Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 29, Issue 3

Full Contents Now Available!

Industry Hot News

Industry Hot News (6393)

 

Bats

By Jacquelyn Lickness

When a hospital in South Carolina spotted bats flying through its facility, officials sprang into action launching an investigation to prevent a possible rabies outbreak. Because bats are commonly infected with the virus, any contact with the flying mammals is taken very seriously. The hospital quickly involved state public health officials, who then reached out to CDC to help investigate any possible exposure to the rabies virus.

Team in the EOC

Rabies is a disease typically acquired through the bite of a rabid animal, and can be deadly if the exposure (e.g., bite) is not recognized early enough. Across the globe there are more than 55,000 human deaths from rabies each year. However, in the U.S. human cases are extremely rare, with approximately two human deaths annually. Most exposures to the rabies virus in the U.S. occur through contact with animals that are commonly infected with the virus, including bats, raccoons, skunks, and foxes.

Participation in the response effort

The response effort in South Carolina is ongoing and has involved collaboration among hospital staff, state public health officials, and CDC rabies experts and volunteers. Because hundreds of patients and hospital staff might have come in contact with bats, it was important to assess each individual’s risk of exposure.

In this event, it was critical to understand any interaction with a bat. It is possible that bat bites can go unnoticed if the person is sleeping or sedated, thus placing a person at risk for rabies. As a result, the investigation team asked about certain activities such as bat handling and touching, heavy sleeping or sedation, and other medical history that may indicate exposure.

Rabies expert and CDC Epidemic Intelligence Service (EIS) Officer Dr. Neil Vora orchestrated a response that included the administration of hundreds of phone-based surveys to hospital patients and staff. This large-scale investigation was managed through the CDC Emergency Operations Center. EIS officers, veterinary and medical students, and public health students from nearby Emory University eagerly offered their support for the data-gathering activities. The Student Outbreak and Response TeamExternal Web Site Icon (SORT), a public health organization from Emory University that assists in outbreak responses, organized a contingency of nearly 20 students to assist the efforts. In the span of four days, a total of 55 volunteers made 817 calls.

EOC team

The investigation wasn’t just limited to patient questionnaires. Other activities included the distribution of letters and flyers to patients and visitors to warn of bat exposure, mapping and creation of a timeline of bat sightings, and testing of bats for rabies. A quick response was made possible through collaboration between the hospital, South Carolina public health officials, a local pest control company, and all participants at CDC.

Determining the extent of exposure

In total, 53 bats have been sighted in the hospital, of which 12 were tested and have results available, all of which were negative. That said, other bats in the colony that have not been tested could still have had rabies. After the removal of the bats and other interventions to prevent their re-entry, the bat sightings have decreased. As a result of the collaborative effort among CDC, the state public health department, and the affected hospital during this response, partnerships were strengthened and new public health tools and practices were developed. Most importantly, all involved continue taking measures to understand best practices in rabies prevention and treatment to ensure the safety of the public’s health.

DENVER – Flooding is the most common natural disaster in the United States.  Recent years have seen more frequent severe weather events, like Hurricane Sandy, which ravaged the East Coast.  The Federal Emergency Management Agency (FEMA) manages the National Flood Insurance Program (NFIP) that provides flood insurance policies that provide millions of Americans their first line of defense against flooding.  But those flood insurance policies are only one component of the program and just part of the protection NFIP provides to individuals and the American public at large.

For anyone to be able to purchase an NFIP policy, the only requirement is that they live in a participating community.  A participating community can be a town or city or a larger jurisdiction like a township or county that includes unincorporated areas.  It is up to the community to opt into the NFIP program for the benefit of its citizens.  When joining the program, the community agrees to assess flood risks and to establish floodplain management ordinances.  In return for taking these actions, residents are able to purchase federally backed flood insurance policies.

One of the cornerstones of the NFIP is the flood mapping program.  FEMA works with states and local communities to conduct studies on flood risks and develop maps that show the level of risk for that area, called a Flood Insurance Rate Map (FIRM).  The FIRM provides useful information that can assist in communities in planning development.  The area that has the highest risk of flooding is the Special Flood Hazard Area (SFHA), commonly called the floodplain.  The SFHA has a one percent chance of being flooded in any given year.  Because of the greater risk, premiums for flood insurance policies for properties in the SFHA are greater than for those for properties outside of it. 

Equally important to knowing the risks of flooding is having a game plan to address those risks.  This is role of floodplain management.  Local communities must comply with minimum national standards established by FEMA, but are free to develop stricter codes and ordinances should they choose to do so.  Key elements of floodplain management include building codes for construction in the floodplain and limitations on development in high risk areas.  Floodplain management is an ongoing process, with communities continually reassessing their needs as new data becomes available and the flood risk for areas may change.

The NFIP brings all levels of government together with insurers and private citizens to protect against the threat of flooding.  Federally sponsored flood maps and locally developed floodplain regulations give property owners the picture of their risk and ensure building practices are in place to minimize that risk.  As a property owner, purchasing a flood insurance policy is a measure you can take to further protect yourself.  To find out more about your individual risk contact your local floodplain administrator. For more information on flood insurance policies or to find an agent, visit www.floodsmart.gov or call 1-800-427-2419.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

DENVER – There’s a hidden threat that strikes countless unprepared Americans each year – flooding.  Unlike fire, wind, hail or most other perils, flood damage is not covered by a homeowners’ policy.  An uninsured flood loss can undo a lifetime’s worth of effort and create a mountain of bills.  Fortunately, a National Flood Insurance Program (NFIP) policy provides the defense against such losses and can ensure that a flood doesn’t bring financial ruin.

Flooding is an ever present threat; it can happen at any time and in virtually any location.  While certain areas may be more prone to flooding – especially those in coastal areas or riverine environments – history has shown that almost no place is immune to flooding.  Flooding can have many causes: a quick heavy rainfall or rapid snowmelt can cause flash flooding, a blocked culvert or storm sewer drain can create flooding in a city neighborhood, or prolonged wet weather can swell streams and rivers.  Even dry conditions can pose a threat, as minimal rainfall in wildfire burn areas or drought stricken regions can create flash flooding when soils are unable absorb even slight precipitation.

Flood insurance is easy to get, the only requirement is that you live in a participating community (which might be a county or other jurisdiction for those living in unincorporated areas).  That’s right; you don’t need to live in a floodplain to purchase a policy.  In fact, if you live outside a floodplain you may be eligible for a preferred risk policy that has a much lower premium than for a policy in a higher flood risk area.  And in most cases you can purchase an NFIP policy with the insurance agent you already deal with for other insurance needs.  When that isn’t possible, NFIP can put you in touch with another agent that can get you a flood insurance policy.

One key difference of an NFIP policy from another insurance policy is the 30-day waiting period prior to the policy going into effect.  But that doesn’t mean anyone should view a policy like a lottery ticket, something purchased only if flooding appears imminent.  A policy should be viewed as protection against a continuing threat rather than a hedge against a singular event such as anticipated spring flooding or following a wildfire.

The average flood insurance premium nationwide is about $700 a year – less than $2 a day for financial protection from what could be devastating effects of a flood to one’s home or business. By purchasing a policy now, or keeping your existing policy, you have peace of mind.  As with any insurance, be sure to talk with your agent about the specifics of your policy – how much coverage you need, coverage of contents as well as structure and any other questions you might have.

Find out more about your risk and flood insurance at www.floodsmart.gov. To purchase flood insurance or find an agent, call 1-800-427-2419.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Friday, 14 March 2014 14:58

What Could Be Worse?

If you wear the CIO hat of a very large retail company, what could be worse than to have your site broken into and tens of millions of customers’ information records stolen and … right at the peak of the holiday season? Well, I suppose it could be worse if your organization had recently spent millions to buy the latest in security equipment and software and set up a large, 24×7 monitoring center halfway around the world to monitor the critical alerts from security software … and then when someone 12 time zones away did notice that the organization’s networks had been breached and sent a notice to their overlords in the US, nothing much happened for nearly three weeks while the bad guys were stealing millions of customers’ credit card information and passwords.

Of course, that could be a really big problem. In fact, it might get a CIO, along with a number of underlings, fired after having to testify on nationwide TV before Congress, and after launching a huge internal review to see what really happened and placing blame somewhere other than at the top. And all this might cause any company to lose hundreds of millions in sales and frighten away millions of loyal customers … and three months later it might be on the front cover of one of the US’s leading business journals (see “Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It“).

...

http://blog.cutter.com/2014/03/14/what-could-be-worse/

Tomorrow, March 15 is enshrined as one of the most famous days of all-time, the “Ides of March”. On this day in 44 BC, the “Dictator for Life” Julius Caesar was assassinated by a group of Roman nobleman who did not want Caesar alone to hold power in the Roman Empire. It was however, this event, which sealed the doom of the Roman Republic as his adopted son Octavian first defeated the Republic’s supporters and then his rival Dictator Marc Anthony and became the first Emperor of the new Roman Empire, taking the name Augustus.

One of the more interesting questions in any anti-corruption compliance regime is to what extent your policies and procedures might apply in your dealings with customers. Clearly customers are third parties and in the sales chain but most compliance programs do not focus their efforts on customers. However, some businesses only want to engage with reputable and ethical counter-parties so some companies do put such an analysis into their compliance decision calculus.

However, companies in the US, UK and other countries who do not consider the corruption risk with a customer may need to rethink their position after the recent announcements made by Citigroup Inc. regarding its Mexico operations.

...

https://tfoxlaw.wordpress.com/2014/03/14/the-ides-of-march-and-evaluation-of-compliance-risk/

Friday, 14 March 2014 14:56

11 Tips to Prepare for SDN

Network World — Making the leap to SDN? Don't jump in blind. It helps to know what software-defined networking is, first off, and then what it can do for you.

Then it's smart to know all the inner workings of an SDN controller, the differences between products offered by established vendors and start-ups, and whether open source and bare metal switching might be an option. Lastly, learn your own network -- will it even support SDN or require a wholesale rip-and-replace? -- and then learn from your peers about their experiences. Here's an 11-tip guide on how to prep for SDNs:

...

http://www.cio.com/article/749683/11_Tips_to_Prepare_for_SDN

You would think Big Data would be important to any financial services firm, but it turns out, data integration and management are more pressing problems, particularly for buy-side companies, according to a recent FierceFinanceIT article.

Buy-side companies typically sell investment services such as private life insurance, hedge funds, equity funds, pension funds and mutual funds. Sell-side companies are registered members of the stock exchange and handle direct investments, often for the buy-side companies.

The article quotes executives from DataArt, which builds custom software solutions for financial services and other industries. DataArt executives say only a few buy-side companies are dabbling in Big Data as a way to learn more from social media data. Instead, the real focus for asset managers and midsize firms is preparing data for compliance reports.

...

http://www.itbusinessedge.com/blogs/integration/regulatory-compliance-driving-data-management-for-some-companies.html

CSO — It was 2010 and the monthly ISSA meeting featured speaker was Major Gen. Dale Meyerrose, VP of Harris information assurance at the time. Dale asked if we should teach being a responsible cyber citizen in our schools. Back then I had just started working in a large Public School District that had never before had an information security analyst. I had lots to share about information Security and lots more to learn about educating users in the business of Education!

I think this is a very appropriate term. So how long have you been a responsible cyber citizen? Where did you learn to become one? We all learned how to drive a car and hopefully we are responsible drivers, at least there is training and a test for drivers of automobiles. What about being a responsible cyber citizen? There is no official curriculum in our schools for it? Can you actually cause your country and yourself significant monetary losses or worse, just by not being aware of the dangers that lurk on the internet? The point is, over time malware has become quite sophisticated, what started as a prank in the 1980s is now a multi-billion dollar cyber-crime industry.

...

http://www.cio.com/article/749673/The_New_Security_Perimeter_Human_Sensors

In a new study, the Workplace Bullying Institute found that 27% of Americans have suffered abusive conduct at work and another 21% have witnessed it. Overall, 72% are aware that workplace bullying happens. Bullying was defined as either repeated mistreatment or “abusive conduct.” Only 4% of workers responded that they did not believe workplace bullying occurred.

The study found that 69% of the bullies were men and they targeted women 57% of the time. The 31% of bullies who are female, however, overwhelmingly bullied other women—68% compared to 32% who mistreated men in the workplace. Identifying the perpetrators also shed light on how corporate power dynamics play a role in abusive workplace behavior. The majority of bullying came from the top (56%), while only a third came from other coworkers.

...

http://www.riskmanagementmonitor.com/new-study-shows-scope-of-workplace-bullying

The recent flooding episode has highlighted shortcomings in the UK government’s approach to risk events says Chairman of the Institute of Risk Management, Richard Anderson.

“The terrible flooding in Somerset and the Thames has brought into sharp focus the ‘fingers crossed’ and ‘touching wood’ approach to risk management strategy that is so often adopted by government. It is regrettable that this seems to be the default mechanism to approaching all manner of risks. It is an appalling state of affairs because we understand how to manage risk better now than we ever have in the past. Since the flooding we have seen lots of frenetic activity from government officials which is unproductive and the government would be better served by seeking the advice of the increasing cadre of expert risk professionals who are largely being ignored at the moment.

“Routine risk thinking tends to be handled at a very junior level in government. Much of it is no more than painting by numbers as committees consider whether a risk should be red, amber or green. Most risks are considered in isolation of other risks materialising. That is not what happens in real life: in real life as one thing hits, another does straight after, and another and another. The interdependence of multiple impact risks needs to be managed far more professionally.

...

http://www.continuitycentral.com/news07131.html

The US National Institute of Standards and Technology (NIST) will host the first of six workshops devoted to developing a comprehensive, community-based disaster resilience framework, a national initiative carried out under the President's Climate Action Plan. The workshop will be held at the NIST laboratories in Gaithersburg, Md., on Monday, April 7, 2014.

Focusing on buildings and critical infrastructure, the planned framework will aid communities in efforts to protect people and property and to recover more rapidly from natural and man-made disasters. Hurricanes Katrina and Sandy, and other recent disasters, have highlighted the interconnected nature of buildings and infrastructure systems and their vulnerabilities.

The six workshops will focus on the roles that buildings and infrastructure systems play in ensuring community resilience. NIST will use workshop inputs as it drafts the disaster resilience framework. To be released for public comment in April 2015, the framework will establish overall performance goals; assess existing standards, codes, and practices; and identify gaps that must be addressed to bolster community resilience.

NIST seeks input from a broad array of stakeholders, including planners, designers, facility owners and users, government officials, utility owners, regulators, standards and model code developers, insurers, trade and professional associations, disaster response and recovery groups, and researchers.

All workshops will focus on resilience needs, which, in part, will reflect hazard risks common to geographic regions.

The NIST-hosted event will begin at 8 a.m. and is open to all interested parties. The registration fee for the inaugural workshop is $55. Space is limited. To learn more and to register, go to: www.nist.gov/el/building_materials/resilience/disreswksp.cfm.

Registration closes on March 31, 2014.

More information on the disaster resilience framework can be found at www.nist.gov/el/building_materials/resilience/framework.cfm

The UN Office for Disaster Risk Reduction (UNISDR) is working with IBM and AECOM to measure cities’ resilience to disasters.

The first output of the partnership is a Disaster Resilience Scorecard created for use by members of UNISDR’s ‘Making Cities Resilient’ campaign which has been running now for almost four years.

The scorecard is based on the Campaign’s Ten Essentials – UNISDR’s list of top priorities for building urban resilience to disasters — and has been developed by IBM and AECOM. A list of potential cities is being developed to test the scorecard and to support their disaster resilience planning.

The Disaster Resilience Scorecard reviews policy and planning, engineering, informational, organizational, financial, social and environmental aspects of disaster resilience. Each of the criteria has a measurement scale of 0 to 5, whereby 5 is regarded as ‘good practice.’

The scorecard will be available at no cost through UNISDR, AECOM or IBM.

Both IBM and AECOM are part of UNISDR’s Private Sector Advisory Group and the Making Cities Resilient Steering Committee.

View the Disaster Resilience Scorecard for Cities as a PDF.

CSO — Healthcare organizations see an expanding landscape of uncertainty that has raised concerns among security pros and points to the need for more thorough threat analyses, a study showed.

Risks posed by health insurance and information exchanges, employee negligence, cloud services and mobile device usage has dampened confidence in protecting patient data, the Fourth Annual Benchmark Study on Patient Privacy & Data Security found. The study, released Wednesday, was conducted by the Ponemon Institute and sponsored by data breach prevention company ID Experts.

Despite the concerns, the study showed progress on the security front. The average cost of data breaches for organizations represented in the study fell to $2 million over a two-year period, compared to $2.4 million in last year's report.

...

http://www.cio.com/article/749648/Healthcare_Industry_Advised_to_Do_More_Thorough_Risk_Analyses

Data deduplication or the elimination of repetition of data to save storage space and speed transmission over the network – sounds good, right? ‘Data deduping’ is currently in the spotlight as a technique to help organisations boost efficiency and save money, although it’s not new. PC utilities like WinZip have been compressing files for some time. The new angle is doing this systematically across vast swathes of data. By reducing the storage volume required, enterprises may be able to keep more data on disk or even in flash memory, rather than in tape archives. Vendor estimates indicate customers might store up to 30 terabytes of digital data in a physical space of just one terabyte.

...

http://www.opscentre.com.au/blog/data-deduplication-ramifications-for-disaster-recovery/

In my previous post, I shared the ongoing debate about the most effective way to approach Big Data so that it will yield meaningful, useful and, hopefully, profitable findings.

The top two options are approaching data as an explorer versus Tom Davenport’s contention that you need to use a hypothesis, which I translate as using a more scientific-method based approach.

Explorer advocates say Big Data is too big for the typical reports-driven approach, and what’s worked for early adopters has been tinkering with the data to see what it reveals. Davenport and others contend that is a great way to waste time, spend money and create unhappy business leaders.

...

http://www.itbusinessedge.com/blogs/integration/what-charles-darwin-can-teach-business-leaders-about-big-data.html

Thursday, 13 March 2014 15:45

SMBs Need Proper Tools to Refine Big Data

According to a recent Entrepreneur article, small businesses should find effective ways to analyze data in order to give their customers what they need without pushing too hard to gather more data from those same customers. Sounds simple, yet complex.

And when you also consider that data is increasing exponentially, and the way Big Data has been multiplying, it’s no wonder small to midsize businesses (SMBs) have become quite overwhelmed about how to collect, sort, and use Big Data in any effective manner.  

But what SMBs need to realize is that the key to using data is “refinement.” In his Entrepreneur article, Suhail Doshi explains:

...

http://www.itbusinessedge.com/blogs/smb-tech/smbs-need-proper-tools-to-refine-big-data.html

Thursday, 13 March 2014 15:44

Easing Up on Archival Cost and Complexity

Archiving has always been one of those functions that pulls the enterprise in two different directions. Increased data volumes, of course, require more storage capacity, but as data sits in the archives for longer periods of time, it loses its value. So in the end, the enterprise must devote more resources to constantly diminishing assets.

Of course, this is the lifeblood of the archival management industry as numerous companies work up sophisticated algorithms and other tools to analyze data and then shift it from one set of resources to another based on its intrinsic value. The real purpose behind Big Data management, after all, is not to accommodate increasing volumes but to mine existing stores for gold and then store the rest at the lowest possible cost—or discard it altogether.

Naturally, part of this process requires the development of low-cost media, such as tape, which offers the benefit of stable, long-term storage for data that is accessed infrequently. Disk-based archiving is also gaining in popularity, although this is primarily in tiered solutions, considering the disk’s relatively weak long-term reliability.

...

http://www.itbusinessedge.com/blogs/infrastructure/easing-up-on-archival-cost-and-complexity.html

Thursday, 13 March 2014 15:43

One of Those Days

Ever have one of those days? Blargggg. The good news is that it is normal and human and okay to be “off” a bit from time to time…which is a lot different than having an emotional spin event…in that context, since I’m having one of those blarggh days….and don’t feel very creative I thought I’d just share a few Emotional Continuity Management definitions today…

Emotional: All human feelings, those defined as positive and negative.

Spinning: Normal emotions that, for some reason, escalate and continue to develop an additional energy beyond the emotions of the original event. Emotional spinning occurs when a person, or several people, join forces with someone else to form a mutual or collective energy spin. The increasing collective emotional dynamic created by rampant, unmanaged, or poorly managed feelings.

...

http://www.improvizion.com/one-days/

Big Data is a bit of a problem for businesses. The fact is that data is growing enormously, both in its volume and importance. Also, we’ll soon see a big push on usable open data and its value. So, many organizations must move on Big Data.

Yet, I haven’t found a use case that will deliver for any and every company.  McKinsey recently asked eight executives from companies with leading data analytics programs about their experiences. According to the McKinsey report, “[t]he reality of where and how data analytics can improve performance varies dramatically by company and industry.”

One problem may be that Big Data requires a paradigm shift in how businesses approach data. Typically, business is goal-oriented with data: You run a report because you need a specific set of data on a specific topic.

...

http://www.itbusinessedge.com/blogs/integration/experts-differ-on-best-way-to-gain-insight-from-big-data.html

CIO — On the day of Facebook's IPO, a concurrency bug that lay hidden in the code used by Nasdaq suddenly reared its ugly head. A race condition prevented the delivery of order confirmations, so those orders were re-submitted repeatedly.

UBS, which backed the Facebook IPO, reportedly lost $350 million. The bug cost Nasdaq $10 million in SEC fines and more than $40 million in compensations claims — not to mention immeasurable reputational damage.

So why was this bug not discovered during testing? In fact, how did it never manifest itself at all before that fateful day in 2012?

...

http://www.cio.com/article/749493/Why_Software_Testing_Can_t_Save_You_From_IT_Disasters

Wednesday, 12 March 2014 15:20

Europe Approves New Data Protection Law

IDG News Service (Brussels Bureau) — European politicians voted overwhelmingly on Wednesday in favor of new laws safeguarding citizens' data.

The new Data Protection Regulation was approved with 621 votes for, 10 against and 22 abstentions.

"The message the European Parliament is sending is unequivocal: This reform is a necessity, and now it is irreversible," said Justice Commissioner Viviane Reding, who first proposed the law.

"Strong data protection rules must be Europe's trade mark. Following the U.S. data spying scandals, data protection is more than ever a competitive advantage," she said in a statement.

...

http://www.cio.com/article/749583/Europe_Approves_New_Data_Protection_Law

Wednesday, 12 March 2014 15:19

Flight 370 on ground?

[Updated Wednesday, March 12, 2014; new copy added at bottom.]

Rescue operations are launched from a number of countries, combing the seas for Malaysia Airlines Flight 370.

All the talking heads are claiming the Boeing 777-200 went into the water.

Perhaps.

But maybe not.

According to the tv talking heads, Flight 370 set off from Kuala Lumpur headed north-northeast toward is Beijing destination. But it diverted from its flight plan and turned westward, crossing over Malaysia or southern Thailand on a mostly westerly course where it dropped off the radar; contract was lost.

...

http://johnglennmbci.blogspot.com/2014/03/consider-this-flight-370-on-ground.html

This question is as old as Business Continuity Best Practices.  But there is a logical answer that many organizations (and most BCM Auditors) fail to recognize.

That simple answer: No.

But this would be a very short blog if some explanation didn’t accompany that short answer.  So let’s see if I can make the logic clear…

The chief purpose of a BIA is to gain an understanding of what’s important to the enterprise.  An enterprise-wide BIA enables an organization to rank its Business Processes and IT Applications in order of criticality to the delivery of the organization’s Products and Services.  That ranking enables the organization to prioritize which Processes and Applications – if impacted by a disruption – should be restored first (or which Recovery Plans should be activated first).

...

http://ebrp.net/do-bia-results-belong-in-your-business-continuity-plan/

CSO — Given last year's revelations about the National Security Agency's (NSA) massive surveillance and data analytics conducted on Americans, along with continuing stories about local police scanning thousands of license plates per day, it might sound absurd to say that government lags behind the private sector in the use of Big Data analytics.

But those examples tend to be outliers among the nation's sprawling bureaucracies, especially at the state and local levels. In general, the private sector is well ahead of the public sector in the use of Big Data analytics, according to a recent report titled "Realizing the promise of Big Data," sponsored by the IBM Center for the Business of Government.

While the report's author, Kevin Desouza, an associate dean for research at Arizona State University, cited multiple examples of it being used in government, he found that the overall promise of Big Data analytics is largely unrealized so far in the public sector. He called it, "a new frontier" for government at all levels.

...

http://www.cio.com/article/749573/Big_Data_Still_A_New_Frontier_for_Most_of_the_Public_Sector

(CNN) -- New York police and fire officials were responding to reports of a massive explosion in Manhattan's East Harlem, authorities said Wednesday.

There were at least 11 minor injuries as clouds of dark smoke rose over the residential neighborhood of red-brick tenements, fire officials said.

Metro North commuter rail service, which runs along the site of the blast on Park Avenue, was suspended, officials said.

"Two buildings have collapsed. I hope there is no one in there. It's just rubble," a worker at a nearby flea market said.

...

http://www.cnn.com/2014/03/12/us/manhattan-building-explosion/index.html

Computerworld — Marketing executives salivate at the thought of being able to track shoppers via their mobile devices. The only problem: How to get consumers to sign on to that? MasterCard might have the answer. By spinning it as a global payment convenience, MasterCard has put a happy face on a major potential information grab.

Here's the deal. MasterCard and its partner Syniverse, a global mobile telecom firm, want you to opt in to let them track your mobile geolocation data. MasterCard says that cardholders who opt in and then travel to other countries will have fewer transactions denied. You see, cardholders are supposed to call their issuer before leaving the country so that their itineraries can be fed to the issuer's antifraud systems. When the cardholders don't do that, they are more likely to have their purchases denied.

So, says MasterCard, let's make this easier for everyone. Just register your phone with us, and then when a transaction request for you comes in from, say, Greece, our system will be able to check to see if your phone is in Greece too. If it is, the transaction is more likely to go through.

...

http://www.cio.com/article/749539/Is_MasterCard_s_Fraud_Program_Just_Another_Data_Grab_

Techworld — The attack that planted malware on Target's point of sale (POS) terminals in November's huge data breach used inside knowledge of the network rather than a vulnerability in its retail software, McAfee has said in its latest quarterly analysis.

Snippets of information on the attack's engineering have been trickling out steadily since Target made the incident public in January, but this one suggests if not complexity then at least a degree of planning.

As has been widely discussed, the Target attack deployed the off-the-shelf BlackPOS, a generic but hugely popular toolkit used by criminals to capture data on retail computers connected to the card readers used by customers.

...

http://www.cio.com/article/749537/Target_Hackers_Showed_Intimate_Knowledge_of_Firm_s_Network_Suggests_McAfee

Hilary Estall takes a look at how organizations are faring with their BCMS audits and what, if any, trends are appearing.

Introduction

ISO 22301 has been in circulation for approaching two years but the uptake for third party certification remains at a steady crawl. Why is this? As with many other management system standards, there will be some organizations keen to be amongst the first to obtain certification and maximise the associated benefits, but for most, there will need to be an external factor to influence the decision whether to seek formal certification. ISO 22301 is no different.

That said, a number of organizations have taken the initiative and now benefit from a business continuity management system (BCMS) which not only stands up to the scrutiny of an independent auditor (which let’s face it can vary in its worth) but more importantly, offers assurance that should the worst happen, the business (or part covered by business continuity arrangements) stands in good stead for riding the storm.

So, what can we learn from those who have already dipped their corporate toes into the water, otherwise known as ISO 22301? This article draws on my personal experience both as an auditor (one of the tough ones!) and a BCMS consultant; and tries to get underneath what might be holding your BCMS back.

...

http://www.continuitycentral.com/feature1154.html

SWIFT has launches a new business continuity solution to support global payment systems. Developed by SWIFT, the Market Infrastructure Resiliency Service (MIRS) is a backup service for Real Time Gross Settlement (RTGS) systems - electronic platforms used for the continuous settlement of high value and multi-currency cash payments between banks.

Central banks and financial market infrastructures operate RTGS systems to ensure effective settlement of high value payment transactions. As a backup platform, MIRS provides a third line of support to RTGS operators experiencing problems with first and second line backup systems. Once active, MIRS provides the essential functions required to achieve final settlement in real-time on a transaction by transaction basis. Once MIRS is deployed, RTGS operators remain in full control of the service while SWIFT manages the technical operations.

Juliette Kennel, head of market infrastructures, SWIFT, says: "Given the prominent role that RTGS systems play in the world economy, it is vital to safeguard effectively against operational disruptions and manage related risks. MIRS provides market infrastructures with the necessary tools to maintain business as usual operations even in the very unlikely but high impact event that their first and second lines of defence were to fail."

Since July 2011, SWIFT has been working with a group of central banks, including the Bank of England, to identify the necessary requirements to enable RTGS functions to operate normally in the case of disruptions at their existing sites. At the end of 2013, the Bank of England completed a pilot and successfully tested MIRS with the Clearing House Automated Payment System (CHAPS) community. CHAPS is a UK payments scheme that processes and settles both systemically important and time-dependent payments in sterling. On 24 February 2014, the Bank of England went live with MIRS, further increasing the resiliency of the Bank's RTGS service, the UK's High Value Payments System.

Toby Davies, head of market services at the Bank of England, says: "With two live operational sites, our current RTGS systems are highly resilient. However, we wanted to establish an additional contingency solution that was both robust and cost effective. MIRS will allow us to continue operating at full business volumes in the unlikely event of an outage affecting both our existing sites simultaneously."

MIRS is available to all HVPS market infrastructures, including those not currently on SWIFT.

http://www.swift.com

When it comes time to build a new data center or modernize an old one, the movement of applications from one set of systems to another can be a painful process that usually takes weeks to accomplish.

To address that particular challenge, Delphix launched the Delphix Modernization Engine, which automatically creates, manages and archives virtual copies of applications, databases and files.

The Delphix Modernization Engine is based on data virtualization technology that Delphix has been using to allow IT organizations to copy databases. Rick Caccia, Delphix’ vice president of strategy and marketing, says the company is now extending the reach of that technology to include applications and files. This helps reduce a process that once took weeks to complete down to a couple of days.

...

http://www.itbusinessedge.com/blogs/it-unmasked/delphix-data-virtualization-engine-simplifies-data-center-migrations.html

Tuesday, 11 March 2014 17:29

The Change Management Challenge

Organizations tend to develop far-reaching plans to describe their strategic ambitions, tactics, goals, milestones, and budgets. However, these plans in and of themselves do not create value. Instead, they merely describe the path and the prize. Value can be realized only through the unremitting, collective actions of the hundreds or thousands of employees who are ultimately responsible for designing, executing, and living with the changed environment.

Unless an organization successfully aligns its culture, values, people, and behaviors to encourage the desired results, failure is highly predictable.

This challenge becomes even more acute when considering transformation efforts that are enabled through the introduction of enterprise resource planning (ERP) or other technology-enabled solutions. As is frequently the case in these deployments, companies often pay a lot of attention to new processes and technologies. However, they limit their focus on the essential resource — people — and how they must work and behave in the “future state.” Though deployment success demands that employees adopt new business processes, ways of working, new behaviors, communication channels, software tools, and so on, many initiatives frequently focus the dominant portion of a change budget on how to operate the new tool and, as a consequence, underachieve or fail.

...

http://blog.cutter.com/2014/03/11/the-change-management-challenge

CIO — Today's businesses generate more data than ever before. Not coincidentally, IT has never been more critical to the success of a small business. Luckily, the per-gigabyte cost of hard disk drives and associated storage technologies has never been lower, while the advent of technology such as cloud storage offers even greater opportunities to do more with less.

For many small businesses, though, their backup and storage strategy hasn't caught up with their more pervasive use of computers. This could be due to confusion about the various storage options, or a failure to understand that the old paradigm of the occasional batch backup is no longer adequate.

A storage vendor representative will have you believe that it offers the perfect backup hardware for your business. However, backup is more than hardware, since storage needs for individual organizations invariably differ. This means a one-size-fits-all mentality is doomed to offer a mediocre fit in terms of either budget or functionality.

...

http://www.cio.com/article/749527/How_to_Build_a_Storage_and_Backup_Strategy_for_Your_Small_Business

Think you need advanced computer skills to set up a phoney bank website and fool people into giving you their money? Think again. DIY phishing is now on offer in kit form. Someone who knows how to set up a personal website or even a Facebook page probably has the level of knowhow required to get started in fraud and identity theft. For business continuity, the threats are multiplied. Instead of having to deal (only) with specialised cybercriminals, organisations and their employees must now be wary of almost anyone and everyone. But is that such a bad thing?

...

http://www.opscentre.com.au/blog/diy-phishing-has-a-message-for-business-continuity/

IDG News Service (Boston Bureau) — Oracle is planning to make significant investments in its ERP software for higher education institutions, with an eye on keeping the installed base happy and fending off challenges from the likes of Workday.

A new Oracle Student Cloud service will be configurable to manage "a variety of traditional and non-traditional educational offerings," Oracle said. The first incarnation of the product will be released sometime in 2015 and will support student enrollment, payment and assessment.

In addition, Oracle will release new features for higher education in its HCM (human capital management) and ERP (enterprise resource planning) cloud services during this year and next, according to Monday's announcement. The capabilities will target areas such as union contracts and grant management, and will be tied into Oracle Student Cloud.

...

http://www.cio.com/article/749498/Oracle_to_Revamp_Schools_ERP_Software_with_an_Eye_on_Workday

Everybody wants to explain technology in terms that business leaders can understand. Generally, that’s a good thing, but it can have a downside.

When you oversimplify the technology, it can help sell in the short term, but in the long run, it leads to unpleasant surprises, scope creep and skeptical business leaders.

That’s what seems to be happening with Big Data analytics, according to eight executives from companies heavily vested in data and analytics.

...

http://www.itbusinessedge.com/blogs/integration/executives-say-big-data-pays-off-but-implementation-is-oversimplified.html

One of the problems with developing entirely new data architectures like the cloud is that no one has a clear idea of the end game. Just about everyone these days wants to be on the cloud, but we are still struggling to define what, exactly, “the cloud” is and how to implement it.

Indeed, the schism between the public and private camps is as strong as ever, with the former describing private clouds as nothing more than automated virtualization, while the latter describes over-reliance on public resources as a recipe for disaster. And if you prefer hybrids? Well, you must be completely hopeless.

Lately, however, some voices are raising the possibility of a compromise. Rather than a simple black-and-white view of the cloud, perhaps there could be numerous shades of gray.

...

http://www.itbusinessedge.com/blogs/infrastructure/public-private-hybrid-does-it-really-matter.html

Symantec Challenges Financial Services Security

In this age of the customer, there is nothing more important than the effective and safe operation of our financial system. Trillions of dollars move around the world because of a well-oiled financial services system. Most consumers take our financial services system for granted. They get paid, have the money direct deposited into their account, pay bills, use their ATM card to get cash, and put family valuables in the safety deposit box. The consumer’s assumption is that their cash, investments and valuables are safe.

Symantec’s 2014 CyberWar Games set out to prove or disprove how correct are these assumptions. Symantec’s cyberwar event is the brainchild of Samir Kapuria, a Symantec vice president within the Information Security Group. Symantec structures the event as a series of playoff events. Teams form and compete, earning points for creating and discovering exploits. Out of this process, the ten best teams travel to Symantec’s Mountain View, California headquarters to compete in the finals.

...

http://blogs.forrester.com/edward_ferrara/14-03-10-symantec_challenges_financial_services_security

PEACH BOTTOM, Pa. — Stored near the twin nuclear reactors here, safely above the flood level of the Susquehanna River, is a gleaming new six-wheel pickup truck with a metal blade on the front that can plow away debris from an earthquake or other disaster. Attached to the back is a trailer that carries a giant diesel-powered pump that can deliver 500 gallons of water a minute.

If the operators at the Fukushima Daiichi plant in Japan had owned such equipment when the tsunami struck three years ago Tuesday, they might have staved off disaster, plant operators say.

Now, here at the Peach Bottom nuclear plant, which has the same design as Fukushima Daiichi, engineers and technicians are busy applying such lessons, preparing for a worst-case scenario even worse than the plant’s designers envisioned in the 1970s.

“After Fukushima, we have to ask, what if we were wrong?” said Michael Pacilio, Exelon’s chief nuclear officer, showing off the truck and other purchases.

...

http://www.nytimes.com/2014/03/10/business/after-fukushima-utilities-prepare-for-worst.html

This week I want to continue examining the good news coming out of the 2014 Annual Report on the State of Disaster Recovery Preparedness from the Disaster Recovery Preparedness Council .  Based on hundreds of responses from organizations worldwide, the Annual Report offers several insights into the best practices of companies that are better prepared to recover from outages or disasters.

You can download the report for free at http://drbenchmark.org/

Specifically, I want to explore what organizations are doing to set specific DR metrics for RTOs and RPOs so they can measure and test their DR performance—and hopefully enhance their ability to manage recovery faster and more effectively.

Results from the survey indicate that more prepared organizations set specific DR metrics for RTOs and RPOs.  These organizations, for example, define specific Recovery Time Objectives and Recovery Point Objectives for each of their mission critical business services such as Customer Orders, Finance, and Email communications.

...

http://drbenchmark.org/set-specific-dr-metrics-and-test-refine-and-test-again/

Computerworld — IT executives at Splunk faced a challenge. They needed to provide training materials for employees who would be using a new security program. The $268 million San Francisco company makes an application that collects machine data on everything from servers to elevators and heating systems.

"A lot of our employees have Ph.D.s and are IT geniuses," says CIO Doug Harr. Rather than lay down the law with these folks about what they can and can't load on their desktop computers, IT gives them administrative powers and a few security guidelines. So when it was time to train users, Harr knew a run-of-the-mill how-to would be a bad idea. "We looked long and hard for training materials that would be acceptable to them," he says.

...

http://www.cio.com/article/749471/Do_You_Understand_Your_Company_s_Personality_

Asia Pacific (AP) organizations have historically been slower to outsource critical information security functions, largely due to concerns that letting external parties access internal networks and manage IT security operations exposes them to too much risk. They have also not fully understood the real business benefits of outsourcing partnerships from a security perspective. However, this trend has recently started to reverse. I have just published a report that outlines the key factors contributing to this change:

  • Skill shortages are leading to higher risk exposure. Scarce internal security skills and a dearth of deep technical specialists in the labor pool are ongoing challenges for organizations around the world. This not only raises the cost of staffing and severely restricts efficiency, it may also increase the costs of security breaches by giving cybercriminals more time to carry out attacks undetected; at least one study indicates that the majority of reported breaches are not discovered for months or even years. The early adopters of managed security services in AP tell us that external service providers’ staff have more technical knowledge and skill than their internal employees.

...

http://blogs.forrester.com/manatosh_das/14-03-09-adoption_of_managed_security_services_is_on_the_rise_in_asia_pacific

Monday, 10 March 2014 16:10

Colorado Flooding – Six Months Later

DENVER – In the past six months, more than $284 million in federal funds has been provided to Coloradans as they recover from last September’s devastating floods.

More than $222 million has come in the form of disaster grants to individuals and families, flood insurance payments and low-interest loans to renters, homeowners and businesses. More than $62 million has been obligated to state and local governments’ response and recovery work.

At the same time, long-term recovery efforts are underway, staffed and funded by federal, state and local governments, and by volunteer agencies dedicated to helping those most in need.

The $284.9 million breaks down this way: (All figures are as of COB March 3, 2014.)

  • $60,418,419 in FEMA grants to more than 16,000 individuals and families for emergency home repairs, repair or replacement of essential personal property, rental assistance, and help with medical, dental, legal and other disaster-related expenses;
  • $98,750,000 in U.S. Small Business Administration low-interest disaster loans to more than 2,440 homeowners, renters and businesses;
  • $63,641,332 in National Flood Insurance Program payments on 2,071 claims, and
  • $62,055,973 in FEMA Public Assistance reimbursements to state and local governments for emergency response efforts, debris cleanup, repairs or rebuilding of roads, bridges and other infrastructure, and restoration of critical services.

“The flooding disrupted the lives of thousands, changed the course of streams, isolated mountain communities, and left major roadways impassable in many places,” said Tom McCool, federal coordinating officer for the disaster. “More than 1,200 men and women from FEMA were mobilized from all over the country to this disaster. We’re proud to be part of the team as Coloradans recover, rebuild and renew their lives.”

Over a five-day period last September, historic rainfall swept through the Front Range, with some areas receiving more than 17 inches of rain. The flooding killed 10 people, forced more than 18,000 from their homes and destroyed 1,882 structures, damaging at least 16,000 others. Some of the hardest hit communities included Jamestown, Lyons, Longmont, Glen Haven, Estes Park and Evans.

At the request of Gov. John Hickenlooper, President Obama signed a major disaster declaration for Colorado on Sept. 14, 2013.

The 11 counties designated for Individual Assistance under the major disaster declaration are Adams, Arapahoe, Boulder, Clear Creek, El Paso, Fremont, Jefferson, Larimer, Logan, Morgan and Weld.

The 18 counties designated for Public Assistance are Adams, Arapahoe, Boulder, Clear Creek, Crowley, Denver, El Paso, Fremont, Gilpin, Jefferson, Lake, Larimer, Lincoln, Logan, Morgan, Sedgwick, Washington and Weld.                 

Other federal recovery activities and programs include:

Hazard Mitigation

  • Approximately 50 percent of Public Assistance permanent repair work and nearly 65 percent of large (more than $67,500) Public Assistance projects contain mitigation measures to lessen the impact of similar disasters on publicly owned infrastructure. These mitigation measures have been approved for 123 projects with a cost of $3,439,200.
  • FEMA hazard mitigation specialists have provided county and local officials with technical assistance and reviews of existing flood control measures and challenges, helping revise hazard mitigation plans, and providing advice and counsel on numerous mitigation and flood insurance issues.
  • FEMA flood insurance inspectors assisted county officials to assess substantial damage at identified sites.
  • National Flood Insurance Program specialists as well as the state NFIP coordinator and state mapping coordinator met with the City of Evans to discuss floodplain management and the city’s recent adoption of the Weld County preliminary maps. The State and FEMA will continue to work with city officials by providing additional training and technical assistance to support their floodplain management program.

Disaster Case Management Program

  • FEMA has awarded a Disaster Case Management Grant of $2,667,963 to the State of Colorado. Under this state-administered program, case managers will meet one-on-one with survivors to assess unmet disaster-related needs that have not been covered by other resources.

Disaster Unemployment Assistance

  • $302,795 has been dispersed to 151 applicants in this federally funded, state-administered program.

Crisis Counseling Grant Program

  • Colorado Spirit crisis counselors have talked directly with 18,178 people and provided referrals and other helpful information to more than 88,000. Counselors met with nearly 1,200 individuals or families in their homes. The counselors are continuing door-to-door services and community outreach counseling programs. In mid-March, the longer-term Crisis Counseling Regular Services Program grant will be awarded to the State to continue the program.
  • The grant will provide an additional nine months of crisis counseling outreach services to survivors.

Voluntary Agencies

  • At the height of the disaster there were 53 agencies that ultimately provided a total of 275,784 volunteer hours. Survivors received shelter, food, water, snacks, muck-out, and debris removal.
  • Long Term Recovery Groups have been established in Larimer, Weld and Boulder counties, and Longmont and Lyons.
  • El Paso and Fremont counties are offering case management through El Paso County Voluntary Organizations Active in Disasters.

Disaster Legal Services Program

  • Through the Colorado Bar Association/American Bar Association  program, 284 State Bar-Licensed volunteer attorneys assisted 619 survivors with disaster-related legal issues. The program completed operations at the end of February.

Federal Disaster Recovery Coordination

  • The Federal Disaster Recovery Coordination group has brought together federal and state subject-matter experts to advise local and state decision-makers on the best methods to achieve an effective recovery. The FDRC focuses on how best to restore, redevelop and revitalize the health, social, economic, natural and environmental fabric of the community.
  • The group’s recently released Mission Scoping Assessment lists recovery-related impacts and the breadth of support needed, as well as evaluates gaps between recovery needs and capabilities. Its soon-to-be-released Recovery Support Strategies document outlines state recovery priorities and discusses how federal agencies can support those efforts.
  • The State of Colorado, FDRC and other federal agencies are:
  • assisting Lyons and Jamestown with long-term community planning and recovery organization;
  • facilitating a survey to gauge impacts of flooding on business communities;
  • helping identify housing options for disaster survivors, and
  • helping local governments identify stream channel choke points so local communities can prioritize limited hazard reduction in streams.

Social Media

  • By clicking the “like” button on the COEmergency Facebook page, Coloradans can get detailed posts with useful information and photos. The Colorado Division of Homeland Security and Emergency Management’s (DHSEM) Twitter account COEmergency has more than 23,000 followers and offers disaster recovery information, links to news products and other information that disaster survivors may still find useful.
  • More than 1,000 tweets have provided response and recovery information. Since the September floods began, more than 1,200 new participants have started following FEMA Region 8.
Monday, 10 March 2014 16:10

Avaya survey looks at downtime costs

As today’s business environment requires greater levels of business continuity than ever before, a new survey commissioned by Avaya demonstrates that traditional network vulnerabilities are causing more business impacts that most realize, resulting in revenue and job losses.

The survey of mid-to-large companies in the United States, Canada, and United Kingdom found that 82 percent of those surveyed experienced some type of network downtime caused by IT personnel making errors when configuring changes to the core of the network. In fact, the survey found that one-fifth of all network downtime in 2013 was caused by core errors. Even more troubling is the fact that 80 percent of companies experiencing downtime from core errors in 2013 lost revenue, with the average company losing $140,003 per incident. The financial sector lost an average of $540,358 per incident.

The resulting impact on a career can be significant: 1 in 5 companies fired an IT employee when a network downtime incident occurred. The factor was more dramatic for some industries. Respondents also said that 1 in 3 companies in the natural resources, utilities & telecoms sector sacked IT staff due to downtime caused by change errors.

Survey methodology:
Avaya surveyed 210 IT professionals in large organizations (250+ employees) within the United States, Canada and United Kingdom to understand how much revenue was lost in total as a result of all the downtime incidents caused by core network changes in 2013. The surveys were completed in January 2014 in coordination with Dynamic Markets (UK).

www.avaya.com

Disasters both natural and human-caused can damage or destroy data and communications networks. Presentations at the 2014 OFC Conference and Exposition, being held March 9th-13th in San Francisco, Calif., USA will offer new information on strategies that can mitigate the impacts of these disasters:

New algorithm finds safe refuge for cloud data 

Much of our computing these days, from browsing websites and watching online videos to checking email and following social networks, relies on the cloud. The cloud lives in data centers and disasters such as earthquakes, tornadoes, or even terrorist attacks, can damage the data centers and the communication links between them, causing massive losses in data and costly disruptions.

To mitigate such potential damage, researchers from the University of California, Davis (UC Davis), Sakarya University in Turkey, and Politecnico de Milano in Italy, first analyzed the risk that a disaster may pose to a communications network, based on the possible damage of a data center or the links that connect them to users. Then, they created an algorithm that keeps data safe by moving or copying the data from data centers in peril to more secure locations away from the disaster. The algorithm assesses the risks for damage and users' demands on the network to determine, in real-time, which locations would provide the safest refuge from a disaster.

...

http://www.continuitycentral.com/news07124.html

CIO — The adoption of virtualization in recent years has laid the groundwork for many IT organizations to move from on-premise data centers to co-located environments and the cloud, says Craig Wright, principal at IT and outsourcing consultancy Pace Harmon. The increased acceptance of high-density platforms that require much smaller physical locations encourages portability as well.

Cloud implementation continues to grow, whether public cloud for standardized situations or private clouds for solutions that are differentiating or have increased security or regulatory requirements. That's driving more focus on orchestrating and aggregating infrastructure services, Wright says.

And automation is starting to shake things up with the promise of the software-defined data center. "In this scenario, everything in the data center is virtualized -- applications, databases, networks -- and an automation layer extends across all virtualization layers to create a unified platform," says Wright. This emerging approach requires a high level of virtualization maturity and orchestration sophistication to put all the pieces together efficiently.

...

http://www.cio.com/article/749381/6_IT_Strategies_to_Stay_Ahead_of_Data_Center_Trends

CIO — This week's HP Industry Analyst Summit is IT's first company-wide, analyst-only event. That means it sets the bar that the others will attempt to beat this year.

Five areas define a good analyst event:

  1. Executive preparation: Did they take the event seriously?
  2. Demonstrated loyalty and collaboration: Is this a company — or a bunch of combatants?
  3. Dogfooding: Does the firm use its own products?
  4. Customers as vendor advocates: Does the customer have a voice?
  5. Entertainment: Are the analysts in the crowd checking email?

Analysts are a leveraged resource. If excited, they drive business to the vendor. If not, this value won't materialize. If alienated, they drive business from the vendor at a multiple based on the number of IT buyers or investors they touch.

...

http://www.cio.com/article/749320/HP_Sets_Standard_for_2014_IT_Analyst_Presentations

IDG News Service (Tokyo Bureau) — The market for external disk storage systems has recovered from a slump, with factory revenues up 2.4 percent to US$6.9 billion in the fourth quarter of 2013, according to an IDC study.

Internal plus external disk storage systems produced $8.8 billion in revenue, up 1.3 percent from the last quarter of 2012 and jumping 17.2 percent from 2013's third quarter, which was seasonally slow.

IDC defines a disk storage system as a set of storage elements either inside or outside a server, including controllers, cables and (in some instances) host bus adapters, associated with three or more disks. It said total capacity of such systems shipped in the fourth quarter topped 10.2 exabytes (10.2 billion gigabytes), an increase of 26.2 percent from a year before.

...

http://www.cio.com/article/749373/External_Disk_Storage_Market_Recovers_From_Slump

Friday, 07 March 2014 15:24

The Coming Data Doomsday

Remember last year, when we were all talking about the coming “data tsunami?” Heck, even CNBC wrote about it.

The data tsunami metaphor has always struck me as odd, particularly after 2011’s very real tsunami devastated parts of Japan. I gathered that it meant big, but it was hard to envision data creating tsunami-level chaos and destruction. I’m starting to rethink that.

Gartner recently came out with this rather startling statement that 33 percent of Fortune 100 organizations will face an information management crisis within the next three years. Think about that: A third of the top companies in the United Statesthese companies — so poorly manage information, they soon won’t be able to value, govern or even trust their own information.

...

http://www.itbusinessedge.com/blogs/integration/the-coming-data-doomsday.html

Although most would think that project management is bound by specific rules and technologies to get the job done, at least one person sees how creativity can bring about innovation and assist in overcoming obstacles that crop up while managing projects.

Author Ralph L. Kliem’s book Creative, Efficient, and Effective Project Management reveals the benefits to injecting creativity into the project management realm. The type of project management detailed in this book applies to creatively driven companies and other companies that rely on innovation and agility to achieve product success.

Kliem breaks the book into sections that include:

  • Benefits of Creativity
  • Opening Minds
  • Misperceptions about Creativity
  • Downsides of Creativity
  • What Is the Relationship between Creativity and Projects

In our IT Downloads section, you can read an excerpt from this book, Chapter 7, Creativity Life Cycle Models. In this chapter, Kliem discusses the various models that can be used alongside traditional project management techniques and tools to achieve a more effective method of management. According to the author:

...

http://www.itbusinessedge.com/blogs/it-tools/harness-creativity-to-break-through-project-management-challenges.html

IDG News Service (New York Bureau) — Organizations can now add machine-generated data to their palate of information sources that can be aggregated and analyzed, thanks to a new connector jointly developed by Tableau Software, a provider of business intelligence software, and Splunk, which sells a log-file search engine.

"You can do data mashups between marketing data from structured systems and machine data that comes from the actual interactions, and get insights on product analytics or customer experience," said Tapan Bhatt, Splunk vice president of business analytics.

Splunk Enterprise software gathers data from server and other device log files, which can hold copious amounts of information about what visitors do when they visit a Web page, or use a connected mobile application. Such data can be used to better understand how people are using these products, information that can aid in marketing efforts or to refine site design or operations.

...

http://www.cio.com/article/749319/Tableau_Folds_Splunk_Data_Into_Business_Analysis

PC WorldCloud storage services such as Dropbox, Google Drive, and SugarSync are convenient, efficient--and notoriously insecure. Files are rarely encrypted, data transfer is typically not protected, and companies are usually able to access your files (even if they state they won't, they may be legally compelled to do so).

Documents such as business plans or other sensitive files (say, a copy of your birth certificate) should be protected. You can utilize a special, ultra-secure provider such as Wuala or Tresorit, or you can encrypt files yourself before uploading them to larger storage services, such as Dropbox.

...

http://www.cio.com/article/749317/Loaded_and_Locked_3_Seriously_Secure_Cloud_Storage_Services

Data doesn’t usually start flowing in one direction or another of its own accord; some action needs to be taken that enables that movement of data to occur.

With the immutable law of physics in mind, iboss Network Security has created a Secure Web Gateway that makes use of behavioral analytics to identify anomalies in the normal flow of data traffic in the enterprise that would signal that a particular system or application has been compromised.

Company CEO Paul Martini says that while trying to prevent all security breaches is next to impossible, limiting the amount of damage they cause needs to be a top IT priority. All too often, breaches are not discovered for months and yet, when they are discovered, it’s more than apparent that sensitive data was flowing between systems and applications in a way that was clearly abnormal.

...

http://www.itbusinessedge.com/blogs/it-unmasked/analytics-tool-from-iboss-identifies-abnormal-flows-of-data.html

Once an issue is discovered, it usually doesn’t take the average IT organization very long to resolve that particular problem. What can take forever, though, is actually discovering the real source of the problem.

Given all the interdependencies that exist between the components of an IT ecosystem, the root cause of particular issue is usually not immediately apparent. To help IT organizations discover the true source of an IT problem, Boundary has updated its IT operations monitoring software that is available as a service in the cloud.

Scott Fingerhut, vice president of marketing for Boundary, says the upgrades to the monitoring software not only help reduce the number of IT outages, but also can shorten the mean time to discovery of a core issue by identifying “patient zero” as the actual source of a problem.

...

http://www.itbusinessedge.com/blogs/it-unmasked/boundary-extends-reach-of-it-operations-service-in-the-cloud.html

CSO — In today's network environments, malware that evades legacy defenses is pervasive, with communication and activity occurring up to once every three minutes. Unfortunately, most of this activity is inconsequential to the business. You would think that would be good news right? The problem is that incident responders have no good way of distinguishing inconsequential malware from (potentially) highly damaging malware. As a result, they spend way too much time and resources chasing red herrings while truly malicious activity slips past.

Add into the mix sleepless nights that result from compulsive viewing of malware alert dashboards showing hundreds to thousands of malicious activity alerts. With a daunting list of malware to analyze and only so many hours in the day, its no huge surprise headline making breaches are increasingly becoming the norm.

The reality is that advanced malware defense is a complex undertaking, one that requires not only the ability to detect malware -- which in complex network environments is already difficult -- but also to prioritize action where it will have the best security outcome. Reducing the lifecycle of an active attack by even a few days can reduce the economic impact of an attack by millions.

...

http://www.cio.com/article/749364/5_Things_to_Know_About_Malware_Before_Driving_it_Out

Today is the anniversary of the most historic day of many in the history of the great state of Texas, the date of the fall of the Alamo. While March 2, Texas Independence Day, when Texas declared its independence from Mexico and April 21, San Jacinto Day, when Texas won its independence from Mexico, probably both have more long-lasting significance, if it is one word that Texas is known for around the world, it is the Alamo. The Alamo was a crumbling Catholic mission in San Antonio where 189 men, held out for 13 days from the Mexican Army of General Santa Anna, which numbered approximately 1,800. But on this date in 1836, Santa Anna unleashed his forces, which over-ran the mission and killed all the fighting men. Those who did not die in the attack were executed and all the deceased bodies were unceremoniously burned. Proving he was not without chivalry, Santa Anna spared the lives of the Alamo’s women, children and their slaves. But for Texans across the globe, this is our day to Remember the Alamo.

While Thermopylae will always go down as the greatest ‘Last Stand’ battle in history, the Alamo is right up there in contention for Number 2. Like all such battles sometimes the myth becomes the legend and the legend becomes the reality. In Thermopylae, the myth is that 300 Spartans stood against the entire 10,000 man Persian Army. However there was also a force of 700 Thespians (not actors; but citizens from the City-State of Thespi) and a contingent of 400 Thebans who fought and died alongside the 300 Spartans. Somehow, their sacrifice has been lost to history.

...

http://tfoxlaw.wordpress.com/2014/03/06/remember-the-alamo-analogy-for-compliance-officers/

Not everybody chooses the cloud as the first option for backing up data. Despite the advantages of practically limitless storage area, pay-as-you-go pricing and resilience, a weak point for the cloud is the network speed for uploading or downloading all those gigabytes (terabytes, petabytes…). The alternative for organisations is to put their own solution in place, something that will let them blast large amounts of data backwards and forwards at high speed. In the old days of IT, an IT team would have been tasked with assembling the requisite components and tweaking them to make them work properly together. But now IT vendors have spotted the need and produced the PBBA, a solution whose popularity is growing steadily.

...

http://www.opscentre.com.au/blog/the-purpose-built-backup-appliance-comes-of-age/

CHICAGO – The U.S. Department of Homeland Security’s Federal Emergency Management Agency (FEMA) today released $707,507 in Hazard Mitigation Grant Program (HMGP) funds the City of Carmi, Ill., for the acquisition and demolition of 22 residential structures and the purchase of seven flood prone vacant lots located in the Little Wabash River floodplain. Following demolition, these properties will be maintained as permanent open space in the community.

“The Hazard Mitigation Grant Program enables communities to implement critical mitigation measures to reduce the risk of loss of life and property,” said FEMA Region V Administrator Andrew Velasquez III. “The acquisition and demolition of these homes permanently removes the structures from the floodplain and greatly reduces the financial impact on individuals and the community when future flooding occurs in this area.

"This grant will enable us to build on our previous flood mitigation efforts in Carmi, which removed more than three dozen homes from the floodplain," said Illinois Emergency Management Director Jonathon Monken. "With these additional property acquisitions, even more families can avoid the emotional and financial costs from future floods."

HMGP provides grants to state and local governments to implement long-term hazard mitigation measures. Through HMGP, FEMA will pay $707,507 or 75 percent of the project’s total cost. The City of Carmiwill contribute 25 percent of the remaining funds, or $235,836.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at twitter.com/femaregion5, www.facebook.com/fema, and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at twitter.com/craigatfema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

CHICAGO - Understanding severe weather watches and warningswill help to keep you and your family safe during a disaster. FEMA and the National Weather Service (NWS) encourage everyone to learn this life-saving information and act if extreme weather threatens their area.

NWS alerts that are used to warn of severe weather, flood and tornado hazards include:

Severe Thunderstorm Watch - Tells you when and where severe thunderstorms are likely to occur. Watch the sky and stay tuned to NOAA Weather Radio, commercial radio or television for information.

Severe Thunderstorm Warning - Issued when severe weather has been reported by spotters or indicated by radar. Warnings indicate imminent danger to life and property to those in the path of the storm. Gather family members and pets and take shelter immediately. Have your emergency supply kit ready and continue to monitor your NOAA Weather Radio, commercial radio or television for more information.

Tornado Watch - Tornadoes are possible. Remain alert for approaching storms. Watch the sky and stay tuned to NOAA Weather Radio, commercial radio or television for information.

Tornado Warning - A tornado has been sighted or indicated by weather radar. Take shelter immediately.

Flood Watch - Flooding is possible. Tune in to NOAA Weather Radio, commercial radio or television for information.

Flash Flood Watch - Flash flooding is possible. Be prepared to move to higher ground; listen to NOAA Weather Radio, commercial radio or television for information.

Flood Warning - Flooding is occurring or will occur soon; if advised to evacuate, do so immediately.

Flash Flood Warning - A flash flood is occurring; seek higher ground on foot immediately. Do not attempt to drive into flooded areas or walk through moving water.

Be aware that sirens are designed as an outdoor warning system only to alert those who are outside that something dangerous is approaching. A NOAA Weather Radio can be critical to ensure you’re alerted to dangerous weather when indoors.

“The National Weather Service provides accurate and timely warnings and advisories, but they are only effective if people receive them, understand their risk, and take the correct action to protect themselves,” said Teri Schwein, Acting Central Region Director, National Weather Service. “Everyone should make time to prepare themselves before severe weather strikes by signing up for local weather emergency alerts, understanding NWS warnings and developing an emergency action plan.”

“Wireless Emergency Alerts (WEAs) sent to a mobile device are also used to notify individuals of potentially dangerous weather conditions,” said Andrew Velasquez, regional administrator, FEMA Region V. “If you have a WEA-capable phone and your wireless carrier participates in the program, this will enable you to be immediately aware of potentially life-threatening emergencies.”

You can find more information about WEA at www.fema.gov/wireless-emergency-alerts, and for valuable tips to help you prepare for severe weather visit www.ready.gov/severe-weatheror download the free FEMA app, available for your Android, Apple or Blackberry device.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow FEMA online at twitter.com/femaregion5, www.facebook.com/fema, and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at twitter.com/craigatfema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

Happy U.S. National Severe Weather Preparedness Week! I’d have sent a card, but I couldn’t get to the post office due to the icy road conditions and five-foot snow drifts. Let’s hope the awful winter weather is behind us. In any case, winter is followed by spring, summer and fall, and each of these seasons also has the potential to cause weather-related stress and hardship.

Preparing is important, but is also a bit of a hit-and-miss game: Severe weather is selective in its destruction, and precisely what type of weather will cause the damage is impossible to predict. As with many business continuity/disaster recovery (BC/DR) issues, the best approach is to prepare as well as possible from a structural point of view and hope that if an emergency occurs, those steps will help ameliorate the problem.

Providing power is one of the most vital generic steps. Continuity Central has reposted a long list of power contingency suggestions from the Diesel Technology Forum. The top five ideas: Assess the risk, install a standby generator, store a sufficient amount of fuel, maintain the equipment, and consider using a contractor to reserve a generator if an event occurs.

...

http://www.itbusinessedge.com/blogs/data-and-telecom/recent-weather-highlights-need-for-bcdr-preparedness.html

CIO — Target CIO Beth Jacob has apparently fallen on her sword in the wake of the massive security breach in mid-December that compromised 40 million debit and credit cards and swept national headlines. Her resignation was rendered this week effective immediately.

Target CIO Beth Jacob
Target CIO Beth Jacob

Fair or not, Jacob's resignation wasn't entirely surprising.

"If you look at the history of other large data breaches, turnover at the top of the IT shop is not unusual," says retail IT consultant Cathy Hotka.

Target CEO Gregg Steinhafel says the retailer is now looking outside the company for a CIO to succeed Jacob and help overhaul its network security, according to the Wall Street Journal.

Ironically, Jacob, who has a sterling reputation among retail CIOs, was thought of as a great hire by Target in 2008, Hotka says.

...

http://www.cio.com/article/749255/Target_CIO_Resignation_Puts_Retail_CIOs_on_Alert

Thursday, 06 March 2014 16:09

Revisiting Cisco's Newest Data Center

Network World — We were last in Cisco's new data center in Allen, Texas, in the fall of 2010 when the company was just putting the finishing touches on the 160,000 square foot building with 35,000 square feet of "raised floor" (they still use that lingo even though this facility doesn't use raised floors).

This data center, the crown jewel in the company's far reaching Global Data Center Strategy to consolidate and modernize core facilities, was brought online July 7, 2011 and we recently stopped back for an update (see our in-depth tour of the site under construction, or in pictures).

The Allen data center plays a critical role in the company's Cisco IT Elastic Infrastructure Services (CITEIS) private cloud, and is paired with a data center in Richardson, Texas, using Cisco's Metro Virtual Data Center architecture. MVDC enables one center to provide coverage for the other key applications, a fail-safe approach Cisco is using to safeguard critical applications.

...

http://www.cio.com/article/749253/Revisiting_Cisco_s_Newest_Data_Center

Ahoy, robots!

The $375 billion shipping industry, which carries 90% of world trade, is next in line for drones to take over—at least, that’s what Rolls-Royce Holdings is betting on. The London-based engine manufacturer’s Blue Ocean development team has already set up a virtual-reality prototype in its Norwegian office that simulates 360-degree views from a vessel’s bridge. The company hopes these advanced camera systems will eventually allow captains in control centers on land to direct crewless ships. The E.U. is funding a $4.8 million study on the technology, and researchers are preparing a prototype for simulated sea trials next year.

“A growing number of vessels are already equipped with cameras that can see at night and through fog and snow—better than the human eye, and more ships are fitted with systems to transmit large volumes of data,” Follow us: @MailOnline on Twitter | DailyMail on Facebook" href="http://www.dailymail.co.uk/sciencetech/article-2568532/The-drone-boats-replace-cargo-ships-operated-remotely-world.html" target="_blank">said one Rolls-Royce spokesperson. “Given that the technology is in place, is now the time to move some operations ashore? Is it better to have a crew of 20 sailing in a gale in the North Sea, or say five people in a control room on shore?”

...

http://www.riskmanagementmonitor.com/are-drone-cargo-ships-the-next-step-in-supply-chain-automation

CIO — WASHINGTON — Federal CIOs, who consistently list cybersecurity as one of their top concerns, aren't likely to sleep any better after listening to Dave Aucsmith.

Aucsmith, senior director of Microsoft's Institute for Advanced Technology in Governments, offered a sobering assessment of the current state of play in information security Tuesday at a conference for federal IT professionals hosted by the software giant.

"I do not believe you can create secure computer systems," Aucsmith says. "So where does that leave you? Systems have to adapt and change in the presence of your adversaries, and you have to understand your adversary in order to adapt and change those systems."

...

http://www.cio.com/article/749236/CIOs_Must_Look_to_Adaptive_Security_Systems_in_Face_of_Evolving_Threats

Thursday, 06 March 2014 16:06

A Thoroughly Modern Data Center

Do you remember the car you were driving 20 years ago? How about the TV set you watched? These and other products were perfectly suited to that era, and with the proper upkeep would probably be fully functional today – although by now you likely would have moved on to newer, better things.

So why do we continue to populate our data centers with seriously aging technology, particularly now that we are on the cusp of a brave new computing world?

According to a recent survey by Brocade, a good number of facilities operate with technologies and architectural designs that date back 20 years or more. While it’s true that much of that infrastructure has been, or is in the process of being, revamped with virtualization and other techniques, the fact is that much of the hardware and software infrastructure is simply not up to the task of handling the diverse and dynamic data loads of a mobile, software-defined data ecosystem. Clearly, the data center is in need of substantial modernization, and sooner rather than later.

...

http://www.itbusinessedge.com/blogs/infrastructure/a-thoroughly-modern-data-center.html

DENVER – FEMA, in conjunction with the State of Colorado, announced on Tuesday that Colorado will receive a Disaster Case Management Grant in the amount of $2,667,963.  The money will be used for the Disaster Case Management Program for survivors of the devastating floods in Colorado last September.

“The State is excited to receive this FEMA program. It will provide the necessary funding for local case managers to assist individuals with the greatest or most challenging unmet needs,” said Emergency Management Director Dave Hard, Colorado Division of Homeland Security of Emergency Management.

Case managers meet one-on-one with survivors to assess their unmet needs as a result of the disaster. Unmet needs are items, support, or assistance that have been assessed and verified by representatives from local, state, tribal and federal governments and/or voluntary and faith-based organizations and that have not been covered by other resources.

Case managers can:

  • Qualify clients for long term recovery services;
  • Assist clients with disaster recovery plans; and
  • Refer clients to agencies for services that match their needs. Needs might include:
  • Volunteers to help in repairing or rebuilding a house;
  • Building supplies, and
  • Furniture, appliances, household goods.

President Obama signed a major-disaster declaration for Colorado on Sept. 14, 2013. Colorado Governor John Hickenlooper requested the Disaster Case Management Program, a federally funded program administered by the State.

 The Disaster Case Management Program augments state and local capacity to provide services in the event of major disaster declaration that includes Individual Assistance.

 “This is another step in the recovery process. We recognize that people are still rebuilding their lives and this program is designed to link people who have unmet needs with organizations that may be able to help them,” said Federal Coordinating Officer Thomas McCool.

Thursday, 06 March 2014 16:03

Q & A De Jour

Question from a client:

Dr. Vali:  Why do so some people at work turn everything into a negative emotional spin?

Hmmm…Well…. Some human beings are just difficult and obnoxious. Others have real problems and struggle every day.  Still others think emotional upheaval is a functional way to communicate due to their imprinting, life experience, family of origin training, health, or maybe even karma. Others have been victims of trauma and are seeking serenity through their storms. Or maybe it’s you. I have seen wonderful people who, for reasons unknown, set each other off into spins that were unexpected…almost like an allergy attack!  I was once called to consult for a company where two top players who had never worked together were put on a project which led them both to become uncharacteristically violent. It was totally without precident. They just could not be in the same room together. As a consultant, a first question I ask is if the spin is accute (like a sneeze and just happened recently and unexpectedly) or chronic (a pattern of disorder that repeats itself.) Then I start looking for reasons.

...

http://www.improvizion.com/q-de-jour/

Thursday, 06 March 2014 16:02

A challenging exercise…

By Luke Bird

I was recently watching the Sochi Winter Olympic Games and hasn’t it been amazing? The speed and adrenaline of the race and jump events are enough to raise the blood pressure of the calmest person! These finely tuned athletes from around the world dedicate years of their life training day after day as they try to maximise their performance and it got me thinking...

Everybody knows the age-old saying “practice makes perfect”. The idea being that you can become progressively better at something the more times you do it. This certainly is the case with business continuity. If we anticipate an issue or problem before it occurs and we practice how to fix it in advance of it happening then we can reduce the overall impact or even prevent it happening in the first place: but in my experience I’d have to say it’s not as simple as that.

How do you practice responding to an incident that can be caused by any number of different reasons, at any time, and may also result in different impacts occurring depending on its magnitude? The truth is we couldn’t possibly prepare and practice our response for every conceivable business disruption even if we trained until the next Olympics! We have to be generally prepared for everything!

...

http://www.continuitycentral.com/feature1153.html

Too many organizations are unwilling to face the facts when it comes to their information security risks and protective status. To move forward, an honest assessment is required…

By Dr. Jim Kennedy

Industry and government continue to spend tremendous amounts of money on information security process, technology and people. Despite this expenditure the breaches continue to happen and the costs of these breaches continue to grow as well.

A prudent person would ask why. Then we see blogs entitled: ‘CFOs don’t want to get it when it comes to risk and security’ or magazine articles entitled: ‘Senior managers cause far more security headaches than workers they out rank’; and some of the answers becomes clear. Senior management and board level people simply do not perform their fiduciary responsibilities well or at all in this area. C levels are too high up in the food chain to be bothered with the day-to-day tribulations of information security.

...

http://www.continuitycentral.com/feature1151.html

A new report published by the Business Continuity Institute (BCI), in association with BSI, has revealed that ICT-related threats are continuing to provide the greatest concern for organizations.The annual BCI Horizon Scan shows that three quarters (77 percent) of business continuity managers fear the possibility of an unplanned IT and telecoms outage and 73 percent worry about the possibility of a cyber-attack or data breach.

The report also identifies long-term trends, with 73 percent seeing the use of the Internet for malicious attacks as a major threat that needs to be closely monitored, with 63 percent feeling the same way about the influence of social media.

This year’s top ten threats to business continuity are:

1. Unplanned IT and telecom outages
2. Cyber attack
3. Data breach
4. Adverse weather
5. Interruption to utility supply
6. Fire
7. Security incident
8. Health & Safety incident
9. Act of terrorism
10. New laws or regulations.

The Horizon Scan found that only 18 percent of organizations are increasing their level of investment in business continuity programmes while 11 percent are actively reducing theirs. In addition only 22 percent of organizations conducted no trend analysis as part of their business continuity process so are potentially failing to assess emerging threats altogether.

Other findings:

  • Supply chain disruption, last year within the top ten concerns, moved down the list to 16th place.
  • Adverse weather moved up the list of threats with 57 percent of respondents expressing concern or extreme concern. This was before the storms that have swept the UK and those on the eastern seaboard of the United States and Canada.
  • Geography and industry play an important role in determining threat levels with respondents from Japan and New Zealand showing greater levels of concern for earthquakes, while those in the manufacturing industry rate supply chain disruption and product quality control as greater threats.
  • Of the 71 percent of respondents who stated that they did conduct a trend analysis, a fifth of them claimed they had no access to the final output.
  • Less than half of the respondents (44 percent) use the international standard ISO22301 as the framework for their business continuity management programme.

A copy of the report can be downloaded from the BCI website after free registration.

Thursday, 06 March 2014 16:00

Emergency generator tips

To coincide with US National Severe Weather Preparedness Week (March 2-8, 2014) the Diesel Technology Forum has published a checklist which will help ensure that your power supply contingency plans work as planned:

  • Assess the risk: Identifying your facility's critical loads is an important first step. Assign a cost to the risks associated with utility power interruptions, production losses and downtime. Make considerations if natural gas pipeline service is disrupted in your community.
  • Install a standby generator: Frequent outages of a few seconds, a few minutes or more can often disrupt production lines and have significant cost implications to businesses. While other generator drivers take up to two minutes to engage, diesel-powered generators are uniquely qualified to provide power quickly during a power outage and offers the most cost-effective source of reliable backup power available.
  • Have sufficient fuel storage: Diesel fuel's energy density and the engine's high efficiency allow for smaller fuel storage facilities compared to other fuels, which provides a cost savings to owners. Still, it is important to make sure that you have sufficient fuel storage capacity on-site for an extended outage of several days.
  • Maintain your equipment: As required by electrical and safety codes, standby generators should be exercised periodically to ensure they will operate as designed in the event of an emergency.
  • Contract rental power: If installing your own standby generation is not feasible for your business, you might consider contracting with a firm to reserve rental generator power for use in the event of an extended outage.
  • Recheck your system and set up: One of the great lessons of Superstorm Sandy was that even the best generators won't work underwater when subjected to extreme flooding. Is your unit properly located? Is your fuel source also located in a protected area? Also, check the connections and assure you have the proper gauge extension cord for the electrical load and distance.
  • Never operate a generator in an enclosed area! Generators need to be used safely in an outdoor setting. Carbon monoxide fumes from generators can build up in enclosed areas and poison people. Never use generators or other gasoline or charcoal-burning devices in an enclosed area or outside near an open window.
  • Check your load: Have you added any new demands or critical circuits to protect? If you've added new computers or other power-hungry devices, consider updating switchgear.
  • Renew your commitment to maintenance: Make sure you are current on all oil and filter changes, service contracts etc. You want your generator to start when you need it.
  • Exercise is important: All manufacturers suggest you run the units periodically before you need them in an emergency. Many stationary units have automated weekly run cycles.
  • Plan your refuel strategy: You don't want to have a generator without fuel to operate it. Consider fuel contracts for your generator.
  • Follow the rules: If you're a business operating a stationary unit, make sure you have the proper permits and records on operations.

www.dieselforum.org

CHICAGO – Do you know your tornado and severe weather risks and what to do if bad weather threatens your community? FEMA wants to make sure you’re not relying on severe weather myths when it comes to keeping your family safe.

"Severe weather can strike unexpectedly, but there are steps you can take to prepare for it,” said Andrew Velasquez III, regional administrator, FEMA Region V. "Learn your risk and what to do now so you're ready to act in dangerous weather conditions."

Myth 1: Urban areas and communities near lakes, rivers, and mountains are safe from tornadoes.

Fact & Act: No place is safe from tornadoes. Ensure you know the warning system in your community and where to go in the event of a tornado. Contact your local emergency management office to learn the warning system in your area. Outdoor warning sirens are intended to alert individuals who are already outside, so it is important to have a weather radio so you’ll be aware of dangerous weather no matter where you are.

Myth 2:Tornadoes aren’t a risk during the winter months.

Fact & Act: Although the likelihood is lowerduring colder months, tornadoes are a risk any time of year. Most recently, an outbreak of destructive tornadoes hit southern Illinois on February 29, 2012; two days later, a second string caused widespread damage in southern Indiana. It’s important to have a family preparedness plan year-round to ensure you’re always ready for severe weather.

Myth 3:Windows should be opened before a tornado approaches to equalize pressure and minimize damage.

Fact & Act: Opening windows doesn’t reduce the risk of home damage from a tornado or severe weather. Instead, close windows tokeep high winds out and minimize damage from flying debris.

Myth 4: If a tornado hits while you’re driving, seek shelter under highway overpasses.

Fact & Act: Do not seek shelter under highway overpasses or under bridges – these areas can actually become dangerous wind tunnels that collect flying debris. If possible, you should drive away from the tornado or seek shelter in a nearby structure. If a shelter isn’t available,and driving away is not an option, stay in the car with the seat belt on, placing your head below the window and covering it with your hands. If you can safely get lower than the roadway, exit your car, lie in that area and coveryour head with your hands.

Myth 5: Staying in a mobile home is safer than going outside.

Fact & Act: Evacuate immediately! Mobile homes are vulnerable to overturning and destruction from strong winds and tornadoes. If possible, leave and go to a community shelter. If no shelter is available, a ditch, culvert, or other low lying area may offer better protection, but be wary that debris tends to collect in these areas and flash flooding may be possible as well. Have a plan of action prepared before a storm hits.

You can always find valuable tips to help you prepare for severe weather at www.ready.gov/severe-weather and or download the free FEMA app, available for your Android, Apple or Blackberry device. Visit the site or download the app today so you have the information you need to prepare for severe weather.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow FEMA online at twitter.com/femaregion5, www.facebook.com/fema, and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at twitter.com/craigatfema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

CHICAGO – Do you know your tornado and severe weather risks and what to do if bad weather threatens your community? FEMA wants to make sure you’re not relying on severe weather myths when it comes to keeping your family safe.

"Severe weather can strike unexpectedly, but there are steps you can take to prepare for it,” said Andrew Velasquez III, regional administrator, FEMA Region V. "Learn your risk and what to do now so you're ready to act in dangerous weather conditions."

Myth 1: Urban areas and communities near lakes, rivers, and mountains are safe from tornadoes.

Fact & Act: No place is safe from tornadoes. Ensure you know the warning system in your community and where to go in the event of a tornado. Contact your local emergency management office to learn the warning system in your area. Outdoor warning sirens are intended to alert individuals who are already outside, so it is important to have a weather radio so you’ll be aware of dangerous weather no matter where you are.

Myth 2:Tornadoes aren’t a risk during the winter months.

Fact & Act: Although the likelihood is lowerduring colder months, tornadoes are a risk any time of year. Most recently, an outbreak of destructive tornadoes hit southern Illinois on February 29, 2012; two days later, a second string caused widespread damage in southern Indiana. It’s important to have a family preparedness plan year-round to ensure you’re always ready for severe weather.

Myth 3:Windows should be opened before a tornado approaches to equalize pressure and minimize damage.

Fact & Act: Opening windows doesn’t reduce the risk of home damage from a tornado or severe weather. Instead, close windows tokeep high winds out and minimize damage from flying debris.

Myth 4: If a tornado hits while you’re driving, seek shelter under highway overpasses.

Fact & Act: Do not seek shelter under highway overpasses or under bridges – these areas can actually become dangerous wind tunnels that collect flying debris. If possible, you should drive away from the tornado or seek shelter in a nearby structure. If a shelter isn’t available,and driving away is not an option, stay in the car with the seat belt on, placing your head below the window and covering it with your hands. If you can safely get lower than the roadway, exit your car, lie in that area and coveryour head with your hands.

Myth 5: Staying in a mobile home is safer than going outside.

Fact & Act: Evacuate immediately! Mobile homes are vulnerable to overturning and destruction from strong winds and tornadoes. If possible, leave and go to a community shelter. If no shelter is available, a ditch, culvert, or other low lying area may offer better protection, but be wary that debris tends to collect in these areas and flash flooding may be possible as well. Have a plan of action prepared before a storm hits.

You can always find valuable tips to help you prepare for severe weather at www.ready.gov/severe-weather and or download the free FEMA app, available for your Android, Apple or Blackberry device. Visit the site or download the app today so you have the information you need to prepare for severe weather.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow FEMA online at twitter.com/femaregion5, www.facebook.com/fema, and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at twitter.com/craigatfema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

A new study from the Disaster Recovery Preparedness (DRP) Council has nothing but doom and gloom when it comes to the state of disaster recovery.

The study size was small, only 1,000 organizations from both large and small enterprise, but the data is sure to hit close to home – especially where virtualized environments are concerned. The harsh reality is that for most firms, disaster recovery plans are something to have and show, but practice is another matter entirely.

According to the DRP, an independent research organization that focuses on disaster recovery management, research, and benchmarking, 73 percent of the respondents are failing to take adequate steps to protect their assets. As such, the lack of prep when it comes to disaster recovery has led to more than $5 million worth of critical application failures, data center outages, and data loss.

- See more at: http://blogs.csoonline.com/disaster-recovery/3037/when-it-comes-disaster-recovery-its-nothing-failure#sthash.Fs12Xg4f.dpuf

A new study from the Disaster Recovery Preparedness (DRP) Council has nothing but doom and gloom when it comes to the state of disaster recovery.

The study size was small, only 1,000 organizations from both large and small enterprise, but the data is sure to hit close to home – especially where virtualized environments are concerned. The harsh reality is that for most firms, disaster recovery plans are something to have and show, but practice is another matter entirely.

According to the DRP, an independent research organization that focuses on disaster recovery management, research, and benchmarking, 73 percent of the respondents are failing to take adequate steps to protect their assets. As such, the lack of prep when it comes to disaster recovery has led to more than $5 million worth of critical application failures, data center outages, and data loss.

- See more at: http://blogs.csoonline.com/disaster-recovery/3037/when-it-comes-disaster-recovery-its-nothing-failure#sthash.Fs12Xg4f.dpuf
Thursday, 06 March 2014 15:56

Tracking with metadata: It's not all bad

SAN FRANCISCO — Metadata has had a bad rap lately, with disclosures tying its collection to government spying programs. But those bits of information lurking behind our phone calls, photos and online chats can be useful in other ways if they're harnessed properly.

Metadata that reveals when and where photos and videos were taken can help establish trust in eyewitness footage documenting events as they unfold. Without it, establishing what's real and what's not can be hard, if not impossible.

How do news organizations determine which bystander's footage is legitimate before they show it on the nightly news? How do attorneys find the most reliable footage of an assault to build a case?

...

http://www.cio.com/article/749280/Tracking_with_metadata_It_39_s_not_all_bad

CIO — Operational intelligence specialist Splunk and visual analytics specialist Tableau Software announced a strategic alliance today that focuses on unlocking machine data for business users.

The joint technology investment is designed to leverage Splunk's recently released open database connectivity (ODBC) driver to make Splunk Enterprise available as a native data source in the latest version of Tableau's software.

"This integration is exciting for several reasons," says Ted Wasserman, product management at Tableau. "First, Splunk is one of those technologies that has truly disrupted the operational intelligence space and has provided IT professionals with incredible productivity gains and insights into their IT environments. Second, there is a wealth of potential value lying in the machine data that Splunk collects. This machine data could include server and application logs, as well as data from APIs and message queues, change events and sensor data from remote equipment. The integration now makes this new class of data available to business users in true Table drag-and-drop fashion."

...

http://www.cio.com/article/749218/Splunk_and_Tableau_Join_Forces_to_Give_Machine_Data_to_Business_Users

Computerworld — That someone had to take the fall for the massive breach at Target is neither surprising nor unexpected. The only question is whether more heads will roll in the aftermath of one the biggest data compromises in retail history.

Target on Wednesday announced that Beth Jacob, its CIO of more than five years, had resigned. The move comes less than two months after the retail giant disclosed it had suffered a data breach that exposed sensitive data on more than 40 million credit and debit cards.

Later, the company announced that emails, addresses and other information on another 70 million people might also have been exposed as the result of the intrusion, which occurred over the 2013 Thanksgiving weekend.

In a statement to the Associated Press, Target CEO Gregg Steinhafel said the company is searching for an interim CIO to help it through an information security overhaul that began after the breach.

...

http://www.cio.com/article/749279/CIO_Not_the_Only_One_to_Blame_for_Target_Breach

WASHINGTON, D.C— The U.S. Congress should mandate that banks, retailers and payment card processors adopt new security standards to protect against widespread data breaches, some lawmakers said Wednesday.

In the wake of several high-profile retail data breaches, some members of the U.S. House of Representatives Financial Services Committee called for new cybersecurity mandates, with Representative David Scott, a Georgia Democrat, asking if Congress should require the U.S. financial industry to adopt new card security measures used in other countries.

The U.S. payments and financial system makes "things easy for fraudsters" by relying on magnetic-strip credit and debit cards instead of moving to EMV cards that contain integrated computer chips and require customers to enter PINs at the point of purchase, Scott said.

...

http://www.cio.com/article/749258/U.S._Lawmakers_Call_for_Data_Protection_Standards_to_Avoid_Breaches

STORServer’s Enterprise Backup Appliance 2202 receives No. 1 ranking with additional STORServer appliances taking seven of top 10 positions

COLORADO SPRINGS, Colo.STORServer®, a leading provider of proven data backup solutions, today announces that the STORServer Enterprise Backup Appliance (EBA) 2202 has received the only “Best in Class” designation in analyst firm DCIG’s 2014-15 Integrated Backup Appliance Buyer’s Guide.

Out of 72 integrated backup appliances evaluated, STORServer’s EBA 2202, powered by CommVault (EBA 2202-CV) achieved the highest ranking in the Buyer’s Guide for demonstrating impressive scalability, exceeding 1.4 petabytes of disk storage with additional tape storage if needed, and placing near the top in all four categories in the Guide: hardware, management, software and support.

“Together, CommVault and STORServer combine to deliver an even better backup appliance experience than what either of these providers could previously do on their own,” said Jerome Wendt, president and lead analyst for DCIG. “In STORServer, CommVault gets a company that offers backup appliances built for the enterprise as its software will now run on hardened IBM hardware that is tested and ready for deployment in these environments. In STORServer’s case, it gets enterprise, best-in-class software that is built for the specific data management and protection requirements of today’s enterprises.”

The EBA 2202-CV scored particularly well in the Management and Software categories with its Hardware score exceeded only by the EBA 3202, powered by IBM Tivoli Storage Manager (EBA 3202-TSM).

“Not only are we providing best-in-breed hardware, but we’re also now hosting the best software engines in the data backup space—CommVault and TSM,” said Bill Smoldt, president and CEO of STORServer.

“We’ve made vast enhancements in our TSM appliance since the previous survey with refreshed hardware and the superb new features in TSM 7. By adding CommVault Simpana to our powerful IBM hardware platform, we cover the entire appliance marketplace. We’re thrilled that DCIG recognizes the industry impact of the STORServer Backup Appliance, powered by CommVault Simpana and IBM TSM.”

In addition to the EBA 2202-CV receiving the “Best in Class” designation, the following STORServer models were all ranked in the Buyer’s Guide top 10: EBA 1202-CV, EBA 3202-TSM, EBA 801-CV, EBA 2202-TSM, EBA 1202-TSM and EBA 802-TSM.

STORServer offers a data recovery guarantee ensuring that customers will not only get their data back in the event of a loss, but the data will be useable once it is recovered. In addition, the company provides every customer the opportunity to try out a backup appliance risk-free with its 30-day money back guarantee.

For more information on STORServer’s line of data backup solutions, visithttp://www.storserver.com. To download the full DCIG 2014 Integrated Backup Appliance Buyer’s Guide, visithttp://backupapplianceguide.com.

 

About STORServer®
STORServer, Inc. is a leading provider of data backup solutions. The company offers a complete suite of appliances, software and services that solve today’s backup, archive and disaster recovery issues once and for all, while reducing install and management time to just minutes a day. STORServer sells exclusively through a nationwide network of industry-leading backup partners. For press inquiries, contact Megan Custodio at (317) 202-2280 x13 ormegan@dittoepr.com. For more information, visitwww.storserver.com.

About DCIG
Founded in 2006, DCIG focuses on archive, backup, retrieval and storage systems. The firm analyzes software, hardware and services companies within the storage and electronically stored information (ESI) industries. It provides unbiased and informed evaluations on sponsoring and non-sponsoring companies to consumers, public relations firms, business analysts and other companies, as well as writing technology white papers, business solution briefs and market analysis reports.

What should you do when an event or series of events is so overwhelming that it staggers your ability to evaluate, plan and respond to it or them? I thought about that question when I read an article in the New York Times (NYT) about the role of the Mayor of Rio De Janeiro in the upcoming World Cup this summer and the 2016 Olympics, entitled “Rio’s Mayor, Shepherd of the City’s Rebirth, Feels the Strains, Too” by Simon Romero. In the article, the Mayor, Eduardo Paes, discussed the strains he is under in tearing and then rebuilding his city in anticipation of the globe’s two greatest sporting events. He was quoted as saying “Don’t ever in your life do a World Cup and Olympic Games at the same time. This will make your life almost impossible.”

What if something happens in your company, corruption-wise, and your life as the Chief Compliance Officer (CCO) or compliance officer is turned upside down, much like Paes?. My colleague Stephen Martin advocates having a 1-3-5 year plan in place to fall back upon. Martin believes that such a document would be an important item to produce to a prosecutor, who might be reviewing your compliance program in the event of a voluntary self-disclosure, a Dodd-Frank or other whistle-blower event, which has led your company to receive a subpoena or letter of inquiry or an industry sweep. He believes that such a strategic plan could well lead to the development of credibility for your company and your compliance program in the event of one of the aforementioned eventualities.

...

http://tfoxlaw.wordpress.com/2014/03/05/overwhelmed-planning-and-execution-in-compliance/

Wednesday, 05 March 2014 15:22

Severe Weather Safety: What You Need to Know

CHICAGO – Severe weather can happen anytime, anywhere.

Spring flooding is common throughout Minnesota—whether along the Red River, Mississippi, or another one of the state’s many bodies of water. In addition, communities in Minnesota regularly face severe storms and tornadoes that leave behind costly damages for residents to recover from. Everyone should be ready for these risks.

March 2 – 8, 2014 marks the third annual National Severe Weather Preparedness Week – a partnership between FEMA and NOAA to encourage all Americans to learn their weather risks and take steps to prepare.

The first step is to know your risk – understand the types of hazardous weather that can affect your community, and the impact it may have on you and your family. Check the weather forecast regularly and sign up for alerts from your local emergency management officials. Consider purchasing a NOAA weather radio to get the latest updates on severe weather in your area.

Understand the hazards for which you are at risk and then take action: Develop an emergency plan based on your local weather hazards and practice how and where to take shelter before a severe weather event. Post your plan in your home where family and visitors can see it. Create or refresh an emergency kit for needed food, supplies and medication—make sure to keep a kit in your car, at the office and at home, so you are protected regardless of where you may be. For a list of items to include in your emergency kit, visit www.ready.gov/build-a-kit.

Don’t forget to consider pets when making emergency plans, and also take into account any unique needs you or your family might have so you’re best prepared for unforeseen emergencies.

It is also important to take the time to assure you’re fully insured. Remember, homeowners insurance typically does not cover flood damage, and there is a 30-day waiting period before a flood policy becomes effective. Contact your insurance agent to review your insurance coverage so your home is financially protected.

“Over the past several years, Minnesota has been significantly impacted by costly flooding and dangerous tornadoes,” said FEMA Region V Administrator Andrew Velasquez III. “Taking steps now to prepare will ensure you are ready if severe weather threatens your area this year.”

For even more readiness information follow FEMA Region V at twitter.com/femaregion5 and facebook.com/fema. Individuals can always find valuable severe weather preparedness information at www.ready.gov/severe-weather or download the free FEMA app, available for Android, Apple or Blackberry devices.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at twitter.com/femaregion5www.facebook.com/fema, and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at twitter.com/craigatfema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

 

CHICAGO – As dangerously low temperatures persist throughout the Midwest, the U.S. Department of Homeland Security’s Federal Emergency Management Agency (FEMA) wants individuals and families to remain heat safe, and avoid the dangers of carbon monoxide (CO).<?xml:namespace prefix = o />

“Carbon monoxide—often called "the silent killer”— is a poisonous gas you cannot see, taste, or smell,” said Region V Administrator Andrew Velasquez III. “We encourage everyone to stay warm as these subfreezing temperatures continue throughout the area, but do so safely when heating homes, businesses and vehicles.”

Carbon monoxide poisoning often results from faulty furnaces or other heating appliances, portable generators, water heaters, clothes dryers or cars left running in garages. Symptoms of poisoning can include headache, nausea and drowsiness, while exposure to high levels can be fatal.

Stay heat safe by taking the following precautions:

• Choose a CO alarm from a recognized testing laboratory and follow manufacturer’s instructions for placement and mounting. Test these alarms at least once a month.

• Have fuel-burning heating equipment (fireplaces, furnaces, water heaters, wood stoves, coal stoves, space heaters and portable heaters) and chimneys inspected by a professional every year.

• Open the damper for proper ventilation before using a fireplace.

• Never use your oven or stovetop to heat your home.

• Never run a gasoline or propane heater or a grill (gas or charcoal) inside your home or an unventilated garage. The carbon monoxide gas might kill people and pets.

• Make sure all fuel-burning vented equipment is vented to the outside to avoid carbon monoxide poisoning. Keep the venting for exhaust clear and unblocked.

• If you need to warm a vehicle, remove it from the garage immediately after starting it. Make sure the exhaust pipe of a running vehicle is not blocked with snow, ice or other materials.

• Make sure vents for the dryer, furnace, stove and fireplace are clear of snow and other debris.

• Use portable generators outdoors in well-ventilated areas away from all doors, windows, vents and other building openings to prevent exhaust fumes from entering the home.

And during cold weather, remember these tips for you and your family to stay safe:

• Stay indoors as much as possible and limit your exposure to the cold;

• Dress in layers and keep dry;

• Check on family, friends, and neighbors who are at risk and may need additional assistance;

• Know the symptoms of cold-related health issues such as frostbite and hypothermia and seek medical attention if health conditions are severe.

• Bring your pets indoors or ensure they have a warm shelter area with unfrozen water.

• Make sure your vehicle has an emergency kit that includes an ice scraper, blanket and flashlight – and keep the fuel tank above half full.

You can find more information and tips on being ready for winter weather and extreme cold temperatures at http://www.ready.gov/winter.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at twitter.com/femaregion5www.facebook.com/fema, and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at twitter.com/craigatfema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

CIO - "There is no silver bullet to disaster recovery," says Jack Bailey, engineering manager at cloud computing provider iland.

"When outage horror stories take over headlines, executives tend to have kneejerk reactions and look to adopt whatever disaster recovery offering they can implement fastest," he says. "But every organization and location is unique, and failing to thoroughly assess your situation may lead you to adopt a solution that is expensive overkill or cheap and inadequate."

And while most IT executives and data management experts acknowledge that there isn't one failsafe solution to protecting and recovering data, they agree that there are certain steps organizations should take.

 ...

http://www.computerworld.com/s/article/9246760/12_Ways_to_Disaster_Proof_Your_Critical_Business_Data

Wednesday, 05 March 2014 15:20

Three Signs You’re Not Ready for Big Data

Are you really ready to move on Big Data?

Author and speaker Phil Simon doesn’t think so. He’s not talking about you specifically (or at least, not necessarily), of course, but he does doubt the rash of recent surveys and reports claiming that most organizations are deploying Big Data right now.

He has his reasons for disagreeing, but I’ll let you read that. What I think has more value in this piece is his assessment about which organizations are NOT ready to leverage Big Data. It makes a nice checklist.

...

http://www.itbusinessedge.com/blogs/integration/three-signs-youre-not-ready-for-big-data.html

Wednesday, 05 March 2014 15:19

5 Tips for Data Manipulation in Excel

Computerworld — If you work with data much, you don't need a statistical model to predict that the odds of consistently getting data in the format you need for analysis are pretty low. Those who do a great deal of data cleaning and reformatting often turn to scripting languages like Python or specialty tools such as OpenRefine or R.

But it turns out that there's a lot of data munging you can do in a plain old Excel spreadsheet -- if you know how to craft the proper formulas.

In a presentation at the recent 2014 Computer Assisted Reporting (CAR) conference, MaryJo Webster, senior data reporter with Digital First Media -- a newspaper group in New York -- shared some of her favorite Excel tricks. The goal of these tips, Webster said: Learn at least one new thing that will make you say, "Why didn't I know this before?"

...

http://www.cio.com/article/749169/5_Tips_for_Data_Manipulation_in_Excel

Wednesday, 05 March 2014 15:11

Trends and Predictions for Retailers

Last year, retail and consumer packaged goods (CPG) companies faced challenges stemming from evolving regulatory compliance, brand exposure, reputational risk and increasingly complex global supply chains. No doubt 2014 will prove to be a pivotal year for organizations to demonstrate their focus and commitment to strong governance, risk management, and compliance in order to truly emerge as leaders. Here is a look at some top trends that have influenced the industry, and a few predictions that will shape the year ahead.

2013 Key Trends:

Increased Volume and Complexity of Regulations. In 2013, the retail/CPG industry faced a flurry of new and amended regulations spanning environmental compliance, conflict minerals reporting, product safety, data privacy, anti-corruption, product packaging and labeling to name a few. Ensuring compliance and staying one step ahead of regulators requires that retail and CPG organizations establish more centralized and collaborative compliance programs.

 ...

http://www.riskmanagementmonitor.com/trends-and-predictions-for-retailers

Wednesday, 05 March 2014 15:10

The Risk of Offshoring Security

CSO — Over the past twenty years or more, corporations in nearly all industries have been outsourcing and offshoring at hyperdrive.

Venture capitalist firms, public shareholders, various types of financial firms, and corporate executives are driven by the temptation of reducing labor expenses, so they're delegating accountability and responsibility to foreign parties. Often the money saved by offshoring simply goes back into the pocketbooks of executives. They also often get bonuses, sometimes in seven or eight figures, to reduce as much domestic labor as possible.

But the costs of this trend are insurmountable.

First of all, with more and more Americans, Canadians, and other people in developed countries out of work, our economies are being destroyed. That doesn't reflect in the stock market -- not yet, anyway. But it will, probably within the next decade. Often the millions of chronically unemployed or underemployed (such as working at McDonald's or Walmart) have BAs, MAs, or even PhDs. Many more have significant licenses and certifications in various trades.

...

http://www.cio.com/article/749186/The_Risk_of_Offshoring_Security

CIO — "There is no silver bullet to disaster recovery," says Jack Bailey, engineering manager at cloud computing provider iland.

"When outage horror stories take over headlines, executives tend to have kneejerk reactions and look to adopt whatever disaster recovery offering they can implement fastest," he says. "But every organization and location is unique, and failing to thoroughly assess your situation may lead you to adopt a solution that is expensive overkill or cheap and inadequate."

disaster recovery, disaster planning, data protection
 

And while most IT executives and data management experts acknowledge that there isn't one failsafe solution to protecting and recovering data, they agree that there are certain steps organizations should take.

What are the necessary precautions companies should take to protect critical files and applications in the event of disaster? Dozens of data storage, data management and disaster recovery experts share their advice. Here are their top 12 suggestions regarding how to disaster-proof data (files and applications).

...

http://www.cio.com/article/749180/12_Ways_to_Disaster_Proof_Your_Critical_Business_Data

CAMBRIDGE, Mass. — With the success of its free open online course system, called MITx, the Massachusetts Institute of Technology finds itself sitting on a wealth of student data that researchers might use to compare the efficacy of virtual teaching methods, and perhaps advance the field of Web-based instruction.

Since its inception several years ago, for instance, MITx has attracted more than 760,000 unique registered users from about 190 countries, university officials said. Those users have generated 700 million interactions with the school’s learning system and have contributed around 423,000 forum entries, many of them quite personal.

As researchers contemplate mining the students’ details, however, the university is grappling with ethical issues raised by the collection and analysis of these huge data sets, known familiarly as Big Data, said L. Rafael Reif, the president of M.I.T. 

...

http://bits.blogs.nytimes.com/2014/03/03/big-data-means-big-questions-on-how-that-information-is-used

Did you know that in six years’ time each individual on the planet will correspond to over 5,000 gigabytes of stored data? That’s the estimate from market research company IDC and digital storage enterprise EMC who see worldwide data holdings doubling about every two years to reach 40,000 exabytes (40 million billion gigabytes) by 2020. Right now in 2014, that means making moves to extend and enhance data storage solutions appropriately, and update those disaster recovery plans too. To store and manage all the data forecast to arrive, new techniques and technologies are available to blend with revamps of existing ones.

...

http://www.opscentre.com.au/blog/what-disaster-recovery-planners-can-now-expect-for-data-storage/

By now, cloud computing is a familiar resource at most enterprises. But like any data infrastructure or architecture, good enough won’t do, which is why many organizations are looking beyond mere deployment strategies and into full-blown optimization.

However, optimizing the cloud will not proceed along the same track as optimization of traditional data technology. For one thing, nearly all of the functionality in the cloud, at least as far as the enterprise is concerned, happens on the virtual layer or above. So rather than creating optimal environments through advanced technology, the play here is in tighter integration of services and applications. At the same time, optimized platforms are no longer focused solely around enhancing PC or desktop productivity, but on mobile devices and both wired and wireless infrastructure.

...

http://www.itbusinessedge.com/blogs/infrastructure/move-from-the-cloud-to-the-optimal-cloud.html

Tuesday, 04 March 2014 17:53

Cyberattacks Hit at Rapid-Fire Pace

In the time it took me to write this sentence, approximately 20 networks were hit with a cyberattack. No, it did not take me very long to write that sentence—it’s just that, according to the 2013 threat report from FireEye, a cyberattack is happening every 1.5 seconds.

Or, at least, that’s what happened in 2013, the time period the report covered. That number could be more frequent now. After all, in FireEye’s 2012 Advanced Threat Report, companies experienced a malware attack "every three minutes."

Look at that time difference in the course of one year. We went from enterprise networks being subjected to an attack every three minutes to nearly every second. For those who think the high-profile attacks we’ve seen over the past few months are an anomaly, think again. Enterprise is under attack, pure and simple. As the bad guys become more sophisticated and create even trickier ways to sneak onto a network, next year’s FireEye report will declare numbers that seem unimaginable right now.

...

http://www.itbusinessedge.com/blogs/data-security/cyberattacks-hit-at-rapid-fire-pace.html

Tuesday, 04 March 2014 17:52

We're at a Crossroad for Data Privacy

The steady drip of data breaches on the news and in consumers' lives isn't doing anything to build confidence in the state of today's business environment. At the heart of the matter: data privacy, or perhaps more accurately, the lack of it.

A new report from PwC, "10 Minutes on Data Privacy," points out that privacy is evolving beyond a risk and regulatory issue. Winning consumer trust is essential, and privacy polices directly correlate with brand image. How businesses manage data privacy and communicate with customers says everything about public perceptions of trust.

According to the report, 89 percent of consumers surveyed said they avoid doing business with companies they believe do not protect their privacy online, and 85 percent of investors said boards should be involved in overseeing the risk of compromising customer data.

...

http://www.itbusinessedge.com/articles/were-at-a-crossroad-for-data-privacy.html

This week I want to examine in more detail the good news coming out of the 2014 Annual Report on the State of Disaster Recovery Preparedness from the Disaster Recovery Preparedness Council .  Based on hundreds of responses from organizations worldwide, the Annual Report provides several insights into the best practices of companies that are better prepared to recover from outages or disasters.

You can download the report for free at http://drbenchmark.org/

I want to examine why some companies appear to be doing much better at preparing for outages by implementing more detailed DR plans.

...

http://drbenchmark.org/better-prepared-organizations-implement-more-detailed-dr-plans/

Tuesday, 04 March 2014 16:03

A CIO Who Masters Disasters

TUCSON, Ariz. – On his 50th birthday, John Halamaka, the CIO of Beth Israel Deaconess Medical Center in Boston, was surrounded by his senior staff having cake. Then his second-in-command came in with "some" news.

A physician had gone to the Apple store and returned with a MacBook, downloaded email, and then left the office. When he returned, the new MacBook was gone. On it was a spreadsheet embedded in a PowerPoint with information on 3,900 patients, data for which the hospital was responsible.

The hospital issued a news release, in which Halamka pointed out how the incident was being treated, "extremely seriously," but also being used to bring about change. In this case, accelerating implementation of a program to assist employees with protecting devices they purchase personally.

...

http://www.cio.com/article/749133/A_CIO_Who_Masters_Disasters

Network World — Cisco's Application Centric Infrastructure (ACI) is a revolutionary re-thinking of how to provision and manage data center networks. While the early version we looked at has some rough edges, and Cisco still has some hard problems to solve, ACI has the potential to completely change the way that large, highly virtualized data center networks are configured and built.

Just so there's no confusion, ACI is not Cisco's version of Software Defined Networking (SDN). While SDN, for many network managers, is a solution in search of a problem, ACI is something entirely different. It's Cisco's attempt to solve the most significant and important problems facing data center managers: how to more closely link the provisioning of data center networks with the applications running over those networks.

The goal is to reduce human error, shorten application deployment times, and minimize the confusion that can occur when application managers and network managers speak very different vocabularies.

...

http://www.cio.com/article/749030/Cisco_ACI_Re_Imagines_the_Enterprise_Data_Center_Network

Monday, 03 March 2014 16:10

FACING THE BYOD CHALLENGE

Don Thomas Jacob provides BYOD risk management advice.

BYOD adoption in the enterprise has increased significantly over the last couple of years and the trend is here to stay. While BYOD has been incorporated into some enterprises’ organizational strategy, there are numerous organizations where BYOD has been initiated by the employees themselves and many network administrators are still working out how best to manage the trend.

It is only with practical experience that network administrators can fully understand the problems associated with BYOD and the best methods to solve them. Many organizations are looking for immediate answers and most IT and network admins do not have the time to experiment with various technologies and solutions or research for the right tool to use in the network for BYOD monitoring or management.

Enterprises often begin implementing BYOD strategies by having additional authentication mechanisms, a separate VLAN and a wireless network for handhelds. While this may seem to be the quickest method to adopt BYOD, it also brings with it numerous problems. In addition to the everyday upkeep and maintenance of the enterprise network, IT admins have to take care of mobile device management, bandwidth issues and most importantly keep an eye on possible security issues. In fact, BYOD leaves the network open to a plethora of security issues.

...

http://www.continuitycentral.com/feature1150.html

Poor disaster recovery practices have led to losses of up to $5M

PHILADELPHIA, Pa. – The Disaster Recovery Preparedness (DRP) Councilannounced today findings from its 2014 annual benchmark study which show that 73% of respondent organizations worldwide are not taking adequate steps to protect their data and IT systems. According to participants, poor planning, testing and technological deficiencies have led to more than $5M worth of critical applications failure, data center outages and data loss.

...

http://drbenchmark.org/global-benchmark-study-reveals-73-of-companies-are-unprepared-for-disaster-recovery/

Monday, 03 March 2014 16:08

Risk vs. Impact

The Risk

Hundreds of thousands of religious extremists are set to march on Jerusalem. Whether or not "hundreds of thousands" will descend on the Israeli capital is to be seen. My guess is that the turnout will be less than expected, but still there will be a sea of black hats.

In preparation for this event, Israel has ordered streets closed, trains to stop running, and buses to stay at the bus station.

The Impact

Whether or not the risk of the mass demonstration occurs - in any volume - the risk already is impacting the capital.

The impact is that people won't be able to 

*    Go to work

*    Go to school

*    Go shopping for essentials (bread, milk, etc.)

*    Get to a hospital or clinic if necessary

Essentially they are trapped in their neighborhoods, if not their homes.

...

http://johnglennmbci.blogspot.com/2014/03/for-what-does-planner-plan-risk-vs.html

IDG News Service — Sears Holdings said a review of its systems does not show evidence yet of a data breach as retailers continue to stay on guard in the light of payment card terminal hacking at Target and Neiman Marcus.

The department store chain, with 2,500 stores in the U.S. and Canada, is the latest company to say it is investigating a possible breach, following the hotel management company White Lodging Services and the arts and crafts chain Michaels.

"There have been rumors and reports throughout the retail industry of security incidents at various retailers, and we are actively reviewing our systems to determine if we have been a victim of a breach," wrote Howard Riefs, director of corporate communications at Sears Holdings, in an email.

 ...

http://www.cio.com/article/749018/Sears_Says_it_Finds_No_Evidence_Yet_of_Data_Breach

Monday, 03 March 2014 16:06

NOAA, FEMA: Be a Force of Nature

National Severe Weather Preparedness Week March 2-8

During National Severe Weather Preparedness Week March 2 to 8, the National Oceanic and Atmospheric Administration (NOAA) and the Federal Emergency Management Agency (FEMA) are calling on individuals across the country to Be a Force of Nature: Take the Next Step by preparing for severe weather and encouraging others to do the same.

Just one tornado can cause catastrophic damage. Last year, the EF 5 tornado that struck Moore, Okla., on May 20 killed 24 people and caused more than $2 billion in damage. In 2013, a total of 903 tornadoes were reported in the United States. Those tornadoes occurred in 43 states on 152 days, resulting in 55 fatalities and more than 500 injuries.

As more people move to tornado-prone areas, knowing what to do when severe weather strikes could save lives.

“With the devastation of last year’s tornadoes fresh in our minds and springtime almost here, I urge individuals to become weather-ready now,” said NOAA National Weather Service Director Dr. Louis Uccellini. “Make sure you have multiple ways to access forecasts and warnings from NOAA’s National Weather Service before severe weather strikes.”

“Being ready today can make a big difference for you when disaster strikes,” said FEMA Administrator Craig Fugate.  “It only takes a few minutes.  Talk with your family and agree to a family plan. Learn easy steps on how to prepare at Ready.gov and find out how your community can take action in America’s PrepareAthon through drills, group discussions and community exercises.”

Our severe weather safety message is simple: know your risk, take action, be an example.

• Know Your Risk: The first step to becoming weather-ready is to understand the type of hazardous weather that can affect where you live and work, and how the weather could impact you and your family. Sign up for weather alerts and check the weather forecast regularly.

• Take Action: Make sure you and your family are prepared for severe weather. Your family may not be together when a storm strikes, so plan how you will contact one another by developing your family communication plan. Make sure you put together an emergency kit and store important papers and valuables in a safe place. Visit Ready.gov/severe-weather to learn more about how to be better prepared and how you can protect your family when severe weather strikes.

• Be an Example: Once you have taken action, tell family, friends, and co-workers to do the same. Share the resources and alert systems you discovered through your social media network. Technology today makes it easier than ever to be a good example and share the steps you took to become weather-ready. Share these new videos to help your friends and families to prepare.

• Get Weather Ready: Before a Tornado - http://youtu.be/uE66ganofF0

• Get Weather Ready: During a Tornado - http://youtu.be/_5TiTfuvotc

• Get Weather Ready: After a Tornado - http://youtu.be/UQ94ESZulA8

NOAA and FEMA’s involvement in the innovative Wireless Emergency Alerts (WEAs) project, a new text-like message system, is part of a national effort to increase emergency preparedness and build a Weather-Ready Nation. Last year millions of individuals across the country received WEAs with life-saving weather warnings via their cell phone. These geographically targeted emergency alerts have allowed people to receive weather warnings they would not have otherwise received, and many people took life-saving action. For more information, visit www.ready.gov/alerts.

NOAA’s mission is to understand and predict changes in the Earth's environment, from the depths of the ocean to the surface of the sun, and to conserve and manage our coastal and marine resources. Join us on Facebook, Twitter and our other social media channels.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. http://www.ready.gov/

With data from 15,000 customers and over 100 insurance executives, consulting firmCapgemini and Efma found that enhancing customer experiences directly impacted insurers’ profitability. “Given the increasing demand of internet and mobile channels in insurance, digital transformation is an effective approach to create positive experiences, secure customer loyalty, and ultimately improve insurers’ profitability,” the report states.

While many insurers say they are working to improve the user experience, ratings have only increased by about 2% worldwide, with only 32% saying they had positive experiences with their provider. Further, nearly 70% of customers reported that they are considering switching carriers. Digital presence is increasingly important in making customers happy, according to the study. For example, while internet-mobile is the least likely channel to offer a good experience, it has the greatest impact when successful. Overall, as Capgemini and the MIT Center for Digital Business found in 2012, firms with a strong digital presence and customer focus are 26% more profitable.

In addition to the new report, Capgemini released the following infographic with their findings:

...

http://www.riskmanagementmonitor.com/digital-presence-may-improve-critical-customer-satisfaction-for-insurers/

 

Picture of a pharmacy counter taken from one of the aislesBy Katherine Seib, MSPH

The last time you were in a pharmacy did you notice advertisements for the flu vaccine? Signs like these will become more common as pharmacists take on an important role in administering vaccines to the general public. Have you also noticed how pharmacies seem to be everywhere? The ubiquity of pharmacies plus their extended hours of operation and streamlined access to preventative treatments makes them perfect for helping respond to emergencies, by distributing vaccines, medications, or protective masks. It’s encouraging to know that pharmacists in all 50 states can now administer vaccines and many are involved in emergency response training.

Research Supports the Role of Pharmacists

The Immunization Systems Project of the Emory Preparedness and Emergency Response Research CenterExternal Web Site Icon (PERCC) conducts research to determine how immunization systems could combat public health emergencies such as vaccine shortages or pandemic flu. Some of our recent findings highlight the importance of incorporating pharmacies into emergency planning as a valuable resource for reaching the public with important health measures.

During our research we explored differences in providers’ experiences administering vaccines during the H1N1 pandemic. We surveyed vaccine providers (e.g., pediatricians, obstetricians, hospital providers, pharmacists) in Washington State to examine topics such as vaccine administration, participation in preparedness activities and communication with public health agencies.

Based on our resultsExternal Web Site Icon, pharmacists:

  • Saw more patients on a daily basis than any other vaccine provider group
  • Reported lower coverage rates of their staff receiving seasonal and H1N1 influenza vaccines

Compared with other providers, pharmacists were:

  • Less likely to rely on local health departments for information about emergencies
  • Less likely to have participated in emergency training or response activities in the past
  • More inclined to rely on federal sources, corporate headquarters and professional organizations for information about public health emergencies
  • Willing to work with health departments in future vaccine-related public health emergencies

Our researchExternal Web Site Icon suggests that, given the broad reach of pharmacists and their high patient volume, pharmacists could become key first responders to improve the capability and reach of emergency response in the future. Encouraging pharmacists’ participation in emergency preparedness training as well as building connections between health departments and public health agencies are ways that can strengthen emergency response.  Public health entities are actively taking steps to add pharmacies into the pool of emergency responders. Doing so leverages the extensive community reach of pharmacists and the high level of trust people feel towards them.

Preparedness and Emergency Response Research Centers are funded by CDC’s Office of Public Health Preparedness and Response. To find more information about PERRC programs across the U.S. visit http://www.cdc.gov/phpr/science/erp_PERRCs.htm.

CIO — Anthony Bradley spends his days preparing for the worst-case scenarios that could occur on one of the seven campuses of Miami Dade College. Most of the school's 164,000 students -- and a large majority of its more than 3,000 employees -- spend their days thinking about anything but that.

As director of emergency preparedness, Bradley has conducted vulnerability assessments to determine the likelihood of various crisis situations and created detailed response plans for everything from fires and hurricanes to bomb threats and active shooters. Keeping students, faculty and staff informed of potential emergencies and disasters that they might encounter and what to do when they occur is a key ingredient of the program.

In the past, that would be accomplished through handouts, pocket brochures, and in-person briefings. But "handouts and brochures wind up in the trash or at home in a drawer," says Anthony, "and people forget the briefings over time."

But what they almost always carry with them is a smartphone or tablet.

...

http://www.cio.com/article/748963/Mobile_Emergency_Response_App_Keeps_College_Ready_for_Crisis

CIO — The obsolescence of enterprise security was at the core of McAfee's talk this week at the RSA Conference in San Francisco. The Target breach clearly showcased that you simply can't secure a company by trying to prevent unauthorized access, malware or any other internal or external security breach.

You have to step back and recognize that someone is going to break in and you must therefore focus on catching them before they can do any damage. This is a very different approach to security, and the lessons apply to both home and business and both electronic and physical security approaches. As an older woman who lives near me discovered this week when armed men pushed into her house and stole her safe, a perimeter approach to security is no longer adequate.

McAfee's presentation was so compelling it actually held my wife's interest because she could see how the lessons learned could be applied more broadly to personal defense.

McAfee argued it is in a war-like arms race, and its lead offering, which I spoke about last week (Threat Intelligence Exchange), is only the start of the first battle.

...

http://www.cio.com/article/748966/Everything_You_Know_About_Enterprise_Security_Is_Wrong

For a variety of reasons, backup and recovery over the years has not only become more complex, it’s become a lot more expensive. With the addition of multiple types of new platforms across the enterprise, backup and recovery offerings for each platform have proliferated.

Acronis wants to simplify backup and recovery with the release this week of backup and recovery software based on what the company dubs AnyData technologythat not only supports any platform, but also includes universal restore, de-duplication, and application support as part of the base offering. As an extension of that capability, Acronis this week also announced Acronis Backup-as-a-Service, a cloud-based backup and recovery service based on the company’s AnyData technology that the company’s partners can deliver via a variety of cloud service providers that Acronis has partnered with to create the service.

By with Meighan O’Reardon

Managing third-party suppliers presents significant compliance challenges that often span an organization, raising legal, insurance, human resources and technology concerns, to name just a few. Corporations will continue to wrestle with these risks in the year ahead, but the convergence of external threats, abundance of valuable corporate data and the current regulatory environment has highlighted the importance of corporate cybersecurity practices. Cybersecurity is perhaps one of the hottest topics being discussed in boardrooms today.  The Cybersecurity Framework, anticipated legislation and litany of high-profile data breaches have resulted in even more heightened scrutiny.

The landscape for corporate cybersecurity is rapidly changing and outsourced services, including IT and business process services, all stand to be impacted.  Corporate stakeholders, particularly in the legal, information security and information technology departments, should be keenly focused on the current cybersecurity climate and the state of cybersecurity across third-party outsourcing agreements.

...

http://www.corporatecomplianceinsights.com/remain-vigilant-managing-cybersecurity-risks-in-third-party-outsourcing-relationships

Findings from the eighth annual survey of chief audit executives in power and utilities, January 2014

How Utility IA Organizations Plan to Bolster Their Relevance and Response to Risks

Utilities are navigating dramatic and pronounced change. Demand management, smart grids, big data, shifting regulatory needs and growing capital investments are forcing utilities to change how they manage their businesses. At the same time, the growth of distributed generation, new sources of fossil fuel and the advent of shale gas and tight oil supplies are changing the industry’s economics and demanding new strategies. Utility company internal audit (IA) groups are pivotal to their company’s ability to navigate the risks inherent in these pervasive changes.

However, PwC’s eighth annual survey of Power and Utilities Chief Audit Executives (CAEs) found that IA groups are facing significant challenges in maintaining a central role. For example, respondents fear their groups won’t have the required skills to keep pace with a growing portfolio of capital projects, increasing regulatory complexity and new technologies. In addition, CAEs feel there is an opportunity to achieve closer alignment with the expectations of their stakeholders—from the critical risks that should be IA’s focus to advanced technologies that strengthen IA’s efficiency and efficacy.

...

http://www.corporatecomplianceinsights.com/news/empowering-business-agility-strengthening-internal-audits-impact-and-value

I am currently studying Medieval England including the reign of Alfred the Great. As you might expect with someone monikered as ‘The Great’ he is certainly considered right up there with the greatest Kings of England. Not only did he largely drive out the Viking invaders from his country but he also set the stage for the unification of England under one crown, for the first time since the days of Roman Britain under the Caesars. One of the innovations he developed was fortified towns, called burgs, from which to resist Viking raids and incursion. But more than simply walled cities for defense, within these fortified towns was a wide road running down the middle of the town called the ‘High Street’ and a street situated next to the town’s walls appropriately called ‘Wall Street’. These streets were wider than the others in the town to facilitate the movement of troops in the time of crisis, such as a Viking raid. In other words, Alfred evaluated the risk to his kingdom and put multiple layers of steps into place to manage those risks.

In the Foreign Corrupt Practices Act (FCPA) compliance world, one of the key components that the Department of Justice (DOJ) wants to see is a risk assessment and a company managing its risks, based upon said risk assessment. One company’s response to a risk or set of risks does not necessarily mean that another company must follow it. The DOJ’s Ten Hallmarks of an Effective Compliance Program are broad enough to allow companies to manage their own risks, hopefully effectively. I thought about this concept when I was listening to a presentation by Flora Francis and Andrew Baird of GE Oil & Gas at the 2014 SCCE Utility and Energy Conference in Houston this week on GE’s third party risk management. First of all, if you have the chance to hear a couple of nuts and bolts compliance practitioners from GE like these two speak, run, don’t walk, to their presentation. GE’s commitment to compliance is well known but also the company’s willingness to share about their compliance program is a great boon to the compliance community. Lastly, is the gold-standard nature of the GE compliance program and while it may be more than your company needs to manage their own risks, the GE compliance regime does shine a light that we can all aspire to in our own compliance programs.

...

http://tfoxlaw.wordpress.com/2014/02/27/alfred-the-great-ge-and-the-management-of-third-party-risk/

Despite the publicity given to Big Data and (to a lesser extent) the Internet of Things, their practical advantage has yet to be clarified. It’s difficult to think of them in terms of business continuity when they don’t influence the fortunes of an enterprise; unless you count the negative impact of money spent investigating them. A few companies cite gains in marketing effectiveness for example by analysing huge amounts of online data from customer interactions, but Big Data is not mainstream – or not yet. Similarly, the Internet of Things in which phones, PCs, cars, fridges and more are all web-enabled is a conversation starter rather than a reality. Things would change if either one acquired a killer app.

...

http://www.opscentre.com.au/blog/the-internet-of-things-and-big-data-both-looking-for-a-killer-app/

Thursday, 27 February 2014 16:49

The hardest part of communications

Reflecting on some of the most recent crises I’ve been involved in as an advisor, I asked: what am I really contributing?

I concluded by far the most valuable contribution was an outside perspective. Looking at the event and issues from the viewpoint of the customer, the stakeholder, the reporter, the victim, the detached observer. It is often very difficult for even the best communicators who are deeply embroiled in a problem to maintain that outside perspective. It’s the main reason why I think it is probably essential that your crisis communication plan include a qualified person completely outside your organization.

I worked on a plan for a major oil company a few years ago and saw in their plan the role of a Communications Advisor. In their case, it was intended for a specific PR expert who had a strong relationship with the President. But, it struck me as such a good idea I have built that role into almost every plan I have worked on since then. The responsibility of that person is to maintain a 30,000 foot view, maintain contact with stakeholders outside the organization, and represent an honest, objective and uninformed perspective.

...

http://ww2.crisisblogger.com/2014/02/the-hardest-part-of-communications/

Thursday, 27 February 2014 16:48

Drought Claiming California Crops

While many California farmers are taking a wait-and-see approach regarding future rainfall, some almond growers are moving ahead with the removal of mature trees. But much more is at risk, including jobs and agricultural products for the rest of the country.

California grows about half of all U.S. fruits and vegetables, mostly in the Central Valley region. It also ranks as the top farm state by annual value of agricultural products. Crops exclusive to California are almonds, dates, figs, grapes for raisins, pomegranates, olives, peaches, pistachios, plums, rice, walnuts, kiwi fruit and clover seed.

In January, Gov. Jerry Brown declared a drought emergency, and this month President Obama announced relief aid for California farmers and ranchers. Because of the severity of the ongoing drought, the U.S. Bureau of Reclamation as well as the State Water Project said there would be no water for Central Valley farmers and ranchers. According to the California Farm Water Coalition, it is expected that about 2 million acres in the San Joaquin Valley will receive no water this year.

...

http://www.riskmanagementmonitor.com/drought-claiming-calif-crops/

Thursday, 27 February 2014 16:48

No Money for Data Quality? Try to Decentralize

When it comes to succeeding with data quality, you might gain an edge by avoiding a centralized approach, argues one data governance director.

Alan D. Duncan is the director of data governance at the University of New South Wales, Australia. In a recent MIKE 2.0 blog post, Duncan reacts to a survey finding that a “lack of centralized approach” is linked with inaccurate data. He questions whether it’s really lack of centralization or actually a complete lack of any structure.

Duncan’s premise, as he explains in some detail for InformationAction, is this: The social and cultural character of your organization should shape how you handle data governance. That means there will be a many different ways to structure governance, but broadly speaking, he identified three:

...

http://www.itbusinessedge.com/blogs/integration/no-money-for-data-quality-try-to-decentralize.html

CIO — In the years since the HITECH Act, the number of reported healthcare data breaches has been on the rise — partly because organizations have been required to disclose breaches that, in the past, would have gone unreported and partly because healthcare IT security remains a challenge.

Recent research from Experian suggests that 2014 may be the worst year yet for healthcare data breaches, due in part to the vulnerability of the poorly assembled Healthcare.gov.

Hacks and other acts of thievery get the attention, but the root cause of most healthcare data breaches is carelessness: Lost or stolen hardware that no one bothered to encrypt, protected health information emailed or otherwise exposed on the Internet, paper records left on the subway and so on.

What will it take for healthcare to take data security seriously?

...

http://www.cio.com/article/748810/Will_Healthcare_Ever_Take_IT_Security_Seriously_

A lot of coverage has been dedicated to BYOD and security from the employer’s side of things. Now an interesting new study out from AdaptiveMobile shows what employees don’t know about BYOD, which is mostly how much control employers have over those personally owned devices.

According to FierceMobileIT:

The study of 1,000 IT decision makers and 1,000 employees, conducted by Harris Interactive, found that 83 percent of staff would stop using their own device or still use it with deep concern, if they knew their employer could see what they were doing at all times. With 61 percent of enterprises already having this level of access in place, and with a need to increase control to address growing security threats, organizations could face a backlash in their employees' willingness to adopt BYOD.

...

http://www.itbusinessedge.com/blogs/data-security/majority-of-employees-in-the-dark-about-byod-security.html

Thursday, 27 February 2014 16:44

Business Continuity Awareness Week 2014

Business Continuity Awareness Week takes place from 17th to 21st March and Continuity Central’s BCAW update page will provide all the information you need to make the most of this annual event.

Business Continuity Awareness Week is available to all organizations to make use of and this year two main themes have emerged:

  • The Business Continuity Institute is building its BCAW activities around the theme of ‘Counting the cost’. The BCI says that this is designed to demonstrate the potential cost of not having an effective business continuity management system.
  • Various Canadian organizations have grouped together to promote BCAW in that country. The theme chosen is ‘Business Continuity: Helping Protect Business Value.'

The Continuity Central BCAW update page will provide updates from both the above initiatives as well as looking at what individual businesses and organizations are doing during that week.

The update page can be visited in two ways: either using the full URL http://www.continuitycentral.com/businesscontinuityawarenessweek2014.html or the shortened version http://www.businesscontinuityawarenessweek.com

Thursday, 27 February 2014 16:44

London Risk Register updated

The London Risk Register was approved in early February and provides an annual assessment of the likelihood and potential impact of a range of different threats to London’s businesses and communities.

The updated Risk Register identifies 67 risks, categorised as:

  • 4 Very High risks
  • 33 High risks
  • 24 Medium risks
  • 6 Low risks.

The four ‘Very High’ risks are:

  • Influenza Pandemic
  • Severe inland flooding
  • Fluvial or surface run-off
  • Telecommunication failure.

The updated London Risk Register can be viewed here (PDF).

The London Resilience Team has also developed a number of short presentations providing an overview of the main risk areas. These can be viewed here.

Almost half of organizations are operating under the assumption that their network has already been compromised, according to a survey conducted by the SANS Institute on behalf of Guidance Software. When the limitations of perimeter security are exposed, endpoints and critical servers rife with sensitive information are rendered vulnerable. With many high profile breaches in 2013 occurring on endpoints, interest in improving endpoint security is top-of-mind for many information security professionals.

In the first-ever SANS Endpoint Security Survey, SANS surveyed 948 IT Security professionals in the United States to determine how they monitor, assess, protect and investigate their endpoints, including servers. The largest group of respondents encompassed security administrators and security analysts. More than one-third of those respondents (34 percent) work in IT management (e.g., CIO or related duties) or security management (e.g., CISO or similar responsibilities).

The overall results of the survey indicate that the topic speaks to the strategic concerns of management while also addressing the technical concerns of those ‘in the trenches’.

...

http://www.continuitycentral.com/news07114.html

Wednesday, 26 February 2014 15:03

Regulatory Compliance Has No Speed Traps

By

“A truth that’s told with bad intent
Beats all the lies you can invent.”
- William Blake

Formed through legislation signed by President Gerald Ford in 1976, the Office of the Inspector General (OIG) is one federal agency that should never be underestimated by those in the health care industry. In its pursuit to protect the integrity of health care programs and the welfare of their beneficiaries, the OIG boasts the power to determine the fate of most health care providers through standards both objective (42 U.S.C. § 1320a-7(a) – Mandatory Exclusions) and subjective (42 U.S.C. § 1320a-7(b) – Permissive Exclusions). While those unfortunate enough to find themselves on the List of Excluded Individuals and Entities (LEIE) may at times disagree, the pellucidity with which the OIG enforces its statutory directive is in perfect alignment with the transparency through which the agency insists providers conduct their business.

...

http://www.corporatecomplianceinsights.com/regulatory-compliance-has-no-speed-traps/

The recent examples of compliance program credits for Morgan Stanley and Ralph Lauren have demonstrated that, more than ever, an effective compliance program can protect a company from criminal indictment and generate bottom line benefits by helping a company avoid or reduce fines and penalties. Much of the recent enforcement action has been focused on liability for bribery and corruption actions performed by third parties on behalf of another company. When it comes to third party corruption, many compliance program leaders worry that they don’t know where to start on a third party compliance program and that they cannot afford the elaborate, richly funded programs that are so often profiled in the news.

Luckily, you don’t have to have a legion of compliance personnel and an unlimited budget to meet standards recently outlined in A Resource Guide to the U.S Foreign Corrupt Practices Act (FCPA Guidance) provided by the United States Department of Justice (DOJ) and Securities and Exchange Commission (SEC).

...

http://www.corporatecomplianceinsights.com/leadership-library/navex-global-a-prescriptive-guide-to-third-party-risk-management/

January 28th was the anniversary of the Space Shuttle Challenger disaster. The Rogers Commission detailed the official account of the disaster, laying bare all of the failures that lead to the loss of a shuttle and its crew. Officially known as The Report of the Presidential Commission on the Space Shuttle Challenger Accident - The Tragedy of Mission 51, the report is five volumes long and covers every possible angle starting with how NASA chose its vendor, to the psychological traps that plagued the decision making that lead to that fateful morning.  There are many lessons to be learned in those five volumes and now, I am going to share the ones that made a great impact on my approach to risk management. The first is the lesson of overconfidence.

In the late 1970’s, NASA was assessing the likelihood and risk associated with the catastrophic loss of their new, reusable, orbiter. NASA commissioned a study where research showed that based on NASA’s prior launches there was the chance for a catastrophic failure approximately once every 24 launches. NASA, who was planning on using several shuttles with payloads to help pay for the program, decided that the number was too conservative. They then asked the United States Air Force (USAF) to re-perform the study. The USAF concluded that the likelihood was once every 52 launches.

...

http://blogs.forrester.com/renee_murphy/14-02-25-the_shuttle_challenger_anniversary_still_offers_risk_management_lessons_if_we_are_willing_to_learn_th

Experts have long talked about the 360-degree of customers in near mythical terms and as a generally worthwhile, if not actually achievable, goal. A new business imperative could up the ante for integrating data about customers, according to Gartner.

In the past, what that’s really meant is that they want to align channels, such as in-store, online and customer. Now, the goal is to improve the customer engagement across business divisions as well. Basically, what that means is that they’ve added marketing and sales into the mix.

That’s going to be a big job, too. A Scribe Software survey released in October found that only 16 percent of companies support full integration between CRM and other business systems. And I can’t swear by this data because it’s a few years old, but back in 2012, Scribe found that 35 percent of businesses planned to handle CRM integration by manually re-entering the data.

...

http://www.itbusinessedge.com/blogs/integration/is-your-crm-data-annoying-customers-and-costing-you-a-chunk-of-change.html

COMPUTERWORLD — WASHINGTON - From ocean sensors to orbiting satellites, the National Oceanic and Atmospheric Administration (NOAA) collects about 30 petabytes of environmental data annually. But only about 10% of the data is made public, something the agency now wants to change.

NOAA wants to move its vast amount of untapped data into a public cloud, but without having to pay a whopping cloud services bill.

The agency believes the data has a lot of value to it, and is now seeking partnerships with commercial entities, universities and others. An ideal partner might be someone who can apply advanced analytics to the data to create new products and value-added services that also generates new jobs.

...

http://www.cio.com/article/748785/NOAA_Wants_to_Turn_its_Ocean_of_Data_Into_Jobs

CIO — The demands of big data applications can put a lot of strain on a data center. Traditional IT seeks to operate in a steady state, with maximum uptime and continuous equilibrium. After all, most applications tend to have a fairly light compute load—they operate inside a virtual machine and use just some of its resource.

Big data applications, on the other hand, tend to suck up massive amounts of compute load. They also tend to feature spikes of activity—they start and end at a particular point in time.

"Big data is really changing the way data centers are operating and some of the needs they have," says Rob Clyde, CEO of Adaptive Computing, a specialist in private/hybrid cloud and technical computing environments. "The traditional data center is very much about achieving equilibrium and uptime."

...

http://www.cio.com/article/748742/Helping_Data_Centers_Cope_With_Big_Data_Workloads

IDG News Service (Boston Bureau) — A former Microsoft architect has founded a startup called Azuqua aimed at tackling the problem of joining together and automating business processes from multiple SaaS (software-as-a-service) applications.

The proliferation of SaaS and the "API [application programming interface] economy," provides a vast opportunity for a service that can easily pull together processes from multiple applications to serve various scenarios, CEO Nikhil Hasija said in an interview prior to Tuesday's launch of the company's platform.

There's also a need for a tool that can make doing this extremely easy for an average user, he said. While there are a wide range of cloud integration options, such as Dell Boomi and Informatica Cloud, "it requires a computer science degree to do something with them," Hasija claimed. "We're solving this for the business user and making IT look good for being able to deliver this."

...

http://www.cio.com/article/748749/Ex_microsoft_Architect_39_s_Startup_Focuses_on_Saas_Integration

IDG News Service (Boston Bureau) — Dell and NetSuite are broadening their relationship, with Dell becoming a global reseller and IT systems integrator for NetSuite's cloud ERP (enterprise resource planning) software.

NetSuite and Dell had already partnered around Dell's Boomi cloud integration technology, and signed off on the expanded agreement a couple of weeks ago, NetSuite CEO Zach Nelson said in an interview prior to Tuesday's announcement.

The deal has benefits for both companies. NetSuite will gain from Dell's vast global sales and service organizations, as well as the latter's specialization in industries such as health care and financial services.

...

http://www.cio.com/article/748737/Dell_to_Resell_Implement_Netsuite_39_s_Cloud_ERP_Software

Business Continuity Awareness Week takes place between 17th – 21st March 2014 and this year includes an opportunity to take part in the first business continuity ‘Flashblog’.

The Flashblog is basically a collection of short articles written around the same theme and published on the same date.

The topic which has been set is "Counting the cost, and benefits, for business continuity” and 500 word articles are being sought from the perspective of as many different types of authors as possible.

Articles will be published on various platforms (including Continuity Central), depending on the author’s preference, and will go live at 11am GMT on Tuesday 18th March using the hashtags #countingthecost and #bcFlashBlog.

For more details of how to take part go to http://bcflashblog.postach.io/join-in-the-bc-flashmob

The NFPA Technical Committee on Emergency Management and Business Continuity will meet between March 25th-27th 2014 to discuss progress on the 2016 edition of NFPA 1600.

The agenda for the First Draft Meeting, which will take place at Hilton St. Petersburg Carillon Park, St. Petersburg, FL, is as follows:

1. Starting time: 8:30 a.m., March 25, 2014.

2. Welcome (Don Schmidt, Chair)

3. Self-introduction of members and guests

4. Approval of Minutes of Pre-First Draft Meeting, Salt Lake City, 2013 Oct 22-23

5. Approval of agenda

6. NFPA staff liaison report (Orlando Hernandez)
Committee membership update
Distribution of sign-in sheets

7. Organizational reports/News related to NFPA 1600

8. Task group reports

9. Act on Public Comments to NFPA 1600. Take any other actions necessary to complete the ROC for NFPA 1600.

10. Old business.

11. New business

12. Adjourn

To read the minutes of the October 22nd-23rd meeting click here (PDF).

Tuesday, 25 February 2014 19:17

The Risk Appetite Dialogue

Risk levels and uncertainty change significantly over time. Competitors make new and sometimes unexpected moves on the board, new regulatory mandates complicate the picture, economies fluctuate, disruptive technologies emerge and nations start new conflicts that can escalate quickly and broadly. Not to mention that, quite simply, stuff happens, meaning tsunamis, hurricanes, floods and other catastrophic events can hit at any time. Indeed, the world is a risky place in which to do business.

Yet like everything else, there is always the other side of the equation. Companies and organizations either grow or face inevitable difficulties in sustaining the business. Value creation is a goal many managers seek, and rightfully so, as no one doubts that successful organizations must take risk to create enterprise value and grow. The question is, how much risk should they take? A balanced approach to value creation means the enterprise accepts only those risks that are prudent to undertake and that it can reasonably expect to manage successfully in pursuing its value creation objectives.

...

http://www.corporatecomplianceinsights.com/the-risk-appetite-dialogue/

Computerworld — Now, here's a noble goal. U.K. telecom giant Orange on Friday (Feb. 21) launched a campaign to encourage companies to be much more transparent about the data they are collecting with their mobile apps, as well as helping consumers to better control how such data is used. Laudable, really -- and terribly unrealistic.

I'm not even talking about the fact that most companies would rather not be transparent about why they retain consumer data. ("We're trying to get you to buy expensive stuff that you don't need and probably don't even really want. Why do you ask?") The real problem is that you can't disclose what you don't know.

And companies seem to know frighteningly little about what their mobile apps are doing, if efforts by Starbucks, Delta, Facebook, Match.com and eHarmony are any indication.

...

http://www.cio.com/article/748725/Transparency_About_Data_Retention_Requires_Knowing_What_You_have

There is no question that technology today forms the core of business. In their role of facilitating transactions and storing sensitive data—the data of both the staff of the company and the stored data of the clients—the systems and networks of companies are increasingly under siege. This makes data both the most precious asset to the corporation, and the most vulnerable. Losing it may cause irrevocable damage to the reputation of a business, and thereby also the trust of shareholders. Logically, then, network security should be a key focal point in the disaster recovery plan of any business that wishes to stay afloat.

How, then, do we prepare our businesses to deal with threats to network security?

...

http://www.opscentre.com.au/blog/the-importance-of-network-security-in-disaster-recovery-planning/

InfoWorldAdvanced persistent threats have garnered a lot of attention of late, deservedly so. APTs are arguably the most dangerous security concern for business organizations today, given their targeted nature.

An APT attack is typically launched by a professional organization based in a different country than the victim organization, thereby complicating law enforcement. These hacking organizations are often broken into specialized teams that work together to infiltrate corporate networks and systems and extract as much valuable information as possible. Illegally hacking other companies is their day job. And most are very good at it.

By all expert opinion, APTs have compromised the information infrastructure of any relevant company. The question isn't whether you've been compromised by an APT, but whether you've noticed it.

...

http://www.cio.com/article/748682/6_Lessons_Learned_About_the_Scariest_Security_Threats

Resiliency is generally defined as the ability of an organization to (a) withstand threats that could have significant impact and (b) recover from any disruption within the thresholds set by the business.  Resiliency is often, mistakenly, considered the responsibility of IT.  Technological resiliency is of paramount importance, but cannot alone assure the resilience of an organization.

One of the ways to become more resilient is to reduce risk exposure and thereby increase the organization’s ability to withstand threats.  How can this be achieved?

A Ground-Up Approach to Risk Reduction

Understand that risks are inherent in the assets (sites, people, processes, IT services and subsystems, suppliers, equipment, etc.) that vital operations rely on. Risk reduction efforts should focus on decreasing the risk exposure of those critical assets. Decreasing risks at this granular level can, with their cumulative effect, reduce the organization’s overall risk exposure.

...

http://ebrp.net/reducing-risk-exposure-a-first-stride-on-the-path-to-resiliency/

In reviewing the results of the new 2014 Annual Report on the State of Disaster Recovery Preparedness from the Disaster Recovery Preparedness Council in this blog, I’ve focused on the bad news so far.  Based on hundreds of responses from organizations worldwide, the Annual Report provides several insights into the best practices of companies that are better prepared to recover from outages or disasters.

You can download the report for free at http://drbenchmark.org/

OK, so here’s the good news.  Some companies seem to be doing much better at preparing for outages and they exhibit certain traits that distinguish them from others who are not doing so well.

...

http://drbenchmark.org/the-good-news-best-practices-emerging-from-dr-preparedness-research/

Tuesday, 25 February 2014 19:11

Snow Now Means Water Later: Are You Ready?

CHICAGO – Just a few inches of water can cause tens of thousands of dollars in damage to your home. A flood insurance policy could protect you from the devastating out-of-pocket expenses caused by flooding.  

Don’t wait until it’s too late. A policy takes 30 days from application and payment to go into effect. And a typical homeowner’s insurance policy does not cover floods.

“Snow thaw and the potential for heavy spring rains heighten the flood risk throughout our area in the coming months,” said FEMA Region V Administrator Andrew Velasquez III.  “A flood insurance policy is the best option to protect your home from the costly damage floodwaters can cause.”

Historically, flooding has resulted in millions of dollars in damages throughout the state of Wisconsin. In 2010, heavy rains dumped nearly 8 inches of water in a two hour period over the city of Milwaukee, resulting in more than 23,000 reports of damage from local residents. Last June, severe thunderstorms dumped a total of 8-13 inches of rain over northwestern, southwestern, and south central Wisconsin causing significant damage.  Some areas received 1-2 inches of rainfall per hour that resulted in flash flooding and mudslides. 

FEMA recommends that all Wisconsin residents visit FloodSmart.gov or call 1-800-427-2419 to learn how to prepare for floods, how to purchase a flood insurance policy and the benefits of protecting your home or property investment against flooding. You can also contact your insurance agent for more information.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at twitter.com/femaregion5, www.facebook.com/fema, and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at twitter.com/craigatfema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

IDG News Service (Washington, D.C., Bureau) — The U.S. Congress should pass a law requiring businesses that have lost customer information in cyberattacks to notify those affected, U.S. Attorney General Eric Holder said Monday.

In light of recent data breaches, including at Target and Neiman Marcus, a data-breach notification law would help the U.S. Department of Justice combat crime, protect privacy and prevent identity theft, Holder said in a video message.

"As we've seen -- especially in recent years -- these crimes are becoming all too common," Holder said. "And although Justice Department officials are working closely with the FBI and prosecutors across the country to bring cybercriminals to justice, it's time for leaders in Washington to provide the tools we need to do even more: by requiring businesses to notify American consumers and law enforcement in the wake of significant data breaches."

...

http://www.cio.com/article/748691/US_Attorney_General_Calls_for_Data_breach_Notification_Law

Monday, 24 February 2014 16:06

The weak link in the chain…

Tripwire has released the results of an extensive analysis of security vulnerabilities in small office/home office (SOHO) wireless routers. As part of the research, Tripwire sponsored a study of 653 IT and security professionals and 1,009 employees who work remotely in the US and UK

Collectively, this research strongly shows that critical security vulnerabilities are endemic across the entire SOHO wireless router market, and a surprising number of IT professionals and employees who work remotely do not use basic security controls to protect their wireless routers.

SOHO wireless router security vulnerabilities present significant cyber security risks to employees and enterprise networks.

...

http://www.continuitycentral.com/news07105.html

SSE Telecoms has launched the third and final eBook in its data centre sins series. ‘The definitive buyer’s guide for de-risking co-location projects’ includes a checklist of requirements for organizations to compare the different data centre tiers with their organization’s risk profile.

Numerous risks are inherent in data centre design and as a result, business decision makers tasked with selecting an appropriate facility to house their critical information should be aware of all the potential pitfalls and how to avoid them.

The new eBook builds on the knowledge readers will have gained in the first two eBooks – ‘7 deadly data centre sins: how to recognise them’ and ‘7 deadly data centre sins: how to mitigate them’ – offering impartial advice on how best to compare and contrast commercial data centre facilities, and to determine which approach and tier level is most appropriate to their business’s needs.

To download any of the above eBooks go to http://www.ssetelecoms.com/library/

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has published a new thought paper, ‘Improving Organizational Performance and Governance: How the COSO Frameworks Can Help’, developed to illustrate how the enterprise risk management and internal control frameworks can contribute to enhancing organizational performance and governance for sustainable success.

The paper was co-authored by Protiviti Managing Director James DeLoach and IMA (Institute of Management Accountants) President and CEO Jeffrey C. Thomson, CMA, CAE.

Since its inception in 1985, COSO has provided thought leadership and guidance on internal control, ERM, and fraud deterrence. Its landmark frameworks, Internal Control – Integrated Framework (2013) and Enterprise Risk Management – Integrated Framework (2004), offer a blueprint for helping organizations ensure effective controls and proficient risk management. The new thought paper provides a holistic approach to relating these frameworks to governance, strategy setting, and management processes.

Read the document (PDF).

Monday, 24 February 2014 16:04

Encryption and the Payment Ecosystem

The everyday consumer assumes that when they make a purchase, either online or in the checkout line, their card data is handed off to a trusted source, with security in place to protect them. They don’t see the complicated ecosystem that exists to process that transaction, nor fully understand the security mechanisms that may or may not be in place. To them, a transaction is a swipe of card, a signing of receipts (or entry of a PIN) and the swift deduction of funds from their account. It’s clean, simple and efficient.

The rotating door of data breaches with large retailers is proof that security in the payment ecosystem is anything but simple. Not only do they understand the potential harm of a breach to their own business, but they invest heavily in security mechanisms to prevent breaches from happening.  With an estimated 110 million customer records stolen in one breach alone, it’s clear that the security strategy retailers are following is ineffective.

...

http://www.corporatecomplianceinsights.com/encryption-and-the-payment-ecosystem/

Monday, 24 February 2014 16:03

How to Test the Security Savvy of Your Staff

CIO — Security can be an acute pain point for CIOs. There might be nothing that causes more sleepless nights than ensuring the security of an organization's data and systems. Specialists fortify the network perimeter with firewalls and IDPSs, segment the network and perform regular audits and rigorous assessments. They also classify data and isolate critical files, and follow best practices regarding least privilege and security policies.

Unfortunately, these efforts are vulnerable to the actions of undereducated or malicious users. In its 2013 global, the Ponemon Institute estimates that the average total cost of a data breach in the United States is just over $5.4 million. Roughly 67 percent of the incidents resulted from a malicious or criminal attack or a system glitch, but 33 percent are attributed to the human factor, such as a negligent employee or contractor. It can all start with a single click on the wrong link in an email or trusting an imposter.

...

http://www.cio.com/article/748511/How_to_Test_the_Security_Savvy_of_Your_Staff

Monday, 24 February 2014 16:02

When is a Disaster Considered a Disaster?

It’s kind of like the old question; ‘If a tree falls in the forest and no one is there to hear it, does it make a sound?’ A disaster isn’t a disaster if there’s no measureable impact. No impact to people’s perception of the situation. No impact to people’s lives. If there is a large fire but there is no people or property (facilities, IT equipment etc.) or processes involved – either by fighting the fire or being impacted by the fire – is it still a disaster? There are no fire fighters and no burning buildings, which have no people being impacted so is it still a fire worth tracking and determining the impact and disaster level? No, because there is no measureable impact.


There will be arguments that state yes, it is a disaster because of the damage it can still cause (i.e. the environment) but if no one is involved how do you know it’s a disaster? There’s nothing that tells you it’s a disaster; nothing to point towards to say ‘this’ is the reason for the fire being a disaster because when the large fire is discovered it’s impact isn’t known…yet

...

http://stoneroad.wordpress.com/2014/02/22/when-us-a-disaster-considered-a-disaster/

Monday, 24 February 2014 15:54

SMBs Embrace BYOD in Greater Numbers in 2014

A new IDC study titled “U.S. 2014 SMB Corporate-Owned and BYOD Mobile Device Survey” confirmed that small to midsize businesses (SMBs) are now the driving force behind the rise in BYOD adoptions. The study predicts that BYOD will continue its strong presence in the workplace, with SMBs leading the way.

IDC Analyst Chris Chute, who co-authored the study, also sees SMBs introducing good BYOD management programs in a short amount of time:

“Small businesses have seen the most growth in BYOD device uptake and have responded by implementing policies that govern how those devices are used. This is a marked change from only a year ago when close to half of small firms cited having a zero-access BYOD stance. Now, with the availability of hosted software and easy-to-implement mobile solutions, SMB IT managers feel much more comfortable allowing personal devices access to internal IT resources.”

...

http://www.itbusinessedge.com/blogs/smb-tech/smbs-embrace-byod-in-greater-numbers-in-2014.html

The other day I attended a meeting of a local business continuity forum. It was a very well run, very interesting meeting – the latter despite the fact that one of the topics was business interruption insurance, living proof that any subject can be made interesting by an engaging speaker. There was, however, one small glitch in proceedings that I thought was worthy of note. Or that at least gave me an excuse to write a blog.

The second item on the agenda involved a live link-up, via Skype, to a presenter in some far flung, desolate location – Reading, I think. At the appropriate time, the chairman initiated the call. And then… nothing happened, apart from a deafening silence. The technology didn’t work. Now, before you say anything, yes, of course it had been tested beforehand. This was, after all, a group of consummate business continuity professionals. It had, however, been tested on the previous Friday afternoon, whereas the live event was on a Monday morning, when the volume of traffic on the network is, apparently, much greater. To the extent that there wasn’t enough room left in the pipe for a teeny weeny little Skype call.

...

http://thebceye.blogspot.com/2014/02/never-work-with-children-or-animals-or.html

Friday, 21 February 2014 17:15

Cybersecurity Trends for 2014

Target, Neiman Marcus and nearly 100 million of their customers whose personal information was stolen this past holiday season learned the hard way what companies of all sizes must: cybercrime is becoming more pervasive, its perpetrators more sophisticated and the harm it causes (individuals and companies) harder to calculate.

As cyber attacks become more common, companies are adopting policies to prevent and respond to them.  Unfortunately, cyber attacks are like viruses: they are not static, but rather always evolving and adapting in order to infect as many people as possible.  In most cases, before companies or industries can agree and implement defensive measures or best practices, those perpetrating cyber attacks are diligently working to circumvent the defensive measures and expand into completely new areas.  Thus, companies must keep a vigilant eye on both yesterday’s attack and the emerging threat that may not materialize for another six months to a year.

...

http://www.corporatecomplianceinsights.com/cybersecurity-trends-for-2014/

Friday, 21 February 2014 17:14

Target Data Breach: More on the Numbers

Two months after Target announced a massive data breach in which hackers stole 40 million debit and credit card accounts from stores nationwide and the rising costs related to the incident are becoming clear.

Costs associated with the Target data breach have reached more than $200 million for financial institutions, according to data collected by the Consumer Bankers Association (CBA) and the Credit Union National Association (CUNA).

Breaking out the numbers, CBA estimates the cost of card replacements for its members have reached $172 million, up from an initial finding of $153 million. CUNA has said the cost to credit unions has increased to $30.6 million, up from an original estimate of $25 million.

So far, cards replaced by CBA members and credit unions account for more than half (54.5 percent) of all affected cards.

...

http://www.iii.org/insuranceindustryblog/?p=3559

NETWORK WORLD — Imagine this in your data center: A swath of compute, networking and storage hardware from a variety of different vendors that are all controlled not individually but by software that overlays the entire operation.

Sound like a fantasy? It's the idea behind the software defined data center (SDDC) and research firm Enterprise Management Associates has declared that 2014 is the year for enterprises to seriously take a look at it.

But how do you get there? EMA analyst and blogger Torsten Volk has outlined three key priorities to adopting a SDDC strategy.

...

http://www.cio.com/article/748556/3_Essentials_Steps_to_a_Software_Defined_Data_Center

CSO — Security pros should reevaluate their use of technology and policies to bolster defenses against insider threats that many organizations downplay, a new study shows.

The threat of employees causing a data breach due to ignorance or malicious intent was behind viruses, data loss and hacking as the top security risks listed by 500 IT decision makers polled by IS Decisions, which specializes in securing Windows infrastructure. The respondents worked in organizations ranging from 50 to 10,000 employees in the U.S. and the U.K.

Only 21 percent of the respondents listed insider threats in the top three, demonstrating a lack of awareness of the seriousness of the risk, according to the survey. A separate study conducted by Forrester Research last year found that insiders were the top source of breaches, with 36 percent of such incidents stemming from inadvertent misuse of data by employees.

...

http://www.cio.com/article/748516/Why_Companies_Need_to_Check_Their_Handling_of_Internal_Threats

IDG NEWS SERVICE (Boston Bureau) — Companies that move the bulk of their IT operations to cloud services can end up realizing significant overall cost savings, according to a study by analyst firm Computer Economics.

The study looked specifically at companies that had moved mostly to the cloud and compared their spending habits to those of "more typical organizations," report author and Computer Economics President Frank Scavo wrote.

Computer Economics surveyed seven organizations with revenue ranging from US$50 million to $550 million. While acknowledging the sample size is small, the respondents' relative size is crucial, Scavo said in an interview.

...

http://www.cio.com/article/748531/Study_Companies_that_go_all_in_with_SaaS_can_save_big

Friday, 21 February 2014 16:37

Cloud Storage for Business: Pros and Cons

There are critical differences in cloud storage according to backup size and priority. SMB – including education and small government agencies – primarily require acceptable backup and restore performance plus security and compliance reporting. The enterprise needs these things plus additional solutions for backing up larger data sets across multiple remote sites and/or storage systems and applications.

Note that no one is talking about backing up the corporate data center’s petabyte-sized storage to the cloud, not yet anyway. At its present level of development, online backup is best done for smaller scale systems. But even with this limited approach, it can have real advantages for business backup.

Cloud storage is not a do-all and be-all of data protection but it does have real benefits for some environments. One of its biggest advantages is replacing extensive off-site tape vaults. Tape libraries for active archives and massive on-site backup can be quite valuable in big data environments. But traditional off-site vaults require users to change tapes, label them, track usage, and order the truck to take them to the off-site vault; then go through another multi-step process to recover the tapes. In this respect online backup is far easier and less prone to manual error.

...

http://www.itbusinessedge.com/articles/cloud-storage-for-business-pros-and-cons.html

Thursday, 20 February 2014 16:49

C’Mon Man Or the End of the World?

It’s the end of the world as we know it,

It’s the end of the world as we know it

It’s the end of the world as we know it, and I feel fine

 The above lyrics came from REM and they reflect how I generally feel about law firm and lawyer pronouncements about the Foreign Corrupt Practices Act (FCPA) enforcement because [SPOILER ALERT] I am a lawyer, I do practice law and I do work for a law firm, the venerable TomFoxLaw. The FCPA Professor regularly chides FCPA Inc. for their scaremongering tactics, usually monikered as ‘Client Alerts’. Mike Volkov is even more derisive when he calls them the FCPA Paparazzi and cites examples from his days in Big Law, where law firm marketing campaigns are centered around doomsday scenarios about soon-to-occur FCPA; UK Bribery Act; or [fill in the anti-corruption law here] prosecutions and enforcement actions. I usually take such law firm scaremonger and blathering’s to be about worth as much as the paper they are printed on. Indeed I chide the FCPA Professor and Monsieur Volkov for their protestations. In other words, I feel fine.

...

https://tfoxlaw.wordpress.com/2014/02/20/cmon-man-or-the-end-of-the-world/

How many passwords do you have? How many can you remember – and what do you do about the others? Business and consumer life is controlled to a significant degree by passwords. It’s a balancing act between making them memorable (for their rightful owners) without opening the door to password abuse or theft. The business continuity challenges that organisations face include weeding out passwords like ‘secret’, ‘1234’ or even just ‘password’, restricting password knowledge to only those who should know, and dealing with passwords that have been forgotten.

...

http://www.opscentre.com.au/blog/the-perils-of-the-password-how-to-protect-your-business-continuity/

Organizations are dealing with more data coming in and out from all sorts of directions these days, without a doubt. Dealing strategically with that data, from integration to analysis, is a huge part of this blog’s goal.

Sometimes, however, you have to stop and smell the tactical. And a recent study conducted by the government IT site MeriTalk raises some BIG red flags about whether federal, state and local governments can manage the influx of data we’re about to see.

The report identifies five factors, which it calls the Big Five of IT, that will significantly affect the flow of data into and out of organizations: Big Data, data center consolidation, mobility, security and cloud computing.

...

http://www.itbusinessedge.com/blogs/integration/survey-shows-government-pipelines-not-ready-for-data-heavy-projects.html

Thursday, 20 February 2014 16:46

The x86 and the Enterprise

Most IT professionals these days are well aware of the coming changes in data center infrastructure – perhaps not on an intimate level just yet, but many of the basic concepts behind cloud computing and software-defined infrastructure seem clear enough.

Last week, I highlighted some of the thinking around the advent of enterprise-class ARM infrastructure in the data center, with the note that ARMs are primarily suited toward large-volume, small-packet workloads characteristic of mobile and web-facing applications. But while much of the trade press has focused on the ARM ultimately “taking over” the data center, knocking the x86 off its 30-year perch, the reality is a bit more nuanced.

The thing is, web/mobile applications are not the only thing coming the enterprise’s way. There are also things like Big Data, enterprise application processing, and even desktop video conferencing and surveillance data to take into consideration. These functions typically involved lower-volume, large-packet workloads, which are more suited to the x86.

...

http://www.itbusinessedge.com/blogs/infrastructure/the-x86-and-the-enterprise.html

Thursday, 20 February 2014 16:45

How to Rethink Security for the New World of IT

InfoWorld — "We shall fight on the beaches. We shall fight on the landing grounds. We shall fight in the fields and in the streets. We shall fight in the hills. We shall never surrender," said Winston Churchill in his famous June 1940 speech in the face of Nazi attacks on England. His earlier committment to the goal of victory, "however long and hard the road may be," is an apt analogy to the security battles that enterprises face.

The bad guys are persistent and sophisticated, and they're making inroads. It is hard to be optimistic when customers, investors, and regulators expect us to totally protect precious assets and preserve privacy, while some governments and vendors on whom we depend are themselves compromising our data, software, and networks.

The fight for security is harder than ever. Most organizations are fighting today's war with yesterday's tools and approaches -- such as protecting perimeters with passwords and firewalls -- and losing. There is too much emphasis on walling off our data and systems, and a misplaced belief that the secured-perimeter approach is adequate.

...

http://www.cio.com/article/748436/How_to_Rethink_Security_for_the_New_World_of_IT

Thursday, 20 February 2014 16:35

Pulling the Reins on Data Breach Costs

CSO — For years enterprises have battled to prevent and manage data breaches, yet the costs associated with data breaches keep climbing higher -- especially for organizations in highly regulated industries. The average cost of a breach today is $188 per record in the U.S, According to the Ponemon Institute, with the total costs of data breach hitting upwards of $5.4 million. Also according to Ponemon average losses are up 18% from the same survey in the prior year.

Our own Global Information Security Survey finds that breach costs are rising, as well, especially for those organizations with less mature security programs.

Is there anything organizations can do to curb rising breach costs? Turns out plenty. And most of it are things enterprises should already be doing.

...

http://www.cio.com/article/748503/Pulling_the_Reins_on_Data_Breach_Costs

WASHINGTON – The U.S. Department of Homeland Security’s Federal Emergency Management Agency (FEMA) is requesting individuals who are interested in serving on the National Advisory Council (NAC) to apply for appointment.  The NAC is an advisory council established to ensure effective and ongoing coordination of federal preparedness, protection, response, recovery, and mitigation for natural disasters, acts of terrorism, and other man-made disasters.

The NAC advises the FEMA Administrator on all aspects of emergency management while incorporating the whole community’s input through appointed council members.

The NAC consists of up to 35 members, all of whom are experts and leaders in their respective fields.  The members of the NAC are appointed by the FEMA Administrator and are composed of federal, state, tribal, local, private sector, and non-profit leaders and subject matter experts in a wide range of disciplines.

Appointments are for a three-year term.  The Administrator may appoint additional candidates to serve as a FEMA Administrator Selection.  The NAC will have one position open for applications and nominations in each of the following disciplines: 

  • Emergency Management
  • Emergency Response
  • Non-Elected Local Government Officials
  • Elected Tribal Government Officials
  • Non-Elected Tribal Government Officials
  • Health Scientist *
  • Communications *
  • Infrastructure Protection *
  • Standards Settings and Accrediting
  • Disabilities

Individuals interested in serving on the NAC are invited to apply for appointment by submitting a Cover Letter and a Resume or Curriculum Vitae (CV) to the Office of the National Advisory Council by email, fax, or mail.  The Cover Letter must include, at a minimum: the discipline area(s) being applied for; current position title and organization; mailing address; a current telephone number; and email address.  Letters of recommendation may also be provided, but are not required.  A complete application must be submitted to be considered for appointment; application criteria, submission information, and contact information can be found on the NAC webpage.  Applications will be accepted until Friday, March 14, 2014, 11:59 p.m. EST. 

The NAC meets in person approximately two times a year.  Members selected for the NAC serve without compensation from the federal government; however, consistent with the charter, members receive travel reimbursement and per diem under applicable federal travel regulations.  Registered lobbyists, current FEMA employees, Reservists, FEMA Contractors, and potential FEMA Contractors will not be considered for NAC Membership.

* Note: Individuals appointed for these positions will serve as a Special Government Employee. For more information on requirements, please visit www.oge.gov/Topics/Selected-Employee-Categories/Advisory-Committee-Members/.

For more information on the NAC visit:  www.fema.gov/national-advisory-council.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

Having spent 17 years of my career in Asia, I’ve long encouraged IT professionals to consider relocating outside of the United States, not just to advance their careers, but to enable them and their families to reap the many benefits of that experience. So when someone with more than 35 years in high-profile leadership positions who’s a lot smarter than I am says the same thing, I want his voice heard.

Ritch Eich, a management consultant and author of the book, “Leadership Requires Extra Innings: Lessons on Leading from a Life in the Trenches,” strongly encourages young people to expand their global outlook. Eich is a keen advocate of considering overseas relocation, so in an interview last week, I asked him to elaborate on the reasons for his advocacy. He said it’s one of the most important things people can do:

...

http://www.itbusinessedge.com/blogs/from-under-the-rug/why-it-pros-need-to-get-out-of-the-united-states-at-least-for-a-while.html

COMPUTERWORLD — California is facing its worst drought in more than 100 years, and one with no end in sight. Conserving water has never been more important, and Silicon Valley has an opportunity to offer technological solutions to the problem.

Consider, for example, the approach the East Bay Municipal Utility District took to encouraging customers to reduce water consumption.

Using technologies not available in earlier droughts, the Oakland-based agency issued report cards on water usage to 10,000 of its 650,000 customers in a year-long pilot program. For instance, EBMUD would put worried-looking smiley faces on the statements it sent to people in two-person households who used more than 127 gallons per day -- the average for a household that size. The statements disclosed each household's actual water usage and urged the customers to "take action" -- and many did.

...

http://www.cio.com/article/748418/California_Fights_Drought_with_Big_Data_Cloud_Computing

Did you develop Big Data in a silo?

It’s okay. You can be honest here. You’re among friends. In fact, it’s a safe bet you’re not alone, since experts were predicting this might happen back in 2012. All the signs suggested organizations were developing Big Data in a sandbox; by default that means Big Data often became yet another data silo.

So you’re in good company if you developed your Big Data analytics in a silo, beyond your regular systems.

...

http://www.itbusinessedge.com/blogs/integration/consider-this-strategic-question-before-integrating-big-data.html

Wednesday, 19 February 2014 17:38

The Data Center as Mainframe

If past is truly prologue, then it shouldn’t come as a surprise to anyone who has studied the history of data infrastructure that virtualization, advanced cloud architectures and open, distributed computing models are starting to look a lot like the mainframe of old—albeit on a larger scale.

Everywhere you look, in fact, people are talking about pooled resources, higher utilization rates, integrated systems and a rash of other mainframe-like features intended to help the enterprise cope with the rising tide of digital information. Put another way: If the network is the new PC, then the data center is the new “mainframe.”

Of course, this new mainframe data center will differ from the old in a number of ways, most notably in the skill sets and development environments needed to run it. At the recent OCPSummit, for instance, there was no shortage of speakers highlighting the need for organizations to ramp up their knowledge of next-generation virtual and cloud technologies that will pull workaday infrastructure management tasks from physical layer infrastructure to more flexible software-defined constructs. It’s worth noting, however, that the virtualization and resource utilization techniques that ushered in the cloud were not created out of whole cloth during the client-server period, but were in fact carried over from earlier mainframe environments.

...

http://www.itbusinessedge.com/blogs/infrastructure/the-data-center-as-mainframe.html

BMC Software wants to eliminate the whole notion of a level-one job ticket when it comes to IT support. BMC today unveiled a series of updates to its IT support software portfolio, including version 2.0 of BMC MyIT, the company’s self-service IT support application that makes use of a social media construct to deliver IT support.

Jason Frye, senior director of the office of the CTO at BMC Software, says with the latest version of BMC MyIT, it’s now possible for IT organizations to collaboratively address most routine IT support issues without ever generating a help desk support ticket. Not only will that make the internal IT support staff more productive, Frye says most end users will have a much higher level of satisfaction because they will be able to resolve most issues on their own.

...

http://www.itbusinessedge.com/blogs/it-unmasked/bmc-leverages-social-media-to-eliminate-help-desk-tickets.html

Tuesday, 18 February 2014 18:02

Seven Steps to Preparedness for Businesses

There are many elements to a successful business continuity and life safety program. The most resilient organizations make sure that their people, teams and response efforts are aligned and resourced.  This article will help you take the right steps to begin your journey to preparedness.

Conduct a Risk Assessment

To be prepared, it is vital for your organization to understand the threats that your locations could face. There are four key perspectives to consider for each of your organization’s locations:

...

http://www.corporatecomplianceinsights.com/seven-steps-to-preparedness-for-businesses/

Good business continuity training helps managers and enterprises prepare business continuity plans. However, they’ll also need to deal with a further factor – human error. This element is a cause of anything from small business failure to nuclear power plant meltdowns. A little information on the subject can help make business continuity that much more robust. Although sophisticated analytical techniques exist to assess human reliability, in the first instance we’ll take a common sense approach. This also makes it easier to apply error-prevention measures to your organisation and boost your business continuity still further. Compare them also with the theory and principles of business continuity from your training classes, and exercises you do to test BC plans.

...

http://www.opscentre.com.au/blog/factoring-in-human-error-in-your-business-continuity-planning/

The new 2014 Annual Report on the State of Disaster Recovery Preparedness from the Disaster Recovery Preparedness Council is an eye opener for IT professionals responsible for backup and recovery of their IT systems.  Based on hundreds of responses from organizations worldwide, the Annual Report provides a wealth of information about how prepared companies are in recovering from outages based on the results of our benchmark survey launched last year.

You can download the report for free at http://drbenchmark.org/

My last blog highlighted the “bad news” from the report:  three out of four companies fail to properly prepare for recovering their IT systems.  One-third reported that critical applications were lost for hours and sometimes multiple days—and one in four said they had lost most, if not all of their datacenter for hours and even days.

...

http://drbenchmark.org/lack-of-planningtesting-a-major-culprit-in-lack-of-dr-preparedness/

Monday, 17 February 2014 18:03

Too Much Data, Too Little Storage

No matter what advances take place in enterprise infrastructure in the coming years, the largest cost center is likely to be storage. Even as infrastructure becomes more software defined, relentlessly increasing data volumes will require organizations to either buy or lease storage capacity in ever larger amounts.

The question, then, isn’t how to cut back on storage, as much as it is how to make more efficient use of available storage. As I’ve mentioned in earlier posts, even cloud infrastructure can start to cost dearly as time passes and data loads mount.

...

http://www.itbusinessedge.com/blogs/infrastructure/too-much-data-too-little-storage.html

A new study from Ponemon and AccessData reveals a disturbing trend in cybersecurity. When hit with some sort of cybersecurity attack, most companies have no idea how to respond or resolve the crisis.

Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations” (registration required to download) surveyed 1,083 CISOs and security technicians to find out how they deal with a data security event. The survey also wanted to know what these security professionals need to better detect such security problems, as well as what tools are needed to remediate problems after an attack.

...

http://www.itbusinessedge.com/blogs/data-security/study-companies-unsure-how-to-respond-to-security-attack.html

Over the past several years, a lot of organizations have done a great job of dramatically reducing their IT costs by going to the cloud and adopting an on-demand computing model. As significant as that is, however, the fact remains that technology isn’t a company’s largest expense, not by a long shot—labor is. So why not dramatically reduce labor costs by adopting an on-demand labor model?

That’s the question I discussed earlier this week with Jeffrey Wald, co-founder and COO of Work Market, a provider of cloud-based contract labor management services, and a company that’s positioning itself to capitalize on what it sees as an inevitable shift to on-demand labor. I asked Wald to what extent he thinks the savings generated by on-demand computing is leading businesses to ask themselves, why not extend this model to the work force and implement on-demand labor? Wald said companies are making that connection:

...

http://www.itbusinessedge.com/blogs/from-under-the-rug/we-have-on-demand-computing-why-not-on-demand-labor.html

Monday, 17 February 2014 17:45

Are CIOs Losing Power?

Computerworld — There's a school of thought that IT departments -- and CIOs -- are disappearing. As more and more businesses buy cloud-based services, and turn to self-service and bring-your-own-device models, IT decision making is spreading throughout an organization, some experts say.

A new study by Forrester illuminates the changing IT landscape. It found that the share of IT projects primarily or exclusively run by IT department will decline from 55% in 2009 to 47% in 2015.

The study did find a rise in the number of IT projects handled jointly by CIO-led teams and business groups. More than a third of IT projects today are collaborative ventures, handled at all stages by multiple parties in an organization, Forrester says.

Only a little over 7% of IT purchases are now done without involvement by the CIO, and they are mostly smaller tech procurements. Clearly, the Forrester study doesn't suggest that the CIO's job is headed for extinction, but its conclusions about how the CIO's role is changing are telling.

...

http://www.cio.com/article/748348/Are_CIOs_Losing_Power_

Data management isn’t enough anymore — it’s time to think more broadly about data and how it’s managed, experts say. It’s time to shift to enterprise information management.

Why? (I feel like a broken record just saying it. But if you insist, I’ve found some new data to back me up.)

Ventana Research just released a benchmark research report on information optimization, according to Information Management. It includes this finding: While 97 percent of organizations say it’s important or very important to make information available to the business and customers, only 25 percent are satisfied with the technology they’re using to provide access to that data.

...

http://www.itbusinessedge.com/blogs/integration/it-often-resource-strapped-in-business-push-for-better-information.html

Friday, 14 February 2014 14:44

Failure to Change Kills Resilience

Here in the UK we are suffering from some quite serious coastal and inland flooding which is causing infrastructure damage, danger to life and will have significant long and short-term effects. The British are sometimes thought of as arrogant (I don’t think we are) but the arrogance of failing to change, and to accept that the failure to change will have an impact, is quite staggering when looking at what has happened here.

Failure to change 1: regardless of the cause, it is quite clear that weather patterns are changing; we have had more cases of flooding in the past 10 years than in recorded memory. So why have our infrastructure management systems been unable to cope with the effects of these floods? Because there has been little effective contingency planning. Such planning, to be effective, needs to include the self and wider analysis that truly recognises what happened previously and then allocates time, effort, money and personnel to the preparation of a flexible and deliverable civil protection and resilience plan. Our emergency response systems appear to be unable to manage and cope with the overall effect of these floods. Clarity of hindsight is a luxury; however the current planning processes and structures will need to change to manage the inevitable ‘next time’.

...

http://buckssecurity.wordpress.com/2014/02/12/failure-to-change-kills-resilience/

Thursday, 13 February 2014 16:26

A vision of the future

I’m relatively new to business continuity management, with only a little over ten years’ experience in this industry that is said to be made up of the 'Men in Grey' - bearded and grey suited men. Someone said this to me at last year’s BCI World Conference, I then looked in the mirror and sure enough that was me already.
So in my short time what changes have I seen, what incenses me and what gives me hope that as an Institute we are making progress?

Like many when they start out in this industry, I was volunteered as opposed to being a volunteer. It was in the days of PAS56 (Publicly Available Specification 56), the forerunner to BS25999 and now ultimately ISO22301.

...

http://thebceye.blogspot.com/2014/02/a-vision-of-future.html

Ron Hale is acting CEO of ISACA, as well as the association’s chief knowledge officer. Hale has more than 20 years of experience in the security field. Prior to joining ISACA, he was manager of security services for Northrop Corporation Defense Systems Division and a research manager for the Bank Administration Institute. He has also provided consulting services as a practice director in the Enterprise Risk Management division within Deloitte & Touche. He has a master’s degree in criminal justice from the University of Illinois and a doctorate in public policy from the Walden University School of Public Policy and Administration. In recognition of his accomplishments at ISACA, Hale was named to the NACD’s 2013 Directorship 100, a distinction given to 100 individuals who exemplify knowledge, leadership and excellence in corporate governance.

What changes have you seen in IT audit in the past few years and what changes do you anticipate going forward?

The IT audit profession has experienced a significant transition in the last years. First and most important, the concept of IT audit has been replaced by information systems (IS) audit due to the expanding nature of information systems within the enterprise and the critical reliance on information as a business enabler. Technology is no longer the primary focus. The work of auditors proficient in computing and communications technologies – as well as how these technologies are implemented and managed and integrated into business processes – is an essential part of providing assurance that risks are identified and effectively managed and that business processes involving technology solutions and processes are in compliance with enterprise policies.

...

http://www.corporatecomplianceinsights.com/corporate-compliance-insights-interview-responses-from-ron-hale-ph-d-cism-acting-ceo-of-isaca

Residents Urged to Continue Following Guidance from Local Officials

WASHINGTON – The Federal Emergency Management Agency (FEMA) continues to closely coordinate with impacted and potentially impacted states in the path of a severe winter storm, through its National Response Coordination Center in Washington D.C. and its regional offices in Atlanta, Boston, New York City and Philadelphia.

Today, President Obama declared an emergency for all counties in the State of South Carolina, at the request of Governor Nikki Haley, authorizing FEMA to support the state in its efforts to respond to the storm. The declaration comes in addition to the President’s Emergency Declaration for 91 counties in the State of Georgia yesterday, at the request of Governor Nathan Deal.

FEMA has deployed an Incident Management Assistance Team to the Georgia Emergency Operations Center in Atlanta, along with liaisons to the state emergency operations centers in Georgia, Maryland, Pennsylvania, South Carolina, and Virginia to facilitate close coordination with the states. FEMA has activated its Regional Response Coordination Centers in Atlanta and Philadelphia, and continues to be in close contact with state, tribal and local partners in impacted and potentially impacted areas and stands ready to support its partners, if requested and needed.

FEMA has also established an Incident Support Base in Augusta, Georgia where additional federal teams are on the ground. Commodities including generators, meals, water, blankets, and cots are being moved to that location. At all times, FEMA maintains commodities, including millions of liters of water, millions of meals and hundreds of thousands of blankets strategically located at distribution centers throughout the United States and its territories, including Atlanta, Ga. and Frederick, Md., if needed and requested.

The U.S. Department of Transportation’s Federal Highway Administration is helping facilitate the expedited movement of utility trucks and personnel in Florida, Georgia, Mississippi, and South Carolina which includes bypassing weigh stations as long as they are under the legal weight requirements.

According to the National Weather Service, dangerous ice and snow and is expected to intensify this evening as the storm moves up the Eastern Seaboard, affecting locations across the mid-Atlantic and Northeast. More than one inch of ice accumulation is possible from central Georgia into South Carolina through Thursday morning. Residents along the path of the storm can find their local forecast at www.weather.gov.

When natural disasters like severe weather strike, the first responders are local emergency and public works personnel, volunteers, humanitarian organizations, and private organizations who provide emergency assistance required to protect the public's health and safety and to meet immediate human needs.

FEMA encourages residents and visitors in the track of the storms to follow the instructions of state, local and tribal officials, and monitor NOAA Weather Radio and their local news for updates and directions provided by local officials. Residents can find trusted sources for weather and preparedness information via Twitter on FEMA’s Social Hub here: http://www.fema.gov/social-hub

Wireless Emergency Alerts are currently being sent directly to many cell phones on participating wireless carrier networks. These alerts are sent by public safety officials such as the National Weather Service about imminent threats like severe weather. They look like a text message and show the type and time of the alert, any action you should take, and the agency issuing the alert. More information on Wireless Emergency Alerts is available at http://www.ready.gov/alerts.  Individuals can check with their cellular carrier to determine if their phone or wireless device is WEA-enabled. 

FEMA encourages all Americans to visit www.ready.gov or www.listo.gov to learn more about how to be better prepared and how to protect your family during emergencies.

Generator Safety

Carbon monoxide or CO is a colorless and odorless gas that is emitted from fuel burning appliances, like generators, or machines that are not working or venting properly. Breathing in high levels of Carbon Monoxide can be fatal and kills more than 150 Americans annually. FEMA recommends the following steps to protect your family from the dangers of carbon monoxide:

  • Install and maintain CO alarms inside your home to provide early warning
  • Install CO alarms in a central location outside each separate sleeping area and on every level of your home
  • Use portable generators outdoors in well-ventilated areas away from all doors, windows and vents
  • Make sure vents for the dryer, furnace, stove and fireplace are clear of snow and other debris, and
  • Remove vehicles from the garage immediately after starting.

For more information and winter preparedness tips, please visit: www.usfa.fema.gov to find out more on carbon monoxide and fire safety.

Preparing for Severe Winter Weather

Get to know the terms that are used to identify winter storm hazards and discuss with your family what to do if a winter storm watch or warning is issued.

  • A Winter Weather Advisory means cold, ice and snow are expected.
  • A Winter Storm Watch means severe weather such as heavy snow or ice is possible in the next day or two.
  • A Winter Storm Warning means severe winter conditions have begun or will begin very soon.
  • An Ice Storm Warning is when freezing rain produces a significant and possibly damaging accumulation of ice.
  • Freezing Rain creates a coating of ice on roads and walkways.
  • Sleet is rain that turns to ice pellets before reaching the ground. Sleet also causes roads to freeze and become slippery.

Avoid traveling by car, but if you must, make sure you have an emergency supply kit in the trunk of your car. FEMA encourages families to maintain an emergency supply kit both at home and in the car to help prepare for winter power outages and icy or impassable roads.

An emergency supply kit should include a three-day supply of food and water, a battery-powered or hand-crank radio and extra flashlights and batteries.  Thoroughly check and update your family's emergency supply kit and add the following supplies in preparation for winter weather:

  • Rock salt to melt ice on walkways;
  • Sand to improve traction;
  • Snow shovels and other snow removal equipment; and
  • Adequate clothing and blankets to help keep you warm.

Ensure your family preparedness plan and contacts are up to date. Learn about the emergency plans that have been established in your area by your state and local government, and ensure your home and car are prepared for the winter weather.

For more information and winter preparedness tips, please visit: www.ready.gov/winter-weather or www.listo.gov  to find out how you can prepare your family for winter storms and other disasters.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

Ask people where the next surprise will be in disaster recovery and they may well point to technology, the weather or legislation. While all of these areas should be taken into consideration, there’s another one that is vital to good DR management.  It’s people.  Perhaps because it’s so obvious, disaster recovery plans sometimes gloss over the human resources factor. ‘Get everybody back to work ‘ is frequently all that’s said, after a detailed discussion of phased computers and network recovery. However, it may take more than snapping your fingers to bring productivity back in a timely way.

People within a business are considered the center of Business Continuity Planning, where areas of concern and actions to be taken include:

...

http://www.opscentre.com.au/blog/a-startling-idea-in-disaster-recovery-and-nothing-to-do-with-technology/

Thursday, 13 February 2014 16:00

6 Failures That Led to Target Hack

Computerworld — A recent edition of the Computerworld Security Daily Newsletter contained no fewer than four articles discussing the data breach at Target, which was first disclosed way back in December. What exactly happened to Target remains a matter of great interest.

What's being said about the hack is that it was enabled by a single point of failure. The blame is pinned on unstoppable malware on the point-of-sale (POS) systems or, alternatively, on a compromise of an HVAC contractor's credentials. Either way, Target wants you to believe that the chain was exactly what its name implies: the target of a highly sophisticated attacker.

But the truth is that systematic failures, and not a single point of failure, led to the Target hack. No single vulnerability was exploited. There were vulnerabilities throughout Target's security architecture that led to the theft of 110 million payment card numbers, along with the personally identifiable information of most of the affected cardholders.

...

http://www.cio.com/article/748164/6_Failures_That_Led_to_Target_Hack

Spreadsheets should be banned from the risk management process says Keith Ricketts.

Spreadsheets are universally loved. Why? Because they give everyone their own version of the truth, with complete autonomy to update and amend them as often as they like, without interference from anyone else. However, while spreadsheets might be great tool at an individual level they are completely un-scalable, and therefore totally unsuitable for compiling and analysing information enterprise-wide, or even for individual projects.

When applied to a risk management scenario, the potential horrors magnify. Who knows what risks are lurking in a spreadsheet so far undiscovered, with all around thinking that they have ‘ticked the box’ and that risk is managed.  Using spreadsheets and emails to manage risk, is a very risky approach.

Here are the main reasons that the spreadsheet approach doesn’t work:

...

http://www.continuitycentral.com/feature1147.html

Wednesday, 12 February 2014 16:34

Winter weather business continuity advice

Marsh has published a new document which aims to help organizations ensure business continuity during severe winter weather.

Winter weather events mixed with a lack of preparation can lead to building damage, freeze-up, flood, and business interruption losses says Marsh. Advance preparation can help to mitigate winter weather impacts on your operations and business continuity.

The document provides a useful checklist of winter weather impacts mitigation. Read it here (PDF).

Wednesday, 12 February 2014 16:34

Four steps for minimising cloud deployment risks

Companies are no longer tolerant of security-and-compliance teams telling them they cannot go to the cloud: instead risk teams must learn how to adapt to the cloud environment. This is the view of John Overbaugh, managing director of Security Services at Caliber Security Partners.

Writing for http://www.isaca.org, Mr. Overbaugh suggests
four steps for organizational risk leaders to follow to help their companies adopt cloud technologies while minimizing overall risk:

...

http://www.continuitycentral.com/news07102.html

Computerworld — The headlines about the storm approaching Georgia include a tinge of panic and wonder, but the view from Monty Hamilton's Atlanta office is of streets calm and empty.

Hamilton is the CEO of Rural Sourcing Inc., a domestic IT services company based in downtown Atlanta. He reported Tuesday afternoon that it was raining, but the streets were mostly deserted as weather reports forecast freezing rain and power outages.

"It's pretty vacant right now," said Hamilton, who said the city and state were doing a lot to prepare for the storm. That's in contrast to two weeks ago when a storm paralyzed the city with several inches of snow, leaving many stranded, including Hamilton.

...

http://www.cio.com/article/748120/The_View_From_One_Atlanta_IT_Firm_as_Historic_Storm_Nears

Wednesday, 12 February 2014 16:32

Make Way for the Multi-PC Enterprise

The PC is dead. The PC is not dead. The PC is sort of dead, but that’s OK because the new client devices are much cooler.

By now, just about every theory on the PC’s future in the enterprise has been thoroughly consumed and digested by the technorati. And while the term “dead” gets thrown around a lot, it is clear that although the PC is no longer the primary means of data access in the enterprise, neither is it headed for the scrap heap.

A more likely scenario is that the PC will change in both form and function as the enterprise heads into the cloudy, mobility-drive future. The key question, then, is how.

...

http://www.itbusinessedge.com/blogs/infrastructure/make-way-for-the-multi-pc-enterprise.html

There is a 75% chance of an El Niño event in 2013, according to an early warning report published in Proceedings of the National Academy of Sciences (PNAS). The researchers used a new method that uses network analysis to predict weather systems up to a year ahead, instead of the usual six-month maximum of other approaches. The model successfully predicted the absence of El Niño in 2012 and 2013.

El Niño events are characterized by a warmer Pacific Ocean, which results in a disruption to the ocean-atmosphere system. This can lead to warmer temperatures worldwide, droughts in Australia and Southeast Asia, and heavy rain and flooding in parts of the U.S. and South America. If such an event occurred toward the end of 2014, the increased temperatures and drought conditions could persist through 2015.

The researchers suggested that their work might help farmers and government agencies by giving them more time to prepare and to consider investing in flood- or drought-resistant crops.

...

http://www.riskmanagementmonitor.com/new-forecasting-method-predicts-75-chance-of-el-nino-in-2014

The Target data breach is the gift that keeps on giving. It continues to capture attention with new revelations and insights.

The real opportunity for security professionals is to side-step speculation and use the coverage to spark productive conversations. The kinds of discussions that help others understand your value and set the stage for necessary changes.

The latest development was the potential compromise through a third party HVAC contractor. 

Now the details around Target, an ongoing investigation, are still a bit murky. Brian Krebs is on the case and providing a valuable service to the industry. Let’s leave investigation to Brian and take the opportunity to build on his work to improve our organizations.

- See more at: http://blogs.csoonline.com/security-leadership/2984/if-target-got-breached-because-third-party-access-what-does-mean-you#sthash.zZMSvMgx.dpuf

Mark Kedgley examines the importance of real-time file integrity monitoring in a constantly and quickly evolving threat landscape.

Few experts would argue against the importance of real-time file integrity monitoring (FIM) in an era of fast changing and sophisticated security threats. It is literally impossible to second guess the method of a breach and therefore the ‘last line of defence’ detection offered by FIM has never been more critical. The worldwide coverage of the recent breach at Target shows how vital cybersecurity is, and how high the stakes are if your defences are breached. Little wonder that leaders in security best practices such as NIST, the PCI Security Standards Council and the SANS organisation all advocate FIM as an essential security defence.

That said, many would also challenge the actual value and quality of some FIM deployments over the past decade. From the highly complex, $multimillion software investments all the way down to freeware, far too many deployments are actually increasing, rather than reducing, business risk by creating a deluge of unmanaged and unmanageable alerts. Put simply - too much information and not enough context to provide an effective solution.

...

http://www.continuitycentral.com/feature1146.html

Protiviti recently partnered with North Carolina’s State University’s ERM Initiative to conduct its second annual ‘Executive Perspectives on Top Risks Survey’. This obtained the views of more than 370 United States-based board members and C-suite executives about risks that are likely to affect their organization in 2014.

Key findings included:

  • The overall survey responses suggest a business environment in 2014 that is slightly less risky for organizations than it was a year ago - however, board members view it to be more risky this year compared to 2013.
  • Regulatory change and heightened regulatory scrutiny represents the top overall risk for the second consecutive year.
  • Cyber threats and privacy/identity management are seen as an increasing threat.

The top 10 risks as perceived by executives are:

...

http://www.continuitycentral.com/news07099.html

According to the Philadelphia Business Journal and other internet sources, hackers apparently accessed Target's data base via a subcontractor's data credentials.

The Wall Street Journal reports that a Pittsburgh PA refrigeration contractor began working with Target in 2006 installing and maintaining refrigerator systems in stores as the discounter expanded its fresh food offerings. Through that relationship, the contractor was linked remotely to Target's computer systems for "electronic billing, contract submission and project management.

Target's liability comes from its IT security advisors' failure to ask the important "What if" questions.

...

http://johnglennmbci.blogspot.com/2014/02/erm-bc-coop-vendor-with-access-to-data.html

Tuesday, 11 February 2014 17:09

Data Breaches Becoming More Damaging

Recent breaches of customer data at retailer Target and banking giant Barclays are making headlines and underscore the growing risk to businesses from data breaches.

Of course, there’s a personal impact too.

The just-released 2014 Identity Fraud Report by Javelin Strategy & Research reveals that data breaches are now the greatest risk factor for identity fraud.

In 2013, one in three consumers who received notification of a data breach became a victim of fraud, up from one in four in 2012, the report found.

Some 46 percent of consumers with breached debit cards in 2013 became fraud victims in the same year, compared to only 16 percent of consumers with a social security number breached.

...

http://www.iii.org/insuranceindustryblog/?p=3543

Tuesday, 11 February 2014 17:09

Survey: Workplace Misconduct at Historic Low

National Business Ethics Survey by Ethics Resource Center Reveals Decline in Workplace Misdeeds, Improvement in Ethics Culture in Past Six Years 

ARLINGTON, Va.  — Research released today by the Ethics Resource Center (ERC), America’s oldest nonprofit advancing high ethical standards and practices in public and private institutions, reveals that workplace misconduct is at an historic low, having steadily and significantly declined since 2007.

The eighth National Business Ethics Survey (NBES) shows that 41 percent of more than 6,400 workers surveyed said they have observed misconduct on the job, down from 55 percent in 2007. In addition, the report found that fewer employees felt pressure to compromise their standards, down to nine percent from 13 percent in 2011.

Noted Michael G. Oxley, ERC Chairman of the Board, former Congressman and House co-sponsor of the Sarbanes-Oxley Act of 2002, “Companies are working harder to build strong cultures and implement increasingly sophisticated ethics and compliance programs. The results of the survey are encouraging and show that companies are doing a better job of holding workers accountable, imposing discipline for misconduct and letting it be known publicly that bad behavior will be punished.”

...

http://www.corporatecomplianceinsights.com/news/survey-workplace-misconduct-at-historic-low/

By with Nidhi Rao

Whether based on a whistleblower complaint or because you are subject to an inquiry from a governmental agency, a company faced with potential employee misconduct must perform an internal investigation. The goals of an internal investigation are to understand the nature and scope of the issue(s) and to take necessary remedial action promptly. To be truly effective,  an organization should aim to achieve these goals while minimizing the impact on the company’s routine business operations.

Unfortunately, companies often inadvertently overlook certain issues in this process, which can result in an ineffective investigation and may pose additional litigation risks for the company.

Here is a list of five factors often overlooked when conducting an internal investigation:

...

http://www.corporatecomplianceinsights.com/five-factors-often-overlooked-when-conducting-an-internal-investigation/

It started with IT server virtualisation and then continued with cloud computing. Instead of physical machines running a company’s own software applications, we now simply have interfaces to virtual instances of these things. Computing resources are no longer located in a specific piece of equipment on a company’s premises. They are ‘somewhere’ in the cluster of virtualised servers, or on the network, or in the cloud. Software as a Service (SaaS) takes it all a step further: now not only are businesses relieved of the need to buy and run their own hardware, but there’s someone else to look after the software too. The potential advantages of budget flexibility, resilience and scalability are clear. But that doesn’t change the need to continually verify solid business continuity management, from one end right through to the other.

...

http://www.opscentre.com.au/blog/virtualise-all-you-want-but-business-continuity-must-still-be-end-to-end/

Tuesday, 11 February 2014 17:06

Redefining the BIA

By Geary Sikich

If we agree on the basic premise that business continuity can be defined as sustaining what is critical to the enterprise’s survivability during periods of discontinuity; then we must recognize that the activity known as the business impact assessment / analysis (BIA) needs to be redefined.

The BIA, as currently practiced does not necessarily achieve the following:

  • Define what is critical to the organization;
  • Develop strategies to recover/sustain during times of discontinuity.

I posit a two-phase BIA framework consisting of a pre-event general analysis and a post-event identification and assessment of business impacts and potential consequences for the enterprise.

Events are nonlinear and therefore carry uncertain outcomes. As a result, traditional pre-event BIAs are of little value when conducted using concepts such as mission critical, recovery time objectives, recovery point objectives, etc. Events evolve; the elements of randomness and nonlinearity create opaqueness (opacity: the quality of being difficult to understand or explain) that a traditional BIA underestimates.

...

http://www.continuitycentral.com/feature1145.html

Tuesday, 11 February 2014 17:05

How protected are your cloud assets?

By Mark Kraynak

Gartner predicts that global spending on public cloud services will grow from $155 billion this year to $210 billion in 2016. The forces driving enterprise IT to the cloud are faster deployment and easier management, which translate in the end to less cost. But at the same time, cloud deployment is significantly increasing security and compliance risk because security solutions have not kept up – leaving high value assets seriously exposed.

So what are some of the security gaps exposed by this ‘cloudification’ of the data center? They include:

...

http://www.continuitycentral.com/feature1144.html

Tuesday, 11 February 2014 17:04

Buy or Lease: Cost Equations in the Cloud

The subject of cloud costs keeps popping up in IT circles, most likely the result of more than two years’ worth of experience in shifting enterprise workloads off of traditional data center infrastructure. Increasingly, though, it seems that the cloud is not always the best choice for the pocketbook, particularly when long-term, scale-out architectures are needed.

I touched on this last month when I discussed a number of new analyses that claim internal enterprise resources can be delivered quite efficiently and at broad scale provided they are housed on the same virtual, federated infrastructure that powers most cloud services. Rob Enderle, for example, pointed out that private clouds can come in at half the cost of leading public services depending on the type of workload and the amount of data involved. A key factor in this disparity turns out to be rogue cloud deployments, which can often lead to redundancy and data duplication.

...

http://www.itbusinessedge.com/blogs/infrastructure/buy-or-lease-cost-equations-in-the-cloud.html

IDG News Service (Boston Bureau) — CIOs still have the last word over most IT spending but over time they will work more closely with business units on buying decisions, a Forrester Research survey finds.

Only 6.3 percent of new technology purchases in the U.S. were made and implemented solely by business units in 2013, according to the report's author, Forrester vice president and principal analyst Andrew Bartels. Some 9 percent of spending involved technology the business unit chose but the CIO's team implemented and managed.

However, "the ideal tech-buying process is one in which the business and the CIO's team work together to identify a need, find and fund a solution, choose the right vendor or vendors, implement it, and manage it," Bartels wrote in the report. "We estimate that more than a third of tech purchases will fit that profile by 2015."

...

http://www.cio.com/article/748018/CIOs_Still_in_Control_of_Most_IT_Spending_Forrester_Says

Security is the No. 1 impediment to Cloud Service adoption. Forrester’s research has shown this over the last three years. Cloud Service Providers (CSPs) are responding to this issue. AWS has built an impressive catalog of security controls as a part of the company’s IaaS/PaaS offerings.  If you are currently or considering using AWS as a CSP you should check out the following new research.

AWS Cloud Security - AWS Takes Important Steps For Securing Cloud Workloads

As chairman of the Disaster Recovery Preparedness Council, I’m proud to announce that we’ve issued our first annual report on The State of Disaster Recovery Preparedness.  Based on hundreds of responses from organizations worldwide, the 20-page 2014 Annual Report provides a close look at how companies are doing when in comes to disaster recovery best practices based on our ground-breaking benchmark survey launched in 2013.

You can download the report for free at http://drbenchmark.org/

First, the bad news: For some it may come as a shock that three out of four companies taking the survey are at risk, failing to properly prepare for recovering their IT systems in the event of an outage or disaster. Others may not be so surprised.   The report, however, does highlight some sobering statistics when it comes to the damage companies are suffering when they are unprepared.

...

http://drbenchmark.org/state-of-global-disaster-recovery-preparedness-2014-annual-report-now-available/

CIO — Red Hat and Hortonworks, provider of one of the most popular Apache Hadoop distributions, expanded their existing strategic alliance on Monday as part of an effort to make it easier than ever to bring Hadoop into the enterprise in production environments.

Under the expanded alliance, the partners will integrate their product lines and enable joint go-to-market initiatives and seamless collaborative customer support. Additionally, the partners announced the availability of a beta of a Hortonworks Data Platform (HDP) plug-in for Red Hat Storage that allows Hortonworks' Hadoop distribution to run natively on top of Red Hat's storage offering.

...

http://www.cio.com/article/748045/Red_Hat_and_Hortonworks_Expand_Strategic_Big_Data_Alliance

Richard Chambers, CIA, CGAP, CCSA, CRMA, shares his personal reflections and insights on the internal audit profession. 

Internal auditors are right to be concerned about third-party risks. The days of a company’s suppliers or partners being well-known and trusted businesses on the same street or town are a distant memory.

In the interconnected, global economy of the 21st century, you are apt to be purchasing raw materials, components, or services from business entities halfway around the world. In turn, these unfamiliar partners may be acquiring subcomponents from other businesses whose very existence may be unknown to us. Third parties can create extraordinary risks for an enterprise, as we have seen played out repeatedly on the global stage.

Hiring practices, working conditions, conflict minerals, carbon footprint, political conflict, data security, financial stability, intellectual property — the list goes on. No brand is immune; no partner too pure. Third-party relationships can reside in any part of an organization, with one contract often having little bearing on another.

...

http://www.theiia.org/blogs/chambers/index.cfm/post/Do%20You%20Know%20What%20Your%20Third%20Parties%20Are%20Up%20To?

Monday, 10 February 2014 16:45

The Path to Big Data Mastery

COMPUTERWORLD — The think-tankers on the Executive Leadership Council at AIIM systematically use a four-box matrix to reduce uncertainty, allocate investments and calibrate new product/service initiatives. This simple tool -- with "important and difficult" in the upper right and "unimportant and easy" in the lower left -- produces surprisingly powerful insights.

During year-end discussions with 40 executives in 20 vertical markets, I discovered that they all now place big data in that upper-right quadrant. Similarly, readers of Booz & Co.'s Strategy+Business blog designated big data the 2013 Strategy of the Year, and the co-directors of Cognizant's Center for the Future of Work, in a masterful white paper, placed big-data-enabled "meaning making" at the pinnacle of strategic endeavor.

That was enough to prompt me to roll up my sleeves and systematically examine, vertical market by vertical market, how organizations are organizing their path to big data mastery.

...

http://www.cio.com/article/747979/The_Path_to_Big_Data_Mastery

Monday, 10 February 2014 16:44

Sidestepping the Risk of a Privacy Breach

This week, we reached the inevitable point in the controversy over the credit and debit card breaches where grim-faced retail executives from Target and Neiman Marcus, industry experts and consumer advocates turned up in Washington. They raised their hands and delivered well-rehearsed statements to our elected representatives.

It’s a familiar bit of theater, but their messages about the security of our personal data when we pay using plastic were startling.

“The innovations that are driving the industry forward and presenting consumers with exciting new methods of making purchases is also rapidly expanding beyond the bounds of our existing regulatory and consumer protection regimes,” went the written testimony of James A. Reuter, speaking on behalf of the American Bankers Association. “And, as has historically been the case, the criminals are often one step ahead as the marketplace searches for consensus.”

...

http://www.nytimes.com/2014/02/08/your-money/sidestepping-the-risk-of-credit-and-debit-card-fraud.html

TECHWORLD — Extreme Networks has unveiled an ASIC-based big data analytics system that marries network data with application data to make it easier to manage large networks and cloud deployments.

The Purview offering provides visibility into application use across the network, helping organisations in four ways, said Extreme.

The product can improve the experience of connected users, enhance organisations' understanding of user engagement, it optimises application performance, and protects against malicious or unapproved system use.

...

http://www.cio.com/article/747931/Extreme_Marries_Network_Application_and_Cloud_Data_to_Up_User_Performance

Monday, 10 February 2014 16:42

Big Data Skills Pay Top Dollar

Network World — Tech salaries saw a nearly 3% bump last year, and IT pros with expertise in big data-related languages, databases and skills enjoyed some of the largest paychecks.

Average U.S. tech salaries climbed to $87,811 in 2013, up from $85,619 the previous year, according to Dice's newly released 2013-2014 Salary Survey. Significantly, nine of the top 10 highest paying IT salaries are for skills related to big data, says the tech career site.

At the top of the list is R, a software environment for statistical computing and graphics. Here's the full list of the top 10 highest paying IT salaries:

1. R: $115,5312. NoSQL: $114,7963. MapReduce: $114,3964. PMBok: $112,3825. Cassandra: $112,3826. Omnigraffle: $111,0397. Pig: $109,5618. Service Oriented Architecture: $108,9979. Hadoop: $108,66910. Mongo DB: $107,825

...

http://www.cio.com/article/747927/Big_Data_Skills_Pay_Top_Dollar

Executives from Target and Neiman Marcus still don’t know how they could have better protected their customers from cybercriminals, they said at a congressional hearing Wednesday.

Asked exactly how recent attacks occurred, Target’s John Mulligan answered: “We don’t understand that today.’’ The company is still investigating, said Mulligan, the company’s chief financial officer and executive vice president, and “certainly from that there will be learnings.”

Michael Kingston, the chief information officer of the Neiman Marcus Group, said, “We’ve not yet found any evidence of how hackers were able to infiltrate our network.’’ The attack was “customized to evade detection’’ and occurred “in real time, when the card was swiped” just milliseconds before being encrypted. The breaches prompted several congressional hearings and briefings; last week, Attorney General Eric H. Holder Jr. told the Senate Judiciary Committee that his agency is investigating them.

Wednesday’s House hearing, “Can data breaches be prevented?,” ran 31 / 2 hours, but the short answer was: No. That’s despite the “hundreds of millions” Target spent trying, and the “tens of millions” Neiman’s spent.

...

http://www.washingtonpost.com/business/economy/can-data-breaches-be-prevented-congresss-and-companies-answer-for-now-no/2014/02/05/94d607ae-8e9d-11e3-b46a-5a3d0d2130da_story.html

The Committee of Permanent Representatives has endorsed an agreement between the Hellenic Presidency of the Council and European Parliament representatives with a view to establishing a European surveillance and tracking service. This will have the aim of enhancing the security of space infrastructures and the safety of satellite operations by reducing collision risks and helping to monitor space debris.

Space infrastructure is increasingly threatened by collision risks due to the growing population of satellites and the amount of space debris. In order to mitigate the risk of collision it is necessary to identify and monitor satellites and space debris, catalogue their positions, and track their movements. When a potential risk of collision has been identified satellite operators can then be alerted in time to move their satellites.

This activity is known as space surveillance and tracking (SST) and operational SST services do not currently exist at a European level.

The new SST support framework will foster the networking of national SST assets to provide SST services for the benefit of both public and private operators of critical space-based infrastructures.

More details.

Here’s a humbling prediction for IT: By 2018, the CMO’s IT budget could “outstrip” the CIO’s budget, according to Gartner.

And that’s fine with CMOs, who now see marketing as the natural home for Big Data projects, according to a recent Harvard Business Review Blog post written by Jesko Perrey and Matt Ariker of McKinsey & Company.

Predictably enough, CIOs see the situation a bit differently. But the naked truth is that both CMOs and CIOs “are on the hook for turning all that data into above-market growth,” Perrey and Ariker note.

...

http://www.itbusinessedge.com/blogs/integration/can-the-chief-data-officer-help-everyone-just-get-along.html

In publishing its “Security Research Cyber Risk Report 2013,” an annual update, HP has delved into a number of the most vexing contradictions in security and risk management. The report’s goal, states HP, is “to provide security information that can be used to understand the vulnerability landscape and best deploy resources to minimize security risk.”

Key findings included these:

“Research gains attention, but vulnerability disclosures stabilize and decrease in severity.” The number of publicly disclosed vulnerabilities remained stable in 2013, as the number of high-severity vulnerabilities dropped for the fourth year in a row. Asks HP, “Is this a good indication of the improving awareness of security in software development or does this indicate a more nefarious trend – the increased price of vulnerabilities on the black market for APTs resulting in less public disclosures?”

...

http://www.itbusinessedge.com/blogs/governance-and-risk/hp-report-elaborates-on-contradictions-in-security-risks.html

CIO — Last year, Yahoo made headlines for rescinding its once-liberal work-from-home policies in the interests of "productivity" and "accountability." But not having a plan in place for keeping the business running if your employees physically cannot get to the office -- in the event of a winter storm, hurricane or even day-to-day concerns like a family illness or car trouble -- could put you at a significant disadvantage.

Here's how you can prepare your workforce - and your business - for the inevitability of employees working from home.

Business As (Un)Usual

The good news is that most organizations already embrace technologies like the cloud that ease employees' capability to connect and collaborate from almost anywhere.

...

http://www.cio.com/article/747867/How_to_Prepare_Your_Business_And_Your_Employees_to_Work_Remotely

CIO — How can CIOs and IT executives help their teams be more productive (besides providing them with free food)? Here are the top 11 tips -- from CIOs, IT executives, productivity and leadership experts and project managers -- for getting the most out of your IT team.

1. Set goals -- and be "Agile." "Be Agile in your goal setting," says Zubin Irani, cofounder & CEO, cPrime, a project management consulting company. "Have the team set goals for the quarter -- and break the work into smaller chunks that they can then self-assign and manage."

2. Communicate goals, expectations and roles from the get-go. "Provide your team with background information and the strategic vision behind [each] project, activity, task, etc.," says Hussein Yahfoufi vice president, Technology & Corporate Services, OneRoof Energy, a solar finance provider. "Not only does providing more background and information motivate employees more, [it makes them] feel more engaged."

...

http://www.cio.com/article/747843/11_Ways_to_Improve_Your_IT_Team_s_Productivity