Fall World 2016

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 29, Issue 3

Full Contents Now Available!

Industry Hot News

Industry Hot News (6244)

Thursday, 12 September 2013 14:29

Helping Children Cope With a Disaster

David J Schonfeld, MD, FAAP

Children often become distressed after a disaster, especially if it has directly impacted them or someone they care about.  They may also feel sad or sorry for others and want very much to help them.  Worries that something similar will happen to them or their family may lead them to ask a lot of questions so that they can better understand what has happened and therefore what they can do to protect themselves and their family.  Parents and other adults who care for children can do a lot to help them understand and cope.

kids

Inform children and start the conversation.  It is difficult to deal with something that you don’t understand.  Even very young children will sense when something is wrong or upsetting the adults in their lives, even if they have been told nothing.  Children should be notified about a disaster as soon as possible after it occurs, otherwise they will likely find out by overhearing others or through the media (including social media).  Start by asking them what they may have already heard about the event; correct any misinformation or misunderstanding they may have.  Provide information to them in simple and direct terms, without unnecessary detail.  Television, radio, and social media often provide graphic information that may cause more distress, so limit the amount of viewing of television and other media sources immediately after the event (this is true for both children and adults).  Ask children about what questions or concerns they might have and provide honest answers.  When adults don’t talk with children about disasters, it suggests to them that adults either are not capable of dealing with difficult situations or don’t feel that the children are able to cope.  Neither message is helpful.

After a disaster, children may show a change in their mood or behavior.  They may become sad, anxious, or scared.  They may be more resistant to separating from their caregivers to go to child care programs or school, or even to go to bed or play in another room. Sleep problems, headaches and stomachaches are common.  After a disaster, children often find it difficult to concentrate on their school work.  They may, for a period of time, become more self-centered or immature and appear more clingy, less cooperative, more demanding, and irritable.  Older children and adolescents may turn to smoking, alcohol, or other drugs to deal with their feelings.

Children often show no obvious signs of distress.  After a disaster, children may hide their emotions because they are ashamed of their reactions or because they want to protect their parents who are also visibly upset.  They may try to take care of their parents, not because they are coping well themselves, but rather because they worry that their parents are having trouble adjusting.

Children may show post-traumatic reactions – but that’s not all.  If a death has occurred as a result of the disaster, children’s reactions may be due to grief.  Children need to cope not only with the disaster – but everything that follows.  Disasters lead to a number of losses and changes, such as the need to relocate, change schools, or deal with reduced family income.  These other stressors may be what bothers children the most after a disaster.

Help children cope with their distress.  Adults don’t like to see children feeling upset and often try to reassure them there is no reason to be worried or sad.  But let children own their feelings – if they feel sad or worried, then they are sad or worried.  Instead of trying to tell children that they shouldn’t feel that way after a disaster, help them learn how to cope with troubling feelings.  Share with them some of your reactions and feelings and how you coped with them (such as talking with others, writing about your feelings, or doing something positive to help others).  We can’t expect children to learn how to cope if we don’t share with them that we also have felt distress and then model how to cope effectively.

Teaching children how to cope with distress every day is a good way to prepare for disasters.  Just as you should prepare to respond to a disaster, you should prepare children to be able to cope with disasters.  Helping them learn coping skills to deal with daily stressors or other challenging events in their lives and establishing yourself as someone that is there that can understand them and help them adjust makes it more likely they will cope effectively after a disaster. Let children know that their family, school and community have plans in place to deal with many kinds of emergencies, and that there are people specially trained to help with these situations.

There is help.  Visit the American Academy of PediatricsExternal Web Site Icon for resources and advice on how to support children after a disaster, and download the Pediatric Preparedness Resource KitExternal Web Site Icon.  Your child’s pediatrician can also provide specific advice for your children and/or recommend someone else that you can talk to you about your concerns.

David J. Schonfeld, MD, FAAP, is member of the American Academy of Pediatrics Disaster Preparedness Advisory Council and the Pediatrician-in-Chief at St. Christopher’s Hospital for Children in Philadelphia, PA.  Dr. Schonfeld is also the Chair for the Department of Pediatrics at Drexel University College of Medicine and the Director for the National Center for School Crisis and Bereavement.

http://blogs.cdc.gov/publichealthmatters/2013/09/helping-children-cope-with-a-disaster/

The third step in the Risk Management and Own Risk and Solvency Assessment Model Act (RMORSA) is the implementation of a risk appetite and tolerance statement. This step is meant to sets boundaries on how much risk your organization is prepared to accept in the pursuit of its strategic objectives.

An organization-wide risk appetite statement provides direction for your organization and is a mandatory part of your assessment. As defined by COSO (one of the risk management standards measured in the RIMS Risk Maturity Model umbrella framework), the risk appetite statement allows organizations to “introduce operational policies that assure the board and themselves that they are pursuing objectives within reasonable risk limits.” A risk appetite statement should be reflective of your organization’s strategic objectives and serve as a starting point for risk policies and procedures.

...

http://www.riskmanagementmonitor.com/rmorsa-part-3-risk-appetite-and-tolerance-statement


CYA with advertised, enforced P&P

Two New Jersey teens were texting while one was driving.

The vehicle driven by the teen on the road struck and injured two people.

The injured parties sued both the teenage driver and his texting partner, the latter on the grounds “that (the partner) had was contributorily negligent in that she ‘aided and abetted’ (the driver’s) unlawful texting while driving and second, that (the partner) had an independent duty to avoid texting a person whom she knew was driving.”

The case made its way to an appellate court that ruled that “We hold that the sender of a text message can potentially be liable if an accident is caused by texting, but only if the sender knew or had a special reason to know that the recipient would view the text while driving and thus be distracted.”

...

http://johnglennmbci.blogspot.com/2013/09/erm-bc-coop-wireless-communication-with.html

Wednesday, 11 September 2013 20:13

Updating data compliance for the cloud era

By Ron Miller, principal consultant at SunGard Availability Services (UK) Limited.

It might have been a buzzword within the IT industry for some years now but more recently we’ve seen the mainstream appetite for, and adoption of, cloud computing rise significantly. Whether it’s public, private or hybrid services, the promise of greater flexibility, scalability and cost-effective pricing models has been too enticing for many businesses to ignore.

The flipside, however, is that as a result of the cloud, we’re also seeing a number of companies coming under scrutiny for their data protection and compliance policies. It’s the CIOs that are leading the charge here, as they become increasingly concerned over the security of their mission critical data. There is the perception that many ‘cloud’ vendors (and that’s including those companies that have simply rebranded an existing solution to jump on the bandwagon) are failing to provide a comprehensive view on where data is being stored and the information security management framework that’s in place.

Information, both data and intellectual property, is a greater source of competitive advantage for businesses now than it ever has been. In many sectors, this is driven by consumer expectations, where there is an assumption that systems will be able to perform at optimum levels 24/7. The rise of the ‘I want it now’ culture and increased customer promiscuity (when it comes to where they take their custom), is forcing companies to ensure that every aspect of their organization and those of key partners perform with near perfect levels of availability.

...

http://www.continuitycentral.com/feature1104.html

For years, PBMs and insurance payers have been recognizing the risks and often exorbitant pricing associated with topical custom compound drugs, a mixture of prescription and non-prescription ingredients prepared in compounding pharmacies. Some payers and PBMs have put controls in place to reduce the costs and authorizations of these unproven formulations.

 

Add to Facebook Add to Twitter Add to LinkedIn Write to the Editor Reprints

As is often the case in workers' compensation, various stakeholders in the drug delivery process exploit loopholes or create new variations of drugs to bypass existing controls. This has proven true with topical custom compound drugs. After Healthesystems, a Tampa-Fla.-based PBM and ABM, affected a decrease in the volume of topical custom compounds, it wasn't surprised to see a corresponding rise in the number of prescriptions for two other kinds of topical products. As a result, the company deployed program adjustments to curb the growing trend.

...

http://www.riskandinsurance.com/story.jsp?storyId=533354850&topic=Main

CIO — Customer relationship management systems have functionality to burn — there are features for so many different use cases — but those features don't make a difference to your company unless users are happy enough to fill the system with data. It falls on IT to bridge the gap between user habits and system feature sets. That's the "last mile" problem for CRM.

The first order of business is avoiding user overload. One of the first tasks in CRM optimization is de-cluttering the pages:

  • Get rid of fields that are used less than 5 percent of the time.
  • Get rid of pages and buttons that are irrelevant to users.
  • Create page layouts optimized for each major role or use case of the system.
  • Use reports, views, and related lists to highlight summary information and hide less important details.

...

http://www.cio.com/article/739440/Why_the_Last_Mile_of_CRM_Implementation_Is_the_Hardest

A young mechanic injures his back while tripping over a hydraulic lift at his employer's auto body shop. On the surface, the claim appears to be a typical back injury claim. However, lurking in the background is a confluence of complicating factors involving the injured worker's personal characteristics, prescription regimen and treatment pattern, which could create a volatile claim. Through the use of sophisticated analytics tools, the employer's insurer identifies this claim's potential for volatility and quickly assigns the claim to an elite team of medical professionals.

The worker is directed to a top-tier treatment facility, where he receives an appropriate surgical intervention, the right level of care and prescription medications. As a result, the worker is able to recover from a potentially disabling injury and return to his full duty role as a mechanic. Add to Facebook Add to Twitter Add to LinkedIn Write to the Editor Reprints

 

The use of predictive analytics to identify the non-obvious factors that can improve claim outcomes is an increasing area of focus for leading insurers such as The Hartford.

Predictive analytics can be defined as the use of statistical modeling to look at the various characteristics of a claim -- the policy, claimant, loss and treatment plan, among others, as well as environmental factors and time periods -- and assigning a "score" to each claim.

...

http://www.riskandinsurance.com/story.jsp?storyId=533354852&topic=Main

Insurers have historically used FEMA’s Specific Rating Guidelines to calculate premiums for properties at high risk of flooding, particularly those built with the lowest floor elevation below the Base Flood Elevation (BFE). Prior to the National Flood Insurance Program’s extension in 2012 owners of these properties received subsidized rates well below the true flood risk. Many of these properties will now be rated using the Specific Rating Guidelines which FEMA released to the public last Wednesday.

...

http://www.riskmanagementmonitor.com/fema-releases-premium-guidelines-for-high-risk-flood-zones/

Given the rapid expansion of social and mobile technologies, organizations have increasing opportunities to connect with customers. The IT organization will play a key role not only in capturing and analyzing customer data and increasing the number and value of online customer interactions, but also in terms of creating the means for internal departments to collaborate and better serve the needs of customers.

Some organizations mistakenly believe that customers want an online relationship with their company and bombard customers with surveys, questionnaires, and offers, whereas the reality is that what most customers really want is information and discounts. Organizations that examine and continuously improve their customers’ experience in their ease-of-search, ease-of-purchase, and ease-of-tracking delivery progress will likely gain advantage. Measuring what matters to customers in terms of factors such as perfect-order delivery performance and first-time-right responses to customer inquiries and complaints helps round out the picture of the customer experience.

...

http://blog.cutter.com/2013/09/10/connecting-and-collaborating-to-improve-the-customer-experience/

Tuesday, 10 September 2013 17:33

Humberto and Late Season Hurricanes

Tropical Storm Humberto, the eighth named storm of the 2013 Atlantic hurricane season, is generating a lot of news headlines, as the most recent forecasts tip it to become the first hurricane of the season by Wednesday.

The question on everyone’s minds is whether or not the record for the latest formation date of the Atlantic’s first hurricane will be broken. The bottom line: if Humberto reaches hurricane status before 8am EDT on Wednesday, the record will stand.

Gustav, which was upgraded from a tropical storm to a minimal hurricane on September 11, 2002, shortly after 8am EDT, currently holds the title as the latest-forming Atlantic season hurricane.

According to the Weather Channel, in addition to 2002’s Gustav there are two other hurricane seasons since 1960 in which the first hurricane did not form until after September 7: 2001 – September 8 (Erin) and 1984 – September 10 (Diana).

...

http://www.iii.org/insuranceindustryblog/?p=3375

Tuesday, 10 September 2013 17:32

Workday Rolls Out Big Data Analytics Module

BOSTON — Workday has unveiled a new software module for its cloud-based HCM (human capital management) application that allows customers to analyze data from both Workday and third-party sources.

Dubbed Big Data Analytics, the product is now generally available after being announced at last year's Workday Rising conference. It incorporates technology from Datameer, which places a business-user-friendly interface on top of the Hadoop framework for large-scale data processing, as well as homegrown tooling for data integration and other areas, said Dan Beck, vice president of technology product management for Workday.

While the Workday application has already provided built-in analytics, with the new product "what we're really doing is opening up our cloud to non-Workday data sets," Beck said. "People can bring in whatever data they want and join it with Workday to answer their business questions."

...

http://www.cio.com/article/739364/Workday_Rolls_Out_Big_Data_Analytics_Module

Tuesday, 10 September 2013 17:31

Cyber Security Risks for Financial Systems

The financial sector and the banking industry in particular are unique in the IT world: no other businesses have the same combination of constant drive for innovation, regulatory pressure and customer-facing IT applications. That also means increased exposure to cyber security risks via the interfaces to the public, whether these risks are linked to criminal intent, breach of confidentiality or other. Software testing engineers work to expose any technical security problems before systems are put into production mode, but they can’t handle all aspects of cyber security. A holistic view by a business continuity manager can add value to the overall process of making financial systems secure in the cyberspace.

...

http://www.opscentre.com.au/blog/cyber-security-risks-for-financial-systems/

Nearly 55 percent of Big Data projects aren’t completed, according to a survey of IT professionals conducted by Big Data solution provider InfoChimps.

By comparison, “only” 25 percent of IT projects aren’t completed overall, InfoChimps found.

So what’s going on with Big Data that more than half of all projects aren’t completed? It’s inaccurate scope, InfoChimps states in a recent project template, “How to Do a Big Data Project.”

The template is designed to help you beat the odds and succeed. It’s written around four steps that should be basic to all projects:

...

http://www.itbusinessedge.com/blogs/integration/questions-and-issues-to-consider-before-you-start-a-big-data-project.html

CIO — Are you dropping the ball when it comes to enterprise mobility?

A new report suggests IT might be delivering poor mobile support to BYOD employees even though IT pros think they're doing a good job. In other words, mobility is becoming a major point of contention in the rocky IT-business relationship -- and tech leaders aren't even aware there's an issue.

 

A Failure to Communicate

Technology services and product provider CDW surveyed 1,200 mobile users and 1,200 IT professionals, and found a significant disconnect: 64 percent of IT professionals graded themselves with an A or B for providing personal mobile support (including BYOD policies and technical support), while 56 percent of users gave IT a grade of C or worse.

...

http://www.cio.com/article/739361/IT_Pros_and_BYOD_Users_See_Support_Much_Differently

Tuesday, 10 September 2013 17:28

12 YEARS LATER, WHAT HAS CHANGED SINCE 9/11?

Two years ago this month,  I focused on the 9/11 Commission recommendations that had not yet been implemented, four of them in particular. How do things look today? It entirely depends upon your perspective as a citizen and/or as an expert in the field.

Not so bad, some might say. We have foiled all domestic attacks except for the Boston bombings.  Our security and surveillance tools have never been more sophisticated. We devote billions to intelligence gathering and to examining data to analyze it into useful information.  In our rush to be proactive, and it’s pretty clear that we’ve skirted or broken some laws to stay at the top of the type of intelligence gathering that advances in technology make possible.

...

http://anniesearle.createsend.com/t/ViewEmailArchive/r/5DED88D8F9A4CF472540EF23F30FEDED

MAHWAH, N.J. – There are several dates throughout the year that are notorious for wreaking havoc on businesses via denial-of-service (DoS) attacks, data breaches and even malware or botnet assaults. As September 11th nears, rumors about coordinated cyber attacks on American websites continue to increase. Because of these potential risks, it's imperative that businesses tighten their network security measures now in order to protect themselves from potential intrusion or disruption, which can result in profit-loss and tarnished user confidence.

According to Radware(R), (RDWR) a leading provider of application delivery and application security solutions for virtual and cloud data centers, there are two types of dates that hackers target: ideological and business-relevant dates. Ideological dates refer to holidays and anniversaries that have a cultural, religious or secular tie to the adversary. High-risks times for the United States in addition to September 11th include Memorial Day, Election Day and Independence Day. Business-relevant dates involve a period of time that companies are particularly vulnerable to attacks, such as Black Friday, Cyber Monday, or even regular business hours.

...

http://finance.yahoo.com/news/preparing-notorious-cyber-attack-dates-093000480.html

In the not-so-distant past, company information, files and data were confined to the four walls of the organisation. After 5 pm, and on weekends and holidays, this information was largely inaccessible to the average employee. Now, the availability of company data is seen in an entirely different light, with employees accessing files from three or four different devices any day of the week.

To address this data protection nightmare brought on by the bring-your-own-device (BYOD) movement, many forward-thinking companies have already implemented mobile device management (MDM) and mobile file management (MFM) tools and procedures. But, as devices continue to become ingrained in the workplace, making it increasingly mobile-centric, it's important to ask: what's next?

- See more at: http://www.computerworld.com.sg/tech/mobile-and-wireless/blog-beyond-mdm-and-mfm-whats-next-for-byod/#sthash.d8AZz2Do.dpuf

In the not-so-distant past, company information, files and data were confined to the four walls of the organisation. After 5 pm, and on weekends and holidays, this information was largely inaccessible to the average employee. Now, the availability of company data is seen in an entirely different light, with employees accessing files from three or four different devices any day of the week.

To address this data protection nightmare brought on by the bring-your-own-device (BYOD) movement, many forward-thinking companies have already implemented mobile device management (MDM) and mobile file management (MFM) tools and procedures. But, as devices continue to become ingrained in the workplace, making it increasingly mobile-centric, it's important to ask: what's next?

- See more at: http://www.computerworld.com.sg/tech/mobile-and-wireless/blog-beyond-mdm-and-mfm-whats-next-for-byod/#sthash.d8AZz2Do.dpuf

The Louisiana Workers' Compensation Commission is encouraging employers to look beyond some of the obvious items included in their storm prep materials.

Add to Facebook Add to Twitter Add to LinkedIn Write to the Editor Reprints

The 2013 hurricane season is under way and continues through November. While stocking up on first aid kits, batteries, bottled water, and other supplies is important, the LWCC says employers would also be wise to include safety precautions as well.

The most common nonfatal workplace injuries -- soft tissue sprains and strains as well as slips and falls -- are also high-risk factors for workers preparing for or cleaning up after a major storm. The LWCC suggests employers:

...

http://www.riskandinsurance.com/story.jsp?storyId=533354842&topic=Main

Monday, 09 September 2013 17:17

Lloyds website continuity hit as TSB launches

Lloyds Banking Group websites, including the new standalone TSB site, have been hit by problems on TSB launch day.  

In what could be a classic case of poor or failed business continuity planning, the banking group experienced intermittent website problems across almost all of its brands.

The problems coincide with the transfer of five million customer accounts from Lloyds to TSB, despite promises by Lloyds chief executive Antonio Horta-Osorio of a "seamless" transition.

According to the banking group, it experienced a “temporary issue” with its internet banking service, which affected the ability of some customers to log on.

“The issue is now completely resolved and we apologise to customers for the inconvenience this will have caused. Our branches, telephone banking and cashpoints were not affected in any way,” the group said in a statement.

A spokesman declined to comment further or respond to questions about whether the website outages were related to the TSB launch or not.

...

http://www.computerweekly.com/news/2240204915/Lloyds-website-continuity-hit-as-TSB-launches

Monday, 09 September 2013 17:16

You Can Be a Local Hero

PHILADELPHIA, Pa. – Preparing a community for an emergency or disaster can be a daunting task; there are so many people, each with unique needs, and so many aspects that need to be addressed.  If such a monumental task is left to just one group of people such as local officials, it’s sure to remain just that, monumental.  When the Whole Community comes together to provide input, complete tasks, and take responsibility though, it becomes a very manageable undertaking.  Pitching in to help your community prepare for the next disaster has a very large impact, the kind that can make you a local hero.

“Too often we rely upon local officials and first responders to prepare for and respond to a disaster;” said Regional Administrator MaryAnn Tierney, “there are so many ways that everyone can come together and make their community more resilient.”

Citizen Corps brings together the power of individuals through education, training, and volunteer service to make communities safer, stronger, and better prepared to respond to the threats of terrorism, crime, public health issues, and disasters of all kinds.  Citizen Corps has many councils throughout the country at the state and local level, and you can find your nearest council for more information or to sign up at ready.gov/citizen-corps/find-your-nearest-council.

Citizen Corps has many affiliates that offer communities resources for public education, outreach, and training; represent volunteers interested in helping to make their community safer; or offer volunteer service opportunities to support first responders, disaster relief activities, and community safety efforts. Visit ready.gov/citizen-corps-affiliate-programs for more information on Citizen Corps’ affiliates.

In addition to their affiliates, Citizen Corps also has partner programs which give citizens the opportunity get involved. Citizen Corps' federally sponsored partner programs help build capacity for first responders through the use of volunteers.  These programs can be very specific in what they support, such as the Fire Corps which supports fire departments, the Medical Reserve Corps which supports medical needs, and the Volunteers in Police Service which supports law enforcement; or they are more broad in their service, such as the Community Emergency Response Teams or the Corporation for National and Community Service. More information on Citizen Corps’ partners is available at ready.gov/citizen-corps-partner-programs.

There are many community and faith-based organizations that support communities before, during, and after a disaster.  Whatever your level of interest, your skill set, or your time, there is a program out there that you can join to support your community.  Reach out to organizations that you are already involved in and see what they’re doing or talk to your local officials for ideas.

However you choose to get involved with your community and prepare for the next disaster, know that your work makes a difference to everyone, but for you it can be the difference between being a resident and being a local hero.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, District of Columbia, Maryland, Pennsylvania, Virginia and West Virginia.  Stay informed of FEMA’s activities online: videos and podcasts available at fema.gov/medialibrary and youtube.com/fema.   Follow us on Twitter at twitter.com/femaregion3.

http://www.fema.gov/news-release/2013/09/09/you-can-be-local-hero

Flood events continue to dominate natural catastrophe losses in 2013, according to the latest Global Catastrophe Recap report from Aon Benfield.

The report reveals that billion-dollar flood losses were recorded in China, Russia, Philippines, and Pakistan during August 2013, causing an initial combined estimate of $10 billion in economic losses.

Additional flood events were recorded in Afghanistan, Niger, Sudan, Mali, Laos, Cambodia, India, and the United States.

In a press release Steve Jakubowski, president of Impact Forecasting, says:

...

http://www.iii.org/insuranceindustryblog/?p=3371

Editor's Note: This was originally posted on the White House blog, September 3, 2013, by Todd Park and Rich Serino. Todd Park is Assistant to the President and US Chief Technology Officer. Rich Serino is the Deputy Administrator of FEMA. 
 
Last week, the White House Office of Science and Technology Policy (OSTP) and the Federal Emergency Management Agency (FEMA) jointly challenged a group of over 80 top innovators from around the country to come up with ways to improve disaster response and recovery efforts.  This diverse group of stakeholders, consisting of representatives from Zappos, Airbnb, Marriott International, the Parsons School of Design, AOL/Huffington Post’s Social Impact, The Weather Channel, Twitter, Topix.com, Twilio, New York City, Google and the Red Cross, to name a few, spent an entire day at the White House collaborating on ideas for tools, products, services, programs, and apps that can assist disaster survivors and communities.

This collaboration is a great example of this Administration’s commitment to convening private-sector talent and innovators to work with public servants in order to deliver better results for the American people. The event mobilized innovators from the private sector, nonprofits, artistic organizations, and Federal as well as local government agencies to develop solutions that support and integrate both public and private efforts for disaster relief.  It also comes as our Nation prepares for what is usually the peak of Hurricane Season.  In fact, the two-year anniversary of Hurricane Irene fell last week, and the one-year anniversary of Hurricane Sandy is approaching.

During the “Data Jam/Think Tank,” we discussed response and recovery challenges with the participants and other Federal leaders, including Patricia Hoffman, Assistant Secretary at the Department of Energy and Dr. Nicole Lurie, Assistant Secretary at the Department of Health and Human Services.  The participants then broke into subgroups to brainstorm innovative ideas for addressing those challenges, vote on the best ideas, and commit to implementing them.
Below are some of the ideas that were developed throughout the day. In the case of the first two ideas, participants wrote code and created actual working prototypes.

  • A real-time communications platform that allows survivors dependent on electricity-powered medical devices to text or call in their needs—such as batteries, medication, or a power generator—and connect those needs with a collaborative transportation network to make real-time deliveries. 
  • A technical schema that tags all disaster-related information from social media and news sites – enabling municipalities and first responders to better understand all of the invaluable information generated during a disaster and help identify where they can help.
  • A Disaster Relief Innovation Vendor Engine (DRIVE) which aggregates pre-approved vendors for disaster-related needs, including transportation, power, housing, and medical supplies, to make it as easy as possible to find scarce local resources.
  • A crowdfunding platform for small businesses and others to receive access to capital to help rebuild after a disaster, including a rating system that encourages rebuilding efforts that improve the community.
  • Promoting preparedness through talk shows, working closely with celebrities, musicians, and children to raise awareness.
  • A “community power-go-round” that, like a merry-go-round, can be pushed to generate electricity and additional power for battery-charged devices including cell phones or a Wi-Fi network to provide community internet access.
  • Aggregating crowdsourced imagery taken and shared through social media sites to help identify where trees have fallen, electrical lines have been toppled, and streets have been obstructed.
  • A kid-run local radio station used to educate youth about preparedness for a disaster and activated to support relief efforts during a disaster that allows youth to share their experiences.
Before ending the brainstorm, participants committed to taking responsibility for turning these ideas into tangible actions. We will be excited to see how these materialize into impactful projects that will support disaster response and recovery efforts. Our sincere thanks to all of the participants!

http://blog.fema.gov/2013/09/innovating-to-improve-disaster-response.html

You may be asking how anyone can make such a bold statement without knowing the details of your specific risk program.   Actually, I know more about your risk program than you realize, and that’s why I know it’s failing.  I also know that as much as 55 percent of the cost of all risk programs is wasted!  And more importantly, I can prove it.

Let me demonstrate:  Your risk program (audit, risk management, compliance, ethics, IT and governance) is risk-based.  You have assessed your risks and mapped your controls accordingly.  You have policies and procedures tied to risks and associated internal controls and you monitor the effectiveness of controls on a periodic basis and provide some form of risk reporting using key risk indicators and metrics.  You can effectively articulate the three lines of defense of your risk program.

...

http://www.corporatecomplianceinsights.com/your-risk-program-is-failing-and-you-dont-even-know-it

In a recent joint advisory issued by the US Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA) and the Commodity Futures Trading Commission’s (CFTC) Division of Swap Dealer and Intermediary Oversight it was recommended, among other things, that “firms should consider keeping their business continuity plans, contact lists and other necessary documents, procedures and manuals at the alternative site, ideally in paper form in the event that electronic files cannot be accessed.”

In response to the above, Continuity Central is running a quick survey asking the question:“How important are paper-based business continuity plans?”

With more than 100 responses received, the results so far show that 54.4 percent of respondents believe that paper based business continuity plans are essential; 26.6 percent say that they are ‘quite important’; and 19.0 percent say that they are ‘not important’.

There is some variation of opinion depending on the size of the respondent’s organization. 54.5 percent of business continuity professionals in large organizations see paper-based BCPs as essential; this drops to 46.2 percent in medium-sized organizations and 50 percent in small organizations. However, 71.4 percent of those in micro organizations say that paper-based BCPs are essential.

The survey is still open, please take part at https://www.surveymonkey.com/s/paperbcps

CIO — It's often taken for granted that tough economic times lead to a reduction of public services. But that's not what has happened in Buffalo, N.Y., in the past several years. Rather than scale back city services, the city, which has a population of roughly 260,000 people, sought out ways to use big data to deploy services more efficiently and effectively to combat blight.

Under former Mayor Anthony M. Masiello, Buffalo initiated a program called Operation Clean Sweep, a law enforcement-focused program intended to address some of the rust belt city's poorest and most disadvantaged neighborhoods.

Under the leadership of current Mayor Byron W. Brown (who took office in December 2005), the Clean Sweep program evolved into a collaborative program that brings together dozens of city departments, as well as partners from state, county and federal agencies and nonprofit health and human services providers.

...

http://www.cio.com/article/739244/Big_Data_Drives_City_of_Buffalo_s_Operation_Clean_Sweep

Last month, I pointed out that you’ll probably never hire a data scientist, based on IT consultant Robin Bloor’s view that no such person exists in the real world, because too many skill sets are at play.

Bloor wrote that instead, you’ll develop a team that brings together all the skills of the so-called “data scientist,” such as understanding data, data flows, statistics and your specific business industry.

Evan Levy, partner and co-founder of Baseline Consulting, recently added his voice to the growing list of people who say the data scientist is like a unicorn. Like Bloor, Levy contends a more realistic approach to the scientific study of data is to build a team of people who specialize in each of the areas needed.

...

http://www.itbusinessedge.com/blogs/integration/data-scientists-may-not-exist-but-data-science-teams-should.html

Friday, 06 September 2013 16:04

Time to Get Serious About Climate Change Risks

While arguments from climate change deniers have subsided, there is still discussion about the cause of climate change—natural or man made? But these arguments are mere time-wasters. Right now it’s critical to put the focus on managing this risk.

Insurers have it right. For years they have been pointing to the urgent need to deal with the issues surrounding climate change. Insurers know this global risk needs to be dealt with now—and in the future—and they can’t afford to get it wrong.

Johnny Chan, Ph.D., director of the Guy Carpenter Asia-Pacific Climate Impact Center said it best: “The debate on climate change and global warming has been intensely polarized. A great deal of this ‘noise’ has clouded the very real and emerging issues that we as an industry and society need to address. In order to adapt to climate change and the changing risk landscape, it is necessary to cut through this noise and focus on objective decisions to mitigate both the financial and social risks associated with climate change.”

...

http://www.riskmanagementmonitor.com/time-to-get-serious-about-climate-change-risks

IT walks a fine line between balancing security issues and giving people the tools they need to get the job done. Every day companies move sensitive data around, and IT is in charge of securing that data, but what about the little things that tend to fall through the cracks?

According to data from several recent surveys there are a number of things your employees could be inadvertently doing that puts your company's sensitive data and information at risk.

A survey done recently by IPSwitch, an FTP software organization, includes some of the reasons employees are putting sensitive data into places where IT has no control over what happens to it:

...

http://shar.es/ibJ1x

Security-as-a-Service Leader Grows Revenue 189 Percent Over Three-Year Period

HOUSTON, Texas – Alert Logic (www.alertlogic.com), the leading provider of Security-as-a-Service solutions for the cloud, announced today it has been named to Inc. Magazine’s 500/5000 list of the nation’s fastest growing privately held companies for a second year in a row. The Company increased revenues by 189 percent over a three-year period, placing it at #1989 within the ranking.

“Our position in the prestigious Inc. 500/5000 list demonstrates our ability to meet the continuing high demand for IT security in the cloud,” said Gray Hall, Alert Logic’s president and CEO. “Our advanced security technology matched with 24x7 security expertise and analytics has provided a unique service to more than half of the largest cloud and hosting service providers. We look forward to further accelerated growth as we expand our product offerings and geographic footprint.”

Today’s news follows additional industry recognition Alert Logic has received during 2013 including being named a “Cool Vendor“ by Gartner in its 2013 Security Services report, and a leader in the emerging MSSP category in the Forrester Research report, “The Forrester Wave™: Emerging Managed Security Service Providers, Q1 2013.”

The Inc. Magazine 500/5000 list is ranked according to percentage revenue growth when comparing 2009 to 2012.  Complete results can be found at http://www.inc.com/inc5000/list/2013

About Inc.

Founded in 1979 and acquired in 2005 by Mansueto Ventures, Inc. is the only major brand dedicated exclusively to owners and managers of growing private companies, with the aim to deliver real solutions for today’s innovative company builders. Total monthly audience reach for the brand has grown significantly from 2,000,000 in 2010 to over 6,000,000 today. For more information, visit www.inc.com.

About Alert Logic
Alert Logic, the leading provider of Security-as-a-Service solutions for the cloud, provides solutions to secure the application and infrastructure stack. By integrating advanced security tools with 24×7 Security Operations Center expertise, customers can defend against security threats and address compliance mandates. By leveraging an “as-a-Service” delivery model, Alert Logic solutions include day-to-day management of security infrastructure, security experts translating complex data into actionable insight, and flexible deployment options to address customer security needs in any computing environment. Built from the ground up to address the unique challenges of public and private cloud environments, Alert Logic partners with over half of the largest cloud and hosting service providers to provide Security-as-a-Service solutions for business application deployments for over 2,200 enterprises. Alert Logic is based in Houston, Texas, and was founded in 2002. For more information, please visit www.alertlogic.com.

Customer contact organizations are at the heart of business continuity and disaster recovery strategies, as they are the go-to resource for customers in times of disaster. A new report from Frost & Sullivan looks at these important organizational assets and explores the specific business continuity and disaster recovery relating to them.

"The importance of information during times of such distress has made a strong case for advanced and multilayered business continuity and disaster recovery methods," said Frost & Sullivan Information and Communication Technologies Industry Analyst Brendan Read. "This enables contact centers to plan, respond and recover from natural and man-made disasters."

Customer contact organizations face two challenges when devising and implementing effective business continuity and disaster recovery programs. The first is balancing the potential risks and losses from adversity and the investments needed for putting in place effective BC/DR solutions. The second challenge pertains to enterprises' lack of motivation to deploy these solutions due to the unpredictability of these events.

...

http://www.continuitycentral.com/news06922.html

Jim Burtles, Hon FBCI, provides an overview of the Emergency Evacuation Planning Lifecycle which he has developed and explained in a new book.

For the past 12 years I have been emotionally attached and intellectually concerned with the events of 9/11 and as a business continuity specialist I have struggled with the problems associated with getting people to safety before their workplace becomes a prison or a tomb.

The end-result of many years of research, experiment and training is a robust and reliable structured approach to ensuring that people are best prepared to reach safety whenever danger looms. The very latest Business Continuity Lifecycle and its underlying principles have been adapted and applied to create a new or parallel discipline. Adherence to a clearly defined six-stage emergency evacuation planning (EEP) protocol raises the subject matter from the realms of an ad-hoc adventure to that of a disciplined practice with predictable and defendable results.

...

http://www.continuitycentral.com/news06920.html

CIO — FMW Fasteners, a distributor of down-to-earth items such as nuts and bolts, now sees its future in the cloud.

The Houston-based company grew up much like its fastener industry peers, running its business systems in-house and selling through inside and outside sales reps. FMW, however, has evolved to a new model: Running its operations in the cloud. The company deployed NetSuite enterprise resource planning (ERP) software, along with the cloud vendor's customer relationship management (CRM) and ecommerce offerings.

Cloud adoption has dramatically changed how FMW conducts business. The cloud, says FMW Sales manager Steve Baker, eliminates the headache of managing on-premises IT, improves business agility and accommodates a high-growth track. "It has completely transformed the business and what we were able to do and our sense of the possibilities of what we could get done."

...

http://www.cio.com/article/739127/Cloud_ERP_Helps_Company_Track_Inventory_Increase_Sales

Thursday, 05 September 2013 14:11

Agile Business Continuity – Simple as ABC?

Agile techniques have become popular over the last few years. They have their roots in software development projects. Unhappy with ‘monolithic’ projects that exceeded both time and money budgets, project teams looked for a better way to deliver useful end-results to software users – and that also kept up with changing requirements into the bargain. With agile methodologies, software is produced and released in short cycles, typically two to four weeks. Testing is done in parallel so as to avoid delaying releases and users are constantly invited to use the current release, and comment on what they find useful or not. Can such an approach be applied to business continuity?

...

http://www.opscentre.com.au/blog/agile-business-continuity-simple-as-abc/

We say it all the time: Data governance should be driven by the business. But let’s face it: IT knows the technology and most of the technology requires heavy IT involvement.

So what does that even mean when you’re talking about something as technology-focused as master data management? And how can CIOs convince the business that data governance is its responsibility?

This excellent Supply Chain Quarterly article by Gartner’s Andrew White answers many of these critical questions about MDM and data governance.

You may know that White focuses on master data at IT research firm Gartner, but what is less well-known is that White is a supply chain management expert, as well. And like everything else in the world, supply chains are becoming more data-driven. That’s putting pressure on supply chain leaders to deal with their data problems, White explains in the article.

...

http://www.itbusinessedge.com/blogs/integration/six-dos-and-donts-for-successful-mdm-and-data-governance.html

The constant theme in data center circles these days is change. Virtualization, the cloud, solid-state storage—all are driving traditional data infrastructure in new and exotic directions. Most observers, however, tend to view this change in terms of the present, or even the past—that is, how will this new technology solve the problems I’m dealing with today?

It’s not an unreasonable question to ask. In the end, it falls a little short, though, because the true benefit of new technology is usually not in its ability to fix the problems of the past but to open up entirely new benefits for the future. The first ones to envision that future and capitalize on it will become the titans of tomorrow’s data industry.

Gartner hit on this notion recently in its latest evaluation of the cloud industry. While noting that most organizations still need to put cloud infrastructure into motion, analyst Gregor Petri cautioned that the money being spent today to upgrade legacy data centers will be poorly spent if the enterprise maintains a data center-centric view in the new cloud/services era. In other words, why limit the cloud to a mere cost-savings function when it offers so much promise as a revenue and opportunity builder?

...

http://www.itbusinessedge.com/blogs/infrastructure/the-same-old-data-center-in-the-cloud-or-something-completely-different.html

Thursday, 05 September 2013 14:09

Fire and water: the importance of water

By Charlie Maclean-Bristol, MBCI FEPS

The news during the past week seems to have been dominated by the possibility of military intervention in Syria. However, an item which has been pushed down the order of news, is the ‘Rim Fire’ in the north-western part of Yosemite national park. Although wild fires seem reasonably common in the USA, this one caught my eye as the ash from the fire threatened to pollute the Hetch Hetchy reservoir, which provides water to 2.6 million people and provides 85 percent of the water to the city of San Francisco.

Having worked at Anglian Water in the UK for seven years, first as Emergency Planning Manager and then as as Head of Security and Business Continuity, I always take a keen interest in any emergency involving water. The contamination of water by ash is an incident that is new to me and I wonder how serious it is? Even with my limited knowledge of clean water purification, I know that water plants are pretty good at taking out any possible contaminants. In fact, due to the massive dilution associated with a large reservoir and the quality of the treatment, unless you dump lorry loads of contaminants into a reservoir it is actually very hard to pollute an entire reservoir.

Where pollutants have entered the water system it is usually at the processing stage. A classic case of this was the leaking of diesel from a generator into the water supply of part of Glasgow in 1997, which lead Scottish Water to issue a ‘do not drink’ notice to 50,000 people. This was not caused by a spill into one of the reservoirs that fed the city but at the actual water treatment plant.

...

http://www.continuitycentral.com/feature1102.html

The first step in the Risk Management and Own Risk and Solvency Assessment Model Act (RMORSA) implementation, Risk Culture and Governance, lays the groundwork and defines roles for your risk management function. The second step, Risk Identification and Prioritization, defines an ongoing risk intelligence process that equips an organization with the data needed for risk based decision making.

The engine behind this process – the enterprise risk assessment – isn’t a new concept, but organizations are finding that the traditional, intuitive ideas for how to conduct risk assessments are inadequate. Too often, risk managers are interviewing process owners and collecting huge quantities of data, only to find that their top 10 risks are entirely objective and lack any actionable component. And what good is a top 10 risk if you can’t answer the inevitable question; what are you going to do about it?

...

http://www.riskmanagementmonitor.com/rmorsa-part-2-risk-identification-and-prioritization/

This study was presented at a communications conference in London and purports to demonstrate that Facebook is an effective tool in crisis communications.

I haven’t looked at the study, itself, only Bulldog Reporter’s story on it, but my reaction was first, “well, duh,” and second, was it really Facebook? Now I completely support the use of Facebook in a crisis. Coca Cola, for example, has 72 million likes on its Facebook page with over 1 million talking about it. Other brands sport similar astounding numbers. So, if Coke is in a crisis, why wouldn’t they be talking to those people who have already connected with them in this way?

But, my question is the study and the conclusion they come to. The study involved created two fake universities, showing students news stories about the crisis these universities were in and then judging student reaction. Then the researchers showed the students fake Facebook posts from the fake universities “which gave additional information and messages directly from the universities.”

...

http://ww2.crisisblogger.com/2013/09/does-using-facebook-help-in-a-crisis-new-study-says-yes/

Businesses are losing the battle against state-sponsored cyber attacks and things are unlikely to improve in the short term, according to a survey of senior IT security professionals.

This was the view of 58% of nearly 200 respondents, polled by Lieberman Software at Black Hat USA 2013 by Lieberman Software.

While nearly 63% of respondents think a state-sponsored attacker will attempt to breach their organisation in the next six months, 74% said they were not confident that their own corporate network had not already been breached by a foreign state-sponsored hacker.

Most respondents said they believe that the hacking landscape is going to get worse over time.

...

http://www.computerweekly.com/news/2240204676/Over-half-IT-pros-believe-business-is-losing-cyber-battle

NARAHA, Japan — In this small farming town in the evacuation zone surrounding the stricken Fukushima Daiichi nuclear power plant, small armies of workers in surgical masks and rubber gloves are busily scraping off radioactive topsoil in a desperate attempt to fulfill the central government’s vow one day to allow most of Japan’s 83,000 evacuees to return. Yet, every time it rains, more radioactive contamination cascades down the forested hillsides along the rugged coast.

Nearby, thousands of workers and a small fleet of cranes are preparing for one of the latest efforts to avoid a deepening environmental disaster that has China and other neighbors increasingly worried: removing spent fuel rods from the damaged No. 4 reactor building and storing them in a safer place.

The government announced Tuesday that it would spend $500 million on new steps to stabilize the plant, including an even bigger project: the construction of a frozen wall to block a flood of groundwater into the contaminated buildings. The government is taking control of the cleanup from the plant’s operator, the Tokyo Electric Power Company.

...

http://www.nytimes.com/2013/09/04/world/asia/errors-cast-doubt-on-japans-cleanup-of-nuclear-accident-site.html

Wednesday, 04 September 2013 15:24

The Importance of Being Self-Sufficient

PHILADELPHIA, Pa. – After an emergency happens resources can be strained quickly and you may have to do without electricity, water service, telephone service, and access to a grocery store just to name a few.  That’s why it’s so important for everyone to have the ability to be self-sufficient after an emergency occurs.

“One of the best ways people can help their community and first responders is to be self-sufficient after a disaster;” said Regional Administrator MaryAnn Tierney, “by being self-sufficient, people can take a lot of pressure and strain off of vital resources.  Additionally, resources may not be able to reach you for a variety of reasons so you should be prepared by having important items already on hand.”

One of the easiest ways to be self-sufficient is to build an emergency supply kit.  These kits are simply a collection of basic items your household may need in the event of an emergency.  You should assemble your kit well in advance of an emergency because you may not have time to search for the supplies you need or shop for them.  Keeping your kit organized in some sort of container also ensures that if you have to evacuate you can quickly take your kit with you.

There are a number of basic items that should go into your kit that you probably already have around the house, like water, food, a flashlight, a first aid kit, a can opener, and a radio.  There are other items that you may not have thought of or may not have at home, like dust masks, moist towelettes, garbage bags, or a sleeping bag.

Don’t forget to take into account the needs of everyone, that thinking of things like diapers, formula, medications, contact lenses and supplies, special food, or coloring books or activities for kids.  You can get a full listing of what should go in your emergency kit and how you can maintain it at ready.gov/build-a-kit.

While building your emergency supply kit can seem like a daunting task, it doesn’t have to be.  When you go out to the store, see what’s on sale that you need and pick up a few things at a time, that way you don’t break the bank.  Another tip is rather than buying bottled water; you can disinfect empty 2-liter bottles and fill them with water.  Can’t think of what you want for a birthday or holiday; why not suggest people buy you preparedness supplies, that way you get something you’ll actually use. 

There are many tips and tools to help you become self-sufficient after an emergency, go to ready.gov to learn more.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, District of Columbia, Maryland, Pennsylvania, Virginia and West Virginia.  Stay informed of FEMA’s activities online: videos and podcasts available at fema.gov/medialibrary and youtube.com/fema.   Follow us on Twitter at twitter.com/femaregion3.

Wednesday, 04 September 2013 15:24

September is National Preparedness Month

PHILADELPHIA, Pa. – This September is National Preparedness Month (NPM).  NPM, now in its tenth year, is a nationwide, month-long effort hosted by the Ready Campaign encouraging households, businesses, and communities to prepare and plan for emergencies.

“People often ask how they can help out first responders in an emergency,” said Regional Administrator MaryAnn Tierney, “well one of the best ways is to be self-sufficient following an emergency, that takes pressure off of responders and they can focus on the most critical situations.”

Preparedness is a shared responsibility that takes input and work from the Whole Community.  A resilient community is one that’s prepared for an emergency and that preparation can’t be done solely by local officials.  It takes individuals, families, business, schools, faith-based organizations, and community-based organizations getting involved and joining together.

Residents should also talk to and work with their local emergency officials.  By talking to local officials, citizens gain valuable insight, lend input, and develop relationships for planning and communicating before an emergency strikes. 

“Another great way to get prepared for an emergency is to get involved in your community,” Tierney said, “there are many different organizations that you can get involved with, such as Community Emergency Response Teams, Citizen Corps, and the Medical Reserve Corps.”

There are many different ways to get involved especially before a disaster occurs.  The Whole Community can participate in various programs and activities to make their families, homes and communities safer from risks and threats.  Community leaders agree the formula for ensuring a safer homeland consists of volunteers, a trained and informed public and increased support of emergency response agencies during disasters.  Major disasters can overwhelm first responder agencies, empowering individuals to lend support.

FEMA is encouraging everyone to take steps to become better prepared for an emergency, whether it’s at home, at work, at school, or in the community, there’s a lot that you can do to be ready and help others be ready too.  Simply put, this September, we’re calling on you to be a local hero.

For more preparedness information, visit fema.gov and ready.gov.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, District of Columbia, Maryland, Pennsylvania, Virginia and West Virginia.  Stay informed of FEMA’s activities online: videos and podcasts available at fema.gov/medialibrary and youtube.com/fema.   Follow us on Twitter at twitter.com/femaregion3.

This post is about our recently published paper that describes how strategies for implementing international cybersecurity best practice should account for five factors: technology profile, laws and regulations, law enforcement, culture and subcultures, and corruption.

To write the paper, we needed cybersecurity best practices to analyze with respect to these five dimensions. We used practices from one recent publication that focuses on insider threat. The CERT Program recommends nineteen best practices for preventing, detecting, and responding to insider threats in the Common Sense Guide to Mitigating Insider Threats, 4th Edition. The guide’s implementation recommendations are based on an analysis of primarily U.S.-based insider threat cases.

With our coauthors Randy Trzeciak, and Palma Buttles, we mapped the best practices to the five factors that affect practice implementation internationally, in the report Best Practices against Insider Threats in All Nations. Each practice is analyzed with respect to the five factors. Analysis was conducted both generally and with respect to potential implications of examples from various countries. This paper is an initial exploration of the effects of the international landscape on the implementation of cybersecurity best practices.

...

https://www.cert.org/blogs/insider_threat/2013/0/international_considerations_for_cybersecurity_best_practices.html

OAKLAND – September is National Preparedness Month and the Federal Emergency Management Agency is partnering with communities in Arizona, California, Nevada and Hawaii to encourage citizens to encourage families, individuals and businesses to act now to increase preparedness throughout the U.S.

FEMA Region 9 Administrator Nancy Ward will participate in an event with the Arizona Division of Emergency Management (ADEM), American Red Cross, City of Chandler, and the business community to kick-off National Preparedness Month in Arizona with a press conference and expo on Wednesday, September 4th at the Chandler Wal-Mart located at 1175 South Arizona Avenue.  ADEM will share samples of a recipe found in the Emergency Kit Cook-off (www.EmergencyKitCookOff.org) that is inspired by the contents of the 72-hour emergency food kit. 

“Preparedness is a shared responsibility. It takes a whole community and this is why you see federal, state, and county government agencies partnering with local municipalities, non-profits, and private businesses to spread the message about the importance of being prepared for emergency situations,” said Nancy Ward, FEMA Region IX Administrator.  “This year’s National Preparedness Month focuses on turning awareness into action by encouraging all individuals and all communities nationwide to make an emergency preparedness plan.”

National Preparedness’ Month is a nationwide, month-long effort hosted annually by the Ready Campaign and Citizen Corps, that encourages households, businesses and communities to prepare and plan for emergencies. One of National Preparedness Month’s key messages is: being prepared in the event an emergency means being self-reliant for three days without utilities and electricity, water service, access to a supermarket or local services, possibly  without available response from police, fire or rescue. Preparing for such disaster realities can start with four important steps:

1. Be informed about emergencies that could happen in your community, and identify sources of information in your community that will be helpful before, during and after an emergency

2. Make a plan for what to do in an emergency

3. Build an emergency supply kit

4. Get involved

This year’s National Preparedness Month focuses on turning awareness into action by encouraging all individuals and all communities nationwide to make an emergency preparedness plan. Preparedness information and events will be posted to http://community.fema.gov/connect.ti/READYNPM

Wednesday, 04 September 2013 15:20

Didn’t read the small print

Aussie court rules that’s OK

A Mondaq article titled We've always done it this way: when does prior conduct result in a term being incorporated into a contract? (http://tinyurl.com/ldttsam) reports that the WA Court of Appeal ruled that reading the fine print isn’t necessary.

The case on which the appeals court ruled involved a long-standing relationship between a vendor and the vendor’s client.

Over the years, the two parties agreed that when the client needed the vendor’s services, the client would pick up the phone and order the service. The vendor would provide the service and then submit an invoice.

The back of the invoice listed the vendor’s terms and conditions and included an exclusion clause.

After one instance, the vendor invoked the exclusion clause. The client claimed it never read the back of the invoice – it was, according to the client, just a bill.

...

http://johnglennmbci.blogspot.com/2013/09/erm-bc-coop-didnt-read-small-print.html

Wednesday, 04 September 2013 15:18

Cloud + Data Center = The New Enterprise

The latest research into cloud computing confirms what most of us already knew: The cloud is quickly becoming the new normal in enterprise computing, portending dramatic changes in hardware, software and service markets in the coming decade.

But even as cloud adoption kicks into high gear, it should be noted that not every application is suited for full cloud deployment and that in some cases the cloud could end up costing more than traditional data center infrastructure.

First, the numbers. Verizon reported this week that cloud utilization grew by 90 percent over the past year, a reflection of the technology’s transition from a largely test and development platform to a full production environment, even for mission-critical apps. The result is that organizations are on average increasing their cloud budgets by 45 percent per month.

...

http://www.itbusinessedge.com/blogs/infrastructure/cloud-data-center-the-new-enterprise.html

Wednesday, 04 September 2013 14:46

Can Google Glass Help First Responders?

Robocop may not be real, but his efficiency is something worth aspiring to. Through the use of Google Glass, communications vendor Mutualink may soon give public safety and military personnel a chance to capture some of the half-robot, half-man’s technological capabilities. Showcased from Aug. 18 to 21 at the annual Association of Public-Safety Communications Officials (APCO) conference in Anaheim, Calif., Mutualink demonstrated how Google Glass could serve real-time information, hands-free, to public safety officials using its interoperability communications platform.

Mutualink provides public safety and military organizations with the ability to share all kinds of data despite mismatched hardware or software. During its demonstration at APCO, hundreds of fusion centers, schools, hospitals, utility plants and operation centers were connected, able to share video, voice and data ad-hoc. That, said Vice President of Innovation Michael Wengrovitz, is the basic capability already offered by the company. Google Glass, about to enter the consumer market, will provide a new avenue for delivery of Mutualink's services, Wengrovitz explained.

...

http://www.emergencymgmt.com/disaster/Google-Glass-Help-First-for-First-Responders.html

By Ray Abide

The choice of business continuity exercise scenario is an important factor in its success, but how do you go about deciding what you should focus on?

Start by determining the top risks for *your* organization but avoid being influenced by external hype and scare-stories.

For example, in the middle of flu season, it is likely that some people might suggest that an appropriate exercise would simulate a response to an increasing number of influenza cases among workers which escalates into a workforce shortage. I am reminded of the intense focus on pandemic planning during the mid-2000s when there was significant attention given to a strain of avian influenza which rarely is transmitted to humans becoming much more easily transmitted to people and setting off a pandemic; or, the H1N1 (Swine Flu) pandemic of 2009 which drove the World Health Organization to create a lot of anxiety when it raised its pandemic alert level for the first time to phase 5, meaning that a full pandemic was considered imminent. While both are still very much risks today, they became subject to high-levels of media attention but then quickly subsided when the media found something more interesting to follow.

...

http://www.continuitycentral.com/feature1101.html

IT security is critically underfinanced by business, a global study has revealed.

Some 60% of IT decision-makers say there is insufficient time and money available to develop IT security policies, according to Kaspersky Lab’s Global Corporate IT Security Risks 2013 survey.

As a result, barely half of the companies surveyed feel that they have highly organised, systematic processes to deal with IT threats, the survey found.

The situation is especially poor in the education sector, where only 28% of organisations are confident they have sufficient investment in IT security policies.

But of even greater concern, only 34% of the government and defence organisations surveyed said they have enough time and resources to develop IT security policies.

...

http://www.computerweekly.com/news/2240204591/IT-security-critically-underfinanced-study-finds

CIO — It's commonly accepted among marketers that data-driven marketing powered by big data analytics is the wave of the future. That has led Gartner to predict that by 2017, CMOs will spend more on IT than CIOs. Others have suggested that the CMO will become the CIO's biggest customer.

Just how that relationship will shake out depends on how CIOs approach the problem of big data and business intelligence (BI). Jennifer Zeszut, former CEO and co-founder of innovative social media monitoring specialist Scout Labs (acquired by Lithium Technologies in 2010), and current CEO and co-founder of Beckon, a software-as-a-service (SaaS) offering for gaining insight from marketing data, says most IT departments have a flawed approach to big data and BI that forces smart CMOs to seek alternatives.

...

http://www.cio.com/article/739057/3_Lessons_CMOs_Take_Away_From_IT_s_Flawed_Approach_to_Big_Data

Tuesday, 03 September 2013 15:22

Who would'a thought?

Risk management is more than just looking at the organization.

It requires a little - or a lot of - curiosity and a strong look beyond the obvious.

Some examples.

Distant fire endangers san Francisco

As firefighters battle the Rim Fire in Yosemite National Park, the folks in San Francisco, roughly 200 miles to the west of the park, must be concerned with both their water supply and the electricity grid that serves the area.

...

http://johnglennmbci.blogspot.com/2013/09/erm-bc-coop-who-woulda-thought.html

Do you remember those problems in school calculus about the multiplication of bacteria? Throw in a little network effect and you can start to build a crude but realistic model of how illnesses like influenza are propagated throughout an organisation. One person carrying flu germs and coming into contact with other people in an enterprise can wipe out hundreds of work hours by spreading the disease. In these cases, the best solution for overall business continuity is individual business interruption – by having the person(s) concerned stay at home until the germs have gone away.

...

http://www.opscentre.com.au/blog/when-business-continuity-means-not-coming-to-work/

The growth of data surpassed unfathomable long ago, and anyone who deals with data knows this. But seriously, step back from the vastness of it for a minute and consider how massive these data amounts are.

We live in a world where cell phones have more processing power than the Apollo computers that landed us on the moon. And cell phones are far from the only devices contributing to our data gluttony.

A few recent stats on what to expect:

...

http://www.itbusinessedge.com/blogs/integration/data-management-turning-into-a-herculean-labor-issue.html

Tuesday, 03 September 2013 15:19

Futurist SME

You can find things of ERM interest in many different places.

I’m reading a novel* that involves organogenesis and some Wall Streeters who were buying life insurance policies at 15 cents-on-the-dollar from people with diabetes and other life-shortening diseases, people who due to the economy or cost of medical care were unable to continue paying policy premiums.

The ERM connection is that the Wall Streeters thought they had covered all the bases to assure their scheme would be highly profitable - the Wall Streeters would buy the policies, pay the policy premiums for what they expected to be a limited time, and then collect the policy's face value when the former policy owner died. They even hired a company to "run the numbers" based on actuarial statistics to assure the worthiness of their scheme.

Unfortunately, the Wall Streeters and their statistics vendor were putting their eggs into the proverbial basket based on history. They overlooked near-future possibilities such as the development of test-tube organs (organogenesis).

...

http://johnglennmbci.blogspot.com/2013/09/erm-bc-coop-futurist-sme.html

Tuesday, 03 September 2013 15:17

Eating your own Cooking – NSA example

by

Many have been jumping on the bandwagon of criticism for both sides of the issue of the Snowden leaks. Discussions are flying around LinkedIn and other sites about who is to blame ( http://www.theregister.co.uk/2013/08/30/snowden_sysadmin_access_to_nsa_docs/ ). All of this further enhances my belief that organizations, large and small, need to re-evaluate business as usual.

There is a push for security against external attacks; however, it has been well documented that most threats come from inside to allow passage inadvertently or maliciously take / leak classified information. I use the term classified intentionally, not to indicate governmental but organizational context. Classifying information is not just the responsibility of the government but of each organization (Information: Integrity, Confidentiality, Availability).  A couple month old advertisement for FedEx touted the cost saving mentality by a company that reprinted on the blank side of used paper.  An individual in the meeting turned the page over to ask about the title on the back, “Executive Compensation List”.  The head of the meeting dives across the conference table to grab the ‘list’ out of the attendee’s hand.  I found this hilarious as it points out that too often business as usual does not look at the big picture.  Discrete parts certainly need to be refined by subject matter experts; however, the whole needs to be examined as well.

...

http://mdjohn.wordpress.com/2013/08/31/eating-your-own-cooking-nsa-example/

Tuesday, 03 September 2013 15:16

Managing Small Business Risk

As any risk manager can tell you, risk knows no market segment. Large businesses with their multi-million dollar losses may get more attention but small- and medium-sized enterprises (SMEs) face risks as well. The difference for these smaller businesses is that the losses they face can’t always be absorbed into their balance sheet. Losses that would be relatively minor for their larger counterparts, could be devastating and could even force an SME to close its doors forever.

This is why, according to a survey by UK insurer Premierline Direct (part of the Allianz UK Group), it is interesting to see that despite being aware of, and having encountered, many common risks like customer non-payment, supplier issues and natural disaster losses, not all SMEs have been spurred to take action to mitigate future risk. One-fifth of UK SMEs surveyed not only do not have anyone who is responsible for managing risk, but have no plans to manage risks in the future. One-quarter do not consult with any specialists for risk management advice. Of course, the majority of SMEs do take risk management measures but closing the gap for the remaining businesses should be a priority.

To illustrate their findings and offer some tips on how SMEs can manage their risks more effectively, Premierline Direct provided the following infographic.

...

http://www.riskmanagementmonitor.com/managing-small-business-risk

Companies that hold any amount of data on their customers must now -- today -- begin thinking very seriously about what will happen to their reputations and their businesses if they do not take immediate steps to reassure customers their data is safe and private. Questions about who actually owns, and therefore controls the rights to, customer data are bound to surface very quickly as the world realizes privacy, as it was once defined and understood, is gone. To guide IT professionals in thinking about Big Data privacy challenges, ICC, a nationally recognized enterprise technology, has defined five questions every company must ask about their data and offers a new white paper about Big Data and privacy issues, “Big Data: Big Brother or Guardian Angel?”

...

http://www.itbusinessedge.com/slideshows/overstepping-the-line-between-big-data-and-big-brother.html

The term “information technology” is often forgotten. People think of IT and they think of the “tech” who will help fix their computer. But the primary role of information technology workers is to manage the flow of information or data. IT systems provide email, calendars, records, documentation, data storage and more—all of which are forms of information.

Providing security to all of this data is done in large part via access control (AC), which includes managing user access to disparate systems and stores of data.

The National Institute of Standards and Technology (NIST) has developed a framework for AC called the Policy Machine (PM), which helps IT create an enterprise-wide operating environment that simplifies management, governance and data interoperability issues that plague AC administration today.

...

http://www.itbusinessedge.com/blogs/it-tools/policy-machine-gives-access-control-more-vital-data-security-role.html

By

As part of the National Preparedness Month 2013 the Disaster Recovery Journal (DRJ) group is offering some free webinars offering a great resource of information regarding the timely disaster preparedness topics of writing and testing your organization’s disaster.

The first webinar is entitled “How to Conduct Powerful Exercises Every Time and addresses those crisis situations that require quick reaction and on-the-spot decision making —and — are often unexpected and unavoidable.  The degree of any organization’s success in responding, controlling and managing such a crisis is directly reflected by the level of effective and relevant training of the people involved.  Having accurate continuity plans is not enough to ensure a successful recovery.  People must be trained.  Conducting exercises is one of the most important activities that we can do to train people to respond, restore and recover from a crisis event.  These exercises transpose our response and recovery strategies from theory based ideas to reality.

Exercises build continuity muscle by generating knowledgeable and trained people along with more accurate and viable documentation when designed, developed and conducted correctly.  But what does it take to pull off a powerful and effective exercise?  How do you measure the results of an exercise?  And how can you leverage the learning environment that the exercise creates for maximum learning experience?

Some of the topics to be covered in this webinar are:

1.         What is and why should you conduct disaster exercises

2.         The six types of exercises

3.         Using the Exercise Planning Template (handout)

4.         Designing just the right exercise with the best of ingredients to obtain desired results

5.         How to prepare people for their success with maximum outcome

6.         Conducting the exercise where theory meets reality

7.         How to spot low hanging fruit by recognizing and identifying action items

8.         Virtual exercises, are they effective

9.         Focusing on what makes exercising easy …and fun

Exercising our business continuity, disaster recovery and crisis management plans are no longer an option if the objective is to have a viable continuity program works when reality strikes.  This is the one training about exercises that you cannot miss.  We will cover issues and present information that you will find nowhere else.  Take the time to make this happen for you.

Click here to register for this webinar being held on Wednesday, September 11, 2013 – 2:00 PM – 3:00 PM EDT.

Click here to register for the second webinar entitled “Escape the BC Plan Quagmire: Tips and Tricks for Migrating Seamlessly to a Better Solution “and which will be held on Wednesday, September 18, 2013 at 2:00 PM – 3:00 PM EDT.

If applicable, please pass this information along to those business continuity planning team members

 

Whistle-blowers are in the news more and more, but some organizations don’t seem to have caught up with the trend, or the fact that retaliation is illegal. They don’t seem to realize that negative reactions to a whistle-blower can make them look petty—and guilty.

Take two front page stories in our area newspaper on the same day this week. Both were about whistle-blowers who put their jobs on the line to come forward. One was fired, the other was suspended and later resigned.

In one case, The Journal News reported, a member of a New York town’s financial staff, the supervisor of fiscal services for more than 10 years, testified at a hearing that she notified several of her superiors that the town’s revenue projections were overestimated—on a financial statement needed for a bond application. She also reported improper money transfers—one made to the town supervisor. The woman was ignored, told to keep quiet, and eventually fired.

...

http://www.riskmanagementmonitor.com/companies-ignore-whistle-blower-protections

By Rob Sobers

A tidal wave of structured and semi-structured data is drowning the enterprise – documents, video and audio – and to get value from this data, and turn it into an asset, people across many teams need to be able to collaborate and share that data. However, if the wrong people access the data, it can seriously damage the business.

In order to manage and protect that data, businesses need to have systems and structures in place to manage it, and to understand how the data is being used, who has access to it and, more importantly, who shouldn’t have access to it.

Businesses today are struggling with proper data protection. IT is tasked with protecting an organization’s data, but often without the business-context needed to do this effectively. When considering how valuable an organization’s data is, a ‘best guess’ scenario is not enough. There are certain steps IT should take to keep data properly protected and managed, while still ensuring the right people have the access to that data.

...

http://www.continuitycentral.com/feature1099.html

If you ever need a belly laugh, visit the site DamnYouAutocorrect.com (warning: it’s often not safe for work). It’s also a great illustration of why you shouldn’t just force users through the same exact login procedure when they use mobile apps versus full-fledged browser windows: hitting all the right tiny keys is hard work, and often the software behind the scenes is helpfully trying to “correct” everything you type.

Responsive design is all the rage in consumer web app design, and for good reason: users can put down one device, pick up another, and change the screen orientation in mere moments, and app developers can’t afford to miss a trick in optimizing the user experience. Similarly, in researching current authentication methods and trends, we’ve come to believe more strongly than ever in adapting your user authentication methods to your population, the interaction channel they’re using, your business goal, your risk, and your ability to pick up on contextual clues about the user’s legitimacy or lack thereof. Call it responsive design for authentication.

...

http://blogs.forrester.com/eve_maler/13-08-28-responsive_design_is_good_for_web_apps_and_for_authentication

Decades ago, the ‘Jaws’ film series struck a chord with its marketing slogan ‘Just when you thought it was safe to go back in the water’. Risks are like sharks as well. You think you’ve disposed of one, only to find a new one circling you and your organisation, waiting for an opportunity to emerge and attack. The Institute of Risk Management has a research paper on offer dealing with emergent (or is that emerging?) risks – which it defines as those risks that have not yet happened, but that are expected to firm up and increase greatly in significance in the near future.

...

http://www.opscentre.com.au/blog/just-when-you-thought-it-was-safe-emergent-risks/

Just a quick reminder — September 2013 is National Preparedness month throughout the U.S.

And, given the fact that each year many small businesses nationwide are forced to close their doors in the aftermath of severe storms, flooding, tornadoes, wildfires and hurricanes, it is a good time to remind all businesses that help with your own business preparedness planning is available in this National Preparedness Month period through a series of free webinars in September hosted by the U.S. Small Business Administration (SBA) in collaboration with FEMA’s Ready Campaign and the Agility Recovery organization.

Below is a list of the topics. The hour-long webinars will be presented at 2 p.m. EDT each Wednesday in September.

September 11: Protecting Your Organization by Preparing Your Employees

September 18: The NEW 10 Steps to Preparedness – Lessons from the Past

September 25: Crisis Communications for any Organization

Watch for more information to follow regarding this important resource of awareness assistance and training opportunity.

As the job descriptions for data scientists and data analysts become more specific and the worries that not enough skilled potential hires are available in the right place at the right time to deal with Big Data initiatives, some CIOs see another potential problem arising from the race to maximize data analytics. And the negative consequences are partially pointed right at IT.

Much planning and investment is being devoted in companies around the world to selecting, procuring and providing sophisticated and powerful tools to allow employees across the organization to collaborate, analyze data and reach organizational goals. It’s become accepted as almost fact that to neglect this technology investment is tantamount to ruin. But, writes Andrew Horne, managing director of the CEB CIO Leadership Council, on the Executive Board blog,

...

http://www.itbusinessedge.com/blogs/charting-your-it-career/is-it-responsible-for-end-user-data-analysis-skills.html

To many executives of small to midsized businesses, Big Data isn’t even a part of their lingo, much less on their IT radar screen. From what I’ve read, though, just because you may not call it “Big Data” doesn’t mean you aren’t already dealing with it. The size of the data may be relative to the size of your company.

But my focus isn’t the size of your Big Data; it’s whether Big Data projects provide value for small to midsize businesses.

The answer is yes, but with some caveats. Let me explain. A company may have only 1 terabyte of data to analyze, but it may still be less effective than an enterprise with 100 terabytes of data to comb through. According to a post from the SMB Group:

...

http://www.itbusinessedge.com/blogs/smb-tech/smbs-can-obtain-significant-value-from-big-data-projects.html

Friday, 30 August 2013 14:11

Closing the Chasm

by

I was recently following a discussion on LinkedIn about what Law Firm staff should do to help IT. There were many responses over a period of three months. One response likened IT to fire fighters and staffers to arsonists (LOL – Ben Schorr). Ironically, the specificity of law is not unique to this problem. Legal firms have their own life-cycle and cadence that is certainly unique. The problem of communication and integration of IT and business is worldwide and ubiquitous in all industries.

The basic premise of a law firm is to serve the clientele in matters of the law. IT is also a service (similar to the ever more popular Cloud), which needs to be consumed as such. Often this point is touched upon very lightly or not at all. In fact, some pundits in the industry refer to IT as a commodity or a product. A product (piece of hardware or package of software) is not a solution. Technology enables people and process to create a solution. Thus, ITs basic premise is to serve its clientele in matters of automating processes and assisting people using technology to resolve the problems facing business.

...

http://mdjohn.wordpress.com/2013/08/28/closing-the-chasm/

CIO — As the federal government warms to the idea of allowing employees to use their own mobile devices for work and develops new device management policies, agency CIOs and others will still have to grapple with the challenges associated with application security, experts warn.

The initial challenge for federal IT managers evaluating BYOD policies was to ensure that their agency's infrastructure was secure enough for new devices to enter the network and provide for central management, according to Tom Suder, president of the mobile services provider Mobilegov.

With those policies in place, agencies have cleared the way for the development and adoption of innovative new applications that could boost productivity in a mobilized workforce. But those apps invite a host of new security challenges.

...

http://www.cio.com/article/738863/Federal_CIOs_Face_BYOD_Mobile_App_Security_Challenges

Many UK organizations are struggling to manage the threats they face because of inconsistencies in the way different teams communicate, share and interpret information. Although most organizations have a good understanding of the potential hazards they face, KPMG’s ‘Global Risk Survey’ reveals that a lack of skills, combined with a relaxed approach to ‘raising the alarm’, is increasing the risk to business operations.

More than 1 in 5 respondents to KPMG’s survey (21 percent) suggest that poor lines of communication between risk management teams and senior executives, combined with weak reporting processes, are to blame. A similar proportion (22 percent) argue that not all business units fully appreciate enterprise-wide threats, and that the resulting lack of a ‘big picture’ is a major challenge to handling day-to-day business risks.

Many of those questioned also suggest that their organization’s ability to spot, weigh up and manage emerging risks is not where it needs to be. For example, just 28 percent claim that their front-line teams are very effective at identifying potential problems and only 33 percent believe that these teams can adequately deal with new threats.

...

http://www.continuitycentral.com/news06908.html

CIO — I hear a lot of conversations these days about whether the "I" in CIO still means "information" or if it really stands for some other "I" word. Innovation? Integration? Intelligence? While those are always entertaining discussions to have, I'm thinking about a different letter entirely: Who is the CPO at your organization? The "P" doesn't stand for procurement or privacy, but for policy or process.

As I talk with CIOs about where their businesses are heading and what they are doing to get there faster, we often end up discussing their investments in consumer-based or emerging technologies. Then the focus inevitably moves to policy and process. "If I am going to enable and promote [bring your own device]," one CIO told me, "I need to have a policy and process in place that employees must follow to ensure we are safe, secure and compliant." I hear virtually the same comments about cloud and social, too.

...

http://www.cio.com/article/738539/New_Role_for_the_CIO_Chief_Process_Officer_8233_

Wednesday, 28 August 2013 16:07

Coherence of Vision

In my recent blog post Choosing Your Point of Organizational Incoherence, I stressed the importance of making a choice on how to deal with systemic incoherence that is beyond your control as a CIO or a CTO. Technology, economy and society are not likely to be aligned anytime soon; emphasis on maximizing shareholders value might make it impossible for you to make certain strategic investments; and, unrealistic expectations about predictability of the software development process might make you want to tear your hair out. True and painful that these three factors and possibly many others might be, you can’t just sit on your hands waiting for all the moons to be aligned. You have to act now and pick your point of incoherence in order to address today’s needs. For example as mentioned in the previous blog post, a CTO client of mine has recently chosen his Scrum Masters as the preferred “point” through which to manage end-to-end incoherence in his company.

This blog post addresses dealing with (in)coherence at the vision level. My fundamental premise is that once you have picked your point of organizational incoherence, you will be able to deal with most of the tactical, operational and strategic challenges that might come your way. However, you will not be able to deal with vision issues through your chosen point of incoherence. The reason is straightforward: unlike tactics, operations and strategy, your vision must be sustainable and coherent. Figure 1 illustrates this critical difference between tactics/operations/strategy on the one hand, and vision on the other.

...

http://blog.cutter.com/2013/08/27/coherence-of-vision

Wednesday, 28 August 2013 16:03

The Realities of Cloud Data Integration

I’ve written many times about the challenges of integration when you’re dealing with the cloud—either integration with services or integration with cloud infrastructure.

But I’m starting to see articles that add more depth to the data integration/cloud conversation, particularly when it comes to using cloud infrastructure.

Baseline Magazine recently published an article, “Integrating Clouds Into the IT Infrastructure,” that reminds us once again that the cloud is permanently changing the role of CIOs and IT within the enterprise.

...

http://www.itbusinessedge.com/blogs/integration/the-realities-of-cloud-data-integration.html

By Jim Mitchell

Perhaps I’m just a curmudgeon (a crusty, ill-tempered old man), but it irks me when someone uses the term “Business Continuity” exclusively to refer to IT planning.  Perhaps I’ve been in this industry too long.  I remember when IT planning was referred to as “Disaster Recovery”, and only business operations used the term “Business Continuity”.  Suddenly (or at least it seems sudden to me) IT specialists are throwing around the term Business Continuity as though they invented it – and as though everyone should understand what they mean.

Is Business Continuity an appropriate term for everything to do with recovery from, or response to a business disruption – to include both technology and operations?

Let me take a step back for a moment to admit that I’ve been a BCM industry advocate for integrating BC (business operations) and DR (technology) planning for many years.  I have been in the industry long enough to remember when IT Disaster Recovery plans were routinely created without input from ‘the business’ (the people who actually make money for the organization).  In that era – largely based on mainframes and midrange computers, and eventually ‘client-server’ infrastructure – DR plans were an all-or-nothing proposition.  You either had a working data center or you didn’t.  If the data center was disrupted (fire, power outage, flood, etc.) the Disaster Recovery Plan was the only alternative.  You packed up your people and sent them – and your backup tapes – to a 3rd party recovery site.  Anything short of smoke-and-rubble was viewed as an operational outage – not worth the cost of invoking the DR plan.

...

http://ebrp.net/business-continuity-and-disaster-recovery-big-tent-or-separate-umbrellas/

An updated version of an article first published in 2010.

By Charlie Maclean-Bristol.

Snake oil is applied metaphorically to any product with exaggerated marketing but questionable and/or unverifiable quality or benefit (1).

For the consultant, selling business continuity can be the ultimate snake oil. Often, the potential client has been told to implement business continuity and doesn’t know where to start. Along comes the consultant, offering to take all the potential client’s pain away. They make all the right noises about BIAs, BCPs and RTOs but the client is never sure whether they are being sold the snake oil or a genuine cure. With other types of consultancy there is often a ‘cost benefit’, where the consultant will be able to show demonstrable changes or cost savings to the client.

In purchasing business continuity consultancy you buy from a consultant who plans for something which may never happen. If the plans have to be used, the consultant has been paid and is off to their next job. If the plan does not work, the consultant can blame the updating of the plan and not the original plan which they delivered. Therefore, providing business continuity consultancy is the snake oil peddler’s dream: it can command a premium price; you are often selling to a client who does not really understand what they are being sold; and it is very unlikely that your plan will actually be used and, if it is used, you most likely have been paid for the work and are long gone.

The purpose of this article is to give potential purchasers some ideas on what to look for in choosing a business continuity consultant, which will hopefully ensure that you get the services at the quality you require. By using the ideas within this article you should hopefully avoid the purveyors of snake oil and employ someone who will give you a genuine cure for your business continuity problem.

...

http://www.continuitycentral.com/feature1097.html

University tuition fees are at an all-time high of £9,000 maximum a year, so for many students university is no longer a viable career option for them. However, university is not the only way to achieve a fulfilling career in the IT industry.

Lesley Cowley, CEO of Nominet, said for those that do decide to look into the alternatives to university, there are many options:  “Apprentice schemes are a good starting point as they can offer students the opportunity to gain some on-the-job skills alongside college studies, meaning that both the business and the individual can grow their own future talent.”

Cowley said in the IT industry for example, many are put off by the misconception that you must have an ICT education or qualification to work in the IT industry: “In fact, there are multiple routes into IT careers; from college and university courses to workplace apprenticeships. For example, our post A-level apprentice scheme is currently in its third year and gives school leavers the opportunity to apply for roles within our technical infrastructure, software development and business intelligence teams.

...

http://www.computerweekly.com/news/2240204240/Why-become-an-apprentice-instead-of-a-uni-student

What good is a high-performance team in a vacuum, and how long will one last without an environment in which it can thrive?

This is the question that comes to mind when I’m asked to comment on the role of leadership in high-performance teams. Teams may be able to achieve various states of high performance for a time, or from time to time, perhaps experienced by the team as being “in the zone.” But my thoughts turn toward questions of causing teams to be in the zone on demand, and of sustaining a state of high performance.

Three Simple Words…

Be. Do. Have. These three words outline what I’ve learned in life, and they work as a sequence to achieving sustained success. Ironically, in most cultures I’ve encountered, the success sequence is often performed backward, and doing it backward isn’t successful. In fact, instead of success, the reversed sequence leads to a state of sustained unfulfillment. Too often, people operate in a “have-do-be” sequence. For example, “Were I to have money, I would do what people with money do, then I could be what people with money are” (rich). As a result, following this sequence leaves people perpetually unfulfilled because how much “have” do you need before you can start “doing,” and how much “doing” is needed before you can declare yourself to “be rich”? Typically, starting with the “have” leads to never getting to the “be.”

...

http://blog.cutter.com/2013/08/27/creating-high-performance-teams-three-simple-words

Editor's note: Kelly Wallace is CNN's digital correspondent and editor-at-large covering family, career and life. She's a mom of two girls and lives in Manhattan. Read her other columns and follow her reports at CNN Parents and on Twitter.

(CNN) -- My mother-in-law and I talk about nearly everything. But when I mentioned to her recently that I was working on a story about emergency preparedness, I realized that's one thing we've never discussed -- even though she lives nearby and would certainly factor into our family plan.

"If a disaster strikes, where would we meet?" we asked each other. "Who would we call? What would we take with us?"

A new national advertising campaign shared with CNN exclusively ahead of its official launch Wednesday aims to get families like my own at least talking about what we'd do in the face of a natural disaster or other emergency.

"This is a pretty fearful topic for a lot of parents," said Priscilla Natkins, executive vice president and director of client services for the Ad Council, the private nonprofit group spearheading the campaign along with the Federal Emergency Management Agency.

...

http://www.cnn.com/2013/08/27/living/parents-emergency-preparedness-ad/index.html

Have you ever wondered, what’s top of mind for leading CEOs? Below are direct quotes from a discussion on July 23, 2013 with some of the most admired CEOs on key topics like: uncovering emerging changes, CEO priorities, what’s around the corner, the future of big data, differentiating their customer model. The CEOs in the discussion all have 100 plus year old companies who lead their specific industry.

- Hikmet Ersek is CEO and President of Western Union, which might actually be the world’s largest retailer with 520,000 storefronts and more than 1 million agents. Ersek was cited as 2012 ‘Responsible CEO of the year’ by Corporate Responsibility Magazine.

- Shivan Subramaniam is 14-year CEO, and Chairman, of FM Global. FM Global is the 185-year old insurance leader with no actuaries – only engineers — where 30% of the Fortune 1,000 are clients.

...

http://www.forbes.com/sites/robertreiss/2013/08/27/how-top-ceos-think-from-big-data-to-the-future/

BRAITHWAITE, La. (AP) – Isaac barely had hurricane-strength winds when it blew ashore southwest of New Orleans a year ago, but its effects are still apparent in coastal areas where it flooded thousands of homes.

After landfall on Aug 28, 2012, Isaac stalled, dumping more than a foot of rain and churning a monstrous storm surge. Water flowed over levees and destroyed homes and businesses in coastal Louisiana and Mississippi.

In the end, it was blamed for seven deaths. In Plaquemines Parish, one of the hardest hit areas, damage to homes and businesses has been estimated at more than $100 million, said Guy Laigast, director of the parish's Office of Homeland Security and Emergency Preparedness.

...

http://news.yahoo.com/la-community-ghost-town-isaac-104930580.html

Tuesday, 27 August 2013 15:19

HR Departments Invaded By Data Scientists

CIOWhen General Motors was looking for someone to lead its global talent and organizational capability group, the $152 billion carmaker clearly wasn't looking for a paper-pushing administrator. Michael Arena, who took the position 18 months ago, is an engineer by training. He was a visiting scientist at MIT Media Lab. He's a Six Sigma black belt. He's got a Ph.D.

This is not your father's human resources executive.

But it is a sign of where the corporate HR function is headed. Arena is dedicated to the hot field of talent analytics--crunching data about employees to get "the right people with the right talent in the right place at the right time at the right cost," he says.

...

http://www.cio.com/article/738356/HR_Departments_Invaded_By_Data_Scientists

Tuesday, 27 August 2013 15:19

Disaster Recovery Set to Grow in the Cloud

One of the big things about cloud computing is the potential for cutting costs and saving capital. On demand storage and Software as a Service (SaaS) paved the way with applications stretching from cloudified accountancy to sales force and customer relationship management. ‘All things shall move to the cloud’ is the mantra of many, and disaster recovery appears to be obeying the same rule. RaaS or Recovery as a Service is set to grow according to a recent Research and Markets report, with an impressive 55.2 per cent compound annual growth rate between 2013 and 2018, moving to a $5 billion market globally in five years’ time. But what does RaaS change for organisations down on the ground?

What changes is the way disaster recovery is paid for and how much it costs. With cloud vendors continually innovating in terms of service offerings, customers will often see cloud DR costs going down compared to conventional or in-house solutions. New pricing models are coming where users pay on the basis of how much disaster recovery they actually do (for example, restoring stored data), rather than how much DR for which they provision (for instance, how much data they upload for storage).

...

http://www.opscentre.com.au/blog/disaster-recovery-set-to-grow-in-the-cloud-2/

The announcement that Microsoft CEO Steve Ballmer will step down from that position within the next 12 months has brought the often-neglected topic of succession planning to the forefront again. The attention is not yet as sharp as it was when Steve Jobs announced his medical leave from Apple, and it may not reach that level. However, it’s never too early to discuss in earnest your company’s and your department’s plans, if any, for succession in at least key positions.

If the words “succession planning” don’t appear anywhere in your organization’s processes or documentation, that’s not necessarily a negative. This type of planning, writes Sue Brooks, managing director for talent management firm Ochre House, is ready for broadening: “Currently, succession plans are focused on filling roles, but to be truly strategic we need to look at developing individuals into these new roles through talent management.” That approach isn’t surprising coming from a talent management firm, but it doesn’t mean she’s wrong. And for those with no formal succession planning process in place, I think these should be encouraging words. Considering the succession plan as part of the ongoing talent management efforts keeps the focus and energy from flagging, and covers alternate scenarios, including department reorganizations, for example, and not just leaders leaving the company.

...

http://www.itbusinessedge.com/blogs/charting-your-it-career/focus-on-succession-planning-as-ongoing-strategy.html

The data center is quickly moving toward hyperscale architectures, the result of both advancing technologies and economic forces weighing on the enterprise.

The question, though, is not whether hyperscale deployments will increase in numbers or even come to dominate the IT industry, but will the owned-and-operated data center model simply become too burdensome for the vast majority of organizations?

On the economic front, it’s hard to argue against the hyperscale model. As Google, Facebook, Amazon and others have proven, volume hardware and software deployments can reach the point at which a single buyer becomes a channel in itself—that is, the company consumes in such volumes that it can custom-order its own platforms directly from the chip- and board-level suppliers that cater to the big OEMs. And in the case of Facebook, these designs are starting to trickle into the IT industry at large through initiatives like the Open Compute Project.

...

http://www.itbusinessedge.com/blogs/infrastructure/traditional-and-hyperscale-is-there-room-in-it-for-two-kinds-of-data-centers.html

CSO — Big data does not necessarily mean Good Data. And that, as an increasing number of experts are saying more insistently, means Big Data does not automatically yield good analytics.

If the data is incomplete, out of context or otherwise contaminated, it can lead to decisions that could undermine the competitiveness of an enterprise or damage the personal lives of individuals.

One of the classic stories of how data out of context can lead to distorted conclusions comes from Harvard University professor Gary King, director of the Institute for Quantitative Social Science. A Big Data project was attempting to use Twitter feeds and other social media posts to predict the U.S. unemployment rate, by monitoring key words like "jobs," "unemployment," and "classifieds."

Using an analytics technique called sentiment analysis, the group collected tweets and other social media posts that included these words to see if there were correlations between an increase or decrease in them and the monthly unemployment rate.

...

http://www.cio.com/article/738767/Big_Data_Without_Good_Analytics_Can_Lead_to_Bad_Decisions

According to a survey performed by Experian Data Breach Resolution and the Ponemon Institute, only 31 percent of companies are insured against data breaches.  Meanwhile, 76 percent of respondents rated the impact of a security breach to be greater than or equal to a natural disaster, business interruption or fire.

The average cost for data breach was estimated by respondents to be $163 million, although some projections neared $500 million in damages. For a 24 month period, the 56 percent of respondents having suffered a cyber-security attack reported the average cost of the breach to be $9.4 million.

...

http://www.insurancefortechs.com/cyber-security-breach-damaging-natural-disaster.html

IT outsourcing as a percentage of the IT budget dropped this year, reversing a four-year trend and marking the first time since the start of the recession that IT organizations have begun shifting spending plans on a percentage basis toward developing internal operations and capabilities and away from outsourcing partners, according to a report by research and advisory services specialist Computer Economics.

Survey results suggested organizations are starting to "back-source" their IT services, bringing them back in-house after a period of growth in the use of service providers. The decline in IT outsourcing was reported as significant, down from an average 11.9 percent in 2012 to 10.6 percent in 2013. Meanwhile, IT operating budgets are rising 2.5 percent this year at the median, and IT capital budgets are up 4 percent.

"With the tentative improvement in the economic outlook, IT organizations are putting newfound resources into internal operations and capital investments at a pace that is greater than their spending with IT service providers," the report noted. "IT outsourcing budgets are not necessarily shrinking so much as IT budgets are rising. The denominator is rising faster than the numerator."

...

http://www.itbusinessedge.com/articles/it-budgets-rise-but-businesses-cut-back-on-it-outsourcing.html

Monday, 26 August 2013 15:39

There are no winners in the blame game

Every time a major security breach makes the headlines, a common reaction happens. Even before the details of the breach are known, the infosec world gets into a frenzy of speculation as to how the attack happened, who conducted it, and whether the attackers were skilled or not. Invariably the conversation focuses onto the company that is the victim of the attack, and it often tends to highlight how stupid, negligent or weak its security defenses were. In effect, we blame the victim for being attacked.

While the organization may have been negligent, or their security not up to scratch, we should not forget they are still the victim. How good, or not, the victim’s security is a separate issue for a separate conversation. Foisting blame on the victim on top of having to deal with the incident does not bring much value to the conversation. The blame for the attack should lie squarely on the shoulders of those who conducted it.

...

http://www.net-security.org/article.php?id=1877

A lot of people don’t see the necessity of listening online. The truth is this is perhaps more important than actually being active online. The cold hard fact is that people are having conversations (good and bad) about your brand whether you like it or not and for anyone with an interest in selling (which let’s face it we all are) its crucial to pay attention to what our customers, potential customers, competitors and influencers are saying about our brands.

ORM — Online Reputation Management — is a really good way to go about listening. There are a number of tools out there that you can use, but the real value comes out of understanding what ORM actually means for your business.

...

http://za.news.yahoo.com/5-very-important-reasons-company-needs-online-reputation-044008966.html

WASHINGTON (AP) – The latest high-tech disruption in the financial markets increases the pressure on Nasdaq and other electronic exchanges to take steps to avoid future breakdowns and manage them better if they do occur.

The three-hour trading outage on the Nasdaq stock exchange Thursday also can be expected to trigger new rounds of regulatory scrutiny on computer-driven trading. Investors' shaky confidence in the markets also took another hit.

The exchange opened as normal Friday.

Questions about potential dangers of the super-fast electronic trading systems that now dominate the U.S. stock markets ripple again through Wall Street and Washington. Stock trading now relies heavily on computer systems that exploit split-penny price differences. Stocks can be traded in fractions of a second, often by automated programs. That makes the markets more vulnerable to technical failures.

...

http://www.memphisdailynews.com/news/2013/aug/26/nasdaq-breakdown-puts-pressure-on-crisis-work/

There has been a lot of speculation about the impact of PRISM on data security and cloud computing; just this week alone two influential articles have been written quoting wildly different predictions on how much the revelations will cost cloud vendors, but there’s no denying that the ripples in the industry are starting to rock the boat.

The Information Technology and Innovation Forum (ITIF) recently announced that due to the fears over data privacy and security that PRISM has highlighted, the cloud computing industry stood to take a hit in the order of $36 billion by 2016. But Forrester Research has come out to say this estimate is too low and the impact could be far deeper to the tune of $180 billion.

...

http://gigaom.com/2013/08/24/the-death-of-the-cloud-has-been-greatly-exaggerated/

CIO — Even though midmarket industrial firms have valuable IP and business processes, they are lagging behind other industries when it comes to data security, according to a recent report by assurance, tax and consulting firm McGladrey.

"A lot of the executives we asked about security risks don't believe their data is at risk or is at very little risk," says Karen Kurek, leader of McGladreys industrial products practice and a member of the National Association of Manufacturing (NAM) Board of Directors. "Two-thirds of them said it was at little or no risk. I think in general, in this sector, a lot of people don't understand the potential exposure that they have."

"But we know that middle market companies very much are targeted," she adds. "Part of [the reason for their belief] is because ignorance is not bliss. There's this false sense of security. They don't know what they don't know until something happens to them."

...

http://www.cio.com/article/738751/Data_Security_Lagging_at_Midmarket_Industrial_Firms

Network World — California is rolling out a new law to reduce greenhouse gas emissions, primarily from electric generating plants, and the cost of the effort is expected to be passed along to data centers, which are among the biggest consumers of electric power in the state.

This means data center operators in California will need to step up their energy efficiency efforts in order to avoid the higher costs. And the handwriting is on the wall for data centers in the rest of the U.S., as President Obama has directed the EPA to develop greenhouse gas controls nationwide.

The law that took effect on Jan. 1 requires California to reduce greenhouse gas emissions to 1990 levels by 2020. The plan is to try to reduce emissions statewide by 2 percent to 3 percent a year. According to the California Air Resources Board, the lead enforcement agency, the law requires power plants to obtain permits, also called "allowances," for every metric ton of greenhouse gases they emit.

...

http://www.cio.com/article/738747/New_Global_Warming_Rules_Put_the_Heat_on_Data_Centers

The Department of Energy was hacked. Again. It is the second time this year that the DOE was the victim of a breach. The breach took place in, and it is believed that the personally identifiable information (PII) of 14,000 present and former employees was potentially compromised.

 

Defense contractor Northrop Grumman recently announced that it, too, suffered a similar breach.

In both cases, because of the type of information affected, the hackers may have been doing little more than data mining for valuable-on-the-black-market PII. Or it could be the hackers were looking for more, like the ability to access data involving the critical infrastructure or national security stored on the organizations’ networks. We don’t know, and we won’t know, as Anthony DiBello, strategic partnerships manager, Guidance Software, pointed out to Sue Marquette Poremba in an email, without a complete forensic analysis of the compromised systems. He went on to say:

...

http://www.itbusinessedge.com/slideshows/six-steps-for-dealing-with-a-high-level-data-breach.html

 

 

 

Hello, this is George J. Silowash, Cybersecurity Threat and Incident Analyst for the CERT Division. Organizations may be searching for products that address insider threats but have no real way of knowing if a product will meet their needs. In the recently released report, Insider Threat Attributes and Mitigation Strategies, I explore the top seven attributes that insider threat cases have according to our database of over 700 insider incidents. These attributes can be used to develop characteristics that insider threat products should possess.

The top seven characteristics that insider threat products should have based on cases from our database include the ability to execute these activities:

...

https://www.cert.org/blogs/insider_threat/2013/08/seven_ways_insider_threat_products_can_protect_your_organization.html

 

Business adoption of Internet of Things solutions will be fast — in fact, as I wrote yesterday, it’s already here for some industries. That’s why CIOs and other IT leaders need to gear up for supporting the unique data issues related to this trend.

Let’s look at what makes the Internet of Things data a bit different from other IT data resources.

The Problem: Mega Big Data. One of the main differences will be in the amount of data you’ll need to sort, improve, integrate, analyze and manage. You’ve heard of Big Data? All these devices, constantly chattering updates about moisture, light, movement and whatnot, will create crazy amounts of Big Data.

IT Requirement: A (possibly real-time stream) data analytics platform that can handle Big Data and a scalable infrastructure to support it.

...

http://www.itbusinessedge.com/blogs/integration/big-data-gets-bigger-as-internet-of-things-awakens.html

Friday, 23 August 2013 22:11

Four steps for denying DDoS attacks

How should banks and financial institutions deal with increasing numbers of large-scale denial of service attacks?

By Avi Rembaum and Daniel Wiley.

Financial institutions have been battling waves of large distributed denial of service (DDoS) attacks since early 2012. Many of these attacks have been the work of a group calling itself the Qassam Cyber Fighters (QCF), who until recently posted weekly updates on Pastebin about their reasons behind their attacks, and summarising Operation Ababil, their DDoS campaign.

Other hacktivist groups have launched their own DDoS attacks and targeted financial services institutions with focused attacks on web forms and content. There have also been reports of nation-state organized cyber assaults on banks and government agencies, along with complex, multi-vector efforts that have combined DDoS attacks with online account tampering and fraud.

These incidents against all sizes of banks have shown that there are many kinds of DDoS attacks, including traditional SYN and DNS floods, as well as DNS amplification, application layer and content targeted methods. Denial of service (DoS) activities that have targeted SSL encrypted webpage resources and content are an additional challenge. In some instances, the adversaries have moved to a blended form of attack that incorporates harder-to-stop application layer methods alongside ‘cheap’, high-volume attacks that can be filtered and blocked through simpler means.

...

http://www.continuitycentral.com/feature1095.html

Friday, 23 August 2013 22:11

Five new virtualization challenges

As virtualization capabilities are built into networking, storage, applications and databases giving shape to the software defined data centre, problems with management and visibility across data centre boundaries will emerge. A recent survey by SolarWinds revealed that more than 700 IT professionals in six countries across the globe agreed that virtualization technology contributes significantly to management challenges, indicating the impact is undeniable and vast.

With the software defined data centre transition an imminent reality, the following five management challenges arising from the survey should be considered by every business continuity manager:

Virtual mobility impacts network optimization
Virtualization has typically operated within a contained portion of the network such that changes in the virtualization environment didn’t usually impact the broader network. With improvements and increased adoption of workload mobility technologies like Metro vMotion and storage vMotion that make it easier to move workloads geographically, the rapid movement of workloads could cause new problems for the overall enterprise network.

...

http://www.continuitycentral.com/news06902.html

European companies are prioritising risk management as never before, although some weaknesses remain.

These findings come from research on risk management leadership conducted with risk managers from the Federation of European Risk Management (FERMA) and the public sector associations PRIMO by Harvard Business Review Analytic Services sponsored by insurer Zurich.

In their responses, more than 200 executives at major European organizations emphasise how top management and the board are increasingly setting direction and taking tighter control of risk management, integrating it with overall company strategy and embedding it deeper into corporate culture.

The survey indicates that, at 35 percent of organizations, either a chief risk officer or a risk manager has direct responsibility for risk management. At 27 percent, either the CEO or the CFO/treasurer has direct responsibility, while the board itself is responsible at 14 percent.

...

http://www.continuitycentral.com/news06904.html

CIO — There's no doubt that multisourcing -- parceling out the IT services portfolio among a number of vendors--has its benefits: competitive pricing, increased flexibility and access to a deeper pool of talent, among others. But working with multiple providers creates multiple challenges, not the least of which is trying to get all of those competing vendors to play nice.

In fact, almost everything in the typical outsourcing transaction, transition and operation is conspiring against them getting along.

For one thing, they may be no incentive for the providers to work together. Multisourcing has entered the mainstream, but outsourcing contracts and negotiations haven't kept pace with the trend.

...

http://www.cio.com/article/738634/How_to_Get_Multiple_IT_Outsourcing_Providers_to_Play_Nice

Believe it or not, your IT department is probably full of squirrels. No, not those cute fuzzy critters that climb trees, but data consumers that hide data away with the same relentless fortitude as their bushy tailed namesakes hide acorns.

I was inspired by this idea by Dave Russell, VP and Distinguished Analyst at Gartner. Dave is a long-time industry watcher and one of the smartest people around when it comes to understanding the data protection industry. I was in a meeting with him recently when he mentioned how IT departments tend to have lots of people in them who like to “squirrel away” copies of data. That got me thinking.

...

http://blogs.computerworld.com/data-storage/22687/are-there-squirrels-your-it-department

Friday, 23 August 2013 22:07

LET’S NOT LOSE OURSELVES IN IT

by

Outsourcing, co-location, leasing, COO / CFO absorption of the CIO role, cloud computing and so on are the topics littered across the landscape of today’s IT world. Reading an article recently sparked a long running exposed nerve I have endured painfully throughout my career in this industry, IT. While it is absolutely true that we should not bind ourselves within the borders of our thought, nor our physical location. The truth resounds in a deafening roar, “Do not forget the human element!” People are still a part of this technological world. Processes certainly support people and are automated by technology; however, this does not take the place of the communion that occurs between people.

Regardless of the business model, remote operations are attractive due to the low cost component of the equation. Those that are skeptical about IT ever providing bottom line benefit if kept in house can now relax. I am not out to debunk the bottom line cost reduction that outsourcing, cloud computing, or other forms of remote operations contribute. IT must evolve (http://wp.me/p3JnQK-12). In fact, I am a big believer in cost reduction. The issue at hand is how to “communicate” within the context of our ever-digitizing world. We cannot lose the communion portion of that word, communicate.

...

http://mdjohn.wordpress.com/2013/08/22/lets-not-lose-ourselves-in-it/

By Jack Rosenberger

A vice president of datacenter initiatives and digital infrastructure with the analyst firm 451 Research, Michelle Bailey recently spoke with CIO Insight about IT investments, the current lack of innovation, business metrics and what many CIOs should be thinking about but aren’t. Here is a condensed version of Bailey’s remarks.

It’s time for companies to invest in IT. “The economy is improving, and we’re seeing jobs growth and improvement in the housing market, especially in the U.S., but what we aren’t seeing a return to IT spending. We haven’t seen the return to IT spending that we would have expected to see by now. Instead, we are seeing companies hoarding cash and a lot of bloated balance sheets. We’ve seen a lot of IT consolidation projects, with CIOs going after the low-hanging fruit, which is fine during the downturn of the economy. But what we’re not seeing—and what we should be seeing—is long-term investments in IT.”

...

http://www.itbusinessedge.com/interviews/what-cios-should-be-thinking-about-but-arent.html

Friday, 23 August 2013 22:05

How to build a risk threat model

Each business is different and requires diverse security measures and best practices, yet each security division runs into similar barriers when trying to convince management to loosen the purse strings.  

Security experts shared their tips and advice on how to build a risk threat model, at Rapid7’s United security summit 2013.

John Pescatore, director emerging security trends at SANs believes different environments require different security gauges.

“A car has a check light for when running out of gas," said Pescatore. "A boat has different gauges to not just gas but to show depth. A plane has gauges on gas, if the wings are level, etc. All environments are different and require different protections. Attackers target anyone that has information that be sold.”

...

http://www.computerweekly.com/news/2240203941/How-to-build-a-risk-threat-model

It’s time to think about how you’ll manage data from the Internet of Things.

I’m not being trendy. I know it seems too new to be possible, but actually the Internet of Things is a simple concept. Sensors + Wi-Fi = Device. It will quickly take root like kudzu, overwhelming your systems, particularly your data systems.

Consider this: Cisco states that what it calls the “Internet of Everything”—people, process, data and things using network connections—will reach an additional $544 billion in profits this year alone, according to CNET. By 2020, the GSM Association’s Connected Life predicts growth to 24 billion connected devices, Wired reports.

...

http://www.itbusinessedge.com/blogs/integration/why-cios-need-to-prepare-for-big-data-from-internet-of-things.html

Migrate an installed Windows system, even Windows 8 or Windows Server 2012, to a GPT/uEFI configuration on a solid-state drive without interrupting the use of applications or having to restart the system.

Paragon Software Group (PSG), the leader in data backup, disaster recovery and data migration solutions, announces Paragon Migrate OS to SSD 3.0, a one-step tool to migrate Windows systems to faster solid-state drives (SSDs). This major upgrade allows users to perform system migration to a GPT/uEFI configuration directly under all versions of Windows from XP, onwards including Windows 8 and Windows Server 2012. Users can continue working with applications during the migration process and are not required to restart the system. In addition, Paragon Migrate OS to SSD 3.0 now offers the option to build a WinPE bootable media to do migrations or fix various boot problems without installing the product. 

As PC users seek to take advantage of SSDs’ better access time, read/write speeds, and resistance to physical shock from drops, the challenge becomes moving massive amounts of data, applications and the operating system from the existing hard drive to a smaller SSD. Paragon’s intuitive wizard simplifies the migration process, automatically downsizing the source system volume and providing intelligent selection of specific files when migrating to smaller-capacity drives, and auto-aligning copied system partitions – all without rebooting the system.

...

http://www.datastorageconnection.com/doc/paragon-migrate-os-to-ssd-one-step-migration-to-solid-state-drives-0001?atc~c=771+s=773+r=001+l=a

Softening market a relief for business insurance buyers

By John Prendergast

Market forces at play in the business property and casualty insurance category mean that some buyers can expect reduced costs and improved quality when the time comes to renew.

This contradicts predictions at the time of the Christchurch earthquakes, that cover would be more expensive and restrictive for many years. The reality is increased capacity from insurers seeking market share has led to a softening market for business insurance. But to access possible benefits, organisations will need to demonstrate a sound understanding of their risk profile and have an active risk management plan in place.

Property and casualty insurance is a category that includes business interruption, material damage and business continuity insurances. Business interruption is an area where medium to large businesses typically may spend up to 80% of their insurance dollars – anywhere between $200,000 and $3.5 million a year, depending on the organisation size and industry.

...

http://www.scoop.co.nz/stories/BU1308/S00865/softening-market-a-relief-for-business-insurance-buyers.htm

The US Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA) and the Commodity Futures Trading Commission’s (CFTC) Division of Swap Dealer and Intermediary Oversight have issued a joint advisory on business continuity planning.

The advisory follows a review by the regulators in the aftermath of Hurricane Sandy, which closed US equity and options markets for two days in October 2012. It encourages firms to review their business continuity plans and consider implementing the following suggestions (published verbatim):

...

http://www.continuitycentral.com/news06893.html

The Hurricane Sandy Rebuilding Task Force has issued a detailed new document which provides recommendations for ways to use Hurricane Sandy rebuilding projects to enhance business, community and critical infrastructure resilience.

The recommendations in ‘Hurricane Sandy Rebuilding Strategy: Stronger Communities, A Resilient Region’ were identified through the help of input from the Task Force’s community engagement with a wide range of stakeholders (including businesses, non-profits, philanthropic organization, local leaders and community groups).

The recommendations include:

...

http://www.continuitycentral.com/news06896.html

Perhaps you’ve already come across Duct Tape Marketing, a popular business book about successful marketing for small businesses. Duct tape, as you may know, is the strong adhesive tape you can use as a quick fix to bind many different things together especially if you don’t have any other solution. It stops things from falling apart, falling over, leaking or separating when they shouldn’t. Is a ‘duct tape’ approach possible for business continuity too? And if so what would be the ‘duct tape’ to make it happen?

It turns out that the title of the book may be a bit of a stretch compared to its contents. With a slogan of ‘Stickiness – marketing that sticks like Duct Tape’, the methods proposed are based more on top-down business strategy. On the other hand, readers seem to appreciate the book for its simplicity, its orientation towards action and its ‘let’s do it now’ approach. In other words, the book scores higher on the freshness of its approach, rather than on any innovation in its material. Readers also note the emphasis on planning and the design of programs to support key business objectives.

...

http://www.opscentre.com.au/blog/duct-tape-business-continuity-can-it-work/

Personally, I have several old cell phones stuffed into a “junk drawer” in my office. I know the IT guys at my previous employer, a midsize tech company, had extra monitors, towers and hard drives stacked in empty cubicles and in the server room. My point is, it can be a good idea to reuse electronic equipment, but are we all just really putting off getting rid of the stuff because we’re honestly not sure what to do with it?

If your company doesn’t have a policy for disposing of electronic devices, phones or computers, now may be the time to create one. Usage of PCs, laptops, smartphones and tablets is increasing in the business world, and with new technology constantly evolving, users typically need the latest and greatest versions, which leads to stacks of old, obsolete electronics piling up in the office. And getting rid of those old gadgets and computers isn’t as easy as chucking them into the dumpster, either.

...

http://www.itbusinessedge.com/blogs/smb-tech/how-to-safely-purge-old-electronic-devices-from-the-office.html

New market data is adding momentum to the software-defined data center (SDDC) movement, invoking images of instant provisioning of end-to-end data environments and anytime/anywhere access for users unwilling to restrict their data usage according to the whims of the physical universe.

Normally, this is the part where I would say something like “the reality will be quite different,” but the fact is that SDDC does have the potential to foster the kind of data infrastructure that allows users and even applications themselves to define their own operating environments, seamlessly compiling resources wherever they may be found—physical, virtual, on-premise, in the cloud—and dramatically reducing both the cost and power consumption of today’s patchwork infrastructure.

...

http://www.itbusinessedge.com/blogs/infrastructure/all-systems-go-for-the-software-defined-data-center.html

Thursday, 22 August 2013 15:04

Patching the BCM Program Gaps

As a software company involved in the Business Continuity Management industry for over 13 years, we are constantly collaborating and exploring new opportunities with organizations in the market for BCM software that are looking to create an effective program to meet their goals and objectives.

Based on our experience, we have concluded that the end-state of BCP should be the ability to respond to any disruption that impacts an organization’s ability to deliver products & services. Disruption of that ability may be result from any an impact on any area of operations. Unifying Employee Health &Safely, Crisis Management, BCP, IT- Disaster Recovery Planning, Supplier Continuity Planning, Alternate Work-Area Planning, Integrated Notification and Incident Management – among other forms of contingency planning – can lead to a resilient organization, and provide tremendous advantages. We call this collaborative effort, “Unified BCM”.

...

http://ebrp.net/patching-the-bcm-program-gaps/

 

CIO — In the aftermath of the great data heist by Edward Snowden, the now-infamous computer specialist who stole top secret information from the National Security Agency and leaked it to The Guardian earlier this summer, CIOs are feeling a little helpless.

"People are saying that if it happens to the NSA, which must have incredible tools to prevent people from leaking data yet still leaks on a grand scale, we better be really careful," says Jeff Rubin, vice president of strategy and business development at Beachhead, a mobile security company.

...

http://www.cio.com/article/738546/How_the_Snowden_Effect_Is_Paralyzing_CIOs

 

Ah, the irony. We have all of these incredibly cool communication tools at our fingertips, and most of us are probably far lousier communicators now than we were before all of these tools came along. If things keep going the way they are, at some point, we’re all going to become babbling idiots who use yet undreamed of devices to convey our babbling.

Maybe what we need is a counterintuitive approach to reverse the trend. If so, Geoffrey Tumlin might have found the key. Tumlin, a communication consultant and author of the new book, “Stop Talking, Start Communicating,” contends that shoddy communication may be ubiquitous, but it’s not inevitable. Here are 10 tips he’s come up with to help save us from ourselves:

Back up to go forward. Try to remember how we communicated before we got our new devices. The digital revolution facilitated hypercommunication and instant self-expression, but, ironically, made it harder for anyone to listen. There’s just too much “chatter clutter” getting in the way—just consider the frenetic activity happening on Twitter at any given moment. To make the most of our conversations, we need to remember how we connected effectively with others before we had smartphones and computer screens to “help” us. Specifically, we should implement three guiding habits: Listen like every sentence matters, talk like every word counts, and act like every interaction is important. These points will help you be more present in conversations and will improve your ability to communicate effectively.

...

http://www.itbusinessedge.com/blogs/from-under-the-rug/how-to-improve-the-lousy-communication-of-the-communication-age.html

Today, Citrix crossed an important milestone in the way enterprises will view apps for work. We announced the general availability of the Citrix Worx App Gallery – an app ecosystem with over 100 committed apps.

So, what is an app ecosystem? Apple and Google created big app ecosystems for iOS and Android that drove the adoption of those platforms, Facebook launched their App Center for social media apps, and Salesforce.com created the App Exchange for SaaS apps. Similarly, the Citrix Worx App Gallery is an ecosystem for enterprise-ready mobile apps.

The enterprise app challenge

End users wish to use different types of apps for work. However, enterprises looking to mobilize apps face a big burden of tasks in order to make apps enterprise-ready and available to their end users. App security tools in the form of app wrappers or SDKs have been bandied about as tools to protect apps. But, for IT there is very little clarity on how an app makes its way from an app vendor into their end users’ device with the necessary policies and controls in place. Often, the solution involves the enterprise identifying apps or app categories that it needs, executing contracts with the app developer, getting the app binaries, applying the security wrapper, verifying the app and then deploying it for end users in an enterprise app store. This process would then start all over when the app or mobile OS is updated, or when the enterprise mobility vendor changes the app security SDK.

...

http://blogs.citrix.com/2013/08/21/citrix-worx-app-gallery-the-fastest-growing-enterprise-mobile-app-ecosystem

Intellectual Property (IP) theft – whether by competitors or states – has been occurring for a long time. Traditional approaches of protecting IP involve patents, copyrights, trademarks, physical security (locking documents away), classifying documents using a labelling scheme and staff education.

These traditional approaches are still valid today, and may need to be strengthened. They should also be supplemented by a range of electronic approaches. 

These include electronic licensing, encryption, data classification, access control, logically or physically separate networks, and providing "clean" devices to staff travelling to countries where IP theft is likely. All approaches are complicated by the demands of international travel, collaborative working, the need to share information (including IP) in the supply chain, consumerisation, and the cloud.

Information Security Forum (ISF) research has shown that protecting your IP can follow an information-led, risk-based process similar to that used to protect information in your supply chains, as discussed in the Securing the Supply Chain reports and tools.

...

http://www.computerweekly.com/news/2240203886/Security-Think-Tank-Follow-an-information-led-risk-based-process-to-protect-IP

Much has been written, presented and debated in the past few years on the “right way” for executives and policy makers to reinvigorate companies, markets and economies. The distinguished scholar Carlota Perez suggests fundamental changes to the way growth and prosperity get measured. Along somewhat similar lines, Steven Denning focuses on the damage inflicted through adherence to the tenet of maximizing shareholder’s value. Gary Hammel, elaborating on another thread that Perez touches on, advocates values over value. Last but not the least, Hagel, Brown and Davison emphasize the power of pull for both designing the right system and designing the system right [i].

While the debate spans some topics that are clearly beyond the scope of responsibilities a typical executive is entrusted with, it is quite relevant to the Agilist concerned with end-to-end process implementation. Agile principles can, of course, be beneficially applied to product delivery departments such as dev and test. However, the real benefits to be had can only be attained through applying agile principles to the overall business process, not “just” the software development process. As pointed out by Tasktop’s Dave West in his recent Agile 2013 presentation, many/most of the Agile implementations tend to be of the Water-Scrum-Fall variety. In such implementations the Agile process in R&D is “sandwiched” between before-and-after corporate processes that are Waterfallish in nature. From a system perspective, incoherence at one point or another of such systems is pretty much inevitable due to incongruence of operating principles across the “Water,” the “Scrum” and/or the “Fall” components of the system. This reality and its operational manifestations are illustrated in Figure 1 and Figure 2 respectively.

...

http://blog.cutter.com/2013/08/20/choosing-your-point-of-organizational-incoherence

President Obama’s Hurricane Sandy Rebuilding Task Force released their findings yesterday, sharing 69 recommendations to repair existing damage and strengthen infrastructure ahead of future natural disasters.

The task force encouraged an emphasis on new construction over simple repair, citing the impact of climate change on severe weather events. “More than ever, it is critical that when we build for the future, we do so in a way that makes communities more resilient to emerging challenges such as rising sea levels, extreme heat, and more frequent and intense storms,” the report said. Construction designed for increasingly dangerous storms, infrastructure strengthened to prevent power failure and fuel shortage, and a cellular service system that can subsist during disasters are all critical investments to prevent future loss.

Recommendations included streamlining federal agencies’ review processes for reconstruction projects, revising federal mortgage policies so homeowners can get insurance checks faster, and making greater use of natural barriers like wetlands and sand dunes. The team also said that planners need better tools to evaluate and quantify long-term benefits of future projects along the shoreline, but did not detail what would be best ecologically and economically.

...

http://www.riskmanagementmonitor.com/hurricane-sandy-rebuilding-task-force-releases-recommendations

IDG News Service - Heading into the heart of hurricane season 10 months after Sandy slammed the New York metropolitan area, Wall Street has had time to reassess and revamp backup plans.

Sandy's storm surge caused the first weather-related, 48-hour closure of markets since the Great Blizzard of 1888.

"You could say Sandy forced the hand of the trading firms," said David Weiss, an analyst with the consulting firm Aite Group.

"A confluence of trends" that lend themselves to overall system resiliency was, however, already under way, Weiss added. The commoditization of server hardware suitable for trading and back-office systems, for example, has helped give rise to third-party data centers that can help financial-sector companies reduce risk.

...

http://www.computerworld.com/s/article/9241734/Gimme_shelter_Wall_Street_braces_for_next_superstorm

IDG News Service - After the terrorist strikes of Sept. 11, 2001, the New York Stock Exchange learned some valuable lessons in keeping a time-sensitive financial trading network alive during a time of crisis.

"We found that during 9/11, carrier point-of-presence facilities went down, a lot of firms in the industry were not able to trade. So we made a decision to build a resilient network for the industry," said Vince Lanzillo, who is head of co-location for the Americas for NYSE Technologies (NYXT), a commercial subsidiary of NYSE Euronext that offers infrastructure, content and liquidity services to the financial industry.

So, when Hurricane Sandy struck last year, NYXT was prepared to continue operations, though the NYSE itself decided to halt trading, citing concerns with employee safety and other factors.

...

http://www.computerworld.com/s/article/9241739/NYSE_builds_business_around_resilient_infrastructure_services

Wednesday, 21 August 2013 16:58

Hurricane Sandy Task Force Issues Report

With two months to go to the one-year anniversary of Hurricane Sandy, a federal task force created after the storm has issued a report that’s getting a lot of media coverage.

The plan includes 69 policy initiatives, of which a major recommendation is to build stronger buildings to better withstand future extreme storms amid a changing climate.

Shaun Donovan, secretary of the U.S. Department of Housing and Urban Development, and chair of the task force, notes:

...

http://www.iii.org/insuranceindustryblog/?p=3353

The fear that business services – or indeed the business itself – might not be recoverable after a disaster-level event results in many sleepless nights for CIOs across the world. But it doesn’t need to be that way.

Disaster recovery planning, a subset of business continuity, comprises the process, policies and procedures required for the recovery or continuation of technology infrastructure after a disaster-level event. 

Disasters come in multiple forms and may be highly unpredictable in nature, but the effect they have on your business can be calculated and mitigated against through robust preparation and testing.

...

http://www.computerweekly.com/opinion/Four-key-questions-in-disaster-recovery-planning

Part one of a two-part series

Crisis: Any situation that is threatening or could threaten to harm people or property, seriously interrupt business, significantly damage reputation and/or negatively impact the bottom line.

Every organization is vulnerable to crises. The days of playing ostrich are gone. You can play, but your stakeholders will not be understanding or forgiving because they've watched what happened with Fukushima, Penn State/Sandusky, BP/Deepwater and Wikileaks.

If you don't prepare, you will incur more damage. When I look at existing crisis management-related plans while conducting a vulnerability audit (the first step in crisis preparedness), what I often find is a failure to address the many communications issues related to crisis/disaster response. Organizational leadership does not understand that, without adequate internal and external communications, using the best-possible channels to reach each stakeholder group:

- See more at: http://blog.missionmode.com/blog/the-10-steps-of-crisis-communications.html#sthash.1PpM1F2j.dpuf

Part one of a two-part series

Crisis: Any situation that is threatening or could threaten to harm people or property, seriously interrupt business, significantly damage reputation and/or negatively impact the bottom line.

Every organization is vulnerable to crises. The days of playing ostrich are gone. You can play, but your stakeholders will not be understanding or forgiving because they've watched what happened with Fukushima, Penn State/Sandusky, BP/Deepwater and Wikileaks.

If you don't prepare, you will incur more damage. When I look at existing crisis management-related plans while conducting a vulnerability audit (the first step in crisis preparedness), what I often find is a failure to address the many communications issues related to crisis/disaster response. Organizational leadership does not understand that, without adequate internal and external communications, using the best-possible channels to reach each stakeholder group:

- See more at: http://blog.missionmode.com/blog/the-10-steps-of-crisis-communications.html#sthash.1PpM1F2j.dpuf

Neither snow nor rain nor heat nor gloom of night will stop a Postal Service worker. But a hurricane will stop the mail truck.

Hurricane Sandy, the massive super-storm that pounded the East Coast in 2012 and caused billions of dollars worth of damage, also managed to destroy or damage 110 delivery vehicles used by the U.S. Postal Service. Most of vehicles were damaged by flooding, but one got hit by a falling tree.

The damaged vehicles are a small segment of the fleet affected by the hurricane. Postal Service employees managed to save 16,157 vehicles unscathed, which the USPS Inspector General credits to good emergency planning before the hurricane.

According to its 2012 Hurricane Preparedness Guide, USPS instructed employees to move mail vehicles to higher ground.

By Danny Bradbury

The world and its dog has been shocked by the Prism news story. Early in June, we found out that the US National Security Agency (NSA) had developed a secret data-gathering mechanism to steal all our data and store it in a large data warehouse.

We are outraged that it is being mined, searched and otherwise prodded. But do we really think that big data security problems stop at Google, Facebook, Microsoft and Fort Meade?

The private sector has been collecting data on all of us for ages. It is stored in massive data sets, often spread between multiple sources. What makes us think this is any more secure? At least the NSA is well trained in keeping it all under lock and key.

Social trend

What does “big data” mean, anyway? Some describe it – wrongly – as simply a lot of data in a relational database. But if that were the case, then the security challenges would be the same as for conventional databases. And they aren’t.

Others view it as data sets so large that they cannot be handled by traditional relational tools. But we have had that kind of thing for years, in the form of data warehouses.

...

http://www.theregister.co.uk/2013/08/19/big_data_security_considerations/

By Lockwood Lyon

As summer (in the northern hemisphere) comes to an end and summer vacations wrap up, it's time to prepare for the upcoming end-of-year rush. The months of November and December are characterized by a significant increase in consumer transactions including holiday-related purchases of food and gifts, travel, bank transactions, and winter clothing.

Many retail organizations call this period the Peak Season, and for good reasons: not only are transaction rates higher during this time of year, but a significant amount of a company's profit (sometimes as much as 40%) is realized.

To meet the upcoming demands on IT systems database administrators (DBAs) need to prepare the database and its supporting infrastructure for increased resource demands. Being proactive now can pay big dividends by maintaining service level agreements (SLAs), avoiding outages and resource shortages, and ensuring a positive overall customer experience.

...

http://www.databasejournal.com/features/db2/the-database-administrators-back-to-school-checklist.html

Monday, 19 August 2013 17:27

Policies & Procedures

Create BEFORE need

 

Lack of relevant policies and procedures is likely to cost the University of Toledo Medical Center (UTMC) at least US$25,000.

According to Lawyers and Settlements.com, a 30-year veteran nurse at UTMC was terminated for failure to stop another nurse from removing items from the operating room before the procedure had concluded. The complaining nurse claims she was also fired for violating policies on communications and logging out.

The story is that the plaintiff was working in the operating room (OR) with another nurse.

The other nurse left the OR for lunch, but, according to the article, failed to log out of the hospital computer system. Returning from lunch the nurse allegedly disposed of a kidney that was waiting to be transplanted.

...

http://johnglennmbci.blogspot.com/2013/08/erm-bc-coop-policies-procedures.html

The new European Union regulation requiring mandatory personal data breach disclosures by telecoms operators and internet service providers (ISPs) comes into force on Sunday 25 August 2013.

The new regulation builds out the security breach provisions for telecoms providers and ISPs introduced into EU law in 2009 through the E-Privacy Directive 2009/136/EC.

From 25 August, all EU telcos and ISPs will be required to notify national authorities of any theft, loss or unauthorised access to personal customer data, including emails, calling data and IP addresses.

Details concerning any incident, including the timing and circumstances of the breach, nature and content of the data involved, and likely consequences of the breach, must be reported.

“Controversially, the regulation requires breach notification to national regulators within 24 hours of detection, subject to a "feasibility" request,” said Stewart Room, privacy and information partner at law firm Field Fisher Waterhouse.

...

http://www.computerweekly.com/news/2240203760/EU-data-breach-disclosures-to-be-enforced-soon

Following on from my previous article about Prism, we have since heard further revelations of the US National Security Agency's (NSA) interception and surveillance of data. 

Prism is evidently the tip of a data privacy iceberg. International “cyber espionage” makes great press, but let’s get this straight from the outset: your data is at risk whether you are small, medium, large, a corporation, charity or nation. Moreover, your sensitive information is at risk.

So why look at intellectual property (IP)?

IP is your most sensitive data; that which you need to control completely. If compromised, it could affect the stability or the existence of a company or product, and as such represents the greatest prize to an attacker. National security has its equivalents – passport data, criminal databases, spy identities – information an aggressive foreign state could use against the home nation to cause disruption and discord.

...

http://www.computerweekly.com/opinion/Security-Think-Tank-Your-sensitive-information-is-at-risk

Monday, 19 August 2013 17:21

Point Solutions Must Die

Last year I wrote a blog post titled, “Incident Response Isn’t About Point Solutions; It Is About An Ecosystem."  This concept naturally extends beyond incident response to broader enterprise defense.  An ecosystem approach provides us an alternative to the cobbling together of the Frankenstein’esque security infrastructure that is so ubiquitous today.

Many of us in the information security space have a proud legacy of only purchasing best in breed point solutions. In my early days as an information security practitioner, I only wanted to deploy these types of standalone solutions. One of the problems with this approach is that it results in a bloated security portfolio with little integration between security controls. This bloat adds unneeded friction to the infosec team’s operational responsibilities.  We talk about adding friction to make the attacker’s job more difficult, what about this self-imposed friction?  S&R pros jobs are hard enough. I’m not suggesting that you eliminate best in breed solutions from consideration, I’m suggesting that any “point solution” that functions in isolation and adds unneeded operational friction shouldn’t be considered.

...

http://blogs.forrester.com/rick_holland/13-08-18-point_solutions_must_die

The myth of King Midas warns us that what we first perceive as a blessing can also be a curse. Turning objects into gold with the slightest touch would be a magnificent power to have, however inadvertently transforming food, family, and friends into gold would be a nightmare. Such is the case with technology. Our interconnected world and seemingly never-ending supply of even “smarter” smart-phones and other devices provides us previously unimaginable power to share our ideas and make our complicated world more manageable. Calling these advantages of technology a blessing hardly seems hyperbolic; and yet, with the good also comes the potential for bad.

For auditors and compliance professionals, both the greatest advantage and the greatest threat of the digital world is big data. By following the digital footprints left by the company around the world, auditors can now seek the truth about employee actions and company operations more objectively and efficiently than ever before. The challenge, however, is in effectively managing the sheer volume of sensitive information that the company and its employees create, share, and store on these powerful devices. For example, an employee’s personal Facebook update could reveal proprietary information; a stolen laptop can be akin to losing control of a safety deposit box; hackers could break into the company’s computer network and export confidential data; companies can lose access to their data that’s stored in the cloud; and then there are the complexities caused by the wild variation in country-specific data privacy laws. It can be enough to make your head spin.

...

http://www.corporatecomplianceinsights.com/avoid-the-curses-of-technology-five-high-tech-compliance-challenges-every-auditor-needs-to-understand

Monday, 19 August 2013 17:19

The Reality of Cloud Scalability

Now that the cloud is becoming a standard feature in the enterprise, a little truism has emerged: Resources are infinitely scalable, but so are the costs.

Theoretically, at least, increased cloud consumption should only happen in the presence of increased business activity, and therefore increased revenue. So the cost/benefit ratio should always favor the enterprise, at least if you’re smart about it. In practice, though, it doesn’t always work that way. But even if it did, the real question is not at what point does a gargantuan cloud presence become a money loser, but when does it end up costing more than building and operating your own data center?

This conflict is particularly acute in rapidly growing enterprises. Companies that go from little-known start-up to must-have business solution provider overnight can suddenly find themselves on the hook for millions per year. Wired.com, for example, tells the tale of MemSQL, a West Coast database services company that originally provisioned its entire test and development infrastructure on Amazon only to dump it one day in favor of in-house, bare metal infrastructure. A simple cost comparison was the key driver: For about $120,000 amortized over three years, the company was able to shed more than $300,000 in cloud costs per year – a reduction of more than 80 percent.

...

http://www.itbusinessedge.com/blogs/infrastructure/the-reality-of-cloud-scalability.html

Monday, 19 August 2013 17:12

8 TIPS for COMMUNICATING DURING A CRISIS

To most people a crisis is bad and for the most part, they’d probably be right. However, an organization can do good things when they are hit with a crisis; some may even say there is an opportunity. The situation itself might be bad enough but it it’s not being managed correctly or communications aren’t approached in a positive way, the crisis can be compounded because the media and the public will think there are more things being hidden by the organization.


If it seems that an organization isn’t prepared – through its communications and response actions – the media and public may start to go ‘hunting’ for more information and uncover other details of the organization that the organization may not want released. Not that they are bad examples on their own but compounded with the existing crisis they will seem larger and could create another crisis or even escalate the existing one. The organization will then be fighting more than one crisis on its hands.
Below are some tips for how to communicate during a crisis; some do’s and don’ts and tips for ensuring good communications when speaking to the media and the general public.

...

http://stoneroad.wordpress.com/2013/08/16/8-tips-for-communicating-during-a-crisis/

Friday, 16 August 2013 16:29

Know your neighbors

I’ve written it before.

I’m writing it again.

Know your neighbors.

Usually the admonishment comes with a suggestion to know what your neighbor does (is the product or service popular or not?), who your neighbor employs (popular or unpopular segments of the population), and how you neighbor treats its personnel (walkouts possible to probable?).

Turns out, according to an Associated Press article in the “PhillyBurbs.com” site titled

Salvation Army to be named in Philadelphia building collapse lawsuits

(see http://www.nbcnews.com/id/52764647/ns/local_news-delaware_valley_pa_nj/t/salvation-army-be-named-philadelphia-building-collapse-lawsuits/), that's not enough.

...

http://johnglennmbci.blogspot.com/2013/08/erm-bc-coop-know-your-neighbors.html

If the financial crisis and events like the Japanese tsunami had but a single lesson, it is this: What we don’t know can be more important that what we do know. This raises the ultimate rhetorical question, “Do we know what we don’t know?” Of course, no one knows. The reality of today’s environment is that management and the board can never be certain that they know everything they need to know. So how do we manage an organization given this reality?

Following are 10 things companies can consider in managing uncertainty:

(1)      A margin for error may be needed to cover what we don’t know: While management has knowledge from internal and external sources, do they have a useful point of view regarding what they don’t know? Probably not. That’s why strategic choices and the risks undertaken should provide a margin for error to reflect what directors and management may not know.

...

http://www.corporatecomplianceinsights.com/managing-the-uncertainty-of-what-you-dont-know

By Eric Thomas

“Use it or lose it!” You might hear your doctor say that expression about your mental acuity or your personal trainer about your physique. I often hear it from my clients in government, specifically from federal CIOs or IT managers. The phrase relates to their IT budget; if they don’t spend their money in the current year, it goes away the following year. Of course, we should have smarter incentives to reward spending under budget, but we’ll properly address that issue another day.

The impact of “use it or lose it” or, more aptly, “spend it or lose it” is most acutely felt during the budgeting process. The federal budgeting process is highly regulated, long and not very transparent to the layperson. In short, the U.S. Congress appropriates funds to agencies which then appropriate funds within the agency. From there, the IT manager is given a sum of money to spend during the fiscal year. The manager starts with a spend plan, allocates money to individual projects or line items, and tracks obligations and actual spending throughout the fiscal year.

- See more at: http://www.cioinsight.com/it-management/it-budgets/five-tips-for-use-it-or-lose-it-budgets/#sthash.zYbK8A7Q.dpuf

By Eric Thomas

“Use it or lose it!” You might hear your doctor say that expression about your mental acuity or your personal trainer about your physique. I often hear it from my clients in government, specifically from federal CIOs or IT managers. The phrase relates to their IT budget; if they don’t spend their money in the current year, it goes away the following year. Of course, we should have smarter incentives to reward spending under budget, but we’ll properly address that issue another day.

The impact of “use it or lose it” or, more aptly, “spend it or lose it” is most acutely felt during the budgeting process. The federal budgeting process is highly regulated, long and not very transparent to the layperson. In short, the U.S. Congress appropriates funds to agencies which then appropriate funds within the agency. From there, the IT manager is given a sum of money to spend during the fiscal year. The manager starts with a spend plan, allocates money to individual projects or line items, and tracks obligations and actual spending throughout the fiscal year.

- See more at: http://www.cioinsight.com/it-management/it-budgets/five-tips-for-use-it-or-lose-it-budgets/#sthash.zYbK8A7Q.dpuf

By Eric Thomas

“Use it or lose it!” You might hear your doctor say that expression about your mental acuity or your personal trainer about your physique. I often hear it from my clients in government, specifically from federal CIOs or IT managers. The phrase relates to their IT budget; if they don’t spend their money in the current year, it goes away the following year. Of course, we should have smarter incentives to reward spending under budget, but we’ll properly address that issue another day.

The impact of “use it or lose it” or, more aptly, “spend it or lose it” is most acutely felt during the budgeting process. The federal budgeting process is highly regulated, long and not very transparent to the layperson. In short, the U.S. Congress appropriates funds to agencies which then appropriate funds within the agency. From there, the IT manager is given a sum of money to spend during the fiscal year. The manager starts with a spend plan, allocates money to individual projects or line items, and tracks obligations and actual spending throughout the fiscal year.

- See more at: http://www.cioinsight.com/it-management/it-budgets/five-tips-for-use-it-or-lose-it-budgets/#sthash.zYbK8A7Q.dpuf
Friday, 16 August 2013 16:22

Networking Beyond TCP

Difficult to imagine? From our grandparents days Networking across systems is working reliably over TCP and that is what we have seen all throughout. The systems at either end of the network did not have to bother how the TCP connection was being established so the core definition of TCP was “a single connection between two hosts”. While researchers designed TCP/IP protocol suite, they did an awesome job on looking through the requirements which may come up in next couple decades. Given their vision till today we are able to communicate well over TCP.

But what did change in between? The network of devices or the Internet grew at an unexpected rate and broke all the predictions. The internet backbone traffic in 1990 was close to 1 Terabyte which grew to nearly 35000 Terabyte by year 2000. What an exceptional growth and large businesses started transforming themselves on Internet. Was the TCP designed to take up this much load without getting slower and getting to a point where it starts breaking? While all this growth was happening, in the background researchers continued to work on simplifying the congestion control issues with TCP and many new RFCs came up and got adopted as well. Today we all are able to work efficiently using these complex congestion control and avoidance algorithms.

...

http://blogs.citrix.com/2013/08/16/networking-beyond-tcp/

It would be impossible for a company that has no disaster recovery (DR) plan in place to continue business after a severe hacker attack, fire, flood or tornado. And yet, many companies still do not have solid DR strategies developed. Businesses often find it challenging to make a case for a business continuity plan, much less devote funds, people and time to its creation “just in case” something were to happen someday.

Every minute your business systems spend down is a loss of revenue. For your enterprise to ensure its continued services after an emergency situation, having an extensive DR strategy is critical.

Our IT Download, Business Continuity: Considerations, Risks, Tips and More, provides instruction on how to develop a business recovery strategy. According to this report:

…Executives know that downtime equals lost dollars and that every minute spent on recovery data and systems is time taken away from running their business. This results in a lack of productivity and a poor customer response time. Companies can create a resilient IT infrastructure with automated disaster recovery (DR) for any service, any time and any place…

...

http://www.itbusinessedge.com/blogs/it-tools/ensure-business-continuity-in-any-situation.html

A small documentary released this summer has created a reputational riptide for SeaWorld. Blackfish, directed by Gabriela Cowperthwaite, combines park footage and interviews with trainers and scientists to explore the impact of keeping killer whales for entertainment – and, ultimately, examines the possible factors that led one such whale to kill three people in captivity. The film has outraged animal rights activists and casual audience members alike with footage of brutal whale-on-human attacks at the parks and haunting tales of a natural order torn apart to keep 12,000-pound animals in captivity. SeaWorld’s attempts to head off criticism by emailing an itemized rebuttal to critics has drawn widespread publicity, but many have interpreted the move as defensive and further damning.

This week, it became clear that Pixar has taken note of the movie – and the backlash. The animation studio decided to rewrite part of the upcoming sequel to Finding Nemo that referenced a SeaWorld-like facility.

The plot is reportedly still in flux for Finding Dory, currently scheduled for release in November 2015. Ellen DeGeneres is set to star as Dory, an amnesiac blue fish who cannot remember who raised her, according to the L.A. Times. Initial plans for the movie saw characters ending up in a marine park for fish and mammals. But now, the aquatic center will be differentiated from SeaWorld by giving the animals the option to leave.

...

http://www.riskmanagementmonitor.com/pixar-rides-the-waves-of-seaworld-backlash/

Weighing up the cost of risk against the cost of coverage seems to be the perpetual dilemma of some insurance buyers.

In the case of cyber insurance, it would appear that concerns about the cost of coverage diminish once companies make the decision to purchase a policy. And the longer that policy has been held, the greater the satisfaction.

According to a recently released Ponemon study, only 31 percent of risk management professionals at companies surveyed say they have a cyber security insurance policy. However, among those companies that don’t have a policy, 57 percent say they plan to purchase one in future.

...

http://www.iii.org/insuranceindustryblog/?p=3351

In the 10 years since sagging power lines in Ohio sparked a blackout across much of the Northeastern United States and Canada, utility engineers say they have implemented measures to prevent another such event in the country's electric grid.

But there is one disaster scenario for which the power companies are still unprepared: a massive attack on the computer networks that underlie the U.S. electric grid.

Energy industry leaders believe a cyberthreat could produce a blackout even bigger than the , which left an estimated 50 million people in the dark.

...

http://www.npr.org/blogs/alltechconsidered/2013/08/15/212079908/the-next-disaster-scenario-power-companies-are-preparing-for?ft=1&f=1006

Martin Lee, technical lead threat intelligence, CISCO, explains why smart buildings bring a new range of potential vulnerabilities that need management and mitigation.

CISCO defines the ‘Internet of Everything’ as “as bringing together people, process, data, and things to make networked connections more relevant and valuable than ever before - turning information into actions that create new capabilities, richer experiences, and unprecedented economic opportunity for businesses, individuals, and countries” but as well as bring opportunities is also changes the threat landscape.

The Internet of Everything is being created through continuing technical advances. Computers are getting smaller, more powerful in terms of functionality, yet drawing less electrical power. These features coupled with the ubiquity of WiFi, 3G, 4G and mesh networks means that small computing devices can be embedded within the most mundane devices that previously had operated autonomously — like a toaster or copy machine —and connect them to the Internet. These devices can then report on local conditions to a central server that can understand the wider environment, and then receive instructions on how to modify their operation to achieve maximum efficiency.

...

http://www.continuitycentral.com/feature1094.html

Asigra has released the results of new research into the impact of data growth on backup and recovery pricing and cost containment. The research, commissioned by Asigra and conducted by the Enterprise Strategy Group (ESG), includes findings from nearly 500 financial and IT decision makers/influencers. The research includes insights on data growth, software pricing preferences, and data recovery trends.

In the report, IT end-users were questioned about the financial pressure they are under to reduce IT expenditures amidst rising data growth costs. The research revealed that two out of three respondents felt at least some pressure to reduce IT spending and that pressure was found to increase with a corporation’s annual revenue. Those from large companies were more likely to say they felt strong pressure to reduce costs across several areas of IT. While the desire to reduce IT costs are high for many organizations, financial buyers of backup and recovery software and/or services expect to see a substantial increase in purchases in this area over the next five years due to data growth rates.

...

http://www.continuitycentral.com/news06892.html

CSO — Growing awareness of cyber threats and reporting requirements by regulators are driving a newfound interest in insurance products covering data breaches and other computing risks.

Almost a third of companies (31 percent) already have cyber insurance policies, and more than half (57 percent) that don't have policies say they plan to buy one in the future, a recent study by the Ponemon Institute and Experian Data Breach Resolution found.

"It's an issue that's much more front and center with senior executives in companies now," Larry Ponemon, founder and chairman of the Ponemon Institute, said in an  interview.

"Data security may not be a top five issue with companies, but it's in the top 10," he added.

...

http://www.cio.com/article/738144/Rise_in_Data_Breaches_Drives_Interest_in_Cyber_Insurance

CIO — Between electronic health record (EHR) systems, imaging systems, electronic prescribing software, healthcare claims, public health reports and the burgeoning market of wellness apps and mobile health devices, the healthcare industry is full of data that's just waiting to be dissected.

This data analysis holds much promise for an industry desperately seeking ways to cut costs, improve efficiency and provide better care. There are victories to be had, to be sure, but getting data from disparate, often proprietary systems is an onerous process that, for some institutions, borders on impossible.

...

http://www.cio.com/article/738121/Can_Healthcare_Big_Data_Reality_Live_Up_to_Its_Promise_

Thursday, 15 August 2013 15:15

XenApp administration going mobile

Our Mobile SDK for Windows Apps  has been out for a while now, and customers are already using it to mobilize Windows Apps delivered via XenApp/XenDesktop. You might have seen it, but not looked into it as you don’t have any development experience. Well you don’t need to be a developer to try out the Mobile SDK as we have some sample apps for that leverage it.

One of our sample apps is a simple XenApp administration console that provides basic view and control functionality for a XenApp farm. It allows you to view sessions and servers in your XenApp farm. The following screen shot shows the Servers page where you can see summary information for your XenApp servers.

...

http://blogs.citrix.com/2013/08/14/xenapp-administration-going-mobile

In mid-July 2013, several of New York’s Wall Street firms participated in an exercise to test their resilience in the face of cyber-attacks. The initiative was coordinated by SIFMA, the Securities and Financial Markets Association, and included commercial financial companies, as well as the U.S. Treasury Department. Financial institutions in the US have been subjected recently to massive attacks centred on distributed denial of service (DDoS). DDoS attacks render systems inaccessible for normal use, either by generating floods of traffic to use up all the network bandwidth for the system, or by overloading the application itself. Given that such attacks are not specific to the financial arena, where else might such tests need to be done?

...

http://www.opscentre.com.au/blog/cyber-business-continuity-needs-broad-and-deep-together/

Writing about technology is, by nature, an exercise in predicting the future. And when it comes to enterprise technology, the question hanging over nearly everyone’s head is: “What will happen to my data center?”

To be sure, data is the lifeblood of the enterprise. But the infrastructure used to process and manipulate that data is in a constant state of flux. In today’s world, the biggest changes involve virtualization, software-defined systems and the cloud, all of which are steadily breaking down the close relationships that once existed between hardware, software and middleware platforms, while at the same time ushering in new levels of dynamism and diversity across data environments.

..

http://www.itbusinessedge.com/blogs/infrastructure/enterprise-data-infrastructure-out-of-the-one-many.html

By Nicole Hawk

An estimated 75,000 wildfires occur in the United States each year, and each one has potential public health concerns including evacuating safely, dealing with smoke, or cleaning up spoiled food after a power outage.  In June 2013, Colorado faced multiple devastating wildfires, including the Royal Gorge FireExternal Web Site Icon in Cañon City, which required the evacuation of a state prison, and the Black Forest FireExternal Web Site Icon in Colorado Springs, which became the most destructive in Colorado history.  The 14,000-acre fire forced 38,000 people to evacuate and destroyed almost 500 homes.  Before, during, and after the wildfires, local, state, and federal public information officers (PIOs) worked together to quickly share emergency information via traditional media, social media, and websites such as InciwebExternal Web Site Icon

Smokey the Bear warns of extreme danger

As with most responses, CDC’s main role is getting information to people before an emergency to help them prepare and after an emergency during the recovery phase to help them protect their physical and emotional health.  As members of CDC’s Joint Information Center (JIC), Joanne Cox and I had the opportunity to travel to Colorado to observe these wildfire information activities.  Understanding how Colorado handled information needs helped us build relationships and find new ways to get CDC information to our partners during a wildfire response.  

We first reached out to the Colorado Department of Health and EnvironmentExternal Web Site Icon, which put us in touch with Dave Rose, an El Paso CountyExternal Web Site Icon PIO.  Dave welcomed us to the Black Forest Fire JIC in Colorado Springs.  We found the JIC, staffed by county and city PIOs and volunteers, buzzing with activity.   People worked around the clock answering phones, posting evacuation and damage updates to websites and social media, and coordinating public meetings and media interviews. 

wildfire PIO meeting

The Rocky Mountain Incident Management Team B gathers for an afternoon command and general staff meeting.

Although this was Joanne’s first time observing a wildfire, she was in good hands.  Before working at CDC, I served as a wildland firefighter and PIO for the U.S. Forest Service.  As a result, Joanne and I were armed with plenty of fire T-shirts, which helped us blend into the crowd of firefighters. By the time our 3-day whirlwind trip was over, we had toured the Black Forest Fire JIC, a wildfire base camp, two incident command posts (ICPs), and the Rocky Mountain Area Coordination CenterExternal Web Site Icon, and made a lot of new friends in the wildland fire community.   Most importantly, we learned even more about the kinds of information people need and how they can best receive it before, during, and after a wildfire. 

We used CDC’s social media network and real-life connections to make the most of our time in Colorado.  Because CDC’s own @CDCEmergencyExternal Web Site Icon Twitter handle follows local, state, and federal emergency management agencies, we learned of a public meeting for the Royal Gorge Fire in Cañon City, Colorado.  Our virtual network may have gotten us to the public meeting, but once we arrived, we were fortunate to meet Susan Ford, a liaison officer for the Rocky Mountain Area Incident Management Team BExternal Web Site Icon.  She invited us to spend June 14 with the team.  At the ICP, we attended a VIP visit from Colorado Governor John Hickenlooper as well as meetings with command and general staff and agency cooperators, including the Fremont County Public Health AgencyExternal Web Site Icon

Another connection at the Royal Gorge Fire was one from my days in the Forest Service. I worked with Chris Barth, the lead PIO for the fire, on the 2011 Rockhouse fire in Texas.  He put us in contact with the lead PIO for the Black Forest Fire which was managed by the Great Basin Type 1 Incident Management TeamExternal Web Site Icon.   On June 15, we fortified ourselves with coffee and attended the 6:00 a.m. briefing at the Black Forest fire ICP, where we met the Incident Commander, Rick Harvey.  It was another action-packed day of observing live media interviews, a press conference, and lots of communication activities. 

Joanne Cox gets a tour of the Royal Gorge Fire incident command post from Susan Ford, a liaison officer on the Rocky Mountain Incident Management Team B.

Shane Greer, an incident commander for the Royal Gorge fire, helped snag us an invitation to visit the Rocky Mountain Area Coordination Center in Lakewood, CO.  The Geographic Area Coordination CenterExternal Web Site Icon works with the National Interagency Fire CenterExternal Web Site Icon to mobilize wildland fire resources across Colorado, Kansas, Nebraska, South Dakota, and Wyoming and maintains a big-picture view of fire activity by analyzing information, maps, weather forecasts, GIS files, and data from fire modeling software.   While observing a morning coordination call, we got a taste of how information flows from the national to the regional to the local level. 

We learned a lot about how information was shared on Colorado’s wildfires and made many valuable connections to the wildland fire community. Now we are even better equipped to help the JIC share CDC wildfire information with PIOs, partners, the media, and most importantly, with local communities.

http://blogs.cdc.gov/publichealthmatters/2013/08/6240/

While IBM may be dominant when it comes to all things mainframe, EMC has been steadily expanding its share of the mainframe storage business.

EMC’s launch of new disk-based library systems for mainframe environments that are based on the company’s VMAX, VNX, or Data Domain storage platforms strengthens its role in the mainframe storage arena.

According Rob Emsley, senior director of product marketing for EMC Backup Recovery Systems division, the latest generation of EMC storage systems takes advantage of Intel processors to deliver backups at speeds that are four times faster than anything IBM currently offers. Speed is critical in mainframe environments, says Emsley, because of the sheer volume of data typically flowing through mainframe systems.

...

http://www.itbusinessedge.com/blogs/it-unmasked/emc-goes-after-bigger-slice-of-mainframe-storage.html

Step 1 – Over commit and under deliver. Large corporations are seeking ways to drive their cost models down in the market place today by using Cloud based services.  Bespoke outsourcing is not a Cloud based delivery model and yet many large Outsourcing companies are billing their services this way to large enterprise.  Committing a custom delivery for thousands of subscribers with thousands of applications will lead to a higher cost model and lower customer satisfaction.  If you are a Service Provider, better to start with a catalog of applications and meet the needs of the SMB first, then move up stream to the larger businesses.  Migration of subscribers from large enterprise into a cloud data center is very time consuming.

Step 2 – If you build it they will come.  Cash is king… it always has been so why develop an environment spending tens of millions of dollars/euros unless you have adequately done the research for who needs what and where.  Looking at IaaS purchases in the last three years should give a clue.  How many of these purchases (buy vs. build) have led to the success in cloud delivery of services?  Again, Service Providers should develop a business model based on the demand for apps, desktops and data in the SMB and stoke your cash flow engine before sinking huge capital costs in data centers?

...

http://blogs.citrix.com/2013/08/14/five-steps-to-a-failed-it-as-a-service-offering

Life as a Chief Compliance Officer is not so easy.  The job, as defined, means living with day-to-day risks, any one of which is significant enough to damage or even destroy the company for whom you work.  CCOs learn to live with risk.

When a CCO has the backing of the board and the CEO, their job is relatively easier.  That does not mean it is an easy job.  To the contrary, every CCO has their challenges in their company to secure adequate resources, to gain the cooperation of other business components, and to persuade senior managers and employees that ethics and compliance is important to the company bottom line.

The inherent difficulty for the CCO is to demonstrate his or her importance to an organization by proving a negative – we have not had any serious law violations because of the existence of the company’s ethics and compliance program.  That is a hard argument to make, but luckily it is intuitive and it naturally appeals to intelligent senior managers and a CEO.

...

http://www.corporatecomplianceinsights.com/how-to-ensure-compliance-when-the-ceo-wont-listen

Struggling with what comes after “instant news,” I’ve tried to come up with a way of describing the dramatic change in real time information sharing that was powerfully demonstrated in the Boston manhunt. For better or worse, I’m using “NanoNews” to describe it.

I created a video in lieu of an in-person presentation I was invited to make at the National Capital Region’s Social Media in Emergencies conference. That presentation was just concluded so now I’m sharing this with you.

In 2001, when I wrote the first version of “Now Is Too Late: Survival in an Era of Instant News” I used the term instant news to help communicate that news cycles were gone, that as fast as news helicopters could get overhead the news of your event or disaster would be live on the air. I was thinking of the ubiquitous breaking news as well as the already emerging trend of sharing information via the Internet—at that time primarily through email.

But compared to the “instant news” we have today, “breaking news” corresponds more to snail mail. It’s practically dead and gone, and not just through over-use. When millions are tuned into the police scanner chatter broadcast live through Ustream or converted into a Reddit thread using websites like Broadcastify or scanner apps like 5_0 Scan, it’s obvious that breaking news can’t keep pace. By the time even the fastest news crews get the information from such sources, and relay it, it will be minutes old—and minutes old is unacceptable when you could have real time information.

...

http://ww2.crisisblogger.com/2013/08/nanonews-understanding-the-new-news-environment/

Enterprises are struggling to understand the risk and privacy impacts of the mobile applications in use in their environment. As the consumerization of mobile continues to shove BYOD into the enterprise, the number of applications in use is growing exponentially. Organizations must get a better handle on just how much risk is accumulating from the proliferation of mobile apps on their user’s devices.

I'm currently researching a concept designed to help an enterprise know where they are on the mobile application security maturity curve. Understanding where one currently resides is the quickest method to determine the path required to improving your standing in the future.

...

http://blogs.forrester.com/tyler_shields/13-08-13-mobile_application_security_maturity_leveling_up

Wednesday, 14 August 2013 15:53

Green IT Initiatives Provide Business Savings

For businesses, going green often means cost savings. Nowhere can this be truer than in the area of IT. Smaller, more efficient computers and servers, cloud computing and even advancements in software can bring about significant budgetary and carbon-footprint savings for the business. This brings many companies to start thinking about creating greener data centers.

But where and when do you begin to adopt greener policies? How do you know what to buy?

The book “Green Computing: Tools and Techniques for Saving Energy, Money, and Resources,” by Bud E. Smith provides an in-depth look at green IT initiatives. It begins by explaining why a company should go green, and then continues with chapters that give detailed explanations on cost savings, environmental drivers and climate change issues. Other chapters give informative looks into:

...

http://www.itbusinessedge.com/blogs/it-tools/green-it-initiatives-provide-business-savings.html

Wednesday, 14 August 2013 15:52

Why You Won’t Hire a Data Scientist

I remember the first time I heard the terms “business intelligence” and “analytics.” Business. Intelligence. Yep, that was something I could get behind.

Then I figured out that it really amounted to business statistics, automated to a certain extent by a computer. It was a bit of a bummer, really.

It seems the term "data science” is likewise overrated.

IT consultant Robin Bloor, in a fabulous piece, points out that there’s really no such thing as “data science.” In fact, what we’re calling data science has very little to do with science and everything to do with mathematics — specifically, statistics.

“If you are already tired of the term ‘big data,’ but not yet tired of the term ‘data science,’ let me help you get there as swiftly as possible,” Bloor writes. “If there were a particular activity devoted to studying data, then there might be some virtue in the term ‘data science.’ And indeed there is such an activity, and it already has a name: it is a branch of mathematics called statistics.”

...

http://www.itbusinessedge.com/blogs/integration/why-you-wont-hire-a-data-scientist.html

Wednesday, 14 August 2013 15:51

How to handle a software audit

Software audits are an irritating and time consuming part of life.

To survive one unscathed you'll need a thorough understanding of your licensing requirements.

'IT executives being thrown into prison' is the usual battle cry of software industry bodies such as the BSA and FAST (despite no executive going to prison in my knowledge in the last 15 years).

The more realistic pain of software audits is unbudgeted cost and distraction from delivery of projects. It takes time to defend an audit; to collect the appropriate data and documentation - precious time that should have been spent focusing on business priorities. 

Microsoft, Oracle, Adobe, IBM, SAP, Attachmate and other large software publishers regularly audit their customers. Research with ITAM Review readers in the past suggest that, faced with a vendor audit, Microsoft are said to be most helpful, and Oracle least helpful.

...

http://www.computerweekly.com/opinion/How-to-handle-a-software-audit

Wednesday, 14 August 2013 15:49

Visual Discovery Tools

There is no question that we are becoming more visually oriented in our approach to thinking today. You can see it in the increasing numbers of PowerPoint presentations given with the admonition that fewer words will suffice. You can see it in the increase in infographics, catchy photographs, and pictorial slogans that continue to spread across social media. And you can see the result in BI dashboards and an increasing array of visually oriented approaches to the display, digestion, and understanding of data. It is no wonder, then, that visual discovery tools should emerge as an important and rapidly growing part of BI.

Visual discovery tools are applications that typically enable non-analyst users to “play” with relationships between data items and explore an array of hidden possibilities that might yield interesting trends. They are available in some form from every major BI vendor, with a few pure play solutions leading the way. Current leaders are QlikView, Tableau, and TIBCO Spotfire, although rankings are somewhat obscured by increasing incorporation of this capacity in larger BI solutions.

...

http://blog.cutter.com/2013/08/13/visual-discovery-tools

Wednesday, 14 August 2013 15:42

No, Your Data Isn't Secure in the Cloud

Computerworld — While online data storage services claim your data is encrypted, there are no guarantees. With recent revelations that the federal government taps into Internet search engines, email and cloud service providers, any myth about data "privacy" on the Internet has been busted.

Experts say there's simply no way to ever be completely sure your data will remain secure once you've moved it to the cloud.

"You have no way of knowing. You can't trust anybody. Everybody is lying to you," Security expert Bruce Schneier said. "How do you know which platform to trust? They could even be lying because the U.S. Government has forced them to."

While providers of email, chat, social network and cloud services often claim -- even in their service agreements -- that the data they store is encrypted and private, most often they hold the keys, not you. That means a rogue employee or any government "legally" requesting encryption keys can decrypt and see your data.

...

http://www.cio.com/article/738042/No_Your_Data_Isn_t_Secure_in_the_Cloud

Wednesday, 14 August 2013 15:11

Valley Fever, Explained

Cases of an illness known as valley fever have increased dramatically over the past decade. So what is it exactly? And who's at risk? We went to California's Central Valley to find out—watch the video above, then read this handy FAQ.

What is it? Coccidioidomycosis—commonly known as valley fever—is a fungal disease. Its spores live in the soil. If the soil becomes dry and dusty, people and animals can breathe it in, allowing the spores to grow inside their bodies.

What does valley fever feel like? It depends. Some people who get valley fever don't have any symptoms at all; in others the disease resembles a cold or flu. Some develop a pneumonia-like condition from the fungus in their lungs. In rare cases, the fungus disseminates and can even attack the brain. According to the CDC more than 40 percent of people who become ill from valley fever may require hospital visits; the average cost of that visit is $50,000. Between 1990 and 2008 there were 3,089 reported deaths from valley fever, though some public health experts suspect that it was an underlying cause of many more deaths.

...

http://www.motherjones.com/environment/2013/08/valley-fever-explained

 

Thriving in the Mainframe World: 4th Gen EMC Disk Library for Mainframe Sets a New Standard

 

Peter Smails

By Peter Smails

Senior Director, Product Marketing, Backup Recovery Systems Division at EMC
 

Even with significant growth in mainframe market share in 2012, Darwinian evolution never takes a break at EMC.

Today, EMC announced the next generation of Disk Library for Mainframe (DLm) systems; the DLm 8100 and DLm 2100.  Enabled by an enhanced virtual tape engine and new 8 Gb/s FICON adapters, the new products deliver 2x the scalability of the previous generation, with support for up to 11.4 PB of logical capacity and up to 80% faster performance, making the new systems more than 4x faster than the nearest competitor.

...

http://pulseblog.emc.com/2013/08/13/thriving-in-the-mainframe-world-4th-gen-emc-disk-library-for-mainframe-sets-a-new-standard/

ROLLING MEADOWS, Ill. – Big data—dubbed “the new oil” by the World Economic Forum—can improve decision making, reduce time to market and increase profits. But it can also raise significant risk, ranging from disastrous data breaches to privacy and compliance concerns. To help enterprises retain control of their massive and fast-changing information, ISACA has issued new guidance available freely at www.isaca.org/privacy-and-big-data. Privacy and Big Data: An ISACA White Paper outlines critical governance and assurance considerations as well as key questions that must be answered.

“CIOs are often under pressure from the board and senior leadership to implement big data before proper risk management and controls are in place, in order to compete in the marketplace,” said Richard Chew, CISA, CISM, CGEIT, a developer of the ISACA paper and senior information security analyst at Emerald Management Group. “Big data provides an important opportunity to deliver value from information, but an enterprise will be more successful in the long run if policies and frameworks such as COBIT are put into place first.”

...

http://finance.yahoo.com/news/isaca-white-paper-five-key-134500747.html

Tuesday, 13 August 2013 15:26

When backups are not enough

By Lee Fleming

The vital importance of developing a disaster recovery plan – and testing it regularly.

Not that long ago, to prepare for an IT disaster (either manmade or natural), hospitals and other healthcare facilities cared only about having some sort of back-up system in place. They still kept patient information on paper charts along with medicine prescriptions should their IT system collapse.

Then the concept of “disaster recovery” emerged. Hospitals became more sophisticated, relying on computerized storage. Today, it’s the high availability of IT that matters, not disaster recovery. The new motto is: “Let’s make sure we don’t have to recover.”

...

http://www.healthmgttech.com/online-only/when-backups-are-not-enough.php

PHILADELPHIA – Recently a council was formed to gain a better understanding of Disaster Recovery (DR) best practices and make preparedness more cost-effective and efficient. This Disaster Recovery Preparedness (DRP) Council was created by IT business, government and academic leaders to address these issues, with its mission to increase DR Preparedness awareness and improve DR practices.

Organizations around the globe have participated in an online Disaster Recovery Preparedness Benchmark (DRPB) Survey created by the council that launched just over a month ago. This survey is designed to give business continuity, disaster recovery, compliance audit and risk management professionals a measure of their own preparedness in recovering critical IT systems running in virtual environments.

...

http://finance.yahoo.com/news/preliminary-results-show-three-four-120000171.html

“Something is happening here, but you don't know what it is, do you, Mr Jones?”  

Bob Dylan's lyrics come to mind with the findings of Deloitte’s second Data Nation survey of consumers’ and citizens’ attitudes towards how companies and public sector organisations collect and analyse their personal data. For it reveals a 10% drop in people fully aware of what is being done with their information.

Peter Gooch, privacy practice leader at Deloitte said this shows that people are: “More aware that something is happening with their data, but they don't know what that is and there is increased nervousness.

“There is no real sign of a tipping point, where people see their own data as an asset that can be exploited. Consumers recognise their data as an asset to the extent that they want to protect it, but not to the extent of exploiting it.

...

http://www.computerweekly.com/news/2240203499/Deloitte-data-survey-spells-out-need-for-clarity-to-build-trust

The frequency and potential impacts of information security breaches are increasing. Dr. Jim Kennedy explains why and looks at what organizations can do about it.

Computer, network, and information security is based on three pillars: confidentiality, integrity, and availability. In my business as an information & cyber security, business continuity and disaster recovery consultant, I see every day how various sized and types of companies address these three areas. Some very well, some not so well, and some really poorly.

Given all the regulations and standards (like HIPAA, SOX, NERC-CIP, FISMA, PIPEDA, and etc.), developed and published over the last five years you would think that business and government should be doing much better in securing their computing systems and network infrastructures. However, based on the on-going events prominent in the press and trade journals almost every day this does not seem to be the case.

We continue to be informed that government agencies and private sector companies continue to have numerous cases of data leakage: a politically correct way of saying data loss, theft, or compromise. We hear about the theft of credit card and personal information and worst of all we hear of companies that have lost critical personal and health related information despite the many security controls that were supposed to be in place. Worse yet we hear of extremely large sums of monies extorted from banks and other financial institutions and also of the fragility of our power grids and gas distribution systems world-wide.

...

http://www.continuitycentral.com/feature1093.html

NOAA has issued an updated Atlantic hurricane season forecast, saying that the season is shaping up to be above normal with the possibility that it could be very active. The season has already produced four named storms, with the peak of the season – mid-August through October – yet to come.

“Our confidence for an above-normal season is still high because the predicted atmospheric and oceanic conditions that are favorable for storm development have materialized,” said Gerry Bell, Ph.D., lead seasonal hurricane forecaster at NOAA’s Climate Prediction Center. “Also, two of the four named storms to-date formed in the deep tropical Atlantic, which historically is an indicator of an active season.”

The conditions in place now are similar to those that have produced many active Atlantic hurricane seasons since 1995, and include above-average Atlantic sea surface temperatures and a stronger rainy season in West Africa, which produces wind patterns that help turn storm systems there into tropical storms and hurricanes.

The updated outlook calls for a 70 percent chance of an above-normal season. Across the Atlantic Basin for the entire season – June 1 to November 30 – NOAA’s updated seasonal outlook (which includes the activity to date of tropical storms Andrea, Barry, Chantal, and Dorian) projects a 70 percent chance for each of the following ranges:

13 to 19 named storms (top winds of 39 mph or higher), including6 to 9 hurricanes (top winds of 74 mph or higher), of which 3 to 5 could be major hurricanes (Category 3, 4 or 5; winds of at least 111 mph)

These ranges are above the 30-year seasonal averages of 12 named storms, six hurricanes and three major hurricanes.

The updated outlook is similar to the pre-season outlook issued in May, but with a reduced expectation for extreme levels of activity. Motivating this change is a decreased likelihood that La Niña will develop and bring its reduced wind shear that further strengthens the hurricane season. Other factors are the lack of hurricanes through July, more variability in the wind patterns across the tropical Atlantic Ocean and slightly lower hurricane season model predictions. In May, the outlook called for 13-20 named storms, 7-11 hurricanes and 3-6 major hurricanes.

Techworld — Data center providers have welcomed the news that Google, IBM and Nvidia will collaborate to form an open development alliance for datacentres called OpenPower.

The consortium aims to provide advanced server, networking, storage and graphics technology to give more control and flexibility to developers of next-generation, hyperscale and cloud datacentres.

IBM will license designs of the Power microprocessor architecture to other companies in the consortium including Google, as part of an effort to expand use of the architecture and reverse declines in its systems hardware business. Meanwhile, component companies will be able to make hardware that can be integrated, or attached, to the processor.

...

http://www.cio.com/article/738029/Data_Center_Operators_Welcome_IBM_s_OpenPower_Initiative

‘How do you eat an elephant’ is the age-old metaphorical business question. ‘One piece at a time’ is the answer. Big problems can be broken down into smaller ones, which can in turn be broken down again, until you get to a level where you can see your way to solutions. Project management and production assembly lines work on the same basis, although the concern is that the whole does not become less than the sum of the parts. In a recent development in IT security and business continuity, a similar divide and conquer strategy uses virtualisation to isolate individual IT activities instead of applying malware detection techniques to a system as a whole.

...

http://www.opscentre.com.au/blog/it-security-and-business-continuity-through-divide-and-conquer-tactics/

According to SMB Group’s 2013 Top 10 SMB Technology Market Predictions, this is the year that small to midsize businesses get serious about their social media efforts. The group’s study shows that 58 percent of SMBs used social media in 2012, but only 28 percent of them were putting a strategic plan into place. Although social media is a fairly new concept, its use requires just as much planning and attention as any other marketing campaign in order for it to be deemed successful.

All the posts and tweets and pins may seem foreign to those who are used to traditional marketing lingo, so learning which social media platforms to use and how to use them is key to an effective social media campaign.

...

http://www.itbusinessedge.com/blogs/smb-tech/smbs-must-learn-the-right-platform-to-earn-social-media-success.html

It seems that everyone is using cloud storage these days. Even enterprise managers who say they aren’t on the cloud yet probably are—they just don’t know it. So at this point, the question is not whether to use cloud storage, but how best to integrate it into the overarching enterprise infrastructure.

Ideally, this integration will come about through the transformation of internal IT infrastructure from current silo-laden architectures to a diverse hybrid cloud. But that process will not happen overnight, and the technology to produce such a flattened, infinitely scalable data environment is not quite out of the lab yet.

In the meantime, then, what is the enterprise to do? First off, says Widen Enterprises’ Matthew Gonnering, recognize that cloud integration is already taking place on the software level, particularly as the workforce becomes more mobile. Smartphones in particular lack the storage capacity to meet personal needs, let alone professional ones, so many apps come with built-in links to Dropbox, Google Drive and other such services where data can be stored, shared and synced outside the enterprise firewall. Rather than pull up the drawbridge when it comes to external storage, enterprises would be wiser to embrace the trend by working with software developers and cloud providers to devise the proper APIs and other tools needed to keep cloud data safe, secure and available.

...

http://www.itbusinessedge.com/blogs/infrastructure/enterprise-cloud-storage-integration-time-to-go-with-the-flow.html

By Roberto L. Hylton, Senior Law Enforcement Advisor

If you have ever had the chance to speak with Administrator Fugate or listen to him discuss the role of first responders in disasters… you will know he views their work with a revered appreciation.  They are an intricate part of the emergency/disaster response team.  As a former Police Chief, I can attest to their hard work and dedication and agree whole heartedly with Administrator Fugate.

In my 30 year career I have witnessed heroic efforts by my officers and colleagues, including during times of disasters.  While serving Prince George’s County, we responded to 9/11, Hurricane Isabel, snowstorms, and multiple tornadoes.  Specifically, I recall one of the tornadoes that impacted my county.  An EF-3 tornado impacted the nearby college campus and devastated neighborhoods and infrastructure.  Emergency services were stretched to the max.  Our officers worked relentless hours, 48 hours straight in some cases, setting up and supporting emergency response and rescue operations.  The scene was chaotic with debris and terrified college students, but the right training helped officers maintain public safety and conduct lifesaving missions.

Over the last two years I have had the distinct privilege of sharing the Administrator’s views with the law enforcement community and recently, he reflected on Law Enforcement’s Role in Responding to Disasters in an article in Police Chief Magazine:

We ask a tremendous amount of our first responders during disasters and emergencies. They are the first line of defense; they are the first helping hand extended to survivors. Every police officer knows emergencies can happen without notice. Our ability to respond to and recover from disasters is directly influenced by how well prepared our first responders are and how well we all work together as a team before, during, and after a crisis. 
The role of law enforcement in responding to a disaster is very similar to the day-to-day role of public safety and supporting the community. In preparing for a disaster, police officers trust in their training and capitalize on their knowledge of a community. Exercises portraying the situations (large- and small-scale events) help better prepare officers and allow them to fully understand the resources needed for each event and apply that information to each community’s needs. Law enforcement officials know their communities best and interact with residents on a daily basis. This knowledge gives them the ability to provide valuable situational awareness to response and recovery groups coming in to help. For example, where will there be language barriers? Does the community have unique challenges? Law enforcement can help communicate this information to the emergency management team and can offer support to other members of the team by simply being a presence in the neighborhoods.
During a disaster, police officers play a key role in many operations including: search and rescue, evacuations, door-to-door checks, and maintaining overall public safety within the community. These are critical actions that support not only their own communities but neighboring towns as well. 

As the Administrator explained in the article, the law enforcement community has two vital roles in responding to disasters:

  • As first responders during times of crisis, and
  • Providing for the safety and security of the community. 

Responding to disasters is a shared responsibility, and those in law enforcement are aware that emergency management planning is for all hazards and that it takes a team effort to keep our communities safe.  I’m proud to represent the law enforcement community at FEMA as we continue to strengthen the coordination among the entire emergency management team.

Editor’s Note: Police Chief Magazine is a publication from the International Association of Chiefs of Police and serves as the professional voice of law enforcement and supports programs and research, as well as training and other professional services for the law enforcement community.

http://blog.fema.gov/2013/08/law-enforcements-role-in-responding-to.html

Hurricanes and other natural disasters can bring business to a screeching halt when an office or plant is damaged or destroyed, and critical infrastructure is offline.

"When Hurricane Sandy hit the East Coast last fall, it resulted in $62 billion in damages and economic losses from businesses that were not able to operate because of flooded buildings, power blackouts and damaged communications infrastructure," said Justin Moore, CEO at Axcient, a provider of cloud solution applications to avoid downtime and data loss.

"However, there were several success stories, where firms had disaster plans in place and were able to leverage cloud-based disaster recovery and business continuity solutions to weather the storm. Dozens of IT providers in Sandy’s path used the latest technology to spin up virtual offices in the cloud to keep employees productive while waiting for primary systems to come back online or be restored," Moore explains.

...

http://hr.blr.com/HR-news/Health-Safety/Safety-and-Health/10-IT-tips-to-help-businesses-weather-hurricane-se

A new law requiring school drills that prepare students for an attack by armed intruders is an unfortunate, but necessary, sign of the times.

The sad truth is that teachers and students, however young, must know what to do to protect themselves in such an unthinkable situation.

These drills, which have been added to the standard school fire drills, have been in place since 1999, after the fatal shootings at Colombine High School in Littleton, Colo. More states have been enacting legislation mandating such drills in the wake of the 2012 shooting at a Newtown, Conn., school that left 20 young children and six adults dead.

...

http://www.dailyworld.com/article/20130812/OPINION/308120007/Armed-school-attack-drills-unfortunate-necessary

Network World — Devops and the cloud: They're two of the biggest buzzwords in high-tech today. But organizations embracing these trends are finding out just how closely the two are linked, and the advantages that automating IT processes can bring.

Take Rafter, a San Mateo-based company that was founded on the idea that college textbooks are really expensive. Chris Williams created a sort of Netflix for textbooks rental business that started by running off a couple servers sitting in a closet. Seven years later the company has 150 employees and is helping students and bookstores manage inventory and host online book stores for colleges, in addition to the book rentals.

Rafter is continually rolling out feature enhancements to its web site, so the company has a bustling development and testing lab where new services are created. Instead of the code-writers waiting for the IT shop to spin up a virtual machine with a replica of the production website, instead the developers can provision their own compute resources themselves. Welcome to a devops shop.

...

http://www.cio.com/article/737965/How_Devops_and_Cloud_Can_Remake_Your_IT_Department

Today, many regulatory standards—from HIPAA to FISMA to PCI—have created a compliance landscape that can be onerous and burdensome. And it’s likely to only get worse. Complying with the requirements set forth by all of these regulatory bodies that control the business world has a profound effect on companies, as it involves a great deal of time, cost and effort. Historically, different functions within a company—legal, IT, operations, accounting—have each owned different compliance mandates. Yet in that situation, there has been very little coordination between them, creating silos that stand in the way of efficiency, communications and organization. So, how can companies rise above the complexity created by geographical boundaries and different workflows within the business?

The answer is an approach that, once adopted by companies, could eventually make any other way to conduct compliance efforts obsolete. Called the “one-to-many” approach, it is a streamlined effort of energy that involves working with constituents within the same company to coordinate the different compliance efforts that are needed within a company. In simple terms, it’s all about eliminating inefficiencies. For example, if you are answering the same question to fulfill five different mandates, why not gather the answer only once? Performing redundant work to provide the same information for the many users of this information is a waste of resources. Instead, you should streamline your compliance efforts by adopting the one-to-many approach. This alleviates the impact of compliance on the company and frees up employees’ time to concentrate on other strategic initiatives.

...

http://www.corporatecomplianceinsights.com/one-to-many-approach-can-help-manage-the-complexity-of-compliance-landscape

We start the week with a new animation from NASA that shows the increasing risk of wildfire activity across the United States in the coming decades.

An article on the NASA website notes that with satellite and climate data, scientists have been able to track an increase in dry conditions since the 1980s.

Climate projections suggest this trend will continue, increasing the risk of fire in the Great Plains and Upper Midwest by the end of the 21st Century, according to NASA.

...

http://www.iii.org/insuranceindustryblog/?p=3349

Risk managers around the world appear to be closely aligned when it comes to top concerns for their organization, according to findings of two studies.

One was preliminary results of a study, Global Risk Management Research, which is due in September by Accenture. Executives from 446 organizations across eight industries were asked what they see as the biggest risks over the next two years. Out of a list of 10 “external pressures,” legal risks topped the chart at 62%. Second on the list were business risks at 52%, and third were regulatory requirements at 49%.

There was a tie at 46% between the fifth, sixth and seventh concerns, which were credit risks, operational risks and strategic risks.

...

http://www.riskmanagementmonitor.com/top-10-global-risks-underscore-business-concerns

Monday, 12 August 2013 18:21

Protect the Data in the Cloud Castle

We’ve all read medieval stories about castles, knights, traitors and thieves. Stories about villains storming the walls and castle guards surrounding the moat have dotted our memories since we were children. Each story has a prize – maybe the queen or treasure. Each story has a battle over that prize, resulting in a war of good versus evil with a potential victor.

When we read these stories, we know that good triumphs over evil. However, real life doesn’t always mirror the fairy tales we grew up hearing.

While it’s extremely important to protect the castle with the right moat, drawbridge, guards and weapons, the castle itself should not be the only thing that is secured.  In all of the hustle and bustle of protecting the castle infrastructure, the most important thing is often forgotten: the prize. Thieves or traitors don’t always care about the castle itself – they only care about what’s inside. The same principle applies to your data in the cloud. Hackers, thieves and snoops aren’t interested in the infrastructure they’re only interested in the one thing they can use: your data.

...

http://www.corporatecomplianceinsights.com/protect-the-data-in-the-cloud-castle-2

Steve’s Flower Shop rents a commercial space in a downtown area. Steve’s income is derived primarily from purchasing wholesale live flowers and creating arrangements and selling those arrangements at retail. Steve’s shop has coolers to preserve the arrangements, an area to create the arrangements, and a retail space for customers. Steve’s rent and utilities are his highest expense. To save costs and increase profits, Steve’s purchases its wholesale flowers in bulk through a local distributor with a long-term contract. Let's say Steve’s clears $500 per day. Of that amount, $350 is cost for utilities, rent, wholesale product, supplies, and etcetera. Steve’s makes $150 per day which is acceptable to Steve – this is his retirement business after years as an overworked business lawyer.

Then… the storm comes. Steve’s shop is wiped out. The commercial space is uninhabitable. The coolers are gone. A shipment bound for a customer is gone and the stock is gone. Steve submits a claim to his property insurer. Within a few days, the insurer has put Steve in touch with a contractor and has cut a check to Steve to replace the equipment.

...

http://businessinsure.about.com/od/businessinterruption/a/businterexam.htm

By Larry Lang

Statistics have shown that most small to mid-sized businesses will experience at least one instance of system downtime a year. Once a year doesn't seem like much, but consider this: Aberdeen Group estimates that an hour of downtime costs a mid-sized business an average of $74,000. Then factor in results from a Harris Interactive survey, which found that IT managers estimate 30 hours on average for recovery.

Now that the cost has been put into perspective, are you sure your business can bounce back from even one instance of system downtime each year? Has your disaster recovery system been through regular real-world tests to find out? Unfortunately, only a small minority can respond to this last question in the affirmative: A 2011 survey found that only 28 percent of small to mid-sized businesses surveyed have even tested their backup at all.

...

http://www.continuitycentral.com/feature1092.html

LINCROFT, N.J. -- FEMA’s Hazard Mitigation Grant Program provides important assistance to local, state and tribal governments following a major disaster declaration, both speeding recovery and protecting life and property from future disasters.

With the Hazard Mitigation Grant Program, the Federal Emergency Management Agency provides funds to the state to enable mitigation measures to be implemented during recovery from a disaster.

The Hazard Mitigation Grant program can be used to fund projects to protect public or private property as long as the project fits within state and local government mitigation strategies. Funds are sent to the state for distribution.

Examples of projects include:

  • Acquiring and relocating structures from hazard-prone areas, such as the $29.5 million acquisition of flood-prone properties in Sayreville.
  • Retrofitting structures to protect them from floods, high winds, earthquakes or other natural hazards.
  • Constructing certain types of minor and localized flood control projects.
  • Constructing safe rooms inside schools or other buildings in tornado-prone areas.
  • Helping state, local or tribal governments develop mitigation plans.

Federal funding under FEMA’s Hazard Mitigation Grant Program is made available at the request of a state’s governor following the declaration of a major disaster.

Hazard Mitigation Grant Program funding is allocated using a sliding scale formula based on the percentage of funds spent on FEMA’s Public and Individual Assistance Programs for each declared major disaster.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema. Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

http://www.fema.gov/news-release/2013/08/07/fema-mitigation-grants-important-recovery-protection

CIOBYOD is a reality, and we all have to deal with it.

Most of us are used to well-behaved devices such as laptops, netbooks, iPhones and iPads. There are enough mobile device management products to handle remote wipes and other strategies to lock down these devices if they are lost or stolen.

But when the device doesn't have a disk, things get a little dicey. Flash RAM that's soldered into a device can't be removed practically, and if the device is broken, that memory can't be erased. It gets more fun with Android tablets; the hardware may not be all that long-lived, and the myriad software configurations can be hard to manage in the wild.

...

http://www.cio.com/article/737752/How_IT_Can_Scare_Off_BYOD_Monsters_in_the_Closet

Usage-based payment systems are becoming increasingly common, but a recent variation in disaster recovery has an interesting twist. A new pricing model from a company called Asigra is based not on how much data an organisation backs up, but how much it restores. In particular, a ‘recovery performance score’ determines the amount of money a customer will pay. The Asigra system emphasises value rather than cost: the value is in the data restored, rather than the data saved. Is a similar pricing model likely to spread to related services such as DraaS (Disaster Recovery as a Service)?

...

http://www.opscentre.com.au/blog/disaster-recovery-how-would-you-like-to-not-pay-for-that/

Thursday, 08 August 2013 18:47

Cloud: Responsibility and Accountability

For years, the IT industry has been experiencing growth in outsourcing. Organizations large and small have looked to utilize the promises of lower cost of operation. Witnessing this trend over time has allowed me to see something emerge that I have long-held as truth. Users have a responsibility to be accountable. Accountable to the service that they have contracted for, the information provided, the knowledge of the ownership of information, the recoverability, the usage, and the measurement against established criteria to name a few. Cloud is no different. I like to say, “You cannot manage that which you do not measure, and you cannot measure that which you do not know about”. Nonetheless, countless organizations dive into contracting for a service at one level and demand the service of the levels above that which they have contracted for.

When an organization outsources “backup”, for instance, the act of recovery must have established objectives (both time and point). This may come as no surprise to countless people in the business, but few organization have prioritized which applications are mission critical and need different recovery objectives than say the holiday office party logistics. While some may have done this, too many do not have an application matrix which outlines up-line and down-line dependencies. The number one reason why a “backed” up system cannot be restored, beyond hardware failure, is the lack of synchronization with the application up-line and down-line dependencies. So, why is it that the yelling and screaming commences once the failure occurs and the information provided was incomplete, inaccurate, or simply missing with regard to the actual nature of the criteria for success? It seems that the answer is lack of responsibility and accountability. The user no longer feels any responsibility or accountability for the “backup” since they have contracted for it even though they have not contracted for the level of service they are demanding, nor have they done their due diligence to manage the contracted service.

...

http://mdjohn.wordpress.com/2013/08/07/cloud-responsibility-and-accountability/

While three of the major hurricane forecasters have reduced by a smidgen their predictions for the 2013 Atlantic hurricane season, the season as a whole is still expected to be above-average as is the chance of a major hurricane making U.S. landfall.

Bear in mind that to-date the 2013 season has seen four named storms (Andrea, Barry, Chantal and Dorian) – none of which reached hurricane status.

Here’s how the revised forecasts stack up:

...

http://www.iii.org/insuranceindustryblog/?p=3346

Thursday, 08 August 2013 18:45

EvacuKids

By Meredith Cherney

When you ask someone what the most important thing to have on hand for a hurricane is, the common answers include food, water, flashlights, batteries, or a radio.  As I read through my student surveys however, I found a different set of answers.  Lifejackets.  Boats.  Buckets.  Axes.

Growing up in New Orleans fosters a unique hurricane perspective. When I stepped into that classroom to teach 9 to 12 year old students about hurricanes and preparedness, I wasn’t sure what to expect.  What do they know about hurricanes?  Do they understand that some evacuations are mandatory? Has their experience with hurricanes fostered a fear or resilience?

I work for Evacuteer.orgExternal Web Site Icon, a private non-profit commissioned by the New Orleans Office of Homeland Security and Emergency Preparedness to help with the City Assisted Evacuation (CAE) plan.  Beyond our role in emergency events we also seek to inform the public about the CAE and foster community preparedness. 

Our EvacuKids program targets a younger demographic.  We’ve already quadrupled our reach since 2012, from 30 to 120 students. Complete with a new curriculum and corresponding science experiments and activities, we not only teach students about hurricanes, but also work to improve literacy, writing, and critical thinking skills. 

There are four modules: disasters, hurricanes, prepare, and evacuate.  Each week builds upon the previous week, starting with the science of disasters and how hurricanes form to preparing your home for a storm and finding a safe place to stay in the event of a hurricane. 

In addition to academic lessons, we also talk to students about their experience with hurricanes, what they did, and how they felt.  Many students express fear and uncertainty when recalling their experience and as a class we discuss coping mechanisms to help them deal with their feelings.  Additionally, learning how hurricanes form and why they are common in our area can alleviate anxieties and foster a greater sense of understanding, preparedness, and even excitement in students. 

EvacuKids is tailored to the specific needs of the children, those whose families have transportation out of the city and those without it.  EvacuKids is a fantastic opportunity to make a meaningful, sustainable impact on a generation that will someday lead New Orleans in a positive direction.

http://blogs.cdc.gov/publichealthmatters/2013/08/evacukids/

Today is our 40th wedding anniversary, so naturally it leads to me to think about what love, marriage and life together has to do with crisis communication. A lot I think. And not just because there are plenty of crises in any marriage and communication or the lack of it is often the major cause of such crises.

Though some dispute the statistics, about half of marriages don’t survive–which makes 40 years very much worth celebrating. I’m going to suggest that the primary reasons why some do are very applicable to crisis communication, and for that matter any relationship.

Crisis communication, despite what too many think, is primarily about relationships. The all-important relationships between your company and organization and its most important stakeholders. Trust and respect are key elements of that relationship. What customer will stick with a company, what investor will maintain investment, what donor will contribute, what employee will eagerly produce without those two critical ingredients. Crises are crises mostly because they threaten the trust and respect that the important relationships hold in the leaders and the organization. That’s why whether or not an organization survives a crisis is primarily based how key stakeholders view the character of the leaders–are they worthy of continued trust and respect?

...

http://ww2.crisisblogger.com/2013/08/love-marriage-and-crisis-communications-some-anniversary-thoughts/

Hello, I’m David Mundie, a CERT cybersecurity researcher. This post is about the research CERT is doing on the unintentional insider threat. Organizations often suffer from individuals who have no ill will or malicious motivation, but whose actions cause harm. The CERT Insider Threat Center conducts work, sponsored by the Department of Homeland Security’s Federal Network Resiliency Division, that examines such cases. We call this category of individuals the “unintentional insider threat” (UIT).

This research includes

  • creating a definition of UIT
  • collecting and reviewing over 60 cases of UIT
  • analyzing contributing factors and observables in those cases
  • recommending preliminary ways to mitigate unintentional insider threats

For the purposes of our research, the team built a working definition of an unintentional insider threat:

An unintentional insider threat is (1) a current or former employee, contractor, or business partner (2) who has or had authorized access to an organization’s network, system, or data and who, through (3) their action/inaction without malicious intent, (4) negatively affects the confidentiality, integrity, or availability of the organization’s information or information systems.

Our preliminary study of the UIT problem identified a number of contributing factors and mitigation strategies. The malicious insider threat and the UIT share many contributing factors that relate to broad areas in security practice, organizational processes, management practices, security culture, etc. However, there are significant differences. Human error plays a major role in UIT. Countermeasures and mitigations to decrease UIT incidents should include strategies for:

...

https://www.cert.org/blogs/insider_threat/2013/08/unintentional_insider_threats_the_non-malicious_within.html

CIO — IT walks a fine line between balancing security issues and giving people the tools they need to get the job done. Every day companies move sensitive data around and IT is in charge of securing that data, but what about the little things that tend to fall through the cracks?

According to data from several recent surveys there are a number of things your employees could be inadvertently doing that puts your company's sensitive data and information at risk.

A survey done recently by IPSwitch, an FTP software organization, includes some of the reasons employees are putting sensitive data into places where IT has no control over what happens to it:

...

http://www.cio.com/article/737748/6_Ways_Employees_Are_Putting_Your_Company_s_Data_at_Risk

CSO — A security researcher has shown that hackers, including an infamous group from China, are trying to break into the control systems tied to water supplies in the U.S. and other countries.

Last December, a decoy water control system disguised as belonging to a U.S. municipality, attracted the attention of a hacking group tied to the Chinese military, according to Trend Micro researcher Kyle Wilhoit. A dozen similar traps set up in eight countries lured a total of 74 attacks between March and June of this year.

Wilhoit's work, presented last week at the Black Hat conference in Las Vegas, is important because it helps build awareness that the threat of a cyberattack against critical infrastructure is real, security experts said Tuesday.

...

http://www.cio.com/article/737753/Trend_Micro_Hacker_Threats_to_Water_Supplies_Are_Real

KANSAS CITY, Mo. – With several areas throughout Kansas and Missouri experiencing bouts of late-summer flooding, the Federal Emergency Management Agency (FEMA) is urging residents to stay informed about the potential hazards of flooding.

Floods, especially flash floods, kill more people each year than any other weather phenomenon. This recent spate of severe weather-related events across the Midwestern states serves as a pointed reminder just how dangerous floods can be and how important it is to stay abreast of weather warnings, understand flood terms, and take action by monitoring, listening, preparing and acting accordingly.

Beth Freeman, Regional Administrator for FEMA Region VII urges residents to be constantly aware of their environment and any potential for flooding. "There's no doubt that when people are aware of the dangers and power of flooding, they can take measures to lessen the exposure to danger for themselves and family members," Freeman said. "When you're driving and you see the road ahead is flooded, be safe. It's best to 'turn around, don't drown.' FEMA is monitoring the situation and is on standby to help states if assistance is requested.”

While floods are the most common hazard in the United States, not all floods are alike. Floods typically occur when too much rain falls or snow melts too quickly. While some floods develop slowly, flash floods develop suddenly. 

One of the most dangerous elements of a flood is floodwaters covering roadways, and motorists are urged to never attempt driving through them.  About 60 percent of all flood deaths result from people trying to cross flooded roads in vehicles when the moving water sweeps them away.

While flood risks can indeed be a formidable threat, there are simple steps citizens can take today to reduce their risk to all types of floods. 

If a flood is likely in your area, you should:

  • Listen to your radio or television for information.
  • Be aware that flash flooding can occur. If there is any possibility of a flash flood that could affect you, move immediately to higher ground. Do not wait for instructions to move.
  • Be aware of streams, drainage channels, canyons, and other areas known to flood suddenly. Flash floods can occur in these areas with or without such typical warnings as rain clouds or heavy rain.

If you must prepare to evacuate, you should:

  • Secure your home. If you have time, bring in outdoor furniture. Move essential items to an upper floor.
  • Turn off utilities at the main switches or valves if instructed to do so. Unplug electrical appliances. Do not touch electrical equipment if you are wet or standing in water.
  • Take essential documents (http://www.ready.gov/evacuating-yourself-and-your-family)

If you must leave your home, remember these evacuation tips:

  • Do not walk through moving water. Six inches of moving water can make you fall. If you have to walk in water, walk in areas where the water is not moving. Use a pole or stick to make sure the ground continues in front of you.
  • Do not drive into flooded areas. If floodwaters rise around your car, abandon the car and move to higher ground if you can do so safely. You and your vehicle can be quickly swept away.
  • Six inches of water will reach the bottom of most passenger cars causing loss of control and possible stalling.
  • A foot of water will float many vehicles.
  • Two feet of rushing water can carry away most vehicles including sport utility vehicles (SUVs) and pick-ups.

Additional tips to consider:

  • United Way’s 2-1-1 is a helpful resource before, during and after disasters. Keeping this number and an up-to-date family communication plan handy is a must-do when preparing for emergencies.
  • Keep emergency supplies on hand, such as non-perishable food, medicine, maps, a flashlight and first-aid kit.
  • Use extreme caution when returning to flood damaged homes or businesses.

Become familiar with the terms that are used to identify flooding hazards:

  • Flood Watch: Flooding is possible. Tune in to NOAA Weather Radio, commercial radio, or television for information.
  • Flood Warning: Flooding is occurring or will occur soon; if advised to evacuate, do so immediately.
  • Flash Flood Watch: Rapid rises on streams and rivers are possible. Be prepared to move to higher ground; listen to NOAA Weather Radio, commercial radio, or television for information.
  • Flash Flood Warning: Rapid rises on streams and rivers are occurring; seek higher ground on foot immediately.

The National Weather Service is the official source for weather watches and warnings.

For more information on flood safety tips and information, visit www.ready.gov/floods or the Spanish-language web site www.listo.gov.

For information on how to obtain a flood insurance policy, visit www.floodsmart.gov.

Follow FEMA online at www.twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema.  Find regional updates from FEMA Region VII at www.twitter.com/femaregion7. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

http://www.fema.gov/news-release/2013/08/06/midwestern-residents-urged-be-aware-flood-dangers

In today’s enterprise, data is the key. It enables a business to make its best decisions and efficiently manage its business processes.

Data is demanded by many departments and must be gathered, sorted, cleaned, managed, analyzed and protected. Because data is often gathered from applications, it likely falls in the realm of IT, where business intelligence and analytics systems are managed. However, what many IT organizations lack is a framework for data governance—a solid set of processes and policies that dictate the way data is supervised and preserved.

The book “Data Governance: Creating Value from Information Assets,” provides a detailed look into information governance; it begins with a chapter on how data governance plays a role in an enterprise, moves through management of metadata, and then explains how to operationalize data quality. Other chapters include:

...

http://www.itbusinessedge.com/blogs/it-tools/data-governance-strategies-strengthen-business-information.html

Wednesday, 07 August 2013 15:47

The Road to the Hybrid Cloud Runs Through PaaS

Most enterprises are far enough into the cloud deployment process to understand that there is more than one type of cloud. At the moment, many organizations are content to spin up a few hosted resources to gain extra storage or run a few key applications. But as cloud strategies become more refined, the style of cloud implemented on both private and public resources and the infrastructure that supports them can have a dramatic impact on future data objectives.

As I’ve pointed out, hybrid architectures are only as good as the private cloud allows them to be, and so far only a handful of organizations are pursuing what leading experts deem to be a true private cloud strategy. Part of this is because the cloud is still an ill-defined concept, but legacy infrastructure can be a major drag as well—particularly when it consists primarily of silo-based, bare-metal architecture. So clearly, the first step in any coordinated cloud strategy is to implement virtual and software-defined infrastructure to the broadest extent possible.

...

http://www.itbusinessedge.com/blogs/infrastructure/the-road-to-the-hybrid-cloud-runs-through-paas.html

Wednesday, 07 August 2013 15:45

IT Evolution

We really need to transform what the American IT workforce is made up of. Instead of teaching COBOL, Pascal, C++, and other elements of technology, we really need to teach how to align business and IT to take advantage of innovation and creative thinking. The way to align business and IT is to focus on the customer experience and the value that they live in that experience.

Instead of IT being a separate business unit, IT needs to be integrated into every business unit. I am by no means advocating breaking IT up into multiples of itself contained within each business unit. I am advocating that IT needs to reside with knowledge of the business and each unit in their strategic planning to assist with how to enable their people and process in a cost effective, simple, agile, and rigorous way. If IT establishes strategy along side of the business, then the execution and results will match. This is opposite of the way it is done today where the business and each unit goes off to develop strategy based upon a vision that IT is not a part of. Likewise, IT, more often than not, sequesters itself and develops its own strategy and execution plan based upon a limited view or knowledge of the vision of the organization. I liken this to picking the route to go on vacation before picking the destination.

...

http://mdjohn.wordpress.com/2013/08/06/it-evolution/

PC World — For small businesses today, there's nothing that can't be done in the cloud. You could plunk down your cash for Basecamp, Yammer, and Google Docs like everyone else, but alternatives to these stalwarts abound. For something that does more, costs less--or both--check out these six Web-based tools, categorized based on their primary functionality.

 

General collaboration: Podio

Podio may still fly under the radar of such behemoths as Basecamp, but it's rapidly emerging as the go-to collaboration tool for a new generation of knowledge workers. Originally a Danish startup, Citrix acquired it last year, and the new features keep on coming.

Designed (like most collaboration systems) to eliminate excessive emailing, the structure is relatively simple: You invite employees into Podio's internal communication network, then create any number of "workspaces" in which they can collaborate. You can admit outsiders on a workspace-by-workspace basis, keeping them out of the broader employee network.

...

http://www.cio.com/article/737697/6_Alternative_Tools_for_Small_Business_Collaboration

For homeland security professionals to be successful in their field, it is critical to stay ahead of prevailing tendencies within the industry. Colorado Technical University recently sponsored a mock exercise, hosted by the Colorado Emergency Preparedness Partnership (CEPP), and attended by personnel from private and public sector institutions to help prepare for a cyber-attack.

During the tabletop exercise, an expert panel addressed propagation and impacts of a cyber-attack from domestic and foreign organizations. This simulated exercise was part of a continued series of emergency preparedness events led by CEPP and this event’s sponsors: Western Cyber Exchange, CTU and the Canadian Consulate.

The cyber-attack scenario began in southern Colorado and spread from local jurisdictions to a national threat, and ultimately a global one. Families, businesses, communities, government services and the critical infrastructure we depend on for our everyday needs suffered the consequences from the simulated attack. Our expert panel, consisting of private and public sector members from the city of Colorado Springs; telecommunications and energy sectors; the state, federal and Canadian governments; addressed the evolving scenario.

...

http://csbj.com/2013/08/06/how-first-responders-train-for-real-life-cyber-threats/

One flood victim in Canmore says he has concerns after learning the province's disaster recovery program is being run by a private company.

Gus Curtis' yard was washed away by Cougar Creek and his home's foundation is exposed and cracked. Until recently Curtis assumed he was working with a government employee on a recovery plan.

In fact, Edmonton-based Landlink Consulting has been contracted to processes flood claims and calculate and distribute payments.

Curtis said an employee shut him down after he asked a few questions. "So I said ‘who is Landlink?’ He paused and said Landlink is a company hired to administer the fund,” Curtis said.

...

 

Disasters happen. And though business and IT leaders like you can’t prevent them, you can curtail the losses and costs that disasters cause — by ensuring that Business Continuity and Disaster Recovery (BC/DR) plans are in place at your organization.

Hurricane season, flooding, tornadoes and other severe weather threats remind us once again just how important it is to be prepared 

For instance, in the event of a disaster, would your IT operations be back to business with the help of data centers that remain running amid the storm, transitioning from generators to utility power in the days following? We explore this possibility further in our recent Forbes.com article “Does Your Data Center Have a Disaster Plan?” with strategies that protect buildings, systems, equipment, and personnel — and also have contingencies for the loss of any or all of them.

...

http://www.forbes.com/sites/centurylink/2013/08/06/from-disaster-to-happily-ever-after-a-roundup-of-recovery-trends

Tuesday, 06 August 2013 17:52

Training children in emergency preparedness

In July 2012, the Federal Emergency Management Agency (FEMA), through Administrator Craig Fugate, announced the following regarding youth disaster preparedness: “Youth have a unique ability to influence their peers and families to be more resilient, and children play an important role in disaster preparedness, during and after a crisis.”

According to FEMA, studies have shown “those households with schoolchildren who brought home preparedness materials are more likely to be prepared on a range of preparedness than households with schoolchildren who did not bring home preparedness materials.”

It is reported that 70% of households receiving preparedness information from their children have an emergency response plan they have discussed with family members compared to the national average of 45%. It appears the best champions for disaster preparedness are our children.

Some training can start at home before they’re old enough to attend school, when your children are of an age they can absorb information, and comprehend what to do with the information. Here are some things you can teach your children to get them started down the path of emergency preparedness:

...

http://journalstar.com/niche/neighborhood-extra/news/training-children-in-emergency-preparedness/article_62bba580-e289-54d2-bce9-713ddf927900.html

Tuesday, 06 August 2013 17:50

Lost in the privacy landscape

Australia’s privacy and data protection laws are hard to explain and often poorly understood. The first challenge is to explain that the Australian Privacy Commissioner sits in the Office of the Australian Information Commissioner (OAIC) and applies laws that the Australian parliament has misleadingly called ‘principles’.

The second challenge is describing how to read principles as laws and fit them together with other provisions in the Privacy Act that clearly are drafted as laws.

And then there’s the difficulty of trying to interpret these provisions when dealing with novel issues such as cross-border cloud deployment and access to personal information held in another jurisdiction (or jurisdictions unknown), geo-tracking of devices, data warehouses, virtualised servers, big data and customer data analytics.

...

http://www.cio.com.au/article/522929/lost_privacy_landscape

With the increase in the use of online services for government transactions, datacentres are a key focus of the government’s green IT strategy and the Green ICT Delivery Unit (GDU), according to its report.  

Over 80% of HMRC’s tax returns are submitted via the internet, suggesting the growing importance of public sector datacentres.

As a result, the Department for Food, Environment and Rural Affairs (Defra) is setting out best practice guidelines for public sector organisations to procure energy efficient datacentre and cloud hosting services. The guidance has been discussed with Intellect, the UK industry body and there have also been discussions with the European Commission (EC) via its EU-wide Green Public Procurement process.

The Greening Government: ICT Annual Report 2013 by Jennifer Rigby, chair of GDU and John Taylor, SRO for Green ICT and CIO at MoD also praised government CIOs and IT staff’s progress in implementing green IT strategies.

...

http://www.computerweekly.com/news/2240203146/Datacentres-are-a-key-focus-for-governments-Green-ICT-Delivery-Unit

Lancope has released a survey indicating that many enterprises possess an unrealistic confidence surrounding the security of their networks.

According to the survey, more than 65 percent of IT/security professionals did not think, or were unsure whether, they had experienced any security incidents within the last 12-18 months.

According to Lancope’s director of security research, Tom Cross, this scenario is not likely. “Any system you connect to the Internet is going to be targeted by attackers very quickly thereafter,” he said. “I would assert that if you’re unsure whether or not your organization has had a security incident, the chances are very high that the answer is yes.”

The survey also revealed that 38 percent believe recent security incidents had no impact on their organization. According to Cross, “even the most basic malware infection has some financial cost to the organization, even if it’s just the cost to clean infected machines. Not to mention the additional serious consequences that can result from a breach, including data loss, customer distrust, regulatory fines and many others.”

...

http://www.continuitycentral.com/news06879.html

A crisis in 2013 vaguely resembles a crisis of 15 years ago. Today, social media can be both a curse and a blessing in an emergency. Managers must understand that with the power of real-time comes a huge responsibility to learn how to use the media responsibly. One piece of misinformation posted on social media during a crisis can start a cascade of panic that is almost impossible to stop. - See more at: http://blog.missionmode.com/blog/3-keys-to-using-social-media-responsibly.html#sthash.CBr4tPjV.dpuf

On July 2, the government of India released the National Cyber Security Policy 2013. This policy extends to a spectrum of ICT users and providers, including home users, SMEs, large enterprises, government and non-government entities. The policy aims to serve as an umbrella framework for defining and guiding the actions related to the security of cyberspace. The policy has been much delayed but is now released amid reports of snooping by the US globally - and ever-increasing threats to India as a country.

The policy defines 14 diverse objectives that provide an overview of the government’s approach to the protection of cyberspace in the country. A few objectives that will have a positive impact on S&R professionals in India caught my attention:

...

http://blogs.forrester.com/manatosh_das/13-08-05-is_india_geared_up_to_handle_the_dynamics_of_cyber_age

Today’s “social age” has brought many changes to the corporate world and increased the competitive threats enterprises have to deal with on an ongoing basis. Traditionally, competition has been upfront and direct with open head-to-head strategies to win customers and market share. But as the world approaches a complete “digital state” the competitive tactics against corporations have never been more threatening or aggressive.

As disruptive, non-traditional business competitors emerge, many of these organizations are adopting tactics that would typically be “off limits” to traditional corporations, including partnering with activist groups to attack and disrupt the market leader to damage the reputation and erode the financial state of the organization.

Many enterprises are no longer simply looking to compete, but actually to protect their operations against the disruptive, aggressive forces these non-traditional competitors are partnering with. To combat these unconventional tactics, traditional corporations are turning to real-time advanced social intelligence to receive deep, multidimensional insight on the tactics and actions.

...

http://www.riskmanagementmonitor.com/protecting-the-enterprise-against-unconventional-competitive-social-risks

Tuesday, 06 August 2013 17:20

Terrorism Risk and Insurers

Ratings agency Fitch has warned that failure to renew the federally backed Terrorism Risk Insurance Program could have a significant impact on the availability and pricing of workers compensation and commercial property insurance coverage.

Insurer credit ratings and the commercial mortgage backed securities (CMBS) market would also be affected.

The report comes as at least 19 U.S. embassies and consulates in the Middle East and North Africa remain closed through the week after the State Department issued a global travel alert to U.S. citizens due to potential terrorist threats.

Fitch notes that workers compensation insurers could be particularly vulnerable to large losses if an extreme terrorist event takes place without the federal terrorism reinsurance program in place:

...

http://www.iii.org/insuranceindustryblog/?p=3344

Tornadoes, hurricanes, wildfires or other natural disasters can bring your business to a screeching halt when the office is damaged or destroyed, and critical infrastructure is offline. Axcient, the leading cloud solution for eliminating application downtime and data loss, today outlined 10 disaster preparedness tips that can help your company prepare and respond to disasters, while keeping the business up-and-running and maintaining vital revenue.

“When Hurricane Sandy hit the East Coast last Fall, it resulted in $62B in damages and economic losses from businesses that were not able to operate because of flooded buildings, power blackouts and damaged communications infrastructure,” said Justin Moore, CEO at Axcient. “However, there were several success stories, where firms had disaster plans in place and were able to leverage cloud-based disaster recovery and business continuity solutions to weather the storm. Dozens of IT providers in Sandy’s path used the latest technology to spin up virtual offices in the cloud to keep employees productive while waiting for primary systems to come back online or be restored.”

These businesses had a clear emergency preparedness plan in place for their personnel and relied on technologies that can deliver real business protection exactly when it’s needed. 

Looking at examples of what enterprises did to successfully weather Hurricane Sandy and other natural disasters, Axcient developed the following 10 Disaster Preparedness Tips for Businesses:

...

http://www.bsminfo.com/doc/axcient-it-emergency-preparedness-businesses-weather-storm-0001?atc~c=771+s=773+r=001+l=a