, could be used to obtain the private key used to create an encrypted channel between users and websites, known as SSL/TLS (Secure Sockets Layer/Transport Security Layer).

...

http://www.cio.com/article/751440/Tests_Confirm_Heartbleed_Bug_Can_Expose_Server_39_s_Private_Key

Due to the complexities of making products, most manufacturers are used to having large influxes of data from machines, processes, shipping, etc. What may be new to these companies, though, is having tools to retrieve actionable information from these piles of Big Data.

LNS Research and Mesa International teamed up to compile a survey of manufacturers on how they are using new technologies. Among the information gathered was how these companies felt they could use Big Data from the manufacturing plants and the overall enterprise. Of the more than 200 responses, 46 percent felt that Big Data analysis could help them “better forecast products” and production. Another 39 percent believed that Big Data mining will allow them to “service and support customers faster.” Other metrics from the survey include:

...

http://www.itbusinessedge.com/blogs/integration/big-data-can-provide-manufacturers-bigger-efficiencies.html

The number of countries with downgraded political risk ratings grew in the last year, as all five emerging market BRICS countries (Brazil, Russia, India, China, South Africa) saw their risk rating increase, according to Aon’s 2014 Political Risk Map.

As a result, countries representing a large share of global output experienced a broad-based increase in political risk including political violence, government interference and sovereign non-payment risk, Aon said.

The 2014 map shows that 16 countries were downgraded in 2014 compared to 12 in 2013. Only six countries experienced upgrades (where the territory risk is rated lower than the previous year), compared to 13 in 2013.

Aon noted that Brazil’s rating was downgraded because political risks have been increasing from moderate levels as economic weakness has increased the role of the government in the economy.

...

http://www.iii.org/insuranceindustryblog/?p=3627

Monday, 14 April 2014 15:01

Business Continuity Flash Blog

On Tuesday 18th March 2014, as part of the Business Continuity Awareness Week activities, we witnessed the first ever BC Flash Blog. This is probably a new term to most readers, it is a virtual Flash Mob – but instead of a dance routine the participants wrote and published their own blog post or article.

The event featured 22 writers, from all sectors of the BC industry – and from various corners of the globe. All the articles were on the same subject, and published at the same time. In keeping with the BCAW theme, the subject was “Counting the costs, and benefits, for business continuity”, with each writer taking their own, unique, perspective on this issue.

If you haven’t already done so, you can find links to all 22 of these blogs here. If we do nothing else, we can at least pay these writers the respect of reading their work.

...

http://thebceye.blogspot.com/2014/04/business-continuity-flash-blog.html

CSO — Size matters when it comes to security, according to Davi Ottenhelmer. Ottenhelmer, senior director of trust at EMC, titled his presentation at SOURCE Boston Wednesday, "Delivering Security at Big Data Scale," and began with the premise that, "as things get larger, a lot of our assumptions break."

The advertised promise of Big Data is that it will help enterprises make better decisions and more accurate predictions, but Ottenhelmer contends that is placing far too much trust in systems that are not well secured. "We're making the same mistakes we've made before," he said. "We're not baking security into Big Data we're expecting somebody else to do it later on." Ottenhelmer, who is completing a book titled,A "Realities of Big Data Security," said he does defense research, and focuses on avoidance and detection. "Avoidance is the best way to escape a damaging attack," he said. "You can move data centers at real-time speeds. You can keep the old one as honeypot, and just observe what's going on with it without causing any harm. Big Data allows it now more than ever."

...

http://www.cio.com/article/751414/As_Companies_Grow_Managing_Risks_Gets_More_Complex

Qualification: Diploma

Study mode: Distance learning

Location: High Wycombe

Credits: 90

As a further membership option, the BCI and Bucks New University, via their unique partnership, have designed a programme to develop and deliver this new qualification, delivered over three, ten-week distance modules.

Is this course for me?

As a further membership option, the BCI and Bucks New University, via their unique partnership, have designed a programme to develop and deliver a new qualification - the BCI Diploma. This is a 30 week, 90 credit, professional course aimed at the following prospective students:

...

http://bucks.ac.uk/courses/course/ZU1BCM9

IDG News Service — Much of the talk on the Web this week has focused on the Heartbleed security fiasco. Still unsure as to what's happening with Heartbleed and how it impacts you? Here's our quick-and-dirty guide.

What exactly is Heartbleed?

Heartbleed is a vulnerability in OpenSSL, an open-source implementation of the SSL/TLS encryption protocol.A When exploited, the flaw could expose information stored in a server's memory, including not-at-all-trivial things like your username, password, and other bits of personal data. Since OpenSSL is particularly popular among website administrators, a significant number of your favorite websites may be affected by Heartbleed--research firm Netcraft puts the number at half-a-million sites.

Should I panic?

Panicking is not terribly productive, and, since it involves a lot of running around like a chicken with your head cut off, potentially exhausting. That's no way to go through life. Still, this is a serious matter, and it'll require a little more action on your part than adapting a "this too shall pass" mindset.

...

http://www.cio.com/article/751366/Heartbleed_What_You_Need_to_Know_About_the_Security_Fiasco_in_3_Minutes_or_Less

Network World — The Heartbleed Bug, a flaw in OpenSSL that would let attackers eavesdrop on Web, e-mail and some VPN communications, is a vulnerability that can be found not just in servers using it but also in network gear from Cisco and Juniper Networks. Both vendors say there's still a lot they are investigating about how Heartbleed impacts their products, and to expect updated advisories on a rolling basis.

Juniper detailed a long list in two advisories, one here and the other here. Cisco acted in similar fashion with its advisory.

"Expect a product by product advisory about vulnerabilities," says Cisco spokesman Nigel Glennie, explaining that Cisco engineers are evaluating which Cisco products use the flawed versions of OpenSSL that may need a patch though not all necessarily will. That's because Cisco believes it's a specific feature in OpenSSL that is at the heart of the Heartbleed vulnerability and that it's not always turned on in products.

...

http://www.cio.com/article/751365/Heartbleed_Bug_Hits_At_Heart_of_Many_Cisco_Juniper_Products

IDG News Service — Website and server administrators will have to spend considerable time, effort and money to mitigate all the security risks associated with Heartbleed, one of the most severe vulnerabilities to endanger encrypted SSL communications in recent years.

The flaw, which was publicly revealed Monday, is not the result of a cryptographic weakness in the widely used TLS (Transport Layer Security) or SSL (Secure Sockets Layer) communication protocols, but stems from a rather mundane programming error in a popular SSL/TLS library called OpenSSL that's used by various operating systems, Web server software, browsers, mobile applications and even hardware appliances and embedded systems.

Attackers can exploit the vulnerability to force servers that use OpenSSL versions 1.0.1 through 1.0.1f to expose information from their private memory space. That information can include confidential data like passwords, TLS session keys and long-term server private keys that allow decrypting past and future SSL traffic captured from the server.

...

http://www.cio.com/article/751362/Website_Operators_Will_have_a_Hard_Time_Dealing_with_the_Heartbleed_Vulnerability

I don’t think I’ve ever seen the reaction to an Internet security problem like the reaction I’m seeing with the Heartbleed bug. I expected to get email messages from security experts, but not the volume that has been coming in. Then I logged on to Facebook, and my feed was in pandemonium. People are totally freaked out by the news of this vulnerability, but I’m not sure which concerns them more: That their personal information may be compromised or that they are going to have to change a lot of passwords.

Let’s take a deep breath and get some points straight. I reached out to a number of experts to get their insights into this issue.

First, we should all take this very seriously. For those who may not understand what the Heartbleed bug is, the Heartbleed bug website explains it clearly:

...

http://www.itbusinessedge.com/blogs/data-security/keeping-our-fingers-on-the-pulse-of-the-heartbleed-bug.html

If I had a top ten list of PR models, it would be Tesla and Elon Musk. He got a bum review in the New York Times and his damage control strategy was to demonstrate that the reviewer was less than honest. I thought no way could he win that battle. He did. The US government, typical of government-by-headline, launched a safety investigation against the cars after a battery fire caused lurid news stories. What did Tesla do? Used the opportunity to make it clear to the world just how safe their cars actually are. Lemons to lemonade. (I blogged on these stories earlier–just enter Tesla in the search on this blog).

...

http://ww2.crisisblogger.com/2014/04/tesla-provides-classic-example-of-how-to-head-off-bad-news/

Computerworld — A federal court in New Jersey this week affirmed the Federal Trade Commission's contention that it can sue companies on charges related to data breaches, a major victory for the agency.

Judge Esther Salas of the U.S. District Court for the District Court of New Jersey ruled that the FTC can hold companies responsible for failing to use reasonable security practices.

Wyndham Worldwide Corp. had challenged a 2012 FTC lawsuit in connection with a data breach that exposed hundreds of thousands of credit and debit cards and resulted in more than $10.6 million in fraud losses.

...

http://www.cio.com/article/751343/FTC_Can_Sue_Companies_Hit_with_Data_Breaches_Court_Says

CIO — As government CIOs begin consolidating their agency data centers, they should leave the forklift in park.

That was the message senior officials in the government IT sphere delivered in a panel discussion on how to maximize return on investment through overhauling the sprawling federal data center apparatus — which numbers well into the thousands of facilities.

Its not enough simply to pack up one set of servers and reshelf them in another location. Government IT leaders stress that any data center overhaul cannot simply be an IT-driven initiative that amounts to a check-box exercise. The process should entail a considered engagement with the business lines of the agency, they say.

...

http://www.cio.com/article/751332/Government_CIOs_Face_Data_Center_Consolidation_Challenges

Network World — The Heartbleed Bug, basically a flaw in OpenSSL that would let savvy attackers eavesdrop on Web, e-mail and some VPN communications that use OpenSSL, has sent companies scurrying to patch servers and change digital encryption certificates and users to change their passwords. But who's to blame for this flaw in the open-source protocol that some say also could impact routers and even mobile devices as well?

A German software engineer named Robin Seggelmann of Munster, Germany has reportedly accepted responsibility for inserting what experts are calling a mistake of catastrophic proportions into the open-source protocol OpenSSL used by millions of websites and servers, leaving them open to stealing data and passwords that many think has already been exploited by cyber-criminals and government intelligence agencies.

"Half a million websites are vulnerable, including my own," wrote security expert Bruce Schneier in his blog, pointing to a tool to test for the Heartbleed Bug vulnerability. He described Heartbleed as a "catastrophic bug" in OpenSSL because it "allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software." It compromises secret keys used to identify service providers and encrypt traffic, he pointed out. "This means anything in memory--SSL private keys, user keys, anything--is vulnerable."

...

http://www.cio.com/article/751342/Who_s_to_Blame_for_Catastrophic_Heartbleed_Bug_

By staff reporter

Security experts consider the Heartbleed bug to be a very serious issue, and one that will require action by most Internet users – not just for businesses – bringing the topic of information security home for web users everywhere.

“It's a pretty significant bug, particularly since it impacts popular open-source web servers such as Apache (the most popular web server) and Nginx,” explains ISACA director of emerging business and technology, Ed Moyle. “One significant area that has been covered less in the industry press is the impact this issue could have outside of the population of vulnerable web servers. Now clearly, the impact to web servers is a big deal. But consider for a moment what else might be impacted by this.”

In other words, he explains, consider the impact on embedded systems and "special purpose" systems (like biomed or ICS). “OpenSSL has a very developer-friendly license, requiring only attribution for it to be linked against, copied/pasted or otherwise incorporated into a derivative software product. It is also free. This makes it compelling for developers to incorporate it into anything they're building that requires SSL functionality: everything from toasters to ICS systems, medical equipment, smoke detectors, remote cameras, consumer-oriented cable routers and wireless access points. It's literally the path of least resistance as a supporting library/toolkit when developing new software that requires SSL.

...

http://www.cirmagazine.com/cir/Information-security-hits-home-with-Heartbleed.php

Friday, 11 April 2014 15:48

Exercise! Exercise! Exercise!

You could say that those of us who work in preparedness are a little obsessed with making sure we’ve got our emergency kits stocked and ready, our emergency plans up to date, and our neighbors are ready too.  So we’ve got a few households in Georgia ready for a public health emergency (and a few others around the country – don’t forget about friends and family!), but how do we get the country ready?  How do we get the government and other response organizations prepared?

The answer, just like learning how to ride a bike, is practice. Practice, practice, and more practice.  And this past week, CDC participated in a government-wide exercise that tested our preparedness and response capabilities.  The National Exercise Program Capstone Exercise (NEPCE) 2014External Web Site Icon is a congressionally mandated preparedness exercise to test, assess, and improve the nation’s preparedness and resiliency.  CDC’s Office of Public Health Preparedness and Response (PHPR) and the National Center for Environmental Health and the Agency for Toxic Substances and Disease Registry (NCEH/ATSDR) worked together to participate in this event.  

NEPCE 2014 was designed to educate and prepare the whole community – from schools to businesses and hospitals to families – to prevent, mitigate against, protect from, respond to, and recover from acts of terroristic and catastrophic incidents. This was the first Capstone Exercise, formerly known as National Level Exercise, incorporated into the newly revised National Exercise Plan (NEP)External Web Site Icon, concluding and building on two years of smaller scale exercises.  The NEP includes exercises of all types, designed to engage all levels of government, non-government organizations and private sector organizations. 

exercise briefingThis exercise culminated over nine months of interagency planning efforts among DHS, HHS and CDC along with our state and local partners.  CDC planning officials attended planning meetings in Washington, D.C. to integrate CDC operations into the exercise. Additionally, CDC deployed four public health personnel with the HHS Incident Response Coordination Team to Sacramento, California, during the exercise to simulate coordination activities that CDC would normally provide to the impacted population.

History Repeats Itself for Exercise Purposes

The exercise scenario centered on a 9.2 magnitude earthquake in Alaska that caused catastrophic damage across multiple communities, requiring federal response and recovery assistance.  A similar event happened in Alaska at the same time in 1964.

As it did 50 years ago, the earthquake resulted in several tsunamis with substantial threat and damage to critical infrastructure like buildings, bridges, and roads, along with injuries, deaths, and population displacement across Alaska and Canada. While national officials confronted earthquake and tsunami impacts, disruption in and around Juneau, the capital, resulted in a requirement for government entities to relocate to alternate sites.

RADM Scott Deitchman, M.D. M.P.H., USPHS, Assistant Surgeon General who is the Associate Director for Environmental Health Emergencies in NCEH/ATSDR served as the Incident Manager and lead for the exercise. He remarked, “I appreciated the opportunity the exercise gave us, like the rest of government, to exercise how we would respond to a catastrophic disaster of this magnitude. A real earthquake, like a nuclear detonation, suddenly puts you in a situation where the things we take for granted – communications systems to give messages to the public, transportation systems to send responders to the area, data systems for collecting surveillance data – all are gone. How do we launch a public health response in that setting? In exercises like this, the goal is to “test to fail” – to see where things break down, in a setting where we can learn without failing people in actual need. That gives us the opportunity to strengthen our response systems in anticipation of a real disaster.”

exercise planningOne of CDC’s primary missions is to ensure that we are prepared to assist the nation to respond to, recover from, and alleviate the impacts of public health disasters.  Participation in last week’s exercise enhanced our overall ability to support our nation during emergency situations. 

During this and other exercises, all aspects of CDC’s response capabilities are tested.  Managed out of CDC’s Emergency Operations Center (EOC), this exercise brought together experts in public health preparedness, as well as those with expertise in earthquakes.  During a real emergency, CDC would activate the EOC in order to help coordinate the Agency’s response.  Although no exercise will truly mimic a real life emergency, we do everything possible to imagine what could happen – from dealing with power outages to delays in supplies reaching affected areas to incorrect media reports and wild rumors – in order to test who we would respond.  After the exercise is over, we work with the other organizations involved and analyze what went well and what could be improved upon next time.

David Maples, Exercise Lead for OPHPR’s Division of Exercise Operations, commented, “The Alaska Shield earthquake exercise provided CDC the primary venue to validate our All-Hazards Plan and its Natural Disaster Annex and Earthquake Appendix.  We engaged our whole of community partners in this exercise at the federal, state and local levels, our tribal partners as well as several non-governmental organizations and private public health partners.  Maintaining these relationships is essential to our ability to get our public health guidance and messaging into the hands of those impacted by an event like this.  In a catastrophic natural disaster similar to the one we just exercised, CDC’s mission is just the beginning. Similar to our real world response to Superstorm Sandy, the recovery phase of an event like this will challenge our public health capabilities for some time.  But that is the goodness of our Public Health Preparedness and Response exercise program; it gives us the opportunity to prepare for no-notice disasters and emergent outbreaks before they occur.”

http://blogs.cdc.gov/publichealthmatters/2014/04/exercise-exercise-exercise/

Thursday, 10 April 2014 17:38

Five Questions with a Food Fraud Expert

BALTIMORE—After his Food Safety Summit session on food fraud and economically motivated adulteration, I caught up with Doug Moyer, a pharmaceutical fraud expert and adjunct with Michigan State University’s Food Fraud Initiative. Here are a few of his insights into top challenges for the supply chain, and the biggest risks to be wary of as a consumer.

What are the riskiest foods for fraud?

The most fraudulent are the perennials: olive oil, honey, juices and species swapping in fish. Most people underestimate the amount of olive oil adulteration, but the amount of what is labeled “extra virgin olive oil” that Americans buy is more than Italy could ever produce. I buy certified California olive oil because I’ve sat down with that group and I know that their industry is really concerned about standards and have established a rigorous certification process. I am also really concerned about species swapping in the seafood industry. I love sushi, but I have a lot of concerns eating it, and they are not always about health. I don’t like feeling duped, and a lot of companies now have to contend with that reputation issue after so many studies have found that the odds can be incredibly low that you are eating the fish that you think you ordered—as little as 30% in some sushi restaurants in Los Angeles, for example.

...

http://www.riskmanagementmonitor.com/five-questions-with-a-food-fraud-expert/

By Geary W. Sikich

The post-crisis recovery phase is one of the least addressed in planning, training and simulations. This is an area that, if not properly managed, can cost financially, reputationally and operationally. Guidelines for post-crisis recovery are lacking; and many entities lose focus when it comes to discussing post-crisis recovery operations. It may be that post-crisis recovery is one of the most complicated of the Business Continuity Lifecycle elements and that no two recoveries are going to follow the same pattern. However, the post-crisis recovery process can be segmented into manageable bits that can be undertaken using a project management approach.

The diagram below provides a top level graphic depiction of the typical cycle of event response, management, recovery and resumption of operations. I have added the emergency response and crisis management elements as they intermingle with business continuity. I have simplified the cycle to four major transition points.

...

http://www.continuitycentral.com/feature1168.html

Andrew Waite gives an overview of the Heartbleed vulnerability.

This week has been an interesting and busy one for those on both sides of the information security fence: a critical vulnerability, dubbed Heartbleed, was publicly disclosed in the widely used library OpenSSL, which forms the core of many SSL/HTTPS provisions.

What is it?

Without getting too technical, the Heartbleed flaw allows a malicious and unauthorised third party to access protected data in memory. The exact data access is random, but there have been corroborated reports that it can expose clear-text passwords, private SSL keys and other sensitive data which would negatively impact the security of your systems, users and clients.

How to determine if you’re vulnerable

The vulnerability effects any service utilising OpenSSL version 1.0.1 through to OpenSSL version 1.0.1f. If you (or your in-house sysadmin) can confirm that your SSL implementation isn’t running any of the affected versions, you’re safe from this particular weakness. Unfortunately, OpenSSL is widely used and embedded into many other appliances and application stacks.

Since the notification announcement, a number of websites have been released to enable you to enter your system name/IP address and the site will check for you. However, what a third party may do with the information once determining your system is vulnerable could be a risk in its own right…

...

http://www.continuitycentral.com/feature1169.html

Tamiflu (the antiviral drug oseltamivir) shortens symptoms of influenza by half a day, but there is no good evidence to support claims that it reduces admissions to hospital or complications of influenza. This is according to the updated Cochrane evidence review, published today (10th April 2014) by The Cochrane Collaboration, the independent, global healthcare research network and The BMJ.

Evidence from treatment trials confirms increased risk of suffering from nausea and vomiting. And when Tamiflu was used in prevention trials there was an increased risk of headaches, psychiatric disturbances, and renal events.

Although when used as a preventative treatment, the drug can reduce the risk of people suffering symptomatic influenza, it is unproven that it can stop people carrying the influenza virus and spreading it to others.

...

http://www.continuitycentral.com/news07168.html

CIO — In 1998, when Paul Rogers started at GE, implementing optimization software at a coal-fired power plant was easier said than done. Management understood and worked with GE to develop the software. Within the plant itself, though, the vast majority of employees didn't know how to use a computer, let alone software, and were very suspicious of the system.

These days, says Rogers, now GE's chief development officer, the tables have turned. Smartphone-toting plant employees know firsthand how technology changes their lives as consumers — and they want to know why the industrial environment isn't like their home environment.

"They want to optimize equipment, and that's a sign that the world is ready," Rogers says. Put another way: "My daughter has radically different experiences about how the world works."

...

http://www.cio.com/article/751015/Industrial_Internet_Can_t_Succeed_Without_Big_Data_and_Cloud_GE_Says

CIO — The past two weeks brought big news in the public cloud computing market. In the course of four days, three technology giants made bold statements about their intent to be one of the most important public cloud providers — and, indeed, position themselves to be the No. 1 cloud company on the planet.

For anyone using cloud computing, what happened last week indicates how critical the biggest companies in technology view it and how cloud adopters need to evaluate their strategy in light of the ongoing price competition upon which the leaders have embarked.

Here's the high-level overview of what was announced:

...

http://www.cio.com/article/751320/In_Public_Cloud_Computing_Fight_the_Gloves_Come_Off

Business continuity is often about reinforcing existing infrastructure or eliminating sources of business disruption. Bringing in techniques to accelerate or multiply results thanks to good business continuity may not be so frequent, but here’s one that may well do that. It’s version control, which is used when several knowledge workers need to simultaneously work on the same computer files to create advantage for the organisation – but without stepping on each other’s toes. Version control technology started in software development. However, it can be used for projects to create web content, coordinated product rollouts, corporate business plans and more.

...

http://www.opscentre.com.au/blog/version-control-basics-for-better-business-continuity/

PC World — By now you've likely heard about the Heartbleed bug, a critical vulnerability that exposes potentially millions of passwords to attack and undermines the very security of the Internet. Because the flaw exists in OpenSSL--which is an open source implementation of SSL encryption--many will question whether the nature of open source development is in some way at fault. I touched based with security experts to get their thoughts.

Closed vs. Open Source

First, let's explain the distinction between closed source and open source. Source refers to the source code of a program--the actual text commands that make the application do whatever it does.

Closed source applications don't share the source code with the general public. It is unique, proprietary code created and maintained by internal developers. Commercial, off-the-shelf software like Microsoft Office and Adobe Photoshop are examples of closed source.

...

http://www.cio.com/article/751307/Is_Open_Source_to_Blame_for_the_Heartbleed_Bug_

A new report from application specialists Camwood reveals that, in the wake of recent migrations following the conclusion of support for the Windows XP operating system, and with the accelerating pace of change in the IT department, IT directors and managers now see near constant change and migration projects as the new norm. Coping with this change has now become a primary concern for IT departments.

According to the report, 90% of IT decision makers believe that the pace of change in IT is accelerating, and that this presents a significant challenge. 72% find the pace of change in IT ‘unsettling’. 93% also agree that, in the new IT environment, a flexible IT infrastructure is key to their organisation’s success, with 79% believing that IT departments that don’t adapt risk demise.

...

http://www.cirmagazine.com/cir/The-end-of-XP-and-a-new-normal-in-the-IT-department.php

Wednesday, 09 April 2014 18:13

Monitoring Food Safety from Farm to Fork

BALTIMORE—The Food and Drug Administration is increasingly harnessing data-driven, risk-based targeting to examine food processors and suppliers under the Food Safety Modernization Act. At this week’s Food Safety Summit, the FDA’s Roberta Wagner, director of compliance at the Center for Food Safety and Applied Nutrition, emphasized the risk-based, preventative public health focus of FSMA.

While it has long collected extensive data, the agency is now expanding and streamlining analysis from inspections to systematically identify chronic bad actors. FSMA regulations and reporting are revolutionizing many of the FDA’s challenges, but so is technology. According to Wagner, whole genome sequencing in particular has tremendous potential to change how authorities and professionals throughout the food chain look at pathogens. WGS offers rapid identification of the sources of foodborne pathogens that cause illness, and can help identify these pathogens as resident or transient. In other words, by sequencing pathogens (and sharing them in Genome Trakr, a coordinated state and federal database), scientists can track where contamination occurs during or after production.

...

http://www.riskmanagementmonitor.com/monitoring-food-safety-from-farm-to-fork/

Hurricane forecasters are sounding a warning bell for the U.S. East coast in their latest predictions for the 2014 hurricane season, even as overall tropical storm activity is predicted to be much-less than normal.

WeatherBell Analytics says the very warm water off of the Eastern Seaboard is a concern, along with the oncoming El Niño conditions.

In its latest commentary forecaster Joe Bastardi and the WeatherBell team notes:

We think this is a challenging year, one that has a greater threat of higher intensity storms closer to the coast, and, where like 2012, warnings will frequently be issued with the first official NHC advisory.”

WeatherBell Analytics is calling for a total of 8 to 10 named storms, with 3-5 hurricanes and 1-2 major hurricanes.

...

http://www.iii.org/insuranceindustryblog/?p=3624

Wednesday, 09 April 2014 18:12

London’s flood risks reviewed

The London Assembly Environment Committee has published a summary of the flood risks facing the UK capital.

24,000 properties in London are at significant risk of river flooding and the Environment Agency estimates that plans currently under development could protect 10,000 of these.

The Committee warns that the risks of flooding may be increasing. The effects of climate change in southern England could mean drier summers and wetter winters. More heavy rain in the Thames region would increase surface water risk and may lead to more river flooding in London.

Ways to reduce flood risk include sustainable drainage and river restoration, which create space for flood waters to be held higher in the river catchment and soak back into the ground. Allowing low-lying areas to flood safely at times of high water flow should protect homes, roads and businesses.

Murad Qureshi AM, Chair of the Environment Committee says:

“London needs to bring back its rivers to protect itself from inevitable flooding in the future. The more we can restore natural banks to London’s rivers, the less likely heavy rain will cause the degree of flooding we saw in the early part of this year.”

“Heavy or prolonged rain locally or upstream can cause rivers to flood. Tens of thousands of properties are at high or medium risk of river flooding. This is not just from the Thames, but also from the many smaller rivers that flow into it. A lot of people don’t know where their local rivers are, until they escape their channels.”

Read Flood Risks in London Summary of Findings (PDF).

Wednesday, 09 April 2014 18:10

Leave the CIO Alone

Computerworld — My son is a chief technology officer. Some companies have a chief digital officer. Can chief data wrangler be far behind?

What's so bad about being a CIO?

There seems to be a trend to come up with a title to replace "CIO" that encompasses the latest direction of the profession. Titles are reflecting an emphasis on big data, social networking and data analytics.

This doesn't happen with other titles. Take the chief financial officer. I have yet to hear of a CFO becoming the chief mergers officer when the company contemplates its first merger or acquisition. The CFO's role changes to encompass some new duties but that officer remains in charge of finance. And I suspect that most CFOs would not appreciate a change in title every time their role was redefined. And yet, add big data to IT's functions and someone says we need a new title to reflect that. But we really don't. The CIO remains in charge of the enterprise's information and data, big or otherwise.

...

http://www.cio.com/article/751249/Leave_the_CIO_Alone

CSO — Symantec has declared 2013 the year of the "mega-breach," placing security pros on notice that they stand to lose big from phishing, spear-phishing and watering-hole attacks.

The company released Tuesday its Internet Security Threat Report for 2013, which found that eight breaches exposed the personal information of more than 10 million identities each. By comparison, 2012 had only one breach that size and in 2011 there were five.

The number of massive data breaches in 2013 made it the "year of the mega-breach," Symantec said. Information stolen included credit card information, government ID numbers, medical records, passwords and other personal data.

...

http://www.cio.com/article/751256/Symantec_to_CISOs_Watch_for_the_Mega_Breach_

Wednesday, 09 April 2014 18:08

Banks Ordered to Add Capital to Limit Risks

Federal regulators on Tuesday approved a simple rule that could do more to rein in Wall Street than most other parts of a sweeping overhaul that has descended on the biggest banks since the financial crisis.

The rule increases to 5 percent, from roughly 3 percent, a threshold called the leverage ratio, which measures the amount of capital that a bank holds against its assets. The requirement — more stringent than that for Wall Street’s rivals in Europe and Asia — could force the eight biggest banks in the United States to find as much as an additional $68 billion to put their operations on firmer financial footing, according to regulators’ estimates.

Faced with that potentially onerous bill, Wall Street titans are expected to pare back some of their riskiest activities, including trading in credit-default swaps, the financial instruments that destabilized the system during the financial crisis.

...

http://dealbook.nytimes.com/2014/04/08/regulators-set-to-approve-new-capital-rule/

Wednesday, 09 April 2014 18:07

Options Abound for the Private Cloud

Mistrust of the public cloud is driving many enterprises toward the pursuit of private clouds. For critical data and applications, this may seem like a no-brainer as it is wiser to keep the important stuff on trusted infrastructure.

Not all private clouds are the same, however, and unless you happen to be a platform developer, you’ll end up placing your trust in someone else’s technology, just as you do with physical and virtual infrastructure.

At the moment, it seems the private cloud is shaping up to be a battle between VMware and the OpenStack community, says cloud broker RightScale. And according to the firm’s latest survey, nearly a third of enterprises are looking to turn legacy vSphere and vCenter environments into private clouds. But that doesn’t mean the market is a lock for VMware. OpenStack deployments are on the rise, driven largely by a desire to avoid vendor lock-in, even as vCloud Director adoption is starting to flag.

...

http://www.itbusinessedge.com/blogs/infrastructure/options-abound-for-the-private-cloud.html

LINCROFT, N.J. – In the weeks after a federally declared disaster, emergency teams from government agencies, nonprofits and volunteer organizations work together to help survivors make their way out of danger and find food, clothing and shelter.

After the immediate emergency is over, the long work of recovery begins.

And as New Jersey survivors of Hurricane Sandy have learned over the past 18 months, full recovery from a devastating event like Sandy may take years.

Communities throughout New Jersey have been working hard to repair, rebuild and protect against future storms. In many cases, the challenges they face are formidable.

At the invitation of individual communities and in partnership with the state, FEMA’s office of Federal Disaster Recovery Coordination works with residents and municipal officials in impacted municipalities to develop a strategy for full recovery.

For communities that require assistance, the FDRC can provide a team of recovery specialists with a broad array of skills. Among them: civil engineering, architecture, land-use planning, economic development, environmental science and disabilities integration.

The FDRC is activated under the National Disaster Recovery Framework, which provides a structure for effective collaboration between impacted communities, federal, state, tribal and local governments, the private sector, and voluntary, faith-based and community organizations during the recovery phase of a disaster.

Federal Disaster Recovery Coordinator consult with impacted municipalities and assist with long-term planning, helping these communities determine what their priorities are and what resources they will need to achieve a full recovery.

In major disasters or catastrophic events, the FDRC is empowered to activate six key areas of assistance known as Recovery Support Functions.

The RSFs are led by designated federal coordinating agencies: Housing (U.S. Department of Housing and Urban Development); Infrastructure Systems (U.S. Army Corps of Engineers); Economic (U.S. Department of Commerce); Health and Social Services (U.S. Department of Health and Human Services); Natural and Cultural Resources (U.S. Department of Interior); and Community Planning and Capacity Building (FEMA).

Working in partnership with a State Disaster Recovery Coordinator and a Hazard Mitigation Adviser, the FDRC oversees an assessment of impacted communities and helps to develop a recovery support strategy. That strategy helps these hard-hit communities gain easier access to federal funding, bridge gaps in assistance, and establish goals for recovery that are measurable, achievable and affordable.

Here in New Jersey, approximately 12 communities have partnered with FDRC to prioritize their goals for recovery, locate the resources needed to achieve those goals and rebuild with resiliency.

In the Borough of Highlands, FDRC has assisted this severely impacted community in developing a plan for a direct storm water piping system that will decrease flooding in the low-lying downtown area. FDRC has also collaborated with the community on designing a more resilient, attractive and commercially viable central business district called the Bay Avenue Renaissance Project. The U.S. Army Corps of Engineers has initiated a feasibility study on their plan to protect the town from future flooding via a mitigation effort that includes installing floodwalls, raising bulkheads and building dune barriers.

In the devastated Monmouth County town of Sea Bright, FDRC worked with the community to create a plan for the construction of a beach pavilion that will serve as a year-round community center, library, lifeguard facility and beach badge concession. FDRC is also working with Sea Bright officials to develop a grant application to fund streetscape improvements in the downtown area of this beachfront municipality

In Tuckerton, FDRC worked with municipal officials on a plan to relocate its heavily damaged police station and borough facilities to a former school building that is much less vulnerable to flooding.

In partner communities throughout the state, FDRC subject matter experts are working to help residents envision a future that incorporates a strong infrastructure, increased storm protection and an enhanced environment that reflects the vision of the community.

http://www.fema.gov/disaster/4086/updates/sandy-one-year-later
FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.


Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema. Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

DENVER - Crisis counseling services will continue over the next nine months for survivors of the Colorado flooding disaster in September 2013 because of a $4 million federal grant. FEMA and the Substance Abuse and Mental Health Administration have awarded the $4,058,060 grant to the Colorado Department of Public Health and Environment through the 2014 Crisis Counseling Assistance and Training Program (CCP).  

The new grant will allow counselors to continue door-to-door services and community outreach counseling programs. Since the disaster, Colorado Spirit crisis counselors have:

  • Talked directly with 18,178 people and provided referrals and other helpful information to more than 88,000;
  • Met with nearly 1,200 individuals or families in their homes.

CCP was established by the Stafford Disaster Relief and Emergency Assistance Act to provide mental health assistance and training activities in designated disaster areas. The program provides the following services:

  • Individual crisis counseling and group crisis counseling to help survivors understand their reactions and improve coping strategies, review their options and connect with other individuals and agencies that may assist them;
  • Development and distribution of education materials such as flyers, brochures and website information on disaster-related topics and resources;
  • Relationship building with community organizations, faith-based groups and local agencies.

They say that age is only a number, so with that in mind, IBM set out to prove that the 50-year-old mainframe still has what it takes to dominate enterprise computing.

As part of its celebration of the 50th birthday of the mainframe, IBM today unveiled a slew of products and initiatives intended to make sure the mainframe stays relevant through at least the first half of the 21st Century.

The new offerings include the zDoop implementation of Hadoop for mainframes that IBM worked with Veristorm to develop, and an IBM DS8870 flash storage system that IBM says is four times faster than traditional solid-state disk (SSD) technology.

In addition, IBM unveiled an IBM Enterprise Cloud System based on mainframes that has been configured with IBM cloud orchestration and monitoring software.

...

http://www.itbusinessedge.com/blogs/it-unmasked/ibm-celebrates-mainframe-50th-birthday-with-new-offerings-and-pricing.html

CSO — In large-scale organizations, implementing mobile device management (MDM) is typically given. After all, with so many employees using mobile devices that either contain or connect to sources of sensitive information, there needs to be some way to keep everything in check. But what about those companies that aren't big enough to be able to afford an MDM implementation and a full-sized IT department to manage it? Without a means to centralize the control of mobile devices, how can these smaller companies protect their data?

Some SMBs have found ways to help mitigate risk without traditional MDM, but it isn't always easy. Right off the bat, things are tricky given that smaller companies often implement BYOD since they can't afford to provide employees with devices.

...

http://www.cio.com/article/751174/How_MDM_Works_or_Doesn_t_Work_For_SMBs

I’m excited about the Internet of Things (IoT), and I expect it to create incredible opportunities for companies in almost every industry. But I’m also concerned that the issues of security, data privacy, and our expectations of a right to privacy, in general — unless suitably addressed — could hinder the adoption of the IoT by consumers and businesses and possibly slow innovation. So, with all the hype of the IoT, I’m going to play devil’s advocate, because these issues tend to receive limited coverage when considering the impact of new technology developments on society.

First of all, I am amazed at all the connected products and services that are starting to appear. These include, for example: those for connected buildings and homes, like heating and air conditioning, thermostats, smoke detectors, and so on; entertainment systems; and sensor-enabled pill boxes and remote healthcare monitoring devices. There are also a lot of consumer devices (in addition to smartphones and tablets), such as smart watches and Internet-enabled eye glasses, connected kitchen appliances like crock pots and refrigerators, wearable exercise trackers and pet trackers, and too many more to practically list.

...

http://blog.cutter.com/2014/04/08/will-the-rise-of-the-iot-mean-the-fall-of-privacy/

From the title of this post, some people might immediately think of intuition: that vague and rather flaky resource used when that’s all you have. However, we’re actually thinking of something a little more structured in this context. In the coming age of Big Data and associated worldwide online resources, analytical techniques like those used in business intelligence can be used to detect trends and tipping points. They can give individuals and organisations meaningful information about how likely certain disasters will be: for example, "there is a 90 percent chance currently that your factory will be flooded out to a depth of eighteen inches of water."

...

http://www.opscentre.com.au/blog/when-you-just-know-what-the-next-disaster-will-be/

You got a call from a reporter asking for your comment about an issue you were afraid might see the light of day. So, you know they’re onto it and going to run something.

This is a fairly common situation and unfortunately for PR and crisis comms consultants, this is often when you get the call from the client. No time to lose, but what is the strategy?

My thoughts on this were prompted by PR Daily’s post today on “Five Ways to Respond to Bad Press Before the Story Runs.” I have great regard for Brad Phillips, who wrote the post and the book: “The Media Training Bible.”

...

http://ww2.crisisblogger.com/2014/04/a-bad-story-is-coming-out-now-what-do-you-do/

Without doubt, cloud computing is the future of the enterprise. But clouds come in many varieties – some light and fluffy, others dark and ominous – so the question for CIOs today is what kind of cloud is appropriate, and are there ways to ensure that today’s cloud does not become tomorrow’s storm?

According to IHS Technology, cloud spending is on pace to jump by more than a third over the next three years to $235 billion. Key drivers run the gamut from lower operating costs and more flexible data environments to support for advanced business applications like collaboration and Big Data analytics. As the market matures, then, organizations across multiple industries are likely to shed their concerns about security and management as they strive to turn IT infrastructure from a cost center to a competitive advantage.

...

http://www.itbusinessedge.com/blogs/infrastructure/building-the-right-cloud-for-the-right-purpose.html

PC World — Why should you use open source software? The fact that it's usually free can be an attractive selling point, but that's not the reason most companies choose to use it. Instead, security and quality are the most commonly cited reasons, according to new research.

In fact, a full 72 percent of respondents to the eighth annual Future of Open Source Survey said that they use open source because it provides stronger security than proprietary software does. A full 80 percent reported choosing openA source because of its quality over proprietary alternatives.

Sixty-eight percent of respondents said that open source helped improve efficiency and lower costs, while 55 percent also indicated that the software helped create new products and services. A full 50 percent of respondents reported openly contributing to and adopting open source.

...

http://www.cio.com/article/751130/Security_and_Quality_Top_Companies_Reasons_for_Using_Open_Source

Computerworld — A couple of weeks into his job as lead QT developer at software development consultancy Opensoft, Louis Meadows heard a knock on his door sometime after midnight. On his doorstep was a colleague, cellphone and laptop in hand, ready to launch a Web session with the company CEO and a Japan-based technology partner to kick off the next project.

"It was a little bit of a surprise because I had to immediately get into the conversation, but I had no problem with it because midnight here is work time in Tokyo," says Meadows, who adds that after more than three decades as a developer, he has accepted that being available 24/7 goes with the territory of IT. "It doesn't bother me -- it's like living next to the train tracks. After a while, you forget the train is there."

Not every IT professional is as accepting as Meadows of the growing demand for around-the-clock accessibility, whether the commitment is as simple as fielding emails on weekends or as extreme as attending an impromptu meeting in the middle of the night. With smartphones and Web access pretty much standard fare among business professionals, people in a broad range of IT positions -- not just on-call roles like help desk technician or network administrator -- are expected to be an email or text message away, even during nontraditional working hours.

...

http://www.cio.com/article/751102/The_Always_On_IT_Culture_Get_Used_to_it

Monday, 07 April 2014 19:31

What Do IT Workers Want?

Computerworld — As the economy continues to rebound and the competition for qualified IT professionals reaches new heights, employers seeking to attract or retain staffers are increasingly becoming like anxious suitors, desperate to figure out how to please their dates: "What do you want? What will make you stay? What really matters in our relationship?"

According to Computerworld's 2014 IT Salary Survey, tech workers are looking for many traditional benefits of a good partnership: financial security, stability and reliability -- all represented by salary and benefits. But this year's results confirm a growing trend: IT professionals are placing increasing importance on "softer" factors in the workplace, which have less to do with dollars and cents and more to do with corporate culture, personal growth and affirmation.

Read the full report: Computerworld IT Salary Survey 2014

...

http://www.cio.com/article/751101/What_Do_IT_Workers_Want_

Monday, 07 April 2014 19:30

Why So Certain About Uncertainties?

It must be the human condition that does it; the certainty with which we approach the issues that may affect us. Risk assessment incorporates a requirement to analyse probability or likelihood; we can attach mathematical process to this and I have attached an example – not to critique it – but to illustrate the concept of what I term ‘buffering’. Buffering is something which protects us from actuality, and allows us to distance ourselves from the realities of issues.  In the example, the mathematics are quite simple but convincing to the layman; I term myself a layman in mathematics and I have colleagues who can do this type of thing to a very significant and complicated level indeed.  However, the problem that I have with this is that buffering allows us to interpret what we see and orientate it to our needs.

Risk and uncertainty are not about rolling dice; of course they are linked aspects and the loss risks associated with the activities of some dice rollers can be extreme.  Maths allow calculation of probability  - but the die will roll a different way every time due to other unmeasured variable such as who is throwing, where and with what degree of energy.  There is therefore uncertainty that is additional even to the study and assessment of random variables.

...

http://buckssecurity.wordpress.com/2014/04/06/why-so-certain-about-uncertainties/

The shooting rampage at Fort Hood has once again focused attention on the military’s ­mental-health system, which, despite improvement efforts, has struggled to address a tide of psychological problems brought on by more than a decade of war.

Military leaders have tried to understand and deal with mounting troop suicides, worrying psychological disorders among returning soldiers, and high-profile violent incidents on military installations such as the one that left four people dead and more than 16 injured at the Army post in Texas on Wednesday.

But experts say problems persist. A nationwide shortage of mental-health providers has made it difficult for the military to hire enough psychiatrists and counselors. The technology and science for reliably identifying people at risk of doing harm to themselves or others are lacking.

...

http://www.washingtonpost.com/world/national-security/militarys-mental-health-system-faces-shortage-of-providers-lack-of-good-diagnostic-tools/2014/04/05/e7e7da42-bb4a-11e3-96ae-f2c36d2b1245_story.html

A discussion is going on right now about the role of the enterprise service bus in cloud integration. Does it matter?

I’m not convinced it does. Most of the discussion seems to be coming from vendors, and while it’s probably good thought fodder for architects, I’m unconvinced there’s much of a strategic case for caring here.

One recent example, “Why Buses Don't Fly in the Cloud: Thoughts on ESBs,” appeared on Wired Innovation Insights and was written by Maneesh Joshi, the senior director of Product Marketing at SnapLogic.

...

http://www.itbusinessedge.com/blogs/integration/does-integrations-heritage-matter-in-the-cloud.html

Monday, 07 April 2014 19:27

Energy Metrics: No Easy Answers

One of the reasons energy conservation is such a hot button issue in the data center these days  is that no one has a clear idea how to assess the situation.

To be sure, metrics like PUE (Power Usage Effectiveness) are a step in the right direction, but even its backers will admit that it is not a perfect solution and should not even be used to compare one facility against another. And as I pointed out last month, newer metrics like Data Center Energy Productivity (DCeP) provide a deeper dive into data operations but ultimately rely largely on subjective analysis in order to gauge the extent that energy is being put to good use.

...

http://www.itbusinessedge.com/blogs/infrastructure/energy-metrics-no-easy-answers.html

Did you get a boatload of World Backup Day pledge messages through Facebook and Twitter last week? This independent global initiative encourages everyone to backup important data on all computing devices — and spread the word. As they say, “friends don’t let friends go without a backup.” Absolutely right.

As people around the globe were taking the World Backup Day pledge, I was presenting at DRJ Spring World 2014, the world’s largest BC/DR conference. As I reported, the vast majority of organizations are NOT prepared to respond to intentional or accidental threats to IT systems.

  • 73% failing in terms of disaster readiness (scored a D or F)
  • 60% do not have a documented DR plan
  • 68% plans don’t exist or proved not very useful

The news is not much better for the minority of organizations who have a DR plan in place. Again, the 2014 annual report documents that where they exist, DR plans are largely gathering dust:

...

http://drbenchmark.org/is-your-business-operating-without-an-it-safety-net/

Friday, 04 April 2014 16:26

DDoS: a seven-point action plan

By Rakesh Shah

Distributed denial of service (DDoS) is no longer just a service provider problem: far from it. It can be a very real business continuity issue for many organizations.

DDoS attacks are what some would consider an epidemic today for all sorts of organizations. Why? The stakes continue to skyrocket. The spotlight continues to shine brightly, attracting attackers looking for attention for many reasons and motivations.

In recent times, attack motivation has been politically or ideologically motivated. Attackers want to make a statement and to make headlines (and to cause many headaches along the way) – quite similarly to the effect a sit-in or a strike would have in the ‘offline’ world. 

This new breed of attacker targets high profile organizations in order to ensure his or her grievances will be heard. Few targets are as high profile or mission critical to the economy as financial services.

...

http://www.continuitycentral.com/feature1166.html

Avere Systems has released the findings of its ongoing original study into cloud adoption conducted at the recent Cloud Expo Europe 2014.

Like their US counterparts at the AWS Summit in Vegas last November, the majority of the attendees in London surveyed indicated that they currently use or plan to use cloud within the next two to five years for compute (71 percent), storage (76 percent), with application purposes (80 percent).

One major difference in response was that 53 percent of US respondents cited organizational resistance as a major barrier to cloud use compared to just 11 percent in Europe indicating a potentially less conservative approach in the region.

...

http://www.continuitycentral.com/news07158.html

Today ends my review of what I believe to be the five steps in the management of a third party under an anti-bribery regime such as the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. On Monday, I reviewed Step 1 – the Business Justification, which should kick off your process with any third party relationship. On Tuesday, I looked at Step 2 – the questionnaire that you should send and third party and what information you should elicit. On Wednesday, I discussed Step 3 – the due diligence that you should perform based upon the information that you have received from and ascertained on the third party. On Thursday, I examined Step 4 – how you should use the information you obtain in the due diligence process and the compliance terms and conditions which you should place in any commercial agreement with a third party. Today, I will conclude this series by reviewing how you should manage the relationship after the contract is signed.

I often say that after you complete Steps 1-4 in the life cycle management of a third party, the real work begins and that work is found in Step 5– the Management of the Relationship. While the work done in Steps 1-4 are absolutely critical, if you do not manage the relationship it can all go down hill very quickly and you might find yourself with a potential FCPA or UK Bribery Act violation. There are several different ways that you should manage your post-contract relationship. This post will explore some of the tools which you can use to help make sure that all the work you have done in Steps 1-4 will not be for naught and that you will have a compliant anti-corruption relationship with your third party going forward.

...

http://tfoxlaw.wordpress.com/2014/04/04/life-cycle-management-of-third-parties-step-5-management-of-the-relationship/

Computerworld — Although Apple isn't the sole focus of Microsoft's Enterprise Mobility Suite (EMS) or of Satya Nadella's new "mobile-first cloud-first" vision for the company, its iOS devices dominate enterprise mobility, meaning that Apple will play a major role in Microsoft's mobility strategy. In pursuing this strategy, Microsoft is, in a way, copying Apple's approach to business and enterprise iOS customers, albeit from a different perspective.

Microsoft began adding the ability to manage iOS and Android devices to its cloud-based Intune management suite last year. Although initial support for iOS device management was very basic, the company updated Microsoft Intune's iOS capabilities in January. While Microsoft has a ways to go before it catches up to the feature sets of the major mobile device management and enterprise mobility management vendors, the company looks committed to advancing its mobile management tools quickly.

...

http://www.cio.com/article/750992/Microsoft_Gets_Strategic_with_its_Enterprise_Mobility_Suite

Friday, 04 April 2014 16:19

Putting the 'B' in BRM

Computerworld — The challenge: Justify to the senior management committee the expense of business relationship management (BRM) within the IT function.

Now, there are many ways to do that. All the tools for assessing value can be drawn upon. There's the balanced scorecard, ROI, maturity models (with key performance indicators) and assessments against them, surveys, IT investment ratios, IT productivity over time. All very plausible, given the right circumstances.

But as CIO, I knew that I had to do more than show that BRM made compelling sense from a stockholder perspective. I also had to show how its success would be measured over time.

...

http://www.cio.com/article/750970/Putting_the_B_in_BRM

Do you think your anti-virus software is doing an adequate job in detecting malware and keeping your computers and network safe?

Unfortunately, you may need to re-think your attitudes toward AV software. According to a new report from Solutionary and the NTT Group, AV fails to spot 54 percent of new malware that is collected by honeypots. Also, 71 percent of new malware collected from sandboxes was undetected by over 40 different AV solutions.

The report also found that even a minor SQL injection could result in financial losses upwards of $200,000 – the kind of dollar amount that could cripple a small business.

...

http://www.itbusinessedge.com/blogs/data-security/preparing-for-the-shifting-threat-landscape.html

Everything in IT these days is rapidly moving to be defined by software, including now backup and recovery.

EMC today launched a Data Protection Suite spanning its Avamar, NetWorker, Data Protection Advisor, Mozy and SourceOne products that not only makes them easier to acquire, but also sets the stage for managing them as an integrated set of processes.

Rob Emsley, senior director of product marketing for EMC, says that just like the rest of the enterprise, data protection is moving toward a software-defined model that promises to make it easier to manage backup and recovery, compliance and archiving.

As part of that exercise, Emsley says EMC is moving toward enabling a self-service model under which end users would be able to directly invoke EMC products and services within the policy guideline set by the internal IT organization across both structured and unstructured data sets.

...

http://www.itbusinessedge.com/blogs/it-unmasked/emc-starts-shift-to-software-defined-data-protection.html

This week, a new report from the United Nations’ Intergovernmental Panel on Climate Change summarized the ways climate change is already impacting individuals and ecosystems worldwide and strongly cautioned that conditions are getting worse. Focusing on impacts, adaptation and vulnerability, the panel’s latest work offers insight on economic loss and prospective supply chain interruptions that should be of particular note for risk managers—and repeatedly highlights principles of the discipline as critical approaches going forward.

Key risks the report identified with high confidence, span sectors and regions include:

...

http://www.riskmanagementmonitor.com/new-climate-change-report-highlights-risk-management-strategies/

Friday, 04 April 2014 16:15

Earthquakes and Mortgage Markets

The second earthquake to strike the Los Angeles area on March 28 is a wake-up call and reminder of the risk to commercial and residential properties in Southern California, according to catastrophe modeling firm EQECAT.

(The M5.1 quake located 1 mile south of La Habre follows the M4.4 earthquake near Beverley Hills (30 miles to the northwest) on March 17.)

In its report on the latest quake, EQECAT notes that most homeowners do not carry earthquake insurance (only about 12 percent of Californians have earthquake coverage, according to I.I.I. stats), and those that do typically carry deductibles ranging from 10 percent to 15 percent of the replacement value of the home, and commercial insurance often carries large deductibles and strict limits on insurance coverage.

...

http://www.iii.org/insuranceindustryblog/?p=3619

CSO — Hacking is no longer just a game for tech-savvy teens looking for bragging rights. It is a for-profit business -- a very big business. Yes, it is employed for corporate and political espionage, activism ("hacktivism") or even acts of cyberwar, but the majority of those in it, are in it for the money."

So, security experts say, one good way for enterprises to lower their risk is to lower the return on investment (ROI) of hackers by making themselves more expensive and time-consuming to hack, and therefore a less tempting target. It's a bit like the joke about the two guys fleeing from a hungry lion. "I don't have to outrun him," one says to the other. "I just have to outrun you."

Of course, this only applies to broad-based attacks seeking targets of opportunity -- not an attack focused on a specific enterprise. But, in those cases, being a bit more secure than others is generally enough.

...

http://www.cio.com/article/750958/Want_to_Lower_Your_Risk_Lower_the_ROI_of_Hackers

With the anniversary of the Southern Alberta floods looming, are organizations now any better prepared for emergencies?
 
CALGARY, ALBERTA – From cold snaps and ice storms to polar vortex windchill, Canadians are emerging from one of the coldest and snowiest winters in decades. It has been a long, bitter winter but are we really ready for spring? Questions around emergency preparedness are naturally arising as the record snowfall blanketing cities across the country begins to melt and is already causing flooding in some areas. 
 
A recent Ipsos Reid study reveals critical gaps in emergency response plans following the 2013 Southern Alberta floods and the need to take action to prepare before disaster strikes again. In 2013, severe weather like heavy snow, rain and floods directly affected more than 3.5 million Canadians. Toronto’s ice storm wreaked havoc and cost the city in excess of $100 million. It has been Winnipeg’s second coldest winter on record since 1938, leaving hundreds of homes with frozen pipes. And Canada’s largest natural disaster, the 2013 Southern Alberta floods, is still fresh in the minds of nervous Albertans. There’s plenty of focus on the preparedness of homeowners living in high-risk areas but questions still surround the readiness of corporations across Canada. 
 
According to the “2013 Calgary Flood & State of Emergency Corporate Crisis Communications Study”, 80 per cent of large Calgary organizations surveyed had an Emergency Response Plan (ERP) in place before the floods but just 44 per cent of these plans included emergency communications plans and protocols. The lack of communication systems and limited access to organizational databases hindered the speed and efficiency of several companies' efforts. Email and manual calling were the primary methods of communication used during the flood (92 per cent and 84 per cent, respectively). Of the organizations surveyed, only 20 per cent factored contact lists into their ERP, just 19 per cent said they were able to reach employees and a mere 8 per cent said people clearly knew what to do.
 
“Spring is a perfect opportunity to take a fresh look at these too-low numbers and see how we can better prepare ourselves with forward-thinking solutions before another flood or crisis,” says Steve Hardy, director of RallyEngine, an app-based internal communications system, which commissioned the independent study. 
 
“Approximately two-thirds of Canadians and more than 90 per cent of business people now use smartphones. Ninety-one per cent of adults are within arm’s reach of their mobile phone 24/7,” he says. “It’s possible now to easily reach and inform far more people – and just the right people – using now-common internet and mobile technology.”
 
Approximately four in ten surveyed organizations updated their ERPs following the floods, but many overlooked vital information such as contact lists, roles and responsibilities, or steps for business continuity. Hardy says the study revealed that leaders of some of these large organizations either didn’t have up-to-date company-wide directories, couldn’t access their directory physically or virtually, or weren’t able to reach the people responsible for such important but overlooked lists. As a result, communications were more manual and less efficient.
 
“It can be very difficult to find this information in a crunch. The most important factor in a crisis is an organization’s people. Are they ok? Where are they? Are they available to help? Even the best plan falls apart if the right people can’t be alerted, informed, and rallied when needed.”
 
Hardy points out that municipalities and emergency management agencies did remarkable work during the 2013 flood. “Over the last several months, they’ve been diligently analyzing what went well and what didn’t, especially with regards to communications, so that they’re even more prepared and resilient next time. There’s no reason why corporations shouldn’t be just as focused and proactive.”
 
If the 2013 floods taught us anything, it was how resilience and timely responses are critical to ensuring positive outcomes in the face of a crisis. Versatile internal communications systems like RallyEngine facilitate nimble business continuity and can be set up within weeks, not months.
 
To download the full Ipsos Reid 2013 Calgary Flood & State of Emergency Corporate Crisis Communications Study, visit http://use.rallyengine.com/study/YYCflood. 
 
 
About RallyEngine
RallyEngine is a powerful and streamlined app-based internal communications system that facilitates nimble business continuity. Designed for organizations with dispersed teams or mobile workforces, the system works by having team members install an app on their smartphone, which connects to the RallyEngine server, providing a channel to transmit location data, important information, and push notifications in real-time.

Let’s proceed by elimination. Servers? Those are the things that fall over when your data centre is hit by lightning and for which you do your disaster recovery planning anyway. Desktop PCs? They’re practically nailed to your desk, so they won’t be going with you as you run for the exit. Laptops? Maybe, although battery power and hard drive fragility may be issues. Smartphone? Compact, highly portable, runs tons of apps but has such a tiny screen. So finally, is the tablet computer the best compromise for IT on the run while you’re trying to get everything else back to normal?

...

http://www.opscentre.com.au/blog/can-tablet-computers-cure-disaster-recovery-headaches/

CIO — The concept of a "data lake," sometimes called an "enterprise data hub," is a seductive one.

The data lake is the landing zone for all the data in your organization — structured, unstructured and semi-structured. — a central repository where all data is ingested and stored at its original fidelity All your enterprise workloads, from batch processing and interactive SQL to enterprise search and advanced analytics, then draw upon that data substrate.

Generally, the idea is to use HDFS (Hadoop Distributed File System) to store all your data in a single, large table. But building out such a next-generation data infrastructure requires more than simply deploying Hadoop; there's a whole ecosystem of related technologies that need to integrate with Hadoop to make it happen. And while Hadoop itself is open source, many of the other technologies that can help you build that infrastructure are open core or fully proprietary.

...

http://www.cio.com/article/750897/Pivotal_Looks_to_Simplify_Building_Business_Data_Lakes_

Thursday, 03 April 2014 15:02

Rise of the Mega Data Center?

It seems the more the enterprise becomes steeped in cloud computing, the more we hear of the end of local infrastructure in favor of utility-style “mega-data centers.” This would constitute a very dramatic change to a long-standing industry that, despite its ups and downs, has functioned primarily as an owned-and-operated resource for many decades.

So naturally, this begs the question: Is this real? And if so, how should the enterprise prepare for the migration?

Earlier this week, I highlighted a recent post from Wikibon CTO David Floyer touting the need for software-defined infrastructure in the development of these mega centers. Floyer’s contention is that “megaDs” are not merely an option for the enterprise, but the inevitable future, in that they will take over virtually all processing, storage and other data functions across the entire data ecosystem. The key driver, of course, is cost, which can be distributed across multiple users to provide a much lower TCO than traditional on-premise infrastructure. At the same time, high-speed networking, 100 Gbps or more, has dramatically reduced latency of distributed operations and is now available at a fraction of the cost of only a few years ago.

...

http://www.itbusinessedge.com/blogs/infrastructure/rise-of-the-mega-data-center.html

Thursday, 03 April 2014 15:01

Plans within business continuity

By Michael Bratton

Even though plans represent just one component of a larger business continuity management system, they are what guide the organization through all phases of response and recovery following the onset of a disruptive incident – from the initial response and assessment to the eventual return to normal operations. Effective planning is meant to ensure that response and recovery efforts align to the expectations of all interested parties and provide a repeatable approach to minimize downtime.

This article explores different types of plans and examines their purpose within a wider business continuity strategy.

...

http://www.continuitycentral.com/feature1165.html

Thursday, 03 April 2014 15:00

Sungard Availability Services goes it alone

Sungard Availability Services has announced that it is now a standalone company, following its split-off from SunGard Data Systems Inc. The new company, with annual revenues of approximately $1.4 billion and operations in 11 countries, will remain headquartered in Wayne, PA.

As a result of the split-off, Sungard AS now has its own board of directors and a new brand.
"Now that we are an independent firm, we have the flexibility to evolve our culture, our industry relationships and our investments to maximize our business and best serve customers," said CEO Andrew A. Stern.

"Today's announcement is the next step towards creating a highly-focused IT services business that's dedicated to providing world-class managed / availability services to our customer base," Stern noted. "All of us here at Sungard AS are very excited about the prospects to accelerate our growth, and we look forward to continue partnering with our customers to deliver the business outcomes they need."

Sungard AS today revealed its new brand identity, which includes a new logo. The company, which pioneered the concept of shared IT disaster recovery infrastructure more than 30 years ago, will continue to leverage its ‘always on, always available’ brand positioning. Its new logo represents strength and dynamism. A forward-leaning angle in the logo conveys progression and growth, while a triangle in the logo represents stability and the support that the company will continue to provide its customers.

Sungard AS leverages its scale and global reach to address its approximately 7,000 customers' cloud, managed hosting and recovery-services needs. "Our company will continue to focus investments in our newer service offerings, which include Enterprise Managed Services, Enterprise Cloud Services, Recovery as a Service and Assurance, our next-generation business continuity management software offering," Stern said.

www.sungardas.com

CIO — The perennial data center quest to beat the heat has sparked a wave of innovation in enterprise computing.

Densely packed computing facilities produce a lot of heat. Getting rid of it is a must for boosting the reliability of computing and communications gear. The trick is keeping things cool without running up utility bills and expanding the carbon footprint.

To that end, IT managers have an expanding list of options and measures to consider. Data centers may combine straightforward approaches (such as organizing centers into cold and hot aisles) with more elaborate components (such as cooling towers). Even water-cooled computers, once a staple of the mainframe world, appear to be making a comeback. Immersion cooling, in which servers are bathed in a nonconductive cooling fluid, has made an appearance in a few data centers.

...

http://www.cio.com/article/750811/IT_Leaders_Pursue_Data_Center_Innovation_to_Beat_the_Heat

Since the March 22 landslide, the Red Cross has mobilized five response vehicles and more than 300 trained workers – more than half of them from Washington State.

Through Monday (March 31), the Red Cross has served 15,000 meals and snacks in partnership with Southern Baptist Disaster Relief, handed out hundreds of comfort and relief items, and provided nearly 2,400 mental health or health-related contacts. In addition, our shelters have provided more than 130 overnight stays.

Response details:

  • Red Cross mental health and spiritual care volunteers are caring for families who have lost loved ones or are waiting for word on the missing.
  • Red Cross workers are meeting one-on-one with people affected to create recovery plans, navigate paperwork and locate help from other agencies. In some situations, the Red Cross may also provide direct financial support to people who need extra help, including assistance with funeral expenses and mental health counseling.
  • Red Cross Family Care Centers that are open in Darrington and Arlington are places where affected family members can receive emotional and spiritual support, mental health assistance, and care for children after they receive notification of loss of a loved one.
  • Red Cross workers are also providing emotional support and help with creating individual recovery plans at Joint Resource Centers in Darrington and Arlington.

With eight confirmed cases of Ebola reported in the Guinea capital, Conakry, Médecins Sans Frontières (MSF) says that the country is 'facing an unprecedented epidemic in terms of the distribution of cases.'

“We are facing an epidemic of a magnitude never before seen in terms of the distribution of cases in the country: Gueckedou, Macenta Kissidougou, Nzerekore, and now Conakry,” said Mariano Lugli, coordinator of MSF's project in Conakry.

To date, Guinean health authorities have recorded 122 suspected patients and 78 deaths. Other cases, suspected or diagnosed, were found in Sierra Leone and Liberia.

MSF continues to strengthen its teams on the ground in Guinea. By the end of the week, there will be around 60 international fieldworkers who have experience in working on haemorrhagic fever. The group will be divided between Conakry and the other locations in the south-east of the country.

...

http://www.continuitycentral.com/news07155.html

Just got back from Orlando where I helped kick off the largest BC/DR conference in the world yesterday, Spring World 2014.

I previewed my talk in Orlando Sunday with an online webinar last week. If you were able to participate in last Wednesday’s webinar, (which is archived on the Disaster Recovery Journal’s website) entitled The State of Disaster Recovery Preparedness, you may recall this excellent question posed by one of the attendees:

“How do we convince upper management to fund disaster recovery?”

Getting the executive team on your side is a foundational step toward developing and implementing a sound DR plan. Like most things in life, I think communications is key — both what you say and how you say it.

...

http://drbenchmark.org/is-our-dr-vocabulary-a-barrier-to-disaster-recovery-preparedness/

Thursday, 03 April 2014 14:55

BCI North America Awards presented

The 2014 BCI North America Awards took place on Sunday March 30th as part of the Disaster Recovery Journal (DRJ) Spring World 2014. The awards recognise the outstanding contribution of business continuity professionals and organizations living in or operating in the North America Region, including USA and Canada.

The winners were:

Business Continuity Industry Personality of the Year
Frank Perlmutter MBCI

BCM Newcomer of the Year
Leanne Metz AMBCI, Associate Director, Mead Johnson Nutrition

Business Continuity Innovation of the Year
Everbridge

Public Sector Manager of the Year
Brian Gray MBCI Chief, Business Continuity Management, United Nations

Business Continuity Manager of the Year
Dave Morgan MBCI, Senior BCP Manager, Delta Dental

Business Continuity Team of the Year
Franklin Templeton Investments

Highly Commended:
Kaiser Permenante
Target

Most Effective Recovery of the Year
Telus Communications

Business Continuity Consultant of the Year
Skip Williams, Owner, Kingsbridge Disaster Recovery

Business Continuity Provider of the Year (Product)
ResilienceONE® BCM Software

Highly Commended:
Fusion

Business Continuity Provider of the Year (Service)
Avalution

www.thebci.org